How Mazanti Processes Personal Data
According to the General Data Protection Regulation (GDPR), we provide the following information on our processing of personal data and the rights of data subjects.
1. Our Collection of Personal Data
When advising our clients, we receive various documents from them. These documents are stored in a digital case file and in some situations also in a physical case file. The documents received from our clients often include personal data, and we regularly receive additional personal, e.g. from opponents and their advisers, authorities and courts, or by way of publicly available information collected by us. This may be general personal data such as names and contact details. It may also be civil registration numbers (CPR-nr.) or information on criminal offences; and it may be sensitive personal data about health and union membership. The information may concern our clients or other persons involved in the specific cases.
Mazanti-Andersen Korsø Jensen AdvokatPartnerselskab, Amaliegade 10, 1256 Copenhagen K, CVR no. 35892052, is controller of data received in connection with our general advice to clients.
Our contact details are: Tel: +45 3314 3536, e-mail: firstname.lastname@example.org.
If you have any questions about our processing of your personal data, please contact us on email@example.com.
3. Purpose and Background
We process the data we receive for the purpose of advising our clients in the cases which the data concern.
The processing takes place depending on the nature of the assignment and of the data, based on article 6 (1), paragraph b, c or f, article 9 (2), paragraph f of the GDPR, or section 8 (3) of the Danish Data Protection Act. Generally, the legal basis to collect and process the data is that (1) it is necessary for performing the contract with our clients, (2) for safeguarding our clients’ legitimate interests or (3) establishing, relying on or defending their legal claims. Our processing of civil registration numbers is based on section 11 of the Data Protection Act.
Processing of data in connection with subscribers/participants signing up for newsletters, news magazines or events is based on Article 6 (1), paragraph b or f of the GDPR.
In cases covered by the Danish Act on Measures to Prevent Money Laundering and Terrorist Financing, we collect identification data etc. on our clients in order to comply with that statutory requirement. The authority for this processing is laid down in section 11 of the Act on Measures to Prevent Money Laundering and Terrorist Financing.
4. Transfer etc.
We will not make personal data available to any third parties for the purpose of marketing or the like.
We only transfer personal data if it is necessary for us to be able to safeguard our clients’ interests. The typical recipients of such data are authorities, courts, opponents and their advisers. In cases covered by the Act on Measures to Prevent Money Laundering and Terrorist Financing, we transfer identification data etc. to the extent we are obligated to do so under the Act.
We usually do not transfer data outside the EU, and if such transfer might take place, it will occur only in compliance with the necessary safeguards as required under current data protection legislation.
We transfer personal data to our systems suppliers under processor agreements and for the sole purpose of enabling us to use our IT systems.
We have taken appropriate technical and organizational measures to protect against unauthorized access to, loss or destruction of data for which we are responsible. We develop our security policies and procedures on a regular basis to ensure that our systems are secure and protected. Only persons with a legitimate need for processing personal data for the above-mentioned purposes have access to those data.
5. Storage Period
We store personal data as long as there is a relevant legal interest therein, which is usually determined based on a specific assessment of the significance of the data compared with the current statute of limitations. If there is a relevant legal interest, data may be stored for up to 10 years after the case has been closed.
In cases covered by the Act on Measures to Prevent Money Laundering and Terrorist Financing, we store identification data for five years after the case has been closed, according to the current rules.
6. The Rights of Data Subjects
According to the GDPR, the data subject is entitled:
- to have insight into the personal data processed by us;
- to have incorrect data deleted;
- in special cases, to have data deleted before our general deletion takes place;
- to limit processing so that processing – except for storage – may only take place in the future subject to consent or for the purpose of establishing, exercising or defending a legal claim or to protect a person or important public interests;
- in certain situations, to object to our legal processing of your personal data;
- to receive the registered personal data in a structured, commonly used and machine-readable format and to have the data transferred from one controller to another without hindrance.
In connection with the data subject’s exercise of the above-mentioned rights, we may demand relevant identification.
For more information on your rights, see the Danish Data Protection Agency’s guidelines describing the data subject’s rights on www.datatilsynet.dk.
You may file a complaint with the Danish Data Protection Agency if you are dissatisfied with our processing of your personal data. You can find the contact details of the Danish Data Protection Agency on www.datatilsynet.dk.
This information has been updated 25 May 2018 and will be updated according to the current rules and practice and in line with any adjustments of our procedures.