DAHL Law Firm (DAHL) is obliged to protect personal data processed about clients, suppliers, cooperation partners, employees and other physical persons pursuant to the General Data Protection Regulation and the Danish Data Protection Act.
Correct and legal processing of personal data is a high priority for us.
DAHL acts as a data controller when we process personal data in order to pursue or protect our own internal interests. This means that we determine the purposes for which your personal data is collected and processed and we essentially determine the means of such data processing ourselves.
In some situations, DAHL furthermore acts as a data processor. This is the case when we perform a task for another person or entity, either a data controller or a data processor, and our processing of personal data is based only on documented instructions. In these situations, we do not ourselves determine the purpose of the collection and processing of personal data, and we do not ourselves determine the general means for such processing. When we act as a data processor, we will enter into a data processing agreement with the data controller, which in particular provides terms and instructions for our processing of personal data. These agreements are entered into in accordance with Article 28 of the General Data Protection Regulation.
As data controllers, we carry out a range of processing activities, which especially include human resource management, cooperation with clients and suppliers as well as marketing activities. We maintain records of our processing activities internally.
Human resource management
We inform our employees about our processing of personal data about them.
Cooperation with clients
We collect and process personal data that is necessary for our cooperation with clients. We endeavour to only collect such information we deem necessary for the cooperation, which includes fulfilment of our obligations.
As regards our cooperation with clients, we typically only collect and process general personal data like name, address, phone number, email address and similar contact information from the client's owners and contact persons. - This includes information exchanged with us, e.g. email correspondence, telephone memos and other mail, etc.
Processing of such personal data is necessary to pursue our legitimate interests in relation to management of our business and to fulfil our obligations towards clients.
We collect and process personal data that is necessary for our cooperation with suppliers and other cooperation partners. We endeavour to only collect such information we deem necessary for the cooperation, including primarily to fulfil our obligations and safeguard our interests in relation to the purchase of goods and services.
As regards our suppliers and other cooperation partners, we typically only collect and process general personal data like name, address, phone number, email address and similar contact information from relevant contact persons. This includes information exchanged with us, e.g. email correspondence, telephone memos and other mail, etc.
Processing of such personal data is necessary to pursue our legitimate interests in relation to management of our business and our ordinary business activities.
We collect and process personal data in connection with our marketing activities. We endeavour to only collect personal data that is necessary to achieve the marketing purposes we have defined. See more about this below.
The newsletter is sent out via its own CMS system and at special events via the American e-mail marketing platform Active Campaign. In connection with our use of Active Campaign, your personal information will be transferred to the USA. The European Commission has assessed that the level of protection in the USA is not on a par with the level of protection in the EU / EEA. The transfer of personal data to Active Campaign therefore takes place on the basis of the the European Commission's Standard Contractual Clauses, which is designed specifically to ensure an adequate level of protection when transferring personal data to the United States. If you would like further information about our transfer of information to the United States, please feel free to contact us at email@example.com. We collect and process information about your behavior when you receive newsletters from us. You can read more about our processing of personal data by sending out newsletters in our newsletter terms and conditions (only available in Danish as the newsletter is only distributed in Danish).
In our marketing, we apply a number of social media. When you use our social media sites (such as Facebook, YouTube, Instagram and LinkedIn), we may, as part of this, process personal data about you, including:
- Information about your IP address
- Your user information
- The information you share on our sites
- As well as other information you choose to pass on to us
You should be aware that information you choose to publish through our pages on social media will be shared with many people. You should therefore not describe conditions or share pictures etc. that you do not want to be generally available.
From where do we collect information?
The personal data which we collect and process is mainly provided by the registered persons themselves. However, we also to some extent collect information from other sources, e.g. public databases, etc.
Disclosure of personal data
Depending on the type of personal data, the purpose of processing and the context in which the personal data has been collected, we may disclose personal data to a third party, including also public authorities like municipalities, the Danish Tax Authorities etc.
We also to some extent disclose personal data to suppliers when this is necessary for the purpose of the cooperation.
When disclosing personal data, we will ensure that we have the required basis for processing such disclosure.
Security of processing
We ensure confidentiality, integrity and accessibility of the personal data we process by way of technical and organisational security measures.
Our technical security measures include the security of the IT systems we use in our business. Our organisational security measures include guidelines and policies that our employees must comply with. We will follow up and train our employees as necessary.
Our security of processing of personal data also includes lawful processing, including that we comply with the principles of processing specified in legislation relating to the processing of personal data and we will ensure that we have a basis for processing such information.
The personal data we collect and process will be erased when the purposes of our processing have been met and we no longer need the information.
Rights of data subjects
Pursuant to the legislation relating to the processing of personal data, the persons which we process personal data about have a number of rights, which we respect. These rights include:
- The right to obtain access to and rectify or erase personal data processed by us
- The right to restrict our processing of personal data about the data subject
- The right to object against the processing
- The right, in certain cases, to receive information about oneself (data portability)
- The right to withdraw a consent
If you as a data subject want to exercise your rights, please contact us. Our contact information is listed below.
If you disagree or are dissatisfied with the way we process your personal data, you can lodge a complaint to us. Our contact information is listed below. You are also entitled to lodge a complaint to the Danish Data Inspection Authority if you are dissatisfied with the way in which we process your personal data. You can find the Danish Data Inspection Authority's contact information on www.datatilsynet.dk
Our contact information:
Central Business Registration No. (CVR): 37 31 00 85
Our contact person for data protection is:
Name: Christoffer Belmann Mirasola
Phone: +45 88 91 94 05
Please do not hesitate to contact us if you have any questions or you want to exercise your rights.
Links to other websites and social media
This policy is version no. 1 and is valid as from 24 May 2018.