Updated 24 May 2018
Privacy and data protection is important to us, and in this Privacy Notice we will explain how we process personal data concerning our clients, and to persons whom the clients’ matters pertain to.
When Synch processes personal data, Synch is a personal data controller. This means that Synch is determining the purposes and means for processing the personal data, and consequently bears the responsibility under applicable data protection laws.
2. Contact information to synch
+45 7027 8899
Strandvejen 58, 1.
Strandvejen 58, 1.
3. The personal data we process
In the table below, we set out what types of personal data we process, the purposes for doing so, and the legal grounds upon which we base the processing.
|PERSONAL DATA||PURPOSE||LEGAL GROUND|
– Full name
– Email address
|Purpose (1): registering companies as clients and contact persons at the client company. The contact persons may vary from matter to matter.
Purpose (2): registering natural persons as clients.
Purpose (3): invoicing the clients
Purpose (4): complying with bookkeeping legislation.
|Legal ground (1, 2, 3): fulfilment of a contractual obligation.
Legal ground (3, 4): complying with a legal obligation.
– Full name
– Email address
– Street address
– Personal identification number
|Purpose (1): to carry out controls to ensure that there is no conflict of interest.
Purpose (2): invoicing the clients.
Purpose (3): complying with bookkeeping legislation.
|Legal ground (1): the processing is a necessary step to take in order to enter into a contract, which the person has requested.
Legal ground (2): fulfilment of a contractual obligation.
Legal ground (3): complying with a legal obligation.
|Anti-money laundering (AML) information:
– A copy of the passport, or other similar document that can be used for identification.
– An assessment if the person is a politically exposed person.
|Purpose: complying with AML legislation.
|Legal ground: complying with a legal obligation.|
|Information for WeSynch profiles:
– Full name
– Telephone number
– Email address
– (optional) short biography
|Purpose: setting up personal profiles in our digital tool WeSynch.
|Legal ground: fulfilment of a contractual obligation.|
|Information in connection with legal matters: given the nature of a law firm’s daily activities, it is not possible to provide an exhaustive list of types of personal data that will be processed. The below list is intended as an example:
– Contact information
– Meeting notes, and other notes
– Mentions of persons in documents that Synch drafts
– Other information that is required when handling the client’s case.
|Purpose: to handle the client’s matter according to the client’s instructions, and in accordance with the ethics rules provided by the Danish Bar and Law Society.
|Legal ground (regular personal data):
The processing is a necessary step to take in order to enter into a contract, which the person has requested;
Fulfilment of a contractual obligation;
The processing is necessary in order to protect the vital interests of the client;
Complying with a legal obligation;
The processing is necessary for the purpose of the legitimate interest of the client (legitimate interests could be e.g. debt collection, establishing of rights etc).
Legal ground (special categories of personal data, and personal data relating to criminal convictions and offences): Synch will process the aforementioned categories of personal data when doing so is necessary for the establishment, exercise or defence of legal claims.
Synch cannot provide its services unless the contact information and AML information are provided to Synch.
4. Recipients of personal data, and transfers of personal data
The personal data may be transferred to the following categories of recipients:
- Courts, and similar judicial entities and/or authorities;
- Other authorities, such as “SKAT” (the Danish tax authorities);
- Recipients whom Synch has been directed by the client to transfer information to;
- Companies that provide services upon which Synch relies for its core activities (such as data management services, and digital infrastructure).
Synch does not transfer personal data to countries outside of the EU/EEA, unless this is necessary to carry out the assignment given by a client. If so is the case, and there is no decision from the European Commission that the country which the personal data will be transferred to provides adequate data protection legislation to ensure the safety of the personal data, Synch will use relevant safeguards to ensure the safety of the personal data. If you are a client and want to know more about the safeguard we use, please contact Synch for more information.
5. Storage and deletion of personal data
Synch stores all client related information, and personal data therein, for as long as there are legitimate purposes. There is no general duration of this storage, but we base our assessment on i.a. the guidance from the Danish Bar and Law Society about this issue, which as a main rule can entail storage for up to ten (10) years, after completion of the relevant assignment.
Synch uses professional services to destroy physical documents that ensures the integrity and confidentiality of the information contained in the documents. For handling digital information, Synch uses professional service providers that are specialised in accommodating the needs for digital integrity, confidentiality, and reliance of law firms.
6. Your rights
Synch is a law firm and is as such subject to rules of professional secrecy. This means that Synch is not allowed to disclose information relating to the clients’ matters to anyone but the client.
The rights that a person has in regards of their personal data are not absolute, meaning that certain criteria must be at hand for the right to be exercised. Also, there are exceptions to some of the rights. Synch will accommodate requests to the extent that Synch is obliged under data protection laws, and that doing so is not contrary to the interests of Synch’s clients.
A person has the following rights regarding personal data concerning them:
- Access: meaning that you have the right to information about the processing, access to the personal data in question, and the right to obtain a copy of it.
- Rectification: meaning that Synch must correct the personal data if it is incorrect.
- Erasure: meaning that Synch must erase the personal data in certain circumstances, such as if there is no purpose for processing it any longer.
- Object to processing: meaning that you have a right to object to Synch’s processing of personal data.
- Restriction of the processing: meaning that you the right to have Synch restrict the processing of personal data, but not delete it.
- Data portability: meaning that if you want Synch to transfer the personal data to another personal data controller, Synch must accommodate this request.
Also, you have the right to lodge a complaint at the supervisory authority, if you believe that Synch’s processing of personal data infringes applicable data protection laws. The supervisory authority in Denmark is Datatilsynet. If you are not based in Denmark, you may contact the supervisory authority that is relevant to you.