Horten's privacy notice for legal services and marketing

Version 2.0 of August 25, 2023

1. Introduction

This privacy notice provides information on how Horten Advokatpartnerselskab ("Horten" and "we") processes personal data about our clients, counterparties, witnesses, appraisers etc. in connection with:

Providing legal services to legal entities, funds, associations, public authorities, utility providers etc. in connection with establishment of client relationships, legal counselling and case management – section 2, 3 and 8 below
Providing legal services to natural persons – section 2, 4 and 8 below
Processing of personal data in connection with insolvency proceedings, including debt cancellation – section 2, 5 and 8 below
Marketing activities, newsletters, webinars, physical events etc. – section 2, 6 and 8
Visitors on Horten’s website and Horten's social media profiles – section 2, 7 and 8 below
Information to all individuals – section 8 below

We are required to provide this information under Articles 13, 14 and 21 of the General Data Protection Regulation (EU Regulation no. 2016/679 of 27 April 2016) (the "GDPR”). In this privacy notice, we also refer to the Danish Data Protection Act (Act no. 502 of 23 May 2018) (The "DPA").

In the following, we will inform you about the purposes and the legal bases for our processing of personal data, the sources of the data, the recipients of the data, the retention periods and your rights under the GDPR.

We are bound by professional secrecy provisions under the Danish Administration of Justice Act and the Rules of the Danish Bar and Law Society regarding client-related information.

You are welcome to contact Horten’s internal compliance team at intern-compliance@horten.dk or by phone +45 33 34 40 00 (the reception) if you have any questions or wish to exercise your rights.

1.1 Horten’s others privacy notices

If you are applying for a position at Horten, you can read our recruitment privacy notice here.

If you consider using Horten's whistleblower scheme, you can read our privacy notice for whistleblowers here.

If you are the debtor in a claim, where our client is the creditor, you can read our privacy notice here.

Horten's privacy notice regarding KYC procedures based on the Danish Act on Measures to Prevent Money Laundering and Financing of Terrorism (the AML Act) is sent out separately by our AML controllers (AML.control@horten.dk).

2. Data controller

2.1 Our legal information

Horten Advokatpartnerselskab
CVR no. 33775229
Philip Heymans Allé 7
DK-2900 Hellerup
Denmark

We also have two other offices located at Frederiks Plads 36, DK-8000 Aarhus C, and at Godsbanevej 1B, DK-7400 Herning, under the same CVR/TIN number.

2.2 Closed-circuit television (cctv)

If you visit Horten’s offices, you are hereby informed that we monitor entrances and parking basements through CCTV as part of our security measures and for prevention and detection of crime. We base this processing on our legitimate interest in securing our buildings and information (Article 6(1)(f) of the GDPR). CCTV is carried out in accordance with the Danish Television Surveillance Act.

We will pass on CCTV images to the police, if there is an incident that requires this.

2.3 Sanctions screening

We screen all clients and transactions against relevant sanctions lists, including e.g. EU’s sanctions list, as we are under an obligation to contribute to the freezing of funds belonging to individuals, groups and countries subject to international financial sanctions (prevention of terrorism and sanctions against third countries), if such funds are entrusted to us. Sanctions screenings are performed as part of establishing a client relationship and on an ongoing basis.

The screening is based on Article 6 (1) (e) of the GDPR.

3. Providing legal services to legal entities, funds, associations, public authorities, utility providers etc.

3.1 On whom does Horten process personal data?

When a company, fund, association, public authority etc. is a client at Horten, we process information about the following individuals:

Contact persons, employees and management members, including board and executive board members and owners
Customers, suppliers, business partners and other consultants to our clients and counterparties
Employees at collaborative law firms, counterparties and their employees, witnesses, secondary parties, appraisers and judges
Other data subjects whose data is included in our case management, e.g. in connection with mergers and acquisitions (e.g. employees in companies, which are in the process of a sale, and creditors), court cases and assistance on internal investigations with clients
In connection with the administration of funds and associations, e.g. information about applicants and members

We continuously assess whether we should provide separate privacy information, if the information is subject to the rules on professional secrecy under the Danish Administration of Justice Act and the Rules of the Danish Bar and Law Society. There may be cases, where we based on the circumstances provide privacy information, e.g. in court cases and in cases where we assist our clients with their internal investigations.

3.2 What are the purposes of the processing?

Horten processes personal data to establish and manage client relationships in relation to case management, contract management, invoicing, follow-up and evaluation. We also process information about clients and counterparties in connection with conflict of interest checks.

