GENERAL INFORMATION
This document relates to CO:PLAY Advokatpartnerselskab, CVR no. 41110546 with registered address Strandvejen 58, 1., 2900 Hellerup ("CO:PLAY", "we" or "us") and sets out CO:PLAY's Privacy Policy regarding the collection and Processing of Personal Data (this "Privacy Policy") when we act as Data Controller. This Privacy Policy covers the processing of Personal Data that takes place in the course of conducting our business. If you are, or have been, employed by us, the Processing of Personal Data about you will to a relevant extent be covered by our internal Privacy Policy etc.
‍
The Privacy Policy describes for what purposes and on what legal basis we Process your Personal Data pursuant to the General Data Protection Regulation (GDPR).
‍
Unless otherwise stated, this Privacy Policy uses definitions of terms as set out in GDPR.

As a law firm, the basis for our Processing of Personal Data is the obligations we have as part of a regulated profession. These obligations are described in more detail in chapters 12-15b of the Danish Administration of Justice Act. § 126 of the Danish Administration of Justice Act sets out the requirements for good legal practice, which all lawyers are obliged to observe. The Administration of Justice Act thus sets the overall framework for our business and thus also our Processing of Personal Data as part of the practice of law.

CO:PLAY collects and Processes a number of personal data about you, e.g. when you use our website, register for one of our events, you or your company establish a client relationship with us or otherwise as part of our practice of law.

In most situations, CO:PLAY is considered a Data Controller. This is the case, for example, when we Process Personal Data about our clients and their employees in order for us to fulfill our task as a lawyer. We only act as Data Processor when we carry out a specific Processing of Personal Data on behalf of a client. In that case, the client is the Data Controller for the Processing of your Personal Data. This is specifically the case as part of the operation of our whistleblower scheme CO:WHISTLE, or when we provide other specific tools to clients according to their instructions.

In the Privacy Policy we inform you about your rights and how we Process and protect your Personal Data. You can read more about your rights in connection with our Processing of your Personal Data in the GDPR and on the Danish Data Protection Agency's website. You can access further information here.

All questions regarding this Privacy Policy should be directed to Mandeep Singh Rathour (msr@coplay.law) or Sille Grostøl (sg@coplay.law).

CONTACT INFORMATION
If you wish to exercise your rights, withdraw your consent or if you have any questions regarding our Processing of your Personal Data, please contact Mandeep Singh Rathour at e-mail: msr@coplay.law or Sille Grostøl at e-mail: sg@coplay.law.

If you wish to complain about our Processing of your Personal Data, please submit your complaint to the Danish Data Protection Agency. You can read more about how to complain to the Danish Data Protection Agency here.

In the following you can see what Personal Data we Process about you, for what purpose we Process the Personal Data and on what legal basis we Process Personal Data.

The source of the Personal Data is either our client, yourself, another person associated with the party you represent or public authorities, including the courts. In certain cases, e.g. in legal proceedings, legal investigations or similar, the Personal Data may have been provided to us by other parties or third parties.

In certain cases, we may, after a specific assessment, Process non-sensitive Personal Data collected for one of the purposes below for another purpose if we specifically assess that such further processing can take place under the GDPR and is not incompatible with the original purpose for which the Personal Data was collected. You will, as appropriate, be notified in accordance with the GDPR. 

USE OF COOKIES
When you visit our website, you will be asked to consent to us collecting personal data about your behavior on the website by using "cookies". The purpose of this is partly (i) necessary so that we can technically remember your preferences as part of the processing of your visit to our website, and (ii) for statistical and marketing purposes. If you wish to refuse the use of cookies on the website that are not necessary, click "only necessary cookies".

You can always revoke or change your consent by deselecting cookies in the cookie overview.

We collect general personal data, including information about your behavior on and use of the website and your IP address.

The processing of your personal data is based on your consent, cf. Article 6(1)(a) of the Data Protection Regulation. When processing in connection with technical cookies, your personal data is processed on the basis of a legitimate interest in making the website function optimally, cf. Article 6(1)(f) of the General Data Protection Regulation.

We store your personal data for as long as it is necessary for the purpose(s) for which the data is processed.

We may disclose your Personal Data to relevant recipients such as:
a. Courts
b. Public authorities such as SKAT or similar
c. Companies that provide a service that is necessary for CO:PLAY to provide its services (e.g. digital infrastructure or similar services)

In some cases, it may be necessary to transfer personal data to countries outside the EU/EEA, including to a specific client, counterparty, court or similar. In that case, the transfer will be made in accordance with Article 49(1)(b) of the GDPR, according to which the transfer may take place if necessary for the performance of a contract between the data subject and the controller or for the implementation of measures taken at the request of the data subject prior to the conclusion of such a contract. When transferring personal data in other situations, including to our business partners or suppliers, the personal data will be processed by our data processors and the processing will therefore take place according to our instructions. The processing will generally be based on the European Commission's standard contractual clauses as our transfer basis.

We store your Personal Data for 10 years after the conclusion of the case in question, unless there are special circumstances that make it necessary to store the Personal Data for a shorter or longer period, cf. the Danish Bar and Law Society's guidelines.

Accounting information and information collected in connection with the requirements of the Danish Money Laundering Act is stored for five years. Personal data regarding our suppliers and business partners is also stored for five years after the end of the collaboration.

When you participate in a course or seminar with us, we process your personal data for as long as it is necessary to carry out the course or seminar in question and evaluate it. Often a course will be part of our broader client and customer contact, including our establishment of networks for knowledge sharing etc.

If you request to no longer be part of such initiatives, we will delete the relevant Personal Data unless there is an exceptional basis for continuing to process the relevant Personal Data under GDPR.

We may also have specifically requested your consent to store relevant contact information in order to market future events etc. to you. In that case, the consent forms the basis for our Processing of your Personal Data, cf. GDPR Article 6(1)(a).

If you are employed by one of our clients, we will store your Personal Data for as long as we enter into a business relationship with the client. In the case of a payment arrangement, we store Personal Data for the purpose of supporting invoicing, etc. for the financial year plus five years as stipulated in the Danish Bookkeeping Act.

You are entitled to request access to and further information about the Processing of your Personal Data or request that we correct, rectify, complete, erase or restrict the Processing of your Personal Data. You are entitled to request two (2) times a year a free copy of your Personal Data that we Process. We are entitled to charge a reasonable fee based on our administrative costs if you request additional copies.

You are entitled to have the Processing of your Personal Data restricted if;
a. you have contested the accuracy of the Personal Data,
b. the Processing is unlawful and you have requested its restriction,
c. we no longer need your Personal Data for the original purpose but we require it to establish, exercise or defend rights, or
d. an assessment of which consideration outweighs the request for erasure is ongoing.

Where our Processing is automated and based on consent or performance of a contract, you have the right to data portability. Data portability means that you can receive the Personal Data to which you have given us access in a structured, commonly used and machine-readable format and that you have the right to transfer the Personal Data to another controller, cf. Article 20 of the GDPR.

If our processing of your Personal Data takes place on the basis of a Consent, you may withdraw this Consent at any time. However, this does not affect the lawfulness of the processing carried out before the consent is withdrawn.


CHANGES
‍
We reserve the right to change this Privacy Policy to ensure that it is in accordance with applicable law or as a result of changes to our Processing of Personal Data.