DAHL is obliged to protect personal data processed about clients, suppliers, business partners, employees and other physical persons pursuant to the General Data Protection Regulation and the Danish Data Protection Act.
Your data security is important to us, and we therefore take great care to ensure that your personal data is handled responsibly. Below you can read how DAHL Advokatpartnerselskab (hereinafter DAHL, "we", "us" or "our") processes personal data about you. You can also read about your rights in relation to our processing.
1 DAHL's role as a data controller and data processor
DAHL acts as a data controller when we process personal data in order to pursue or protect our own internal interests. This means that we determine the purposes for which your personal data is collected and processed, and we essentially determine the means of such data processing ourselves.
In some situations, DAHL furthermore acts as a data processor. This is the case when we perform a task for another person or entity, either a data controller or a data processor, and our processing of personal data is based only on documented instructions. In these situations, we do not ourselves determine the purpose of the collection and processing of personal data, and we do not ourselves determine the general means for such processing. When we act as a data processor, we will enter into a data processing agreement with the data controller which, in particular, provides terms and instructions for our processing of personal data. These agreements are entered into in accordance with Article 28 of the General Data Protection Regulation.
If you have any questions regarding our processing of your personal data, please contact DAHL here:
Central Business Reg. No. (CVR) 37 31 00 85
Our contact person for data protection is:
Name: Christoffer Belmann Mirasola
Phone: +45 88 91 94 05
2 What personal data do we collect and why?
We process personal data about you in a number of different situations. The personal data which we collect and process is mainly provided by the registered persons themselves. However, we also to some extent collect information from other sources, e.g. public databases etc.
Read more about our processing in the different situations below.
2.1 Provision of legal services
At DAHL, we process personal data that is necessary for our cooperation with clients and potential clients. We endeavour to only collect such information we deem necessary for the cooperation, which includes fulfilment of our obligations.
As regards our cooperation with clients, we typically only collect and process general personal data like name, address, phone number, email address and similar contact information from the client's owners and contact persons.
This includes information exchanged with us, e.g. email correspondence, telephone memos and other types of mail, etc.
Processing of such personal data is based on our legitimate interests in relation to management of our business and to fulfil our obligations towards clients. The processing of general data is based on Article 6(1)(b) and/or Article 6(1)(f) of the General Data Protection Regulation.
Depending on the specific case, we may process sensitive personal data on the basis of Article 9(2) is based on Section 8(3) and (4) of the Danish Data Protection Act. The legal basis for the processing of data on civil registration numbers is based on Article 11(2)(i) and/or (4).
Once a case has been archived for 5 years, access to it is restricted. Once the case has been archived for 10 years, the personal data are deleted, unless special circumstances require the personal data to be retained for a longer period.
2.2 Money laundering
As a law firm, DAHL is subject to obligations under the Danish Money Laundering Act. Therefore, in certain cases, we will process personal data, such as name, civil registration number, passport number, etc., for the sole purpose of fulfilling our obligations under the Danish Money Laundering Act.
The processing of general data is based on Article 6(1)(c) of the General Data Protection Regulation, while the processing of civil registration numbers is based on Section 11(2)(i) of the Danish Data Protection Act.
2.3 Visitors to our website
When you visit DAHL's website or use our other online services (on, for example, LinkedIn, Facebook and Instagram), DAHL may process information about your IP address as well as information about your computer, device and browser.
We also process information that you provide to us in connection with your use of the website or our online services, for example, when you fill in a form or register online, for example, to download a magazine or register for an event, including your name, address, business address, work phone/mobile number, email address, and any other information you provide to us.
We use your information so that we can make relevant services and products available to you and to improve your experience of our websites and online services and the services and products we offer. We also use data to show you content on our and other sites based on your activities and preferences, and to limit the number of times you see the same content.
The processing of your personal data is based on the balancing of interests rule set out in Article 6(1)(f) of the General Data Protection Regulation or your consent pursuant to Article 6(1)(a) of the General Data Protection Regulation and Section 3 of the Danish Executive Order on Cookies.
2.4 Marketing activities
When you receive marketing communications from DAHL, we process personal data about your name telephone/mobile number, email address, title and product interest. We also process information about your marketing or communication preferences and your use of the marketing we send to you (including, for example, whether you have opened an email from us, whether the email has been read and which links you have opened) and any other information you provide to us.
We process your personal data for the purpose of marketing our company and services/products, and for setting up and managing your marketing subscription. We use the personal data about your preferences and usage to understand the way customers receive our marketing messages and to improve our marketing to you and other customers going forward.
We will only send you marketing material by email or other electronic means once we have obtained your consent where this is required under the Danish Marketing Practices Act.
We also use personal data about you to show you content on our and other sites based on your activities and preferences, and to limit the number of times you see the same content, as well as to measure the effectiveness of our content and marketing.
The basis for processing is our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Our legitimate interest in processing your data is to comply with your wish to receive our newsletters, to which you have consented under the Danish Marketing Practices Act.
You can read more about our processing of personal data when sending newsletters in our newsletter terms.
In accordance with the Danish Consumer Ombudsman's guidelines and requirements, we will keep evidence of your consent to send you marketing material by email until two years after we last used your consent.