In addition, we process personal data to collect facts and based hereof provide legal counselling and case management within e.g. corporate law, public law, procurement law, energy law, tax law and other business law, including mergers and acquisitions, due diligence investigations, contract drafting, company registrations, transactions and property transactions etc. We assist for example with drafting and negotiating cooperation agreements, employment contracts including for chief executives, ownership agreements, board work, reports to public authorities, legal investigations where we assist our clients with their internal investigations, ongoing counselling etc.

In connection with legal and arbitration proceedings, we process personal data to safeguard our client's interests in connection with the preparation and conduct of litigation or arbitration proceedings, including through the preparation and review of pleadings, summoning of witnesses, collection of information from experts, collaboration with the arbitration court, remuneration of arbitrators and experts and witness compensation.

In connection with the management of funds and associations, we provide secretarial services as part of the services provided.

3.3 What kind of personal data does Horten process?

We usually process contact details (name, address, phone number and email) and information about associated company, title, position and educational background.

Where relevant, we process information about financial circumstances, including tax information and professional affiliation, contractual matters, information about disciplinary matters (e.g. warnings, dismissals and suspensions) and information about criminal offence data.

In special cases, we process special categories of personal data such as information about health, trade union membership, religion or sexual orientation in employment law cases, e.g. in cases involving an element of discrimination or harassment.

In certain cases, we need a civil registration number and identification documents, e.g. a passport. We need for example a civil registration number for unique identification when we make registrations with the Danish Business Authority (virk.dk), the Danish Land Registration Court (tinglysning.dk) and the Danish Court Administration (minretssag.dk). When disbursing funds, we need a bank account number in addition to a civil registration number.

3.4 What are the legal bases for Horten's processing?

We process personal data to comply with our legal obligations under the Rules of the Danish Bar and Law Society (Article 6(1)(e) of the GDPR).

We process general personal data e.g. on counterparties and employees in target companies, where the purpose is to enforce and defend legal claims or to pursue our legitimate interest in offering legal assistance to our clients and complying with the provisions of the Danish Bar and Law Society (Article 6(1)(f) of the GDPR).

Depending on the specific case, we process special categories of personal data on the basis of Article 9(2)(b) of the GDPR in relation to e.g. labour law obligations and rights, or Article 9(2)(f) of the GDPR in relation to enforcement or defence of legal claims for our clients or third parties.

We process information about criminal offence data based on our legitimate interest that overrides the data subject’s interests (DPA section 8(3), second sentence, and Article 10 of the GDPR), and when the processing is necessary to establish, exercise or defend a legal claim (DPA sections 8(3)).

We process civil registration numbers for the purpose of enforcing or defending a legal claim (DPA sections 11(2)(4) and 7(1) and Article 9(2)(f) of the GDPR), and when we e.g. are subject to reporting obligations to public authorities (DPA section 11(2)(1)).

3.5 Where does Horten collect the personal data?

The sources of our information depend on the specific circumstances of a case. The information may originate from our client, from you as a data subject, from current or former employers, witnesses, counterparties, public authorities (e.g. the Central Business Register (CVR), the Civil registration System (CPR) and the Danish Tax Authority (Skat)), social media, banks, insurance companies, auditors, courts, arbitration boards, the police, the Prosecution Authority, other consultants, colleagues, other clients, or from documents regarding transactions, which Horten assists.

3.6 Does Horten disclose the personal data to others?

We are bound by professional secrecy provisions under the Danish Administration of Justice Act and the Rules of the Danish Bar and Law Society regarding client-related information.

We disclose personal data only if it is necessary in order to safeguard our clients’ interests, or when we are under legal obligation to do so, e.g. as part of responding to access requests in accordance with Article 15 of the GDPR. The typical recipients of personal data are clients, authorities, courts, counterparties, witnesses and their consultants.

Furthermore, we disclose personal data to our data processors, who process personal data on our behalf and based on our instructions, for example providers of IT systems, backup and support.

3.7 For how long will Horten retain the personal data?

We will retain personal data for as long as the information is necessary for the purposes for which they are being processed. Generally, the information is retained for ten years after a case has been closed. Special regulatory requirements, e.g. in the Danish Bookkeeping Act, the Danish Limitation Act and the Danish Bar and Law Society, may require us to retain data for a shorter or longer period, e.g. data stored for the purposes of conflict of interest checks.

