Providing legal advice and assistance

Purpose
The purpose is to provide legal advice and assistance to our client.

Date Subject
The client, parties, partners, witnesses and the employees of these persons.

Category of Personal Data
Personal data, such as name, title, organisation, address, e-mail address, telephone number, other information provided to us by the client which is necessary for us to provide our advice and assistance and, if necessary for us to provide our advice and assistance, civil registration number as well.

Any special categories of personal data and personal data about criminal convictions and offences. However, we generally do not want to receive special categories of personal data and personal data about criminal convictions and offences. We only process such data where it is necessary for us in order to provide our advice and assistance.

Legal Basis
We process personal data about our client which is necessary for the performance of the contract with our client and to provide legal advice or in order to take steps at the request of the client prior to entering into the contract, cf. General Data Protection Regulation article 6, paragraph 1, point b. 

We process personal data on counterparties, the employees of the client and counterparties and witnesses if this is necessary in order for CURIA to pursue legitimate interests in managing the client’s interests, cf. General Data Protection Regulation, article 6, paragraph 1, point f. Note, that the data subject has the right to object against the processing, cf. General Data Protection Regulation article 21, paragraph 4. 

We process (forward) civil registration numbers to public authorities for purposes such as making registrations on behalf of clients on websites such as virk.dk, tinglysning.dk or minretssag.dk which are required for the purpose of unique identification, cf. General Data Protection Regulation, article 87, cf. the Data Protection Act section 11, paragraph 2, number 3. 

In cases where we do process special categories of personal data or personal data regarding criminal convictions and offences pertaining to the client, counterparties and the employees of the client and/or counterparties, such processing is necessary in order for a legal claim to be established, exercised or defended, cf. General Data Protection Regulation article 6, paragraph 1, point f and article 9, paragraph 2, point f. Note, that the data subject has the right to object against the processing, cf. General Data Protection Regulation article 21, paragraph 4. In case we process personal data regarding criminal convictions and offences such processing is necessary in order to comply with a legal obligation that CURIA is subject to, cf. General Data Protection Regulation article 10, cf. the Data Protection Act section 8, paragraph 3 and 4.

Source
The client, parties, witnesses and their advisors or employees, and otherwise from publicly available sources.

Retention Period
The personal data is deleted after 11 years, calculated from the end of the calendar year in which the client relationship is terminated, unless specific circumstances require a shorter or a longer storage period.

Categories of recipients
CURIA is bound by a statutory obligation to maintain confidentiality and will not generally transfer your personal data to third parties.

We only transfer personal data to our client, counterparties, or courts as well as other public authorities in cases where it is necessary to do so in order for a legal claim to be established, exercised or defended.

In addition, we transfer personal data to our auditors and to other professional advisors in certain cases, e.g. so that auditors can perform audits or so that we can receive professional advice from other consultants and advisors.

Further, we also use external suppliers, such as IT suppliers, accountants, etc. which may receive personal data in connection with the assistance they provide to us. CURIA enters into data processing agreements with external suppliers which process personal data on behalf of CURIA in order to ensure that all necessary security measures are adopted. We do not transfer personal data to countries outside of the EU/EEA unless such a transfer is being made to our client, counterparties or courts. In these situations, we will ensure appropriate or suitable safeguards in the absence of an adequacy decision by the Commission.