We take care of your data
PERSONAL DATA MANAGEMENT POLICY FOR
Moltke-Leth , Amaliegade 12, 1256 Copenhagen K
- Personal data management in general
- The core activity of our law offices consists of legal counsel and other legal assistance. To be able to provide such assistance and serve our clients (hereinafter referred to as “Case Management”) and conduct our Law Practice otherwise (hereinafter referred to as “Law Practice), we need to manage personal data.
- This policy provides information about how Moltke-Leth collects and manages personal data, including:
- All lawyers at Moltke-Leth are data controllers, Item 2
- Contact, Item 3
- Purpose of personal data management, Item 4
- The legal basis for our data management activities, Item 5
- Categories of personal data that we manage, Item 6
- Sources of personal data, Item 7
- Recipients of personal data, Item 8
- More about our website and newsletter, Item 9
- Storage and deletion of personal data, Item 10
- The rights of the client and other registrants, Item 11
- Data management security and communication by-mail, Item 12
- Effective date and changes, Item 13
- Persons whose data Moltke-Leth manages are referred to hereinafter as the “Registrant”.
- Moltke-Leth is the data controller.
- Moltke-Leth is responsible for the management of personal data that we collect or receive in some other way as part of the Case Management and the conduct of our Law Practice.
- The identification and contact information for Moltke-Leth is as follows:
- Moltke-Leth manages personal data in accordance with the fundamental principles of good data management practices in terms of legality, reasonability and transparency.
- Moltke-Leth´s lawyers and other employees may also acquire such information and personal data as are relevant in the light of their obligations and areas of responsibility. All judicial employees are bound by a statutory confidentiality obligation, cf. the rules of the Danish Bar and Law Society rules pertaining thereto. Our other employees are subject to complete confidentiality as well.
- If you have any questions regarding our personal data management, please feel free to make an inquiry; see contact information in Item 2.
- Purpose of personal data management
- Legal assistance, including in connection with a position as an official appointee
- Moltke-Leth manages personal data with a view to establishing the client relationship and ensuring the ability to provide assistance effectively with regard to the case entrusted to Moltke-Leth . The purpose and scope of our Case Management in each concrete case is set out in detail in the legal assistance agreement between Moltke-Leth Advokater and the client, and/or through our position as an officially appointed estate receiver, estate administrator, trustee or defence counsel.
- Conduct of the Law Practice
- In addition, we manage personal data that we have received as part of the Case Management in the conduct of our Law Practice. This occurs in part to fulfil legal requirements and the obligations that we have as lawyers, e.g. to check for conflicts of interest and perform customer due diligence prior to the start of Case Management. As part of the conduct of our Law Practice, we also manage personal data in connection with the administration of our whistleblower system, analyses, the operation and optimisation of our website, the marketing and improvement of our counselling and services, and the ability to defend ourselves against any legal claims.
- Other purposes
- We may also manage personal data for other purposes that are not incompatible with those described above. This may occur if we consider it to be necessary or appropriate for Case Management, and/or if it is in our legitimate interest in the conduct of our Law Practice, and if our interests therein at the same time take precedence over the interests or basic rights of the Registrant.
- Legal basis for our data management
- Legal assistance
- Moltke-Leth manages the client’s personal data in order to fulfil the legal assistance agreement and/or as a feature of a position as an officially appointed estate receiver, estate administrator, trustee or defence counsel, the General Data Protection Regulation, Article 6, Section 1, Subsection b and Article 6, Section 1, Subsection C.
- Other data management authorities
- Moltke-Leth may also, as part of Case Management and the conduct of our Law Practice, manage personal data concerning clients, including deceased persons in connection with decedent estate administration, heirs, relatives or other persons close to the client/decedent, employees, counterparties and other interested parties, in the following instances:
- On the basis of express consent from the Registrant to manage their data for one or more specific purposes, cf. the General Data Protection Regulation, Article 6, Section. 1, Subsection a and Article 9, Section 2, Subsection a
- If it is necessary in order to fulfil legal obligations incumbent upon Moltke-Leth, cf. the General Data Protection Regulation Article 6, Section 1, Subsection c
- If it is necessary in order to maintain or protect the vital interests of the Registrant or another physical person, cf. the General Data Protection Regulation Article 6, Section 1, Subsection d, and Article 9, Section 2, Subsection c, as well as the Danish Data Protection Act 7, Section 1, e.g. as an appointed guardian
- If it is necessary in order to perform a task in the interests of society that Moltke-Leth Advokater has been designated to handle, cf. the General Data Protection Regulation Article 6, Section 1, Subsection e, e.g. consulting work and work on commissions of inquiry
- If it is necessary in order to pursue the legitimate interests of the Registrant or Moltke-Leth that take priority over the interests and fundamental human rights of the Registrant, cf. the General Data Protection Regulation Article 6, Section 1, Subsection f. This includes, for example:
o the legitimate interests of Moltke-Leth , which are cited in Item 4.2.1 and 4.3.1,
o the legitimate interests of the Registrant or ourselves in terms of defending, establishing or asserting a legal claim,
o the legitimate rights of the Registrant otherwise to establish or achieve a given legal standing in connection with the matter of issue in the case, including in connection with decedent estate administration or a legal dispute in general.