4. Legal services to natural persons

4.1 On whom does Horten process personal data?

When a private person is a client at Horten, we process information about the following individuals:

Our client
Employer and former employers
Family members and cohabitants
Other consultants to our client and counterparties
Employees at collaborative law firms, counterparties and their employees and witnesses
Other data subjects whose data is included in our case management

We do not provide privacy information, if the information is subject to the rules on professional secrecy under the Danish Administration of Justice Act and the Rules of the Danish Bar and Law Society. There may be cases, where we, nevertheless, based on the circumstances provide privacy information, e.g. in court cases where we process information about counterparties and witnesses, which they are aware of.

4.2 What are the purposes of the processing?

In addition, we process personal data to collect facts and based hereof provide legal counselling and case management within e.g. contract drafting, employment law, employment contracts including for chief executives, ownership agreements, wills, administration of estates of deceased persons, tenancy law, litigation and arbitration proceedings, tax law, data protection legislation etc.

4.3 What kind of personal data does Horten process?

We usually process contact details (name, address, phone number and email) and information about associated company, title, position and educational background.

Where relevant, we process information about your financial situation, including tax information, insurance information, family, social matters, occupation, contractual matters, information about disciplinary matters (e.g. warnings, dismissals and suspensions) and information about criminal offence data.

In special cases, we process special categories of personal data, such as information about health, trade union membership, religion or sexual orientation in employment law cases, e.g. in a MeToo investigation or other cases involving an element of discrimination or harassment.

4.4 What are the legal bases for Horten's processing?

We process general personal data about our client when the processing is necessary in order to enter into or perform our contract for legal services with our client (Article 6(1)(b) of the GDPR).

We process general personal data about individuals other than our client, where the purpose is to comply with the Rules of the Danish Bar and Law Society and to provide and document information in consumer letters (Article 6(1)(c) and (e) of the GDPR).

We also process general personal data about individuals other than our client, where the purpose is to enforce and defend legal claims or to pursue our legitimate interest in counselling our client and safeguarding our client's legal interests (Article 6(1)(f) of the GDPR).

Depending on the specific case, we process special categories of personal data on the basis of Article 9(2)(b) of the GDPR in relation to e.g. labour law obligations and rights or Article 9(2)(f) of the GDPR in relation to enforcement and defence of legal claims for our clients or third parties.

We process civil registration numbers for the purpose of enforcing or defending a legal claim (DPA sections 11(2)(4) and 7(1) and Article 9(2)(f) of the GDPR) and when we e.g. are subject to reporting obligations to authorities and when it is necessary for the purpose of distinctive identification (DPA section 11(2)(1)).

4.5 Where does Horten collect the personal data?

The sources of our information depend on the specific circumstances of a case. The information may originate from you, your employer, witnesses, counterparties, public authorities (e.g. the Central Business Register (CVR), the Civil registration System (CPR) and the Danish Tax Authority (Skat)), social media, banks, insurance companies, auditors, courts, arbitration boards, the police, the Prosecution Authority, other consultants or clients.

4.6 Does Horten disclose the personal data to others?

We are bound by professional secrecy provisions under the Danish Administration of Justice Act and the Rules of the Danish Bar and Law Society regarding client-related information.

We disclose personal data only if it is necessary in order to safeguard our client’s interests. The typical recipients of such information are our client, authorities (e.g. the Danish Tax Authority (Skat) and the Danish Business Authority (CVR)), courts, the Bailiff Court, counterparties, heirs, witnesses, third-parties' consultants, insurance companies, banks, mortgage credit institutions and trade unions.

Furthermore, we disclose personal data to our data processors, who process personal data on our behalf and based on our instructions, for example providers of IT systems, backup and support.

4.7 For how long will Horten retain the personal data?

Special regulatory requirements, e.g. in the Danish Bookkeeping Act, the Danish Limitation Act and the Danish Bar and Law Society, may require us to retain data for a shorter or longer period, e.g. data stored for the purposes of conflict of interest checks.

5. Processing of personal data in connection with insolvency proceedings, including debt cancellation

5.1 On whom does Horten process personal data?

In relation to Horten's case management in insolvency proceedings, we process information about the following individuals:

Debtors and loanees, including their contact persons
Creditors, including their contact persons
Employees and management members, including board and executive board members and owners
Business partners (e.g. co-trustees)
Other data subjects whose data is included in our case management
Judges, third-party consultants and potential buyers of assets

5.2 What are the purposes of the processing?

In insolvency proceedings, we process information about the company and the company's business documents.

