Client due diligence procedure

Purpose
The purpose is to conduct our client due diligence procedure.

Category of Personal Data
The client, including the ultimate owners and the daily management.

Date Subject
Personal data that is included in documents such as passports, driving licences or health insurance cards, including name, address, place of birth, nationality and civil registration number. We store copies of identification documents presented to us such as passports, driving licences or health insurance cards. Personal data about criminal convictions and offenses where we suspect money laundering and/or terrorist financing.

Legal Basis
We process personal data in accordance with the Act on Measures to Prevent Money Laundering and Financing of Terrorism (the Anti-Money Laundering Act) to which CURIA is subject. We process personal data in accordance with the due diligence procedures set out in the Anti-Money Laundering Act, cf. sections 11–21, cf. section 10, especially section 11, paragraph 1, number 1, point a, which are necessary in order to comply with a legal obligation that CURIA is subject to, cf. General Data Protection Regulation article 6, paragraph 1, point c and article 87, cf. the Data Protection Act section 11, paragraph 2, number 1. In case we process personal data regarding criminal convictions and offences such processing is necessary in order to comply with a legal obligation that CURIA is subject to, cf. General Data Protection Regulation article 10, cf. the Data Protection Act section 8, paragraph 3 and 4.

Source
The client, including the ultimate owners and the daily management and the employees of the client.

Retention Period
The personal data is deleted after five years, calculated from the time when the client relationship terminates or when the case/transaction in question is closed, unless specific circumstances require a longer storage period.

Categories of recipients
CURIA is bound by a statutory obligation to maintain confidentiality and will not generally transfer your personal data to third parties.

However, we may be ordered to disclose personal data to public authorities. Where a suspicion of money laundering or terrorist financing cannot be rebutted, we are obligated to report and pass on the information to the Danish State Prosecutor for Serious Economic and International Crime and any other supervisory authority under section 26 of the Danish Act on Measures to Prevent Money Laundering and Financing of Terrorism.

We may transfer the personal data to our professional advisors in certain cases so that we can receive professional advice from other consultants and advisors. We also use external suppliers, such as IT suppliers, accountants, etc. which may receive personal data in connection with the assistance they provide to us. CURIA enters into data processing agreements with external suppliers which process personal data on behalf of CURIA in order to ensure that all necessary security measures are adopted.