Privacy Policy

Owner Information

Mazanti-Andersen 
Amaliegade 10
1256 Copenhagen K
Phone: +45 33 14 35 36
Email: info@mazanti.dk


Processing of Personal Data at Mazanti-Andersen

We place great importance on safeguarding your personal data and being transparent about how we handle it. In accordance with the General Data Protection Regulation (GDPR), we are required to inform you about how we process your personal data and about your rights in this regard.

1. Our Collection of Data

When we provide legal advice, we receive various documents from our clients, which we register and store in our digital case management system and, in certain cases, also in a physical case file. These documents usually contain personal data, and additional data may be collected during a case, for example from counterparties, other advisers, authorities, courts, or from publicly available sources.

The types of data we process may include:

  • Ordinary personal data such as name and contact details,
  • Civil registration numbers (CPR) or information about criminal offences,
  • Sensitive personal data, e.g. concerning health or union membership.

The data may relate to both our clients and other persons involved in the matters we handle.

2. Data Controller

Mazanti-Andersen Advokatpartnerselskab, Amaliegade 10, 1256 Copenhagen K, CVR no. 35892052, is the data controller for the personal data we receive and process in connection with our legal services.

If you have questions regarding our processing of your personal data, you are always welcome to contact us at info@mazanti.dk or by phone at +45 3314 3536.

3. Purpose and Legal Basis

We process the personal data we receive to provide legal advice and manage the cases for which the data is relevant.

Processing takes place depending on the nature of the matter and the data, based on the following legal grounds:

  • General Data Protection Regulation (GDPR) Article 6(1)(a), (b), (c) or (f)
  • GDPR Article 9(2)(f) (processing of special categories of data when necessary for the establishment, exercise or defence of legal claims)
  • Danish Data Protection Act Section 8(3) (processing of data on criminal offences)
  • Danish Data Protection Act Section 11 (processing of civil registration numbers – CPR)

In practice, processing will typically take place because:

  1. You have given your consent,
  2. It is necessary for entering into or fulfilling a contract with our clients,
  3. We are legally obliged to do so,
  4. It is necessary to establish, exercise or defend legal claims, or
  5. It is necessary for us to pursue our clients’ legitimate interests.

As part of our case management, Mazanti-Andersen may, where appropriate, make use of digital tools, including tools based on artificial intelligence (AI). The use of AI is always subject to human oversight. The purpose of this use is to support the delivery of efficient, cost-effective, and high-quality legal services to our clients. AI is applied only where it is objectively justified and always within the framework of applicable legislation, including rules on confidentiality and data protection.

Mazanti-Andersen only uses AI tools that operate in controlled and closed environments and that do not involve client data being used for the training of external models. Clients may at any time contact Mazanti-Andersen for further information regarding the use of AI in relation to their specific matter.

4. Data Collected under the Danish Anti-Money Laundering Act

As a law firm, we are subject to the Danish Anti-Money Laundering Act. This means that in certain cases we are obliged to collect and register information about our clients to comply with statutory customer due diligence procedures, cf. Section 11 of the Danish Anti-Money Laundering Act.

The data we are required to collect may include, among others:

  • Name, address and contact details,
  • Civil registration number (CPR) or business registration number (CVR),
  • Copy of passport, driver’s license or other ID documentation,
  • Information about beneficial owners and ownership/control structures,
  • Information about the purpose of the client relationship and the intended business relationship.

The purpose of this processing is to comply with our legal obligations under the Anti-Money Laundering Act, including to prevent and combat money laundering and terrorist financing. Processing is therefore based on GDPR Article 6(1)(c) (legal obligation), GDPR Article 9(2)(g) (substantial public interest), as well as the Danish Data Protection Act Section 11 (processing of CPR numbers).

5. Disclosure and Transfer

We do not disclose personal data to others for marketing or similar purposes.

Personal data is only disclosed when necessary to safeguard our clients’ interests or when we are legally obliged to do so. Typical recipients may include public authorities, courts, counterparties and their advisers. In cases covered by the Anti-Money Laundering Act, we disclose identity information to the extent required by law.

Generally, we do not transfer personal data outside the EU/EEA. If such a transfer becomes necessary, it will always take place based on valid transfer mechanisms under the GDPR, e.g. the European Commission’s Standard Contractual Clauses, and you will be informed.

We disclose personal data to our system providers, who process the data on our behalf in accordance with concluded data processing agreements and solely for the purpose of ensuring our IT operations and system use.

Together with our suppliers, we have implemented appropriate technical and organizational security measures to protect personal data against unauthorized access, misuse, loss or destruction. Access to personal data is restricted to employees who have a legitimate and necessary need, and we continuously update our security policies and procedures to maintain a high level of protection.

6. Storage Period

We retain personal data for as long as is necessary in relation to the purposes of processing and applicable law.

  • General retention under the GDPR
    We may retain personal data for as long as there is a relevant legal interest. This is determined based on a concrete assessment of the significance of the data in relation to applicable limitation rules. Data may therefore be retained for up to 10 years after a case is closed, unless, based on a specific assessment, we find it necessary to retain it longer, e.g. for documentation purposes or for the establishment, exercise or defense of legal claims.

  • Data collected under the Anti-Money Laundering Act
    In matters covered by the Anti-Money Laundering Act, we are required to retain identity data for 5 years after the termination of the client relationship or case. Thereafter, the data will be deleted or anonymized, unless we are legally obliged to retain it for longer.

7. Your rights 

As a data subject, you have several rights under the GDPR in relation to our processing of your personal data:

  • Right of access - you can request access to the data we process about you.
  • Right to rectification - you can have inaccurate or incomplete data corrected.
  • Right to erasure - in certain circumstances, you have the right to have your personal data erased before our general retention periods would otherwise apply.
  • Right to restriction of processing - in certain cases, you may request that processing be restricted so that data may in future only be stored or used with your consent, or for the establishment, exercise or defense of legal claims, or for the protection of an individual or important public interests.
  • Right to object - in certain cases, you may object to our otherwise lawful processing of your data.
  • Right to data portability - you have the right to receive your data in a structured, commonly used and machine-readable format and to have it transmitted to another controller.

We may require relevant identification in connection with the exercise of your rights.

 

You can read more about your rights in the Danish Data Protection Agency’s guidance at www.datatilsynet.dk.

If you are dissatisfied with the way we process your personal data, you have the right to file a complaint with the Danish Data Protection Agency. Contact details can be found at www.datatilsynet.dk.

8. Updates

This notice was last updated on 11 November 2025 and will be revised whenever there are changes in legislation, practice or our processing activities.