According to the General Data Protection Regulation, the Code of Conduct for the Danish Bar and Law Society, the Act on Measures to Prevent Money Laundering and Financing of Terrorism (“the Anti-Money Laundering Act”), etc., we are obligated to ensure that any personal data processed by us are processed in accordance with applicable rules and kept confidentially and securely.
Our employees are trained to process personal data in a confidential and secure manner, and we support this with relevant technical solutions.
We advise on various legal areas of expertise, and we are data controllers with respect to the personal data collected, obtained and received in connection with the handling of cases for our customers. This applies to any material, whether electronic or hard copies.
Use of personal data
We register and process personal data with the purpose of fulfilling agreements made with our customers, including:
- Providing customer service, rendering of advice to our customers, case handling, invoicing and quality management as well as conducting internal controls;
- Identification and legitimation of customers and beneficial owners in accordance with the provisions in the Anti-Money Laundering Act; as well as
- Fulfilment of other compliance regulations.
Furthermore, the processing of data is necessary for Kirk Larsen & Ascanius / KLA Personskade to pursue a legitimate interest to be able to administer, control and develop our products, including development of IT solutions and services as well as development of our business.
The processing of data takes place in accordance with Article 6, paragraph 1, points a, b, c and f of the General Data Protection Regulation. The processing of social security numbers takes place under the provisions in Clause 11, subsection 2, no. 4, of the Data Protection Act.
In relation to personal injury matters, debt collection and bankruptcy, the processing of personally sensitive data regarding the customer takes place in accordance with Article 9, paragraph 2, point f, cf. Section 11, subsection 2, of the Personal Data Act.
Collection, registration and disclosure of personal data
We register and process the personal data necessary in order to identify our customer and to proceed with our customers’ cases in the best possible way.
In general, we receive the data directly from our customers, but we also receive personal data from e.g. public authorities (including the courts), counterparties, witnesses or other persons related to the case handling.
The information processed by us includes among other things:
- Contact details – including email, telephone number, etc.
- Social security number (CPR)/company registration number (CVR)
- Financial affairs – including information, if any, from the Land Register, the register of delinquent debtors, etc.
- Working and social conditions
- Information as to state of health
- Criminal offences, if any
In relation to debt collection it may be necessary to pass on information to our customers, the court and attorneys or others representing us in court.
In the event that distress is levied by the Bailiff’s Court, it may also be necessary to inform the creditor. Consequently, it may be necessary to inform the tax authorities, your landlord or others.
In certain debt collection cases, especially eviction of lessees, it is necessary to get assistance from professional movers, locksmiths, etc., and in that case we will provide them with sufficient information in order for them to perform their tasks.
In insolvency cases, including bankrupt estates, reconstruction and estates of deceased persons, we process data regarding employees, creditors, debtors and other parties related to the matter. The processing of data takes place with the purpose of proceeding with the case administration, including identification and sale of assets, investigation of any voidable or tortious transactions, and examination of other circumstances in the matter. We obtain information among other things from the company, creditors and other parties related to the matters.
In connection with the administration of the case it may be necessary to pass on information to creditors, customers, the court, the tax authorities, attorneys or others representing us in court or performing tasks for us, as well as other parties related to the matter.
In cases, where the operation of the company is maintained, including in particular farming, it will be necessary to pass on information to suppliers, business partners, consultants, etc.
In the event that we establish that electronic data, including emails and files, have been erased, we will arrange for such data to be restored, after which it will be examined.
In order for us to establish whether or not there is a basis for raising a claim for damages, and in addition to the common private data, we also – with the consent and power of attorney of the customer – obtain personally sensitive information (health declarations) from the customer’s doctor and private medical specialists, medical files from public and private hospitals as well as information from agencies and other public authorities. Furthermore, we obtain information regarding the financial situation of the customer, e.g. from banks, public authorities, trade unions, etc. The information is among other things used to determine whether the customer may be granted legal aid services.
Passing on of personal data
We will only pass on personal data when necessary in order for us to safeguard the interests of our customers in the case in question.
We pass on (transfer) personal data to both countries within and countries outside the EU/EEA, which do not have any laws specifically protecting personal data. Transfer of personal data will only take place when necessary in order to enter into or perform a contract between our company and the data subject or between our company and another individual or legal entity.
According to the Anti-Money Laundering Act, we are obligated to obtain and keep the following personal data for five years from the end of the relationship with our customer:
- Personal data obtained in connection with the fulfilment of the requirements for the customer knowledge procedures in accordance with the Anti-Money Laundering Act, including identity information and control measures as well as copies of the proof of identity presented.
- Proof and registration of transactions carried out
- Documents and registrations regarding investigations made according to Section 25, subsections 1 and 2, of the Anti-Money Laundering Act.
We identify the name, address, and social security number (CPR) by way of passport, driving licence, medical insurance card or Penneo signature with NemID.
We communicate, when possible, by email with companies, public authorities and organisations through an encrypted connection, where certificates have been exchanged in advance. When it is not possible to exchange certificates, we communicate as described below in clause 6.2.
Communication by email to private individuals etc. takes place as a minimum with a TLS (Transport Layer Security) or SSL (Secure Sockets Layer) secure solution. This means that the connection between our server and your digital mailbox is encrypted, and that data will be exchanged securely.
