ServicesDigital solutionsCybersecurity breachesOur team
KnowledgeEventsAbout usCareers
Contact us
DA
EN
About us
Events
Career
News
DA
EN
Services
Compliance
Protection
Transactions
Organisation
Dispute resolution
Cybersecurity breaches
Digital solutions
CO:WHISTLE
CO:SPACE
CO:DEAL
Cybersecurity breaches
Team
Contact us

PRIVACY POLICY FOR THE PROCESSING OF PERSONAL DATA AT CO:PLAY LAW FIRM

1.
GENERAL INFORMATION
This document relates to CO:PLAY Advokatpartnerselskab, CVR no. 41110546 with registered address Strandvejen 58, 1., 2900 Hellerup ("CO:PLAY", "we" or "us") and sets out CO:PLAY's Privacy Policy regarding the collection and Processing of Personal Data (this "Privacy Policy") when we act as Data Controller. This Privacy Policy covers the processing of Personal Data that takes place in the course of conducting our business. If you are, or have been, employed by us, the Processing of Personal Data about you will to a relevant extent be covered by our internal Privacy Policy etc.
‍
The Privacy Policy describes for what purposes and on what legal basis we Process your Personal Data under the General Data Protection Regulation (GDPR).
‍
Unless otherwise stated, this Privacy Policy uses definitions of terms as set out in GDPR.

As a law firm, the starting point for our Processing of Personal Data is the obligations we have as part of a regulated profession. These obligations are described in more detail in chapters 12-15b of the Danish Administration of Justice Act. Section 126 of the Danish Administration of Justice Act sets out the requirements for good legal practice, which all lawyers are obliged to observe. The Administration of Justice Act thus sets the overall framework for our business and thus also our Processing of Personal Data as part of the practice of law.

CO:PLAY collects and Processes a number of personal data about you, e.g. when you use our website, register for one of our events, you or your company establish a client relationship with us or otherwise as part of our practice of law.
‍
In most situations, CO:PLAY is considered a Data Controller. This is the case, for example, when we Process Personal Data about our clients and their employees in order for us to fulfill our task as a lawyer. We only act as Data Processor when we specifically handle a Processing of Personal Data on behalf of a client. In that case, the client is the Data Controller for the Processing of your Personal Data. This is specifically the case as part of the operation of our whistleblower scheme CO:WHISTLE, or when we make other specific tools available to clients according to their instructions.

In the Privacy Policy we inform you about your rights and how we Process and protect your Personal Data. You can read more about your rights in connection with our Processing of your Personal Data in the GDPR and on the Danish Data Protection Agency's website. You can access further information here.

All questions regarding this Privacy Policy should be directed to Sille Grostøl(sg@coplay.law).
CO:PLAY
LAW FIRM
CVR No. 41110546 
Phone: +45 7027 8899 
Email: sg@coplay.law
Address: Strandvejen 58, 1. 2900 Hellerup Denmark
2.
THE PERSONAL DATA WE PROCESS

Below, you will find an overview of the types of personal data we process about you, the purposes for which we process them, and the legal basis for such processing.

The source of the personal data may be our client, yourself, another person associated with the party you represent, or public authorities, including the courts. In certain cases—such as legal proceedings, legal investigations, or similar matters—personal data may have been provided to us by other parties or third parties.

In specific circumstances, and following an individual assessment, we may process non-sensitive personal data collected for one purpose for another, provided that such further processing is permissible under the GDPR and remains compatible with the original purpose. If such further processing occurs, you will be notified in accordance with the GDPR.
PERSONAL DATA
PURPOSE
TREATMENT BASIS
For potential clients and when establishing a client relationship

Personal data:
- Name
- Company
- Email address
- Phone number
- The information you provide initially regarding your case
Establishing aclient relationship
The processing is necessary for the performance of a contract with you or the implementation of pre-contractual measures. The processing is therefore carried out in accordance with Article 6(1)(b) of the GDPR.
In connection with money laundering control

Personal data:
- Passport and/or driving license information,
including CPR number

Purpose
Establishing a client relationship

Purpose
Fulfilling our legal obligation
The processing is necessary to comply with a legal obligation under the Money Laundering Act and is therefore carried out in accordance with Article 6(1)(c) of the General Data Protection Regulation. The processing of CPR numbers is conducted in accordance with section 11(2)(1) of the Danish Data Protection Act and the provisions of the Danish Money Laundering Act regarding the know-your-customer procedure.
For clients as part of our provision of legal services

Personal data:
- Identification and contact information
- Any professional information regarding your position or company
- Information from meetings or similar notes
- Other information you give us in connection with your case, including sensitive personal data such as your health for use in an insurance case, trade union membership for use in an HR-related case etc.
Purpose
Be able to handle the client's case and provide legal assistance.
The processing of personal data is necessary for the performance of a contract with you or for the implementation of pre-contractual measures. Accordingly, processing is carried out in compliance with Article 6(1)(b) of the General Data Protection Regulation (GDPR).

Additionally, processing is based on our legitimate interest in managing client relationships and providing legal assistance. Therefore, processing is conducted in accordance with Article 6(1)(f) of the GDPR.

If sensitive personal data is processed, it is done so only when necessary for the establishment, exercise, or defense of legal claims. This processing is carried out in accordance with Article 9(2)(f) of the GDPR.
Counterparties and other contact persons

‍ Personal data
:
- Identification and contact information
- Any professional information regarding your position or your company
- Other information necessary for the case, including sensitive personal data that is specifically included in the case.
Purpose
Be able to handle the client's case and provide legal assistance.
The processing is carried out on the basis of a legitimate interest in being able to assist our client in handling the case. The processing is therefore carried out in accordance with Article 6(1)(f) of the General Data Protection Regulation.

Any sensitive personal data is processed when necessary for the establishment, exercise or defense of a claim. The processing is therefore carried out in accordance with Article 9(2)(f) of the General Data Protection Regulation.
For CO:PLAY's suppliers and partners

Personal information
:
- Identification and contact information
- Bank details
Purpose

To receive goods and services from our suppliers and partners.
The processing is necessary for the performance of a contract with you or the implementation of pre-contractual measures. The processing is therefore carried out in accordance with Article 6(1)(b) of the GDPR.
In connection with courses and seminars

Personal data:
- Identification and contact information
- Any information about your position or workplace.
Purpose
To register your participation in our event.

Purpose
Could contact you with information about the event.
The processing is based on our legitimate interest in assisting our client in handling the case, in accordance with Article 6(1)(f) of the General Data Protection Regulation (GDPR).

Sensitive personal data is processed only when necessary for the establishment, exercise, or defense of legal claims, in compliance with Article 9(2)(f) of the GDPR.
For marketing and newsletters
- Identification and contact