1. Data control
Heygum Petersen Thomsen is the data controller in the processing of your personal data. Our legal information is:
Heygum Petersen Thomsen
2. Heygum Petersen Thomsen as data processor
3. Scope of processing and categories of personal data
In connection with our provision of services we may process the following information about you:
If you are a client or potential client of Heygum Petersen Thomsen’s, we generally process your information in order to be able to offer you legal assistance (with a view to concluding or performing our contract with you or with the company you represent).
Generally, company information is not subject to the General Data Protection Regulation (GDPR); however, according to circumstances we may process information about your identity, contact information, and professional information, including name, email address, telephone number, your home address, position, educational background, and information about our business relationship. Also, we process financial information, including payment and tax information. The legal basis for our processing is Article 6(1)(b) of the GDPR.
Depending on the specific circumstances in the case or cases on which we assist, we may also process sensitive personal data, see Article 9(2)(f) of the GDPR, and/or information about criminal offences, see s. 8(3) and (4) of the Danish Data Protection Act (databeskyttelsesloven).
Since we as a law firm are subject to duties under the Danish Money Laundering Act (hvidvaskloven) in connection with some of our legal services, we will also be processing your personal information in this connection, including identity information such as name, civil reg. no., passport no., etc. We solely process identity information obtained under the Money Laundering Act with a view to performing our duties under the Act. Identity information will not be applied for commercial purposes. The legal basis for such processing is the Money Laundering Act.
Reference is made to Heygum Petersen Thomsen’s terms of business.
Heygum Petersen Thomsen Academy and News service:
“We collect information for instance in order to be able to sign you up for courses or newsletters, to be able to conduct events, or to send your brochures, invitations and other information about our services and activities.
If you sign up for one of our courses, we will be processing your personal information in that connection. We process your name, position, company, email address, telephone number and address. The legal basis for our processing is Article 6(1)(b) of the GDPR. The information will be stored for nine years.
Should we need to process your information for other purposes (such as marketing), we will always inform you about this and generally obtain your consent to such processing, see Article (1)(a) of the GDPR. You may withdraw your consent at any time.
If you subscribe to our email newsletter, we will process your name, email address, company, organisation, place of education, position, language preference and areas of interest. The legal basis is your consent, see Article 6(1)(a) of the GDPR. Reference is also made to our news service web page.
In certain cases, we will use your personal information to distribute client satisfaction surveys based on our legitimate interest in improving the advice and services we provide, see Article 6(1)f of the GDPR. You may at any time request not to receive client satisfaction surveys by contacting us in writing or clicking the link at the bottom of the email.
We share your information with our business partners, who are webinar providers, newsletter services and lecturers. If you have signed up for a webinar on our website, you will in connection with signing up on the website have received information about who the webinar provider is and what this means for the processing of your personal information”
Note that you are required to state certain personal information in order to use the features of our website. It will appear from the relevant form whether the information is mandatory or optional. If the stating of personal information is mandatory, the field is marked by an asterisk (*). Should you decide not to surrender the required information, you may not be allowed access to the relevant feature. For instance, we need your contact information in order to be able to respond to an inquiry from you.
In some instances we transfer your personal information to Bech-Bruun’s business partners and suppliers, such as IT suppliers, marketing agencies, providers of customer satisfaction surveys, suppliers of newsletter services, etc. These business partners solely process the personal data on behalf of Heygum Petersen Thomsen and in accordance with Heygum Petersen Thomsen’s instructions.
We may also disclose your information to external third parties if we are required to do so or if it is part of the service we provide to you. This could be to the police, the Danish tax authorities, other public authorities, Danish or foreign courts, arbitration tribunals, other law firms, counterparties in cases, or external business partners such as lecturers.
In relation to our depositing of client funds in client accounts, we are obligated to disclose the client’s identity information to the account-holding bank for its performance of the duties to which it is subject under the Money Laundering Act.
5. Third countries
Heygum Petersen Thomsen will not transfer your personal information to third countries (countries outside the EU/EEA), unless this is assesed necessary. This may be the case if we have to involve external parties, e.g. liaison lawfirms, finacial advisors, other advisors, banks, insurance companies in order to provide you with the requested legal advice. It may also be relevant to involve foreign authorities etc. Such ad hoc transfer of personal is subject to Article 49(1)(b-e) of the GDPR. In the event of transfer of personal data to other purposes, we will ensure the appropriate safeguards governing the transfer and inform you hereof.
6. Security We have high security standards, also when it comes to the protection of your personal data. Accordingly, we have a range of internal procedures and policies designed to ensure that we live up to our high security standard and thus comply with the requirements for implementation of suitable technical and organisational security measures. Thereby, we do our best to safeguard the quality and integrity of your personal data.
If you need to send us sensitive personal data, we recommend that you use encryption, such as secure email or code-protected files (Word or PDF format).
7. Storage and deletion
We will delete your personal data when we no longer need to process it for one or more of the purposes mentioned above. However, special legislation, including in the Danish Bookkeeping Act, the Danish Money Laundering Act, and the Danish Limitation Act, may entail an obligation or right for us to store such data for an extended period of time. The data may also be processed and stored for a longer period, if it is anonymised.
Personal data collected by us according to the Money Laundering Act is stored for five years after the end of the client relationship and is subsequently deleted.
8. Your rights
You are entitled to access the personal data processed about you, albeit subject to certain statutory exceptions. Furthermore, you may object to collection and further processing of your personal data. You are also entitled to have your personal data corrected or to ask us to limit the processing of your personal data.
If you make a request to this effect, we will without undue delay delete the personal data we have registered about you, unless we are entitled to keep processing the data on a different basis, for instance if such processing is necessary in order to be able to establish a legal claim, or if it is necessary in order for us to be able to respond to questions from you.
In certain circumstances you may also ask us to provide you with a copy of your personal data in a structured, generally applied and machine-readable format and request that we transfer the data to another data controller (data portability).
If our processing of your personal data is based on your consent, you may at any time revoke your consent. To do so, you need to contact us (see below). If you revoke your consent, we will cease to process your personal information, unless we are entitled or obligated to continue our processing or storage of your personal information on a different basis, including pursuant to the law. Revoking your consent does not affect the legality of the processing that took place prior to such revocation.
If you want to exercise your rights as described above, feel free to contact us at any time (see below).
In connection with inquiries concerning your rights, we ask that you provide us with adequate information to process your inquiry, including your full name and your email address, so that we may identify you and respond to your inquiry. We will respond to your inquiry as soon as possible.
Feel free to contact us if you disagree with the way in which we process your personal information or the purposes for which we process the information. You may also file a complaint with:
The Danish Data Protection Agency
Carl Jacobsens Vej 35
Telephone: + 45 33 19 32 00
9. Links to other websites, etc.
Our website has links to other websites or to integrated websites. Heygum Petersen Thomsen is not responsible for the content of the websites of other companies (third-party websites) or for the practices of such companies regarding the collection of personal data.
When you visit other websites, you should always read their policies on protection of personal information and other relevant policies.