1. Data control
Bech-Bruun is the data controller in respect of the processing of your personal data. Our contact information is as follows:
Bech-Bruun Law Firm P/S
Central Business Register no. (CVR no.) 38 53 80 71
Langelinie Allé 35
2. Bech-Bruun as data processor
3. Scope of processing and categories of personal data
In connection with our provision of services, we may process the following data about you:
If you are our client or potential client, we generally process your data in order to be able to offer you legal assistance (with a view to concluding or performing our contract with you or with the company you represent).
Generally, company information is not subject to the General Data Protection Regulation (GDPR); however, according to circumstances we may process data about your identity, contact information and professional information, including name, email address, telephone number, your home address, position, educational background and information about our business relationship. We also process financial information, including payment and tax information.
The legal basis for our processing is Article 6(1)(b) of the GDPR as well as our legitimate interest in client management, see Article 6(1)(f) of the GDPR.
Depending on the specific circumstances in the case or cases on which we assist, we may also process sensitive personal data, see Article 6(1)(f) and Article 9(2)(f) of the GDPR, and/or information about criminal offences, see s. 8(3) and (4) of the Danish Data Protection Act (databeskyttelsesloven).
As a law firm, we are subject to duties under the Danish Act on Measures to Prevent Money Laundering and Financing of Terrorism (hvidvaskloven) in connection with some of our legal services and, therefore, we will also be processing your personal data in this connection, including data about your identity, such as name, civil reg. no., passport no., etc. We solely process identity data obtained under the Act on Measures to Prevent Money Laundering and Financing of Terrorism with a view to performing our duties under the Act. Identity data will not be applied for commercial purposes. The legal basis for such processing is the Act on Measures to Prevent Money Laundering and Financing of Terrorism.
Development of existing or potential client relations, etc.:
We may also process your personal data with a view to maintaining and developing existing or potential client relations as well as our relations with business partners and connections, etc.
In that connection, we may process personal data on name, title, business, address, telephone number, the networks of which you are a member and, in some instances, date of birth and anniversaries, etc. Such data is, as a general rule, collected only if you choose to disclose such data to us, for example, via your mail signature, business card, etc. We may, however, also collect data from other sources, such as publicly available data from your employer's website or the Central Business Register at CVR.dk.
The legal basis for our processing of your personal data is Bech-Bruun's legitimate interest in maintaining and developing the mentioned relationships, see Article 6(1)(f) of the GDPR.
Parties, opposing parties, representatives and other third parties:
If you are a party, opposing party, representative or other third-party participant in a case dealt with by Bech-Bruun, we will generally process your personal data in order to be able to represent our client in the case in question.
We may process your identification, contact and professional data, including name, email address, telephone number, your private address, your position, your involvement in the case and other general personal data included in the case, such as financial data.
The legal basis for our processing is our legitimate interest in assisting our clients as counsel in handling the case in question, see Article 6(1)(f) of the GDPR. In some cases, the legal basis may also be compliance with a legal obligation, see Article 6(1)(c) of the GDPR.
Depending on the specific circumstances of the case or cases in which we assist you, we may also process sensitive personal data on you, see Article 6(1)(f) and Article 9(2)(f) of the GDPR, data on punishable offences, see s. 8(3) and (4) of the Data Protection Act and/or data on your national identification number, see Article 6(1)(f) and Article 9(2)(f) of the GDPR, cf. s. 11(2)(iv) of the Data Protection Act, cf. s. 7(1). We may also process your sensitive personal data if such data has been disclosed by you and is of relevance to the case dealt with by us, see Article 6(1)(f) and Article 9(2)(e) of the GDPR.
Bech-Bruun Academy and News service:
We collect information, for instance, in order to be able to sign you up for courses or newsletters, to be able to conduct events or to send your brochures, invitations and other information about our services and activities.
If you sign up for one of our courses, we will be processing your personal data in that connection. We process your name, position, company, email address, telephone number and address. The legal basis for our processing is Article 6(1)(b) of the GDPR.
Should we need to process your data for other purposes (such as marketing), we will always inform you about this and generally obtain your consent to such processing, see Article (1)(a) of the GDPR. You may withdraw your consent at any time.
If you subscribe to our email newsletter, we will process your name, email address, company, organisation, place of education, position, language preference and areas of interest. The legal basis is your consent, see Article 6(1)(a) of the GDPR. Reference is also made to our news service web page.
In certain cases, we will use your personal data to distribute client satisfaction surveys based on our legitimate interest in improving the advice and services we provide, see Article 6(1)(f) of the GDPR. You may at any time request not to receive client satisfaction surveys by contacting us in writing or clicking the link at the bottom of the email.
We share your data with our business partners, who are webinar providers, newsletter service suppliers and lecturers. If you have signed up for a webinar on our website, you will in connection with signing up on the website have received information about who the webinar provider is and what this means for the processing of your personal data.
In some instances, we disclose your personal data to Bech-Bruun’s business partners and suppliers, such as IT suppliers, marketing agencies, providers of customer satisfaction surveys, suppliers of newsletter services, etc. These business partners solely process the personal data on behalf of Bech-Bruun and in accordance with Bech-Bruun’s instructions.
We may also disclose your data to external third parties if we are required to do so or if it is part of our services provided to you. Such external third parties may be the police, the Danish tax authorities, other public authorities, Danish or foreign courts, arbitration tribunals, other law firms, counterparties in cases or external business partners, such as lecturers.