In bankruptcies, the bankrupt enterprise (the estate) is the data controller, and the appointed lawyer at Horten is the trustee of the estate. The purpose of the processing is to administer the estate, including e.g. to contact employees, board and executive board members, creditors and debtors, process filed claims, collect outstanding claims, sell assets, ensure business continuity, investigate suspicious and illegal activities, review emails, bank statements, documents etc., prepare distribution of asset and proceeds report, pay dividends and ensure compliance with regulatory procedures.

In liquidations, the company (the estate) is the data controller, and the appointed lawyer at Horten is the liquidator of the liquidation estate. The purpose of the processing is case management during the liquidation process, including e.g. to contact employees, board and executive board members, creditors and debtors, process filed claims, collect outstanding claims, decide on business resumption, merger, solvent liquidation or bankruptcy proceedings, sell assets, investigate suspicious and illegal activities, pay salaries and dividends etc., review emails, bank statements, documents etc. and ensure compliance with regulatory procedures.

In restructurings, the company is the data controller, and the appointed lawyer at Horten is the restructuring administrator. The purpose of the processing is case management during the restructuring process, including e.g. to contact employees, board and executive board members, creditors and debtors, sell assets, process filed claims, collect debts, ensure business continuity, prepare restructuring proposals and a plan for transfer of business, distributions to the company's creditors or closing of operations, investigate suspicious and illegal activities, pay salaries, dividends etc., prepare statement of accounts upon termination of the restructuring, review emails, bank statements, documents etc. and ensure compliance with regulatory procedures.

In connection with debt cancellation, we process information about the natural person whose debt discharge case is handled by us.

We process information about clients and counterparties in connection with conflict of interest checks.

5.3 What kind of personal data does the estate process?

The estate processes contact details (name, address, phone number and email) and information about associated company, title, position and educational background.

Where relevant, the estate processes information about financial circumstances, including payment information, outstanding claims or debt, tax information and employment matters, family matters, contractual matters, information about disciplinary matters (e.g. warnings, dismissals and suspensions) and information about criminal offence data.

The estate may process special categories of personal data, such as information about health, trade union membership or sexual orientation, if it is relevant for the estate.

In certain cases, the estate processes civil registration numbers and identification documents, e.g. passports. The estate needs for example a civil registration number for unique identification of you when it makes registrations with the Danish Business Authority (virk.dk), the Danish Land Registration Court (tinglysning.dk) and the Danish Court Administration (minretssag.dk). In order to disburse funds, the estate will need to process a bank account number in addition to a civil registration number.

5.4 What are the legal bases for the estate's processing?

The estate processes personal data to comply with legal obligations under the Danish Bankruptcy Act, tax legislation, the Danish Bookkeeping Act and the Danish Act on employees’ rights in the event of transfers of undertakings (Article 6(1)(c) and (f) of the GDPR).

The estate also processes general personal about e.g. creditors and debtors where the estate's purpose is to enforce and defend legal claims or to pursue the estate’s legitimate interest in managing and enforcing contractual terms and to recover outstanding claims etc. (Article 6(1)(f) of the GDPR).

Depending on the specific case, the estate processes special categories of personal data on the basis of Article 9(2)(b) of the GDPR in relation to e.g. labour law obligations and rights or Article 9(2)(f) of the GDPR in relation to enforcement or defence of legal claims.

The estate processes information about criminal offence data to safeguard a legitimate interest that overrides the data subject’s interests (DPA section 8(3), second sentence, and Article 10 of the GDPR), and when the processing is necessary to establish, exercise or defend a legal claim (DPA sections 8(3)).

The estate processes civil registration numbers for the purpose of enforcing or defending a legal claim (DPA sections 11(2)(4) and 7(1) and Article 9(2)(f) of the GDPR) and when the estate for example is subject to reporting obligations to public authorities (DPA section 11(2)(1)).

5.5 Where does the estate collect the personal data?

The sources of information depend on the specific circumstances of a case. Data may originate from you, your employer, witnesses, counterparties, public authorities (e.g. the Central Business Register (CVR), the Civil registration System (CPR) and the Danish Tax Authority (Skat)), social media, banks, insurance companies, auditors, courts, arbitration boards, the police, the Prosecution Authority or other consultants.