- If it is necessary in order to discharge and uphold labour law obligations and specific rights of Moltke-Leth or the Registrant, cf. the General Data Protection Regulation Article 9, Section 2, Subsection b and the Danish Data Protection Act § 7, Section 2, and § 12, Sections 1 and
- If such data management is necessary in order to establish, assert or defend a legal claim, cf. the General Data Protection Regulation Article 9, Section 2, Subsection f.
We may manage data regarding criminal offences or violations of the law if it is necessary in order:
o that a legal claim can be established, asserted or defended, cf. the General Data Protection Regulations Article 9, Section 2, Subsection f,
o to protect a legitimate interest that clearly takes precedence over the interests of the Registrant, cf. the Danish Data Protection Act § 8, Section 3, Item 2 and Section 5, or
o if the registrant has given consent thereto, cf. Danish Data Protection Act § 8, Section 3, Item 1, or
o in pursuance of the Danish Anti-Money Laundering Act § 8.
We may manage personal identification number data:
o as mandated by law,
o when the Registrant has given their express consent thereto,
o if disclosure is relevant, when such disclosure is a natural part of the normal conduct of our Law Practice and of decisive importance in ensuring the unambiguous identification of the Registrant, or if such disclosure is required by a government agency, or
o if the conditions set out in the Danish Data Protection Act § 7 are met; cf. § 11, Section 2.
- Categories of personal data that we manage
- As part of our Case Management and Law Practice, Moltke-Leth manages general personal data, sensitive personal data and data pertaining to criminal offences and personal identification numbers.
- The types of personal data that we collect and manage may include general personal data, including confidential data and identification data as per the Danish Anti-Money Laundering Act:
- name and contact information, including addresses, e-mail, telephone numbers, IP addresses, place of employment etc,
- other identification information, passport, data pursuant to the Danish Anti-Money Laundering Act, date of birth and photographs,
- financial information, including bank accounts and any deposit account numbers,
- factual information or assessments pertaining to a task that we are performing under the legal assistance agreement with a client, or as part of entrance into and execution of other contracts as a feature of a appointed position or otherwise as part of our Law Practice,
- any and all personal data that we have obtained or received from the client or other third parties so that a task can be carried out effectively and correctly for Moltke-Leth or as part of our Case Management.
- Certain types of cases may necessitate that we also process data in the special categories of personal data, i.e. data concerning criminal offences, personal identification numbers or sensitive information, including:
- Health information
- Information about race and ethnicity
- Trade union and professional affiliations
These categories of personal data enjoy a higher protection status, which we take into account through appropriate organisational and technical arrangements.
- Sources of personal data
- We may, on an ongoing basis, receive and obtain personal data from the clients themselves via e-mail exchanges, letters, interviews or telephone conversations. The client is responsible for ensuring that their own personal data are correct at the time they are provided to us. We urge our clients to notify Moltke-Leth if any changes occur subsequently in their data, so that we can update the data.
- Personal data and other information about the client or other interested parties that are involved in a given case are also often obtained either by agreement with the client or based on some other authority, from outside sources, including from a counterparty, other counsellors, government agencies, courts or other interested parties or third parties, and from publicly accessible registers and media.
- Recipients of personal data
- We do not disclose personal data, unless such disclosure is necessary or appropriate for the individual case and occurs to fulfil the agreement with Moltke-Leth, with the client’s subsequently obtained express consent or on the authority of applicable national or EU legislation otherwise.
- In some cases it may be necessary and relevant to disclose personal data to, e.g.:
- courts, including Minretssag.dk, as well as arbitrators and mediators,
- government agencies or boards and government councils and committees, etc
- government registers, including virk.dk and tinglysning.dk
- other lawyers who are relevant to the case
- other advisors, including auditors, who are relevant to the case
- experts and assessors
- financial institutions
- parties to contracts or other third parties or interested parties with direct or indirect ties to the case
- relatives of and other persons close to a Registrant
- Personal data may be transferred for processing by our external data processor(s) who, upon written agreement and per our instructions, provide support and maintenance for our IT systems, or other types of support. Cooperative partners that are not data processors but do perform work for us as subcontractors, e.g. in connection with decedent estate appraisals and clearances, are subject to a confidentiality obligation.
- Personal data may be transferred to countries outside the EU/EEC if so agreed between Moltke-Leth and the client, or if such a transfer follows otherwise from the legal assistance agreement or an appointed position, e.g. because the client, a counterparty or an heir is a resident of a country outside the EU/EEC or the case has ties to the foreign country in some other way, including if a decedent estate has assets in the foreign country. In such instances we provide information regarding the recipient(s), the country in question, and the reason for the transfer.
