Riemann law firm
Personal data policy
1. Introduction
Riemann law firm acts as data controller for the processing of the personal data you provide before or during the establishment of a client relationship. This personal data policy ("this Personal Data Policy"/"the Personal Data Policy") applies to all personal data we process about you.
On www.riemannlaw.com you will always find the current version of the Privacy Policy.
The legal basis for our processing of your personal data is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC and related regulations ("GDPR"), supplemented by the Act on Additional Provisions to the Regulation on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such Data adopted on
17 May 2018 ("Data Protection Act").
Any questions regarding the Privacy Policy, the processing of your personal data or suspected non-compliance may be raised by writing to lawyer Anders Kildsgaard at [email protected]
2. Personal data
When you are a client of ours, employed by, or otherwise represent a client of ours, we process various ordinary work-related personal data from you in the form of, among other things, contact information such as name, telephone, email address and other general information that you provide to us. We also process information as required for compliance with the Money Laundering Act in those cases where this applies.
When you or the company you are employed by are a supplier to us, we process ordinary work-related personal data about you in the form of contact information and the like.
3. Purpose of treatment
Client-related information, including on potential or existing clients, their employees or representatives of them, is processed for the purpose of managing the client relationship and providing advice. This could be for the purpose of sending and receiving case-related communication, complying with the Bookkeeping Act, the Danish Anti-Money Laundering Act and the Danish Bar and Law Society's rules on good practice.
Vendor-related information about vendors, its employees or representatives is processed for the purpose of managing orders, including communicating with the supplier and securing audit and transaction trails.
4. Basis for treatment
Client-related information
We process your ordinary personal data prior to entering into an agreement. The legal basis is Article 6(1)(b) of the General Data Protection Regulation, according to which we must be able to handle inquiries and similar necessary matters prior to the conclusion of the agreement.
When establishing a client relationship, we process the relevant ordinary personal data to fulfill the client relationship. The legal basis is either Article 6(1)(b) of the General Data Protection Regulation, as the processing of your data is necessary in order to fulfil our agreement with you or our legitimate interests, as referred to in Article 6(1)(b) of the Personal Data Regulation. Article 6(1) of the Personal Data Regulation (f). We have a legitimate interest in processing the ordinary personal data in order to communicate with you on an ongoing basis regarding the current case, as well as in connection with time registration and billing.
In addition, we are legally obliged to process personal data about you under the Money Laundering Act and the Accounting Act. Among other things, we must store accounting material for five years from the end of the financial year to which the accounting material relates. Our legal basis for this processing is Article 6(1)(c) of the GDPR and Section 11(1)(a) of the Data Protection Act.
Vendor-related information
When you or the company you are employed by is a supplier to us, the legal basis for processing your personal data is either Article 6(1)(b) of the Personal Data Regulation, as the processing of your data is necessary for us to fulfil our agreement with you, or Article 6(1)(c) of the General Data Protection Regulation, as we are legally obliged to do so under the accounting code's rules on accounting material , or our legitimate interests, as referred to in Article 11(1) of Regulation (EC) No 1 Article 6(1) of the Personal Data Regulation (f). We have a legitimate interest in processing the personal data described above for use in order to be able to communicate with you about our order on an ongoing basis and to be able to document it.
5. Sharing your personal data
We may share your personal data with the suppliers and partners we use in the course of our business. For example, suppliers, etc. who assist us with IT services, such as operation and support, or with administration, archiving, finance and accounting. We may also share your personal data with any other law firms assisting with your case.
We may disclose your personal data to external third parties in the form of public authorities, counterparties and other law firms if this is done as part of our advice or is otherwise necessary for the handling of your case.
6. Storage and deletion of your personal data
We keep your personal data until the purpose of processing your personal data no longer exists. We will assess whether the case(s) we have processed on your behalf has/have been definitively closed and whether there are other specific and legitimate reasons to continue processing the personal data. As a general rule, we will not process your personal data for more than 10 years after the end of the client relationship.
As a rule, if you or the company you are employed in are a supplier to us, we do not process your personal data for more than a maximum of 6 years after the execution of an order.
7. Your rights
Insight
You have the right to access the personal data for which we process and have registered about you, including the purposes for which the data was collected.
Rectification and deletion
You have the right to request correction, additional processing, deletion or blocking of the personal data we process about you
Restriction of treatment
In exceptional circumstances, you have the right to restrict the processing of your personal
data.
Data portability
You have the right to receive your personal data (only information relating to yourself that you have provided to us) in a structured, commonly used and machine-readable format (data portability).
Right of opposition
You have the right to ask us not to process your personal data if our processing is based on Article 6(1)(f) (legitimate interest). The extent to which we process your data for such purposes is set out in the Personal Data Policy.
Withdrawal of consent
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.
If you wish to exercise one or more of the above rights, you should contact Anders Kildsgaard in writing
at [email protected]
8. Possible consequences of not providing personal data
If you are required to provide personal information, this will be disclosed at the time of collection. If you do not wish to provide the personal data that we request, this may mean that we cannot provide you with the services or advice that you request, or that we cannot enter into a partnership with you.
9. Complaint to supervisory authority
If you are dissatisfied with our processing of your personal data, you can complain to the Danish Data Protection Authority, Carl Jacobsens Vej 35, 2500 Valby, telephone 3319 3200, e-mail: [email protected]
10. Updating this Policy
We regularly review the Personal Data Policy to keep it up to date. The personal data policy is subject to change without notice. Significant changes to the Personal Data Policy will be published on our website www.riemannlaw.com together with an updated version of the Personal Data Policy.
This Policy was last updated on 10 May 2019.