How we process Personal Data at Wissum & Company

 

Under the General Data Protection Regulation we are required to inform you about our processing of personal data and the rights of the data subjects.

 

Controller

Wissum & Company, CVR-no. 53230350, is the data controller for information received for the purpose of our general advisory services to our clients.
If you have any questions about our processing of your personal data, you can contact us at info@wissum.dk.

 

Collection of data

When we provide advisory services, we receive various documents and information in electronic form from our clients, including their employees. These documents and information are stored in a digital file and, in some situations, also in a physical file. There will often be personal data in the documents and information that we receive from our clients, and in the course of handling a case additional personal data may be added, for example from opposing parties and their advisers, authorities and courts and contact persons at these, or in the form of publicly available information collected by Wissum & Company itself. This may be ordinary personal data, such as name and contact information. It may be civil registration (CPR) numbers or information about criminal offences. And it may be sensitive personal data, for example regarding health conditions and trade union membership. The information may concern our clients or other persons involved in the relevant cases.
 

Purpose and legal basis

Wissum & Company processes the information we receive for the purpose of being able to advise our clients in the matters in which the information is included. This processing is carried out, depending on the nature of the engagement and the information, on the basis of Article 6(1)(b), (c) or (f), Article 9(2)(f) of the General Data Protection Regulation, or section 8(3) of the Danish Data Protection Act. As a rule, the legal basis for collecting and processing the information will be that it is necessary for the performance of the contract with our clients, or for the purpose of safeguarding our clients’ legitimate interests or establishing, exercising or defending their legal claims. When we process civil registration (CPR) numbers, this is done on the basis of section 11 of the Danish Data Protection Act.

In matters covered by the Anti-Money Laundering Act, we obtain identity information etc. on our clients for the purpose of complying with the requirements of that Act. The legal basis for this processing follows from section 11 of the Anti-Money Laundering Act.

 

Disclosure of information

Wissum & Company does not make personal data available to any third party for marketing or similar purposes. We only disclose personal data where this is necessary in order for us to safeguard our clients’ interests as described above.

The typical recipients of such information will be public authorities, courts, counterparties and their advisers. In matters covered by the Anti-Money Laundering Act, we disclose identity information etc. to the extent that we are obliged to do so under the law.
We transfer personal data, where necessary, to our system providers in accordance with data processing agreements and solely for the purpose of enabling our use of the relevant IT systems.
We have implemented appropriate technical and organisational measures to protect against unauthorised access to, loss or destruction of the data for which we are responsible. We continuously develop our security policies and procedures to ensure that our systems are safe and protected. Only persons who have a legitimate need to process personal data for the above purposes have access to such data.

 

Retention period

Wissum & Company retains personal data for as long as there is a relevant legal interest in doing so, which is usually determined on the basis of a specific assessment of the importance of the data in light of the applicable limitation rules. If there is a relevant legal interest, the data may be retained for up to 10 years after the conclusion of the matter.
In matters covered by the Anti-Money Laundering Act, we retain identity information in accordance with the applicable rules for five years after the conclusion of the matter.

 

Rights of the data subjects

Under the General Data Protection Regulation, data subjects have the following rights:

  • the right of access to the information we process
  • the right to have inaccurate information rectified
  • the right, in special cases, to have information erased before the time of our normal general erasure
  • the right, in certain cases, to have the processing restricted so that, in future – apart from storage – it may only take place with consent or for the establishment, exercise or defence of legal claims, or for the protection of a person or important public interests
  • the right, in certain cases, to object to our otherwise lawful processing of the information
  • the right to receive the personal data concerning the data subject in a structured, commonly used and machine-readable format and to have those data transmitted from one controller to another without hindrance.

In connection with the exercise of the above rights, we may require appropriate identification.

You can read more about your rights in the Danish Data Protection Agency’s guidance on the rights of data subjects, which you can find at www.datatilsynet.dk.

You can lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with the way in which we process your personal data. You can find the contact details of the Danish Data Protection Agency at www.datatilsynet.dk.

OK

We use cookies and other similar technologies to improve your browsing experience and the functionality of our site. By clicking “OK”, you consent to the storing on your device of all the technologies described in our Privacy Policy. We urge you to read our Privacy Policy to better understand how we maintain our site, and how we may collect and use visitor data.

Read more