Personal data – The General Data Protection Regulation. How we process your personal data.
Answers to FAQs about how we process your personal data
This document describes Copenhagen Legal Aid’s (hereinafter referred to as "us", "we" or "our") personal data policy (hereinafter referred to as "the Policy") used to process personal data about persons to whom Copenhagen Legal Aid provides legal assistance.
The Policy is formulated and made available to comply with the Data Protection Regulation (2016/679 of 27 April 2016) (hereinafter referred to as “GDPR”) and the rules therein on the duty to provide information.
2. Types of personal data that are processed
Copenhagen Legal Aid processes the following types of general personal information:
Correspondence, documents, pictures and other case material as well as other information that is relevant and necessary to be able to provide the best possible assistance. Copenhagen Legal Aid also compiles statistics on case processing for use in annual reports and reports to the Department of Civil Affairs on case numbers, etc. Only stats about case types are included in the statistics. Personal case-specific information is never included in our reports.
We may, depending on the circumstances and where this is strictly relevant, process special categories of personal information (also called "sensitive personal information") about you. This personal information includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning health or data concerning a person's sex life or sexual orientation.
We process this sensitive personal information for the following purposes:
To provide legal assistance to Copenhagen Legal Aid's clients.
To comply with Copenhagen Legal Aid's obligations.
We collect your personal information from you and, where applicable, from external sources. Personal information from the external sources can be collected from the other parties to the case as well as public authorities.
If we need to collect and process additional personal information other than indicated above, we will inform you of this at the time of collection. Such information may also be provided by updating this Politikken.
3. Purpose of the processing of personal data
We only process your personal data when it is necessary for your case and in accordance with the GDPR. The personal data may, depending on the circumstances, be processed for the following purposes:
To provide legal assistance to Copenhagen Legal Aid's clients.
To be able to document the Legal Aid's compliance with any legal obligations such as the Money Laundering Act, the Accounting Act or to document the Legal Aid's advisory responsibility.
4. Legal basis for the processing of personal data
We only process your personal data when we have a legal basis for processing in accordance with the GDPR. The processing of personal data takes place depending on the specific circumstances on the basis of the following processing authority:
The processing is necessary to comply with a legal obligation incumbent on Copenhagen Legal Aid, such as the Accounting or Money Laundering Act, cf. Article 6(1) point (c) of the GDPR.
The processing is necessary to pursue a legitimate interest where the interests of the data subject or fundamental rights and freedoms requiring the protection of personal data do not take precedence over this, in accordance with Article 6(1) point (f) of the GDPR.
Where strictly relevant and necessary, sensitive personal data are processed (the “specific categories of personal data” set out in Article 9 (1) of the GDPR). In that case, processing will only take place if this is permitted under Article 9(2) - (4) of the GDPR, including in particular in the following cases:
The processing is necessary for legal claims to be determined, asserted or defended, cf. GDPR, Article 9(2) point (f).
In addition to the above, in some cases we perform CPR number processing. Before we carry out this processing, we obtain consent to this, unless the processing is carried out in order to comply with the legislation or one of the other exceptions in the Data Protection Act, Section 11, Subsection. 2. We process CPR number for the following purposes:
When the conditions for being able to process sensitive information are met, cf. the Data Protection Act, Section 11, Subsection 2, No. 4.
In addition to the above, in some cases we process information about criminal convictions and offenses. Before we process this information, we obtain your consent. We process this information for the following purposes:
When it is necessary for the client's legal claim to be determined, asserted or defended, cf. the Data Protection Act, Section 8, Subsection. 3, 2nd indent, and Paragraph. 5.
In addition to the above, we also process personal information about children under the age of 13, if relevant to the case.
5. Disclosure and transfer of personal data
We only pass on personal data to third parties when the law allows or requires it, including when it is relevant to your case and at your and or the data controller's specific request.
We pass on personal information to the following recipients from the EU / EEA:
Any other recipients at your request
We generally use various external and professional organisations as suppliers and partners to provide or assist us in providing our services and products. The external organisations will not receive or process personal data unless the law allows the transfer and processing thereof. If the external organisations or partners are data processors for us, their processing of personal data always takes place in accordance with a data processor agreement that meets the legal requirements for this. If the external organisations or partners are independent data controllers, their processing of personal data takes place in accordance with their own privacy, data protection or personal data policy, which the external organisations will draw attention to, unless the law provides otherwise.
We do not transfer personal data to countries or international organisations outside the EU / EEA, unless this is necessary at your specific request.
6. Deletion and storage of personal data
We ensure that personal information is deleted when it is no longer relevant for our processing purposes as described above. We always store personal information for the period of time that applicable law obliges us to, including for use in documenting compliance with, among other things, the provisions of the Accounting Act. Furthermore, as a general rule, we retain personal information for as long as it may be relevant for legal claims against your counterparty (s), you, us or others to be established, asserted, rejected or defended. As a general rule, we store personal data until the expiry of the deadlines in the statute of limitations and / or in other relevant legislation, etc. on limitation or resumption. For questions regarding the storage and processing of personal information, please feel free to contact us at the email address provided under Section 9 of the Policy.
7. Rights of registered persons
Registered persons have a number of rights that we can help with. If a registered person wants to make use of their rights, they must contact us. The rights include the following
Right to see information (right of access): Registered persons have the right to access the information that is processed about them, as well as a number of additional information.
Right to rectification (correction): Registered persons have the right to have incorrect information about themselves corrected.
Right of deletion: In special cases, registered persons have the right to have information about themselves deleted before the time of our ordinary general deletion occurs.
Right to restrict processing: In certain cases, registered persons have the right to have the processing of their personal data restricted. If a registered person has the right to have the processing restricted, we may in future only process the information - apart from storage - with consent, or for the purpose of legal claims being established, asserted or defended, or to protect a person or important societal interests.
Right of objection: In certain cases, registered persons have the right to object to our otherwise lawful processing of their personal data.
Right to transmit information (data portability): In certain cases, registered persons have the right to receive their personal data in a structured, commonly used and machine-readable format and to have this personal data transferred from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency's guide to the data subjects' rights, which you will find at www.datatilsynet.dk. If you wish to exercise your rights as described above, please use the contact information provided at the bottom of this Politikken. We strive to meet your wishes regarding our processing of personal data and your rights as a registered person. If, despite our efforts, you wish to lodge a complaint, you can do so by contacting the Danish Data Protection Agency (www.datatilsynet.dk).
8. Changes to the Policy
We reserve the right to update and change the Policy. If we change the Policy, we change the date and version at the bottom of the document. In the event of significant changes, we will give notice in the form of either a visible notice on our website, via e-mail or some other means of communication.
For questions or comments on the Policy, or to invoke one or more of your rights, we can be contacted at firstname.lastname@example.org.
Version 1.2 - 23 February 2022