5.6 Does the estate disclose the personal data to others?

The estate discloses personal data only if it is necessary in order to safeguard the interests of creditors and the estate in debt discharge cases and other insolvency proceedings. The typical recipients of such information are authorities, e.g. Skattestyrelsen (the Danish Tax Authority (Skat), Erhvervsstyrelsen (the Danish Business Authority), Skifteretten (the Bailiff Court), Gældsstyrelsen (the Danish Debt Collection Agency), Lønmodtagernes Garantifond (the Employees' Guarantee Fund), the police, municipalities, courts, counterparties, witnesses, third-parties' consultants, co-administrators, valuation advisers, insurance companies, trade unions, banks, mortgage credit institutions, external consultants assisting in the processing and potential buyers of assets.

Furthermore, the estate discloses personal data to data processors, who process personal data on its behalf and based on its instructions, for example providers of IT systems, backup and support.

5.7 For how long will the estate retain the personal data?

The estate will retain personal data in accordance with the privacy notices provided by the estate.

Horten processes and retains the necessary personal data to be able to document Horten’s estate administration work. Generally, the information is retained for ten years after the estate has been closed.

6. Marketing activities, newsletters, webinars, physical events etc.

6.1 On whom does Horten process personal data?

We process personal data about the following individuals:

Persons invited to and registered at our events, webinars, newsletters, Ret & Indsigt etc.
Presenters and participants in webinars and other events

6.2 What are the purposes of the processing?

We process personal data to compile participant lists, register network memberships, carry out meetings, networks, courses and events, issue course certificates, share materials from events, invite to new events and evaluate our initiatives.

We also process data to improve our services, e.g. by analysing which webinars participants are interested in.

Our newsletters contain a tracking pixel. A tracking pixel is a 1×1 pixel graphic embedded in the newsletter. It consists of a small image in the email, which is invisible to the user. Data is collected when newsletter recipients click on content in the newsletter. We use this data to track how many people open Horten's newsletter and what content is of interest to our readers, so we can continuously improve our newsletters. We do not disclose pixel data to third parties.

6.3 What kind of personal data does Horten process?

We process general personal data. We usually process contact details (name, phone number and email) and information about associated company, title, position and professional areas of interest.

In relation to recipients of our digital newsletters, we also process information about whether the recipient has opened the newsletter or clicked on links in the newsletter.

In relation to webinars and other online events, we process information about which events participants/recipients have registered for, if they participated and for how long and their interest score, if they have requested a course certificate and questions asked during or subsequently by email to us.

We register whether they have consented to the processing of personal data (including tracking) and marketing, and if they have withdrawn consent/permission.

6.4 What are the legal bases for Horten's processing?

We process general personal data based on our legitimate interest in marketing Horten, carry out the events we offer and target our communication (Article 6(1)(f) of the GDPR).

If we send electronic marketing material, we obtain permission (section 10 of the Danish Marketing Practices Act) and consent to tracking (section 3 of the Danish Cookie Order).

6.5 Where does Horten collect the personal data?

We collect the information from you, your employer, publicly available sources and our IT systems which e.g. record data during webinars.

6.6 Does Horten disclose the personal data to others?

We may share participant lists with presenters and attendees.

We also disclose personal data to our data processors, who process personal data on our behalf based on our instructions, for example providers of newsletter services and webinars.

6.7 For how long will Horten retain the personal data?

We will retain personal data for as long as you are registered for our events. We delete participant lists after one year.

When the Danish Bookkeeping Act applies, we are under an obligation to retain information about participation in courses and events for five years.

Lastly, we retain registrations, marketing permissions and consents to tracking for two years from the last marketing activity.

7. Visitors on Horten’s website and Horten's social media profiles

7.1 On whom does Horten process personal data?

We process personal data about visitors on our website and visitors on Horten's social media profiles.

7.2 What are the purposes of the processing?

We process personal data when you visit our website to improve user experience and to remember your preferences on our website. In addition, we process personal data in order to track your visit on our website to measure web traffic.

If you have consented to tracking/cookies in relation to your preferences, we process the information to remember your preferences on the website.

If you have consented to tracking/cookies in relation to statistical purposes, we process the information to measure the use of newsletters and web traffic on Horten’s website and to improve our services.

You can get an overview of the cookies used on Horten's website and get guidance on how to delete and avoid cookies in our cookie policy, which you can find here.

Furthermore, we use a social media plugin from LinkedIn to make it easier to share content from our website.

Finally, we use Vimeo in the form of an embedded video player to play our video content.

7.3 What kind of personal data does Horten process?

When you use our website, we process information about your IP address and country, type of operating system, PC/mobile device (ID and type, e.g. tablet), browser type, browser ID and language settings, website behaviour and technical identifiers, which can link you to e.g. Google and referral sites.

