Privacy policy

27 march 2023

Version 2

Download as pdf

Introduction

Littler | enevold is a law firm in Denmark which is a part of the international law firm Littler. Littler has offices all over the world. Littler | enevold is operated as a personally owned law firm under the framework of Enevold Advokatfirma, CVR number 43406604.

This privacy policy is applicable to persons who are in contact with Litter | enevold based on our counselling and legal assistance, either as a client or as a party in a case, for example as counterpart or witness.

The purposes and description of our processing of your personal data

When providing our service, we will process information about you or information by which you can be identified directly or indirectly (referred to as personal data).

It is important for us to respect you and your privacy and thus, we take the protection of your personal data seriously. As lawyers, we are subject to a duty of confidentiality. Additionally, we process your personal data in the manner described below in this privacy policy.

We focus on the nature and scope of the personal data and how to protect the personal data most effectively. Thus, we only collect and process personal data that is necessary to fulfil lawful purposes. However, we may be required by law to collect and process certain personal data.

We only process personal data which is necessary for us to provide our legal counselling and litigation services and client relationships. In some situations, we may process sensitive personal data if necessary to the case that we are processing. This will typically be either health information or information about trade union relationships, and more seldom other categories of sensitive data.

Our processing of personal data is carried out solely for objective and legitimate purposes.

If we intent to process the personal data for a purpose different than the purpose for which the personal data originally was collected, we will inform you of this, unless the processing is covered by our duty of confidentiality or is a matter of enforcing legal claims or similar. However, when anonymising personal data so that the data subjects are no longer identified or identifiable, we may use the data for other purposes without informing you prior to the processing.

Our collection and processing of personal data has legal basis on either a contract, a consent, a legal obligation, legitimate interests, or the establishment, defense, or enforcement of a legal claim. We take measures to prevent that the personal data we process is inaccurate or misleading and we make sure to rectify personal data, if necessary.

In some cases, we may need to collect and process personal data from third parties, such as public authorities and private parties. In such cases, we will inform you of this if we have not already, and if required collect your consent. We will not inform you if you are already aware of the collection and processing, or your interest in being informed is overridden by overriding public or private interests, or it is a matter of enforcing legal claims, etc.

The recipients of the personal data from us

We may share personal data with affiliates of Littler | Enevold and the global Littler organization, as well as with our business partners who work on our behalf for the purposes described in this privacy policy. In such cases, these companies must comply with our security requirements and may not process personal data that they receive from us for any other purposes.

If we use another company to process personal data on our behalf, we will enter into data processing agreements that further regulate the company's processing of personal data on our behalf.

By virtue of our function as lawyers, personal data may be disclosed to our client(s), business partners, or other parties and participants involved in a case. We also disclose personal data where we are required by law to disclose personal data, for example for tax purposes. We also disclose your personal data for registration in public authorities' databases and for use by these authorities, such as www.virk.dk or www.minretssag.dk, and for use by authorities, the courts, labor arbitration, the Danish Board of Equal Treatment or other dispute resolution bodies.

In our agreements, we require that our client and case information is not stored or processed outside Denmark. We only transfer personal data for processing outside the EU and EEA if it is to a client, counterparty, court, etc.

Right to erasure (‘right to be forgotten’)

We delete personal data when it is no longer necessary for the purpose for which the personal data was collected and is processed. The retention period may therefore vary depending on the specific purpose. Data for case management purposes will generally be stored for 10 years, but there may be shorter or longer retention periods.

Security of processing

We have implemented appropriate technical and organisational measures as to ensure integrity, security, and confidentiality of your personal data. The technical and organizational measures protect the personal data collected against destruction, loss, alteration, unauthorized disclosure and unauthorized access or disclosure.

This includes limiting access to personal data physically and technically to those colleagues who have a work-related need for access and who have received training and instruction in the processing of personal data. We are all subject to confidentiality and professional secrecy.

Personal data in physical form is kept locked when not in use, while personal data in digital form is protected by access control, personalized passwords, encryption, backup system and updated firewalls and anti-virus protection.

We also have processes for handling any security breaches and notifying you and the Danish Data Protection Agency.

Data controller

Enevold Advokatfirma, CVR number 43406604.

Changes

We might need to change this privacy policy, for example due to digital developments. Thus, we reserve the right to change this privacy policy. In case of material changes, or if required by law, we will, to the extend required, ensure that you are notified of any changes.

Contact

For more information about Littler | enevold processing of personal data, please contact us by e-mail
info@littler.dk or telephone + 45 69 16 30 40.

Further information regarding the general rules for processing personal data can be found on the
website of the Danish Data Protection Agency.

Littler | Enevold
Islands Brygge 26
DK-2300 Copenhagen S

Rights of the data subject

As a data subject you have certain rights. Information on this is available below.

RIGHTS OF THE DATA SUBJECT

31 march 2023, V.2

When processing personal data about you as a data subject in connection with our services and legal counselling, you have several rights under the data protection legislation. Therefore, we have adopted this policy to inform you of your rights if we process any personal data about you.