When it is not possible to communicate safely with you, any personally sensitive data forwarded by email will be placed in an encrypted document, and the receiver will receive a text message with the password to the document. Alternatively, personally sensitive data will be forwarded by regular mail.
The right to withdraw consent
In some cases, our processing of personal data is based on consent. In that case, it is possible for the data subject to withdraw his or her consent at any time by contacting us. Please see our contact information below in Clause 11.
The withdrawal of consent will not affect the lawfulness of our processing of personal data based on a previous consent and until the time of withdrawal. Furthermore, in certain cases another basis for a continued processing of data may have arisen. In such case you will be separately informed of this.
The rights of the data subjects
According to the General Data Protection Regulation, the data subjects have several rights.
The right to access data (Right of access)
As customer, you will as a general rule have the right to obtain access to the content of the personal data processed by us. In some instances, the request for access may be limited, for instance if a report has been made to the Money Laundering Secretariat with the State Prosecutor for Serious Economic and International Crime (SØIK) pursuant to the Anti-Money Laundering Act, if a defence attorney has been ordered not to disclose information in accordance with the Administration of Justice Act, etc.
Other private individuals, whose personal data form part of the case administration for our customers, may also have a right of access. However, access to data regarding others than our customers will often be limited by the professional secrecy of the attorney.
Right of rectification (correction)
If a data subject believes that the data kept by us are inaccurate, the person in question can demand that such data be rectified – or supplemented.
The right of rectification only applies to objective data.
Right to erasure
In specific instances, a data subject may have the right to have personal data erased before the point in time when we usually erase personal data.
Right to restrict processing
In certain instances, a data subject has the right to restrict the processing of his or her personal data. In such case, we are permitted to store the personal data from this time on, but we are only allowed to process the data with the subsequent consent of the data subject, or with a view for legal claims to be established, enforced or defended, or in order to protect a person or fundamental public interests.
Right to object
In certain instances, you may object to our otherwise legal processing of your personal data.
Right to data portability (right to transmit data)
If a customer wishes to make a change of attorney, he or she is entitled to receive certain personal data in a structured, commonly used and machine readable format, and to have the personal data transmitted to his or her new attorney.
The access to data portability only comprises information provided by the customer itself, and will only comprise processing which is carried out automatically and based on consent or an agreement with you.
Exceptions in Kirk Larsen & Ascanius’ and KLA Personskade’s duty of disclosure
As attorneys, Kirk Larsen & Ascanius / KLA Personskade are under an obligation to maintain confidentiality in accordance with the rules in the Administration of Justice Act, and we are subject to the Code of Conduct for the Danish Bar and Law Society. This means that in certain situations we may refrain from performing our duty of disclosure towards you, e.g. in situations where information must be kept confidential.
We may further refrain from performing our duty of disclosure, provided that it conflicts with private and/or public interests and is more far-reaching than the concern for your interest in receiving the information.
Furthermore, we may refrain from performing our duty of disclosure, provided that you are already familiar with the information, or provided that it requires a disproportionate effort to observe the duty.
Addition information on rights
You will find additional information on your rights in the directions from the Data Protection Agency regarding rights of data subjects at the website www.datatilsynet.dk.
Data storage and erasure
We store personal data as long as necessary in order to fulfil the purpose, for which the personal data have been registered and collected, including to be able to document on which information our counselling has been based.
Personal data obtained in accordance with the Anti-Money Laundering Act will be erased after five years from the time when the relationship with the customer has ended, or from the time of archival storage of the case for which the data was collected.
When a customer relation with us has ended, we usually store your personal data for 10 years from the closure of the case and/or the end of the customer relationship. However, some information will be kept for a longer period, e.g. in order for us to be able to identify a potential conflict of interest if we assist a customer in connection with a long-standing contractual relationship, including drafting of wills, marriage contracts, shareholders’ agreements, and other contracts without a predefined expiry date.
With respect to bankrupt estates, estates of deceased persons or other cases which may be subject to resumption, we may choose to store data for a longer period based on a specific assessment.
Furthermore, we are subject to the provisions of the Bookkeeping Act, the Anti-Money Laundering Act as well as the Code of Conduct for the Danish Bar and Law Society.
Access request to personal data
If you wish to get access to your personal data registered with Kirk Larsen & Ascanius / KLA Personskade, please submit your request using the contact data below.
If the data kept by us are inaccurate or if you have other objections, please contact us by using the same contact details. You are entitled to request access to your personal data, and you may object to a registration in accordance with the provisions of the Personal Data Act.
If you wish to exercise your rights, you must contact us. If you request rectification or erasure of your personal data, we will assess whether the conditions for the request are met, and in that case we will rectify or erase any incomplete, inaccurate or outdated personal data without undue delay.
Our contact details are as follows:
Kirk Larsen & Ascanius / KLA Personskade
Esbjerg Brygge 28
CVR no. 33 64 69 25
Phone: +45 70 22 66 60
Head of Administration, Bettina Tøt, +45 76 11 54 13, email email@example.com.
Complaint to the Data Protection Agency
You are entitled to file a complaint with the Data Protection Agency if you are dissatisfied with our processing of your personal data. You will find the contact details of the Agency at the website www.datatilsynet.dk.
You will find the applicable rules for Kirk Larsen & Ascanius’ / KLA Personskade’s processing of personal data in:
The Personal Data Act (until 25 may 2018)
The General Data Protection Regulation (after 25 May 2018)
The Data Protection Act (after 25 May 2018)