On our website, we also link to other websites. In addition, we use LinkedIn in the form of a social media plugin which makes it easier to share content from our website. Horten is not responsible for content of other websites or their collection of personal data. You can read more about our joint data responsibility with other website providers in section no. 7.6.

When you visit Horten's social media profiles, we process information about your IP address and the information you have made available via settings on Facebook, Instagram, LinkedIn and YouTube, your reactions and comments to our posts and sharing of our posts. We encourage you to never include any special categories of personal data or confidential personal information about you or others in posts on Horten's so-called social media fan pages, when commenting on our posts or otherwise. Comments containing special categories of personal data and personal content will be removed by Horten.

7.4 What are the legal bases for Horten's processing?

We process personal data based on our legitimate interest in providing an interesting and functional website (Article 6(1)(f) of the GDPR).

If you have consented to preferential and statistical cookies on our website, we base our processing on section 3 of the Cookie Order and Article 6(1)(a) and (f) of the GDPR.

7.5 Where does Horten collect the personal data?

We collect personal data from your interaction with our website and from publicly available sources that you have made available on e.g. your social media profiles on LinkedIn, Instagram and Facebook.

7.6 Does Horten disclose the personal data to others?

We disclose personal data to our data processors, who process personal data on our behalf and based on our instructions, for example providers of IT systems, backup and support. You can block or delete cookies by changing the settings in your browser. You can get an overview of the cookies currently stored and find guidance on how to delete and avoid cookies in our cookie policy, which you can find here.

On our website, we link to other websites and use a LinkedIn social media plugin to make it easier for you to share content from our website to social media. When you interact with a media plugin, you can expect the plugin to place cookies, but only after you click on the icon.

Horten is the data controller of the data we collect on our website. We are not responsible for the content of other websites and for their collection of personal data. The consent, you have given to such providers, governs what data you share with these data controllers.

We encourage you to always read the website's privacy notice:

7.7 For how long will Horten retain the personal data?

Personal data collected through cookies is retained for a period of up to two years. You can get an overview of the retention periods for individual cookies here.

8. Information to all individuals

8.1 All forms of processing: Transfer to third countries

In some situations, we transfer personal data to countries outside the EU/EEA. In such cases, the transfer is based on the European Commission's standard contractual clauses on data transfers to third countries (SCC). You can contact us if you, as a data subject, wish to receive a copy thereof.

8.2 All forms of processing: Rights

Below, we have listed the rights under the data protection rules, but please note that there are conditions attached to the use of some of them, and there are exemptions to them under the GDPR, the DPA, the Administration of Justice Act and the Rules of the Danish Bar and Law Society.

If our processing is based on your consent, you may at any time withdraw your consent. Withdrawal of your consent does not affect the lawfulness of the processing based on the consent before the withdrawal.

You have the right to access the data that we process about you, receive a copy of the data and supplementary information. However, as a law firm, we are subject to the rules on professional secrecy under the Administration of Justice Act and the Rules of the Danish Bar and Law Society regarding client-related information. Our professional secrecy obligations may justify that we in some cases refuse to provide all or some of the requested information, but it is a case-by-case assessment.

You have the right to have inaccurate personal data about you rectified or completed, if it is incomplete.

In special cases, you have the right to have personal data about you erased, before erasure for the processing generally takes place.

In certain situations, you have the right to obtain restriction of processing of your personal data. If the data processing is restricted, we may process your personal data in the future – except for storage – only with your consent or for the establishment, exercise or defence of legal claims or for the protection of another person (natural or legal) or important public interests.

In certain cases, you have the right to receive your personal data about you in a structured, commonly used and machine-readable format and to have the data transmitted from one controller to another without hindrance.

Right to object: You have the right to object to the processing, when our processing is based on Article 6(1)(e) or (f) of the GDPR, unless the processing of the personal data is necessary for the establishment, exercise or defence of legal claims. You also have the right to object to processing for direct marketing purposes.

We retain evidence that we have granted or denied your request to exercise your rights under the GDPR for five years.

You can read more about your rights in the Danish Data Protection Agency’s guidelines about data subjects' rights, which can be found at www.datatilsynet.dk.

8.3 Complaints to the Data Protection Agency

You have the right to submit a complaint to the Data Protection Agency about our processing of your personal data. For more information, please visit the website of the Danish Data Protection Agency: www.datatilsynet.dk.

If you have any questions about the processing of your personal data or the exercise of your rights, you are welcome to contact us via the contact details in section 2.1.