Dropdown arrow

Privacy policy

PROCESSING OF PERSONAL DATA

Privacy policy

This privacy policy describes how Lassen Ricard processes personal data and the basis on which we do so.

    Data controller

    Lassen Ricard is the data controller responsible for processing the personal data we collect about you. You can find our contact details here:

    Lassen Ricard

    Amaliegade 31

    DK-1256 CopenhagenK

    CBR no.: 16725641

    Telephone: +45 33322012

    E-mail: info@lassenricard.dk

    The purpose of processing your personal data

    The purpose of our processing of your personal data depends on the specific circumstances. We process:

    • clients’ personal data in order to perform the task that a client has entrusted us with and to meet the obligations imposed on us through special legislation, including, for example, the Danish Anti-Money Laundering Act,

       
    • personal data about opponents and other persons with a similarly necessary connection with a case in order to perform a task that a client has entrusted us with,

       
    • personal data notably about grant applicants in connection with the administration of foundations and associations,

       
    • job applicants’ personal data when recruiting new staff for our firm,

       
    • personal data about our professional network and suppliers to enable the necessary running of our firm.

    The legal basis

    The legal basis for our personal data processing is as follows:

     

    a) Clients:

    • article 6(1)(b) of the General Data Protection Regulation on the performance of a contract to which the client is party,
    • article 6(1)(c) of the General Data Protection Regulation on compliance with a legal obligation to which our firm is subject, 
    • article 9(2)(f) of the General Data Protection Regulation if the collection and processing of sensitive data, including civil registration numbers (CPR numbers), are necessary for establishing, exercising or defending legal claims.

       

    b) Opponents and other persons with a similarly necessary connection with a case:

    • article 6(1)(c) of the General Data Protection Regulation on compliance with a legal obligation, 
    • article 6(1)(f) of the General Data Protection Regulation (the balancing of interests rule) when the legitimate interest consists of pursuing or enforcing a legal claim.

       

    c) Foundation administration

    • article 6(1)(f) of the General Data Protection Regulation (the balancing of interests rule), because we provide agreed secretariat assistance to a foundation or association,
    • section 11(2), para. 1, of the Danish Data Protection Act in cases where the reporting of a CPR number to the Danish Customs and Tax Administration (SKAT) is compulsory. 

       

    d) Job applicants:

    • article 6(1)(b) of the General Data Protection Regulation on the implementation of steps at the request of the data subject prior to entering into a contract,
    • article 6(1)(f) of the General Data Protection Regulation (balancing of interests) when the legitimate interest consists of recruiting suitable staff for our firm. 

       

    e) Network, etc.

    • article 6(1)(f) of the General Data Protection Regulation (the balancing of interests rule) when the legitimate interest consists of maintaining contact with a professional network or suppliers of services necessary for the running of our firm. 

    Categories of personal data that we process

    Lassen Ricard only collects and processes personal data to the extent necessary for the declared purposes and when there is a legal basis to do so. 



    Accordingly, we normally only ask for ordinary personal data such as name, job title and contact details. Your contact details will typically be your phone number, e-mail address and place of work or residential address.



    Depending on the nature of the case, however, Lassen Ricard may have to collect and process other types of personal data, including sensitive data.



    Last, to meet the obligations imposed on us through special legislation such as the Anti-Money Laundering Act, we will often need to obtain your CPR number and a copy of your passport/health insurance card.

    Disclosing your personal data

    To the extent necessary to perform the task with which your personal data is associated, your personal data will be disclosed to relevant courts of law and authorities as well as the opponent’s/opponents’ attorney(s). 



    On the basis of data processing agreements, we disclose your personal data to a limited extent to the data processors that provide us with the assistance necessary for us to run our firm, for example, our IT consultancy firm.



    We do not disclose personal data for commercial exploitation, marketing purposes or similar.

    Transfer to recipients in third countries, including international organisations

    We do not transfer your personal data to recipients outside the EU and the EEA, unless we do so to a client, opponent or court of law, etc, and only if this is necessary to perform the task with which the data is associated. In this connection, we ensure that the necessary security guarantees for the protection of personal data have been fulfilled at the time of the transfer.

    Storing your personal data

    We have physical, electronic and procedural security measures in place to protect all the personal data that we process. 



    We store your personal data for as long as necessary to fulfil the purpose with which your data is associated. When assessing how long we need to store your personal data, we have two main considerations: (a) that we ensure compliance with the documentation requirements in the legislation, for example, the Danish Act on Bookkeeping and the Anti-Money Laundering Act, and (b) that we have the ability to document your case in the event of a later liability case, for instance.

    Your rights

    The General Data Protection Regulation affords you a number of rights relative to our processing of information about you. Under the legislation, your rights may depend on whether you are a client or have another relationship with our firm. If you wish to exercise your rights, you are welcome to contact us (see section 1).







    Right to view data (right of access)

    • You are entitled to access the data that we process about you, as well as a range of other information.

       



    Right to rectification (correction)

    • You are entitled to have inaccurate information about yourself rectified.

       



    Right to erasure

    • In special circumstances you are entitled to have information about you erased before we erase it according to our ordinary, general erasure procedure.

       



    Right to restrict processing

    • In certain circumstances, you are entitled to have the processing of your personal data restricted. If you are entitled to restrict processing, this means that in future we can only process the data – with the exception of storage – with your consent, or if processing is necessary for establishing, exercising or defending legal claims, or for protecting a person or important public interests.

       



    Right to object

    • In certain circumstances, you are entitled to object to our processing of your personal data.

       



    Right to transmit data (data portability)

    • In certain circumstances, you are entitled to receive your personal data in a structured, commonly used and machine-readable format and to have this personal data transmitted from one data controller to another without hindrance.

     

    You can read more about your rights in the Danish Data Protection Agency’s guidance about the rights of data subjects (in Danish), which you will find at www.datatilsynet.dk.

    File a complaint with the data protection agency

    You are entitled to file a complaint with the Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find the Agency’s contact details at www.datatilsynet.dk.

     

    Most recently updated 25 September 2018