- Disclosure pursuant to the Danish Anti-Money Laundering Act
- Moltke-Leth is obligated to disclose identification information to financial institutions in order to fulfil the requirements of the Danish Anti-Money Laundering Act regarding the identification of the true owners of balances in Moltke-Leth Advokater’s general client account or special client accounts opened with regard to the client by Moltke-Leth Advokater at the relevant financial institution.
- Moltke-Leth will, in certain situations, be obligated to notify the Danish Bar and Law Society, the State Prosecutor for Serious and International Crime ((“SØIK”) or the Danish Financial Supervisory Authority in the event of a suspicion of or reasonable grounds to presume that a transaction, asset or activity is having or has had ties to money laundering or the funding of terrorism.
Disclosures of obtained identity and control data and other data required under the provisions of the Danish Anti-Money Laundering Act may be made to the Danish Bar and Law Society, SØIK and/or the Danish Financial Supervisory Authority in connection with such notifications.
- More about our website and newsletter
- Storage and deletion of personal data
- General information and information about our “contact persons”
10.1.1. Moltke-Leth stores personal data for as long as is necessary given the purpose of the data management, and in accordance with rules regarding limitations on property law requirements. Moltke-Leth consequently deletes personal data once it is no longer necessary for Moltke-Leth to store them given the purpose(s) and legal basis for and on which they have been managed. Longer periods of storage require that a relevant agreement be entered into, cf. Item 11.2.1 below.
10.1.2. As a basic rule, data are deleted according to the following criteria, unless we have some other reason to store the data for a longer time. The deadlines are reckoned from the cessation of the client relationship, or from the individual transaction:
- The deadline for data that are subject to our obligations under the Danish Anti-Money Laundering Act is five years.
- The deadline for other data managed in an ongoing client and case-based relationship is up to 10 years.
- The deadline for certain data may be up to 30 years.
10.1.3. On the authority of the balancing-of-interests rule, we store relevant and general contact information about clients, suppliers and other relevant interested parties for a minimum of 10 years, so as to be able to maintain ties and communicate on a forward basis.
- Rights of the client and other registrants
- Obligation to inform
- We fulfil our obligation to inform vis-à-vis the client and other registrants through the agreements we enter into, including as a feature of an officially appointed position with respect to legal advice and/or through a separate informative attachment and in connection with this policy.
- During the management of a case we fulfil our obligation to inform first by providing an orientation in connection with the other communication concerning the case. Our confidentiality obligation and the provisions of law may entail that there are exceptions to our obligation to inform; cf. below.
- If, as part of the management of a case, we receive personal data regarding third parties, we will inform the Registrant(s) thereof as soon as possible, unless we are exempt from the obligation to inform under the Article 14 of the Danish Data Protection Act or § 22 of the General Data Protection Regulation, for example as a result of our statutory confidentiality obligation, or if decisive considerations with respect to the interests of the client or others should take precedence over the interests of the Registrant.
- Other rights
- Registrants whose data are being managed by Moltke-Leth have numerous rights under the General Data Protection Regulation.
- the right to ask Moltke-Leth for insight into and the correction or deletion of their personal data,
- the right to withdraw their consent to the management of their personal data. The withdrawal of such consent will affect only the future management of the relevant personal data by MoltkeLeth ,
- The right to object the management of your personal data and have the data management restricted,
- the right to receive personal data that you yourself have provided, in a structured, commonly used and machine-readable format (data portability),
- the right, in certain cases, to make objections to our otherwise lawful management of your personal data,
- an unconditional right to oppose direct marketing, and,
- the right to file a complaint with the Danish Data Protection Agency regarding Moltke-Leth´s management of your personal data. The Danish Data Protection Agency’s address is Borgergade 28, 5., DK-1300 Copenhagen K, datatilsynet.dk, Tel. +45 33 19 32 00, e-mail: firstname.lastname@example.org.
- There may be concrete limitations on your freedom to exercise the rights cited in Items 1-7. If you, as Registrant, wish to exercise your rights, our contact information is provided under Item 2.
- Processing security and communication by e-mail
- Moltke-Leth has adopted internal data security rules that include instructions and arrangements to protect personal data against destruction, loss or alteration, against unauthorised publication, and against unauthorised persons gaining access to or knowledge thereof.
- We communicate primarily by regular (unencrypted) e-mail when we send and receive e-mails, documents and other materials as part of our Case Management. We endeavour, to the greatest possible extent, to avoid sending personal identification numbers and confidential or sensitive data by regular e-mail. Such data are sent as agreed in detail with the client or other Registrant by secure e-mail, regular postal mail or through verbal communication. However, secure e-mail presumes that the recipient is able to receive secure e-mail. If the client or someone else so requests, we will use regular postal mail as an alternative.