You can send a request for any of your rights to bo@littler.dk. When submitting a request, we ask you to provide your full name and your relationship to Littler | enevold.

Once we have received your request, we will check whether we can identify you and whether the conditions for the right as a data subject are met. If so, we will ensure that the right is fulfilled.

As a rule, you can exercise your rights freely and free of charge. However, if you request additional copies of information, we may charge a fee for this. Where requests are manifestly unfounded or excessive, we may either charge a fee for providing the information or taking the requested action, or we may refuse to fulfil the request.

The exercise of your rights must not violate the rights and freedoms of others, and the information may be subject to a duty of confidentiality, and we may therefore refuse to fulfil your rights in whole or in part if this is the case.

Right to withdraw consent

As a rule, Littler | enevold does not process personal data based on consent, but on the basis of another legal basis. If you are asked to give your consent, you have the right to withdraw your consent if our processing of your personal data is based on your consent. We will then delete your personal data if there is no other legal basis for the processing, see also Right to erasure. However, withdrawal of consent will not affect the lawfulness of the processing we have already carried out based on the consent. Consent can be withdrawn at bo@littler.dk.

Right of access

You have the right to obtain information about what personal data we process about you, the purposes of the processing, the recipients or categories of recipients to whom the personal data have been or will be disclosed, how long we keep the personal data or, if this is not possible, the criteria used to determine this period, where we collected the personal data from if they are not collected from you, information about automated decision-making if we use it, and information about the transfer for processing outside the EU or EEA and about the appropriate safeguards in relation to such.

Right to rectification

You have the right to have inaccurate personal data corrected or supplemented by us. In this case, you must contact us and inform us of the nature of the inaccuracies and how they should be completed.

Right to erasure (‘right to be forgotten’)

You have the right to request that we erase your personal data if the personal data is no longer necessary in relation to fulfil the purpose for which it was collected, if our processing of the personal data is based on your consent and the consent is withdrawn and thus, there is no other legal basis for the processing, if you have a legitimate objection to processing in the public interest or in the interest of others, if processing is for direct marketing purposes, if processing is unlawful, or if erasure is required by Danish law. However, you do not have the right to erasure if the processing of the personal data is necessary for the performance of a contract to which you are a party, to exercise the right to freedom of expression and information, to comply with a legal obligation to which we are subject under Danish law, or for the establishment, exercise, or defense of legal claims.

Right to restriction of processing

You have the right to have our processing of your personal data restricted if:

(i) you contest the accuracy of the personal data until we have verified whether the personal data is accurate; or

(ii) the processing is unlawful, but instead of erasure you wish to restrict the use of the personal data,

(iii) we no longer need the personal data for the processing, but the personal data is necessary for the establishment, exercise, or defense of legal claims; or

(iv) you have objected to processing in the public interest or the interests of others until it is verified that those interests override your interests.

In the context of a restriction of processing of personal data, we may only process the personal data, except for storage, with your consent or for the establishment, exercise, or defense of legal claims or for the protection of another natural or legal person or for reasons of important public interest.

Notification obligation regarding rectification or erasure of personal data or restriction of processing

You have the right to be informed of all recipients to whom we have disclosed or shared your personal data and that the recipients concerned are informed of a rectification, erasure, or restriction of processing your personal data, unless this is impossible or involves disproportionate effort.

Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another controller where the processing is based on consent or on a contract and the processing is carried out by automated means. If technically feasible, you also have the right to require us to transmit the personal data directly to the other controller.

Right to object

You have the right to object to the processing of your personal data in the public interest or in the interest of others, and the personal data may then no longer be processed, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims. Particularly regarding direct marketing, you also have the right to object to the processing of your personal data, and the personal data may then no longer be processed for this purpose.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. However, this does not apply if the decision is necessary for the conclusion or fulfilment of a contract to which you are a party, if the decision is based on your consent, or if the decision is based on applicable national or EU law.

Right to notification in case of a personal data breach

You have the right to be notified if we had a breach of our personal data security that would involve a high risk to your rights and freedoms. However, this right does not apply if we have applied appropriate technical and organizational measures to the personal data affected by the breach, such as measures that make your personal data unintelligible to anyone without authorized access, if we have implemented subsequent measures that ensure that the high risk to your rights and freedoms is no longer likely to be real, or if direct notification to you would require a disproportionate effort. In the latter case, however, public communication or equivalent measure shall be made instead, whereby you are informed in an equally effective manner.

Right to complain to the Danish Data Protection Agency

You have the right to file a complaint to the Danish Data Protection Agency if you are of the opinion that our processing of your personal data violates Danish personal data legislation. However, we hope that you will contact us first via bo@littler.dk, and we would appreciate receiving a copy of the complaint if you decide to complain to the Danish Data Protection Agency.

In that case, the complaint must be sent to:

The Danish Data Protection Agency
Borgergade 28
DK-1300 Copenhagen K