Privacy Policy
Last updated: December 4, 2025
How does the Legal Aid process personal data - the General Data Protection Regulation and the Personal Data Act.
Here you can find information about how the Legal Aid processes your personal information and answers to some frequently asked questions.
1. Introduction
This Privacy Policy (hereinafter referred to as the “Policy”) describes how Copenhagen Legal Aid (hereinafter referred to as “us”, “we” or “our”) processes personal data about the persons to whom Copenhagen Legal Aid provides legal assistance. The policy is formulated and made available in order to comply with the Data Protection Regulation (2016/679 of 27 April 2016) (hereinafter referred to as “Data Protection Regulation”) referred to as “GDPR” and the rules herein on the obligation to provide information.
2. Types of Personal Data Processed
Copenhagen Legal Aid processes the following types of ordinary personal data: Correspondence, documents, pictures and other case materials, as well as other information that is relevant and necessary to provide the best possible assistance. The Legal Aid also compiles statistics on the handling of cases for the purpose of annual reports and reporting to the Civil Service about the number of cases, etc. However, it is only the nature of the case that is included in statistics, etc. We may, in circumstances and where strictly relevant, process special categories of personal data (also referred to as “sensitive personal data”) about you. This personal data includes information that clarifies race or ethnicity, information about a person's religious or philosophical beliefs, information about a person's trade union affiliation, and information about health (health, illness, diagnosis, etc.). We process this sensitive personal data for the following purposes:
- To provide legal assistance to the clients of Copenhagen Legal Aid.
- To comply with the obligations of Copenhagen Legal Aid.
We collect your personal data from you and, where appropriate, from external sources. Personal data from the external sources may be collected from other parties in the case as well as public authorities. If we need to collect and process additional personal data than stated above, we will inform about this at the time of collection. Such information may also be provided by updating this Policy.
3. Purpose of processing personal data
We only process your personal data for legitimate purposes in accordance with GDPR. The personal data may, as appropriate, be processed for the following purposes:
- To provide legal assistance to the clients of Copenhagen Legal Aid.
- To be able to document Legal Aid's compliance with any legal obligations such as the Anti-Money Laundering Act, the Accounting Act or to document Legal Aid's advisory responsibilities.
4. Legal basis for the processing of personal data
We only process your personal data when we have a lawful basis for processing in accordance with GDPR. The processing of personal data takes place according to the specific circumstances on the basis of the following processing home:
- The processing is necessary to comply with a legal obligation imposed by Copenhagen Legal Aid, such as the Accounting or Money Laundering Act, cf. GDPR, Art. 6 (1) (c)
- The processing is necessary for the pursuit of a legitimate interest in which the interests of the data subject or fundamental rights and freedoms requiring the protection of personal data do not take precedence, cf. GDPR Article 6 (1) (f)
Where strictly relevant and necessary, sensitive personal data are processed (the “special categories of personal data” specified in GDPR Article 9 (1)). In this case, the processing will only take place if this is permitted under Article 9 (2) to (4) of the GDPR, including in particular in the following cases:
- The processing is necessary for legal claims to be established, asserted or defended, cf. GDPR Article 9 (2) (f)
In addition to the above, in some cases we process the social security number. Before we carry out this processing, we obtain consent to this, unless the processing is carried out to comply with the law or one of the other exceptions in Section 11 (2) of the Data Protection Act. We process your social security number for the following purposes:
- When the conditions for processing sensitive information are met, see Section 11 (2) (4) of the Data Protection Act.
In addition to the above, in some cases we process information about criminal offences. Before we carry out this processing, we obtain consent. We process this information for the following purposes:
- When necessary for the client's legal claims to be established, asserted or defended, see Section 8, paragraph 3, 2nd indent, and paragraph 5 of the Data Protection Act.
In addition to the above, we also process personal data about children under the age of 13, if relevant to the case.
5. Disclosure and transfer of personal data
We only disclose personal data to others when permitted or required by law, including where applicable and at any specific request from you and the data controller. We disclose personal data to the following recipients from the EU/EEA:
- Authorities
- Any other recipients at your request
- Counterparties.
We generally use various external and professional organisations as suppliers and partners to provide or assist us in providing our services and products. The external organisations will not receive or process personal data unless the law permits the transfer and processing thereof. If the external organisations or business partners are data processors for us, their processing of personal data is always carried out in accordance with a data processing agreement that meets the requirements of the legislation. If the external organisations or business partners are independent data controllers, their processing of personal data is carried out in accordance with their own privacy, data protection or personal data policies, to which the external organisations will draw your attention, unless otherwise required by law. We do not transfer personal data to countries or international organisations outside the EU/EEA unless required by your specific request.
6. Deletion and storage of personal data
We ensure that personal data is deleted when it is no longer relevant for our processing purposes as described above. We always store personal data for the period required by applicable law, including for the purpose of proving compliance with, among other things, the provisions of the Accounting Act. We also generally retain personal data for as long as it may be relevant for legal claims against your counterparty(s), you, us or others to be established, asserted, denied or defended. As a general rule, this means that we retain personal data until the expiry of the time limits laid down in the statute of limitations and/or in other relevant legislation, etc. regarding obsolescence or resumption. If you have any questions regarding the storage and processing of personal data, you are welcome to contact us at the email address found in section 9 of this Policy.
7. Rights of data subjects
Data subjects have a number of rights that we can help with. If you, as a registered person, want to exercise your rights, they must contact us. The rights include the following:
- Right to access information (right of access): Data subjects have the right to access the data processed about them, as well as a number of additional information.
- Right to rectification (rectification): Data subjects have the right to have incorrect information about themselves corrected.
- Right to erasure: In exceptional cases, data subjects have the right to have information about themselves erased before the time of our regular general deletion.
- Right to restriction of processing: Data subjects have the right in certain cases to have the processing of their personal data restricted. If a data subject has the right to have the processing restricted, we shall in future only process the data - other than storage - with consent, or for the purpose of establishing, asserting or defending legal claims, or for the protection of a person or important public interests.
- Right to object: In certain cases, data subjects have the right to object to our otherwise lawful processing of their personal data.
- Right to transmit information (data portability): In certain cases, data subjects have the right to receive their personal data in a structured, commonly used and machine-readable format and to have this personal data transferred from one controller to another without hindrance.
You can read more about your rights in the Data Protection Authority's guide on the rights of data subjects, which you can find onwww.datatilsynet.com. If you wish to exercise your rights as described above, please use the contact details provided at the bottom of this Policy. We strive to meet your requests regarding our processing of personal data and your rights as a data subject. If, despite our efforts, you wish to file a complaint, you can do so by contacting the Danish Data Protection Authority (www.datatilsynet.com).
8. Amendments to this Policy
We reserve the right to update and amend this Policy. If we change the Policy, we change the date and version at the bottom of the document. In the event of material changes, we will provide notice in the form of a visible notice on our website, e-mail or through the use of other means of communication.
9. Contact
For questions or comments on this Policy, or when invoking one or more rights, we may be contacted at mail@retshjaelpen.dk.