2.5 Business partners and/or suppliers to DAHL
We collect and process personal data that is necessary for our cooperation with suppliers and other business partners. We endeavour to only collect such information we deem necessary for the cooperation, including especially to fulfil our obligations and safeguard our interests in relation to the purchase of goods and services.
In relation to suppliers and other business partners, we typically only collect and process general personal data such as name, address, telephone number, email address and similar contact information from relevant contact persons.
This includes information exchanged with us, e.g. email correspondence, telephone memos and other types of mail, etc.
Processing of such personal data is necessary to pursue our legitimate interests in relation to managing our business and our ordinary business activities.
The processing is based on Article 6(1)(b) or Article 6(1)(f) of the General Data Protection Regulation.
We retain necessary personal data of our business partners and suppliers as long as there is an active cooperation with DAHL. When there is no longer an active cooperation, personal data is not retained longer than necessary to fulfil the purposes for which it was collected. The personal data may, for example, be stored in accordance with the Danish Bookkeeping Act or as a result of a dispute. When your personal data is no longer needed, we ensure that it is deleted in a secure manner.
2.6 CRM system
DAHL may collect and store information about clients, potential clients, competitors and business partners in a CRM system. DAHL only processes general personal data, such as name, address, telephone number, email, position and professional/personal interests.
The personal data is collected and stored for the purpose of relationship management in order to build, optimise and maintain existing and potential client relationships. This is done in order to improve the client experience by marketing services, events or other initiatives.
The processing of personal data is based on Article 6(1)(f) of the General Data Protection Regulation. The legal basis for collecting and storing information about the data subject in our CRM system is to pursue our legitimate interests in maintaining and optimising the relationship by offering, implementing and evaluating marketing measures.
Personal data will not be kept longer than necessary for the purpose for which it was collected. When your personal data is no longer needed, for instance if the relationship has been inactive for 2 years, we will ensure that your data is deleted in a secure manner. This information is reviewed annually in order to ensure updating, high data quality and data minimisation.
3 Disclosure of your personal data to others
Depending on the type of personal data, the purpose of processing and the context in which the personal data has been collected, we may disclose personal data to a third party, including also public authorities like municipalities, the Danish Tax Authorities, etc.
We also to some extent disclose personal data to suppliers when this is necessary for the purpose of the cooperation.
When disclosing personal data, we will ensure that we have the legitimate basis for processing such disclosure.
DAHL also discloses your personal data to data processors, for example in connection with the management of our IT systems. Our data processor only processes your personal data for our purposes and under our instructions. We enter into data processing agreements with our data processors to ensure that the required security is in place and to protect the data and comply with our data protection obligations.
4 Transfer of personal data to countries outside the EU/EEA
In connection with our processing of your personal data, we may transfer such information to countries outside the EU/EEA.
The data protection legislation in these countries may be less strict than the legislation applying in Denmark and other parts of the EU/EEA. However, in some countries, the EU Commission has determined that the level of data protection is equivalent to the level of protection in the EU/EEA. If we transfer personal data to countries where this is not the case, the transfer of your personal data to these countries outside the EU/EEA will be based on the standard transfer contracts drawn up by the European Commission and specifically designed to ensure an adequate level of protection.
You can read more about the transfer of personal data to countries outside the EU/EEA on the European Commission's website.
If you would like further information about our transfer of personal data to countries outside the EU/EEA, please contact us at email@example.com.
5 Data integrity and security
We ensure confidentiality, integrity and accessibility of the personal data we process by way of technical and organisational security measures.
Our technical security measures include the security of the IT systems we use in our business. Our organisational security measures include guidelines and policies that our employees must comply with. We will follow up and train our employees as necessary.
With our security of processing of personal data we also ensure lawful processing, including that we comply with the principles of processing specified in legislation relating to the processing of personal data and we will ensure that we have a basis for processing such information.
6 Your rights
As a data subject, you have certain rights under the General Data Protection Regulation. If you want to exercise your rights, please contact us.
You may – unconditionally and at any time – withdraw your consent. You can do so by sending us an email (see email address above). Withdrawal of your consent will not have any negative impact. However, this may mean that we cannot meet specific requests from you in the future. Withdrawal of your consent will not affect the lawfulness of the processing based on consent before it is withdrawn. Furthermore, it will not affect any processing carried out on another lawful basis.
You can also – unconditionally and at any time – object to our processing when it is based on our legitimate interests.
Your rights also include the following:
- Right of access: You have the right to access the personal data we process about you.
- Right to rectification: You have the right to obtain rectification of any inaccurate and incomplete personal data about you.
- Right to erasure (right to be forgotten): In exceptional cases, you have the right to obtain erasure of information about you before the time when we would normally delete your personal data.
- Right to restriction of processing: In certain situations, you have the right to restrict the processing of your personal data. If you have the right to restrict the processing of your personal data, we may only process personal data in the future – apart from storage – with your consent, or for the establishment, exercise or defence of legal claims, or to protect an individual or important public interests.
- Right to object: In certain situations, you have the right to object to our processing of your personal data, and always if the processing is for direct marketing purposes.
- Right to data portability: In certain situations, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have such personal data transferred from one data controller to another.
- Right to lodge a complaint: You can lodge a complaint at any time with the Danish Data Protection Authority about our processing of personal data. See more at datatilsynet.dk where you can also find further information on your rights as a data subject.