Privacy Policy and GDPR

1. Data controller

NEUGEBAUER CLAN is shared offices. The individual data controllers of the respective participants of the shared offices are the following:

• Neugebauer Clan, CVR no. 33116993, attorney Christina Neugebauer, chn@nclaw.dk
• Cua-law, CVR no. 21927171, attorney Christine Ulrich Andersen, cua@nclaw.dk

If you have any questions in relation to our processing of your personal data, you may contact us at mail@nclaw.dk, telefon 33 34 80 80, and you will then be contacted by the relevant data controller.

2. In general about collection of data

When we provide advice, we receive various information, including documents from our clients. This data is stored digitally (in an individual file), and in some situations also in a physical (individual) file. There will often be personal data in the documents that we receive. The information may concern our clients or other persons who are parties to the cases we process. In connection with the processing of a case, supplementary information may emerge. It can come from other parties, other advisers, authorities, courts of law. It may also be publicly available information that we collect ourselves. It may be general personal data such as name and contact information. It may also be civil registration numbers or information about offences. Certain information can be sensitive personal data, for example information about health status and trade union membership.

3. Purpose and basis

The purpose of processing the information that we receive is to safeguard the clients' interests in the actual cases that include the information.

The processing takes place – depending on the nature of the assignment and information – based on the General Data Protection Regulation, Article 6(1) point (b), (c) or (f), Article 9(2) point (f) or section 8(3) of the Danish Data Protection Act.

Usually, the basis for collecting and processing the information will be (1) that it is necessary to perform the agreement with our clients, (2) to handle our clients' legitimate/justified interests, or (3) to establish, exercise on or defend their legal claims. When we process civil registration numbers, that is made according to section 11 of the Danish Data Protection Act.

In cases covered by the Danish Money Laundering Act, we obtain identity information etc. of our clients for the purpose of complying with the requirements of that act. The basis for this processing follows from section 11 of the Danish Money Laundering Act.

4. Disclosure etc.

We do not make personal data available to others for the purpose of marketing or similar purposes.

We only disclose personal data if it is necessary for us to safeguard the interests of our clients in the actual cases or attend to the cases which include the information.

The typical recipients of personal data will be authorities, courts of law and in that connection e.g. experts who must provide opinions, other parties and their advisers. In cases covered by the Danish Money Laundering Act we disclose identity information etc. to the extent that we are obliged by the legislation.

Usually, we do not transfer data outside the EU. If such transfer is to take place, we will comply with the data protection legislation and take all necessary security measures.

We leave personal data to our systems providers under data processing agreements, and solely for the purpose that we can work with our IT systems.

We have implemented adequate technical and organisational measures to secure against unauthorised access to, loss or destruction of the personal data and other data which is subject to our responsibility. We develop on an ongoing basis our security policies and procedures to ensure that our systems are secure and protected. Only persons with a legitimate need to process personal data for the said purposes have access to the personal data.

5. Storage period

We store personal data for as long as there is a relevant legal interest, which is usually determined based on a real assessment of the importance of the data to the individual case compared with the applicable statute-barring rules. If there is a relevant legal interest, the storage can be made for a longer period. In cases covered by the Danish Money Laundering Act, we store, according to the applicable rules in the area, all relevant identity information for five years after the case has been closed.

Rights of the data subjects According to the General Data Protection Regulation, the data subjects have:

• a right to get access to the information which we process
• a right to have incorrect information rectified or erased a right, in special cases, to have data erased before the time of our usual general erasure,
• a right, in special cases, to have the processing restricted, so that in the future – except for storage – it may only be made according to consent or for the purpose of the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person or for reasons of important public interest,
• a right, in special circumstances, to object to our otherwise lawful processing of your personal data, and
• a right to receive the registered personal data in a structured, commonly used, machine-readable format, and to have the personal data transferred to another data controller without hindrance.

In connection with the data subject's exercise of their rights we may demand relevant legitimation.

You can read more about your rights in the Danish Data Protection Agency's guidelines on the rights of data subjects, which you find at www.datatilsynet.dk.

You may file a complaint with the Danish Data Protection Agency if you are dissatisfied with the way in which we process your personal data. You will find the contact information of the Danish Data Protection Agency at www.datatilsynet.dk.

This information was most recently updated on 25 May 2018 and will be updated according to the applicable rules, practice or change to our business procedures.