In relation to our depositing of client funds in client accounts, we are obliged to disclose the client’s identity information to the account-holding bank for its performance of the duties to which it is subject under the Act on Measures to Prevent Money Laundering and Financing of Terrorism.
5. Third countries
Bech-Bruun will not transfer your personal data to third countries (countries outside the EU/EEA), unless this is assessed to be necessary. This may be the case if we have to involve external parties, if you, for example, need assistance from Bech-Bruun's offices outside the EU/EEA or due to the fact that we need to consult with external advisers, such as liaisons, financial advisers, other advisers, banks, insurance companies in order to provide you with the requested legal advice. Involvement of foreign authorities, etc., may also become relevant. Such ad hoc transfer of personal data is subject to Article 49(1)(b)-(e) of the GDPR. In the event of transfer of personal data for other purposes, we will ensure the appropriate security measures governing the transfer and inform you thereof.
We have high security standards, also when it comes to the protection of your personal data. Accordingly, we have a range of internal procedures and policies designed to ensure that we live up to our high security standards and thus comply with the requirements of implementation of suitable technical and organisational security measures. Thus, we do our utmost to safeguard the quality and integrity of your personal data.
If you need to send us sensitive personal data, we recommend that you use encryption, such as secure email or code-protected files (Word or PDF format).
When you visit our website, data may be collected via cookies on, for example, user behaviour, browser type, unit category, information on your preferred settings as well as IP address.
Personal data will be processed for marketing purposes on the basis of Article 6(1)(a) of the GDPR (consent).
Processing for other purposes, such as statistics in respect of website visits, optimisation of functionalities, etc., will take place on the basis of Article 6(1)(f) of the GDPR (the balancing of interests rule), the legitimate interest of Bech-Bruun being development and maintenance of a relevant website with the best possible functionalities.
You may change your selections in relation to cookie placement or withdraw any consent by clicking the round icon at the lower left corner of your screen.
We use the following suppliers to whom we may disclose your personal data:
Suppliers of statistical services:
- Google Inc., Google Analytics
- LinkedIn Corporation
- Paperturn ApS
- Oxygen A/S
- Cookieinformation A/S
8. Storage and deletion
We will delete your personal data when we no longer need to process it for one or more of the purposes mentioned above. However, special legislation, including the Danish Consolidated Bookkeeping Act (bogføringsloven), the Act on Measures to Prevent Money Laundering and Financing of Terrorism and the Danish Limitation Act (forældelsesloven), may entail an obligation or right for us to store such data for an extended period of time. The data may also be processed and stored for a longer period if it is anonymised.
As a main rule, we store personal data collected in connection with rendering legal services, including data on parties, opposing parties, representatives and other third-party participants in cases, for 10 (ten) years after termination of the client relationship. However, in special circumstances, the storage period may be shorter or longer also in order to comply with the legal requirements of deletion or storage.
Any documentation of your consent under marketing law will be stored for 2 (two) years as from the date when you withdrew your consent to receive direct marketing material. The storage period has been determined on the basis of Bech-Bruun's legitimate interest in being able to document that direct marketing took place in accordance with applicable law.
Data collected in connection with the development of existing or potential client relationships will be stored as long as such data is relevant for the existing or potential client relationship and for another period of up to 6 (six) months.
Any personal data included in bookkeeping records will be stored for 5 (five) years as from expiry of the financial year at which time the data will be deleted. The storage period has been determined on the basis of the storage requirements laid down in s. 10 of the Consolidated Bookkeeping Act and, consequently, with a view to complying with applicable law.
Personal data collected by us according to the Act on Measures to Prevent Money Laundering and Financing of Terrorism is stored for 5 (five) years after the end of the client relationship and is subsequently deleted.
9. Your rights
You are entitled to access the personal data processed about you, albeit subject to certain statutory exceptions. Furthermore, you may object to collection and further processing of your personal data. You are also entitled to have your personal data corrected or to ask us to limit the processing of your personal data.
If you make a request to this effect, we will without undue delay delete the personal data we have registered about you, unless we are entitled to keep processing the data on a different basis, for instance if such processing is necessary to be able to establish a legal claim, or if it is necessary in order for us to be able to respond to questions from you.
In certain circumstances you may also ask us to provide you with a copy of your personal data in a structured, generally applied and machine-readable format and request that we transfer the data to another data controller (data portability).
If our processing of your personal data is based on your consent, you may at any time revoke your consent. To do so, you need to contact us (see below). If you revoke your consent, we will cease to process your personal data, unless we are entitled or obliged to continue our processing or storage of your personal data on a different basis, including pursuant to the law. Revoking your consent does not affect the legality of the processing that took place prior to such revocation.
If you want to exercise your rights as described above, feel free to contact us at any time (see below).
In connection with inquiries concerning your rights, we ask that you provide us with adequate information to process your inquiry, including your full name and your email address, so that we may identify you and respond to your inquiry. We will respond to your inquiry as soon as possible.
Feel free to contact us if you disagree with the way in which we process your personal data or the purposes for which we process the data. You may also file a complaint with:
The Danish Data Protection Agency
Carl Jacobsens Vej 35
Telephone: + 45 33 19 32 00
Our website has links to other websites or to integrated websites. Bech-Bruun is not responsible for the content of the websites of other companies (third-party websites) or for the practices of such companies regarding the collection of personal data.
When you visit other websites, you should always read their policies on protection of personal data and other relevant policies.
This page was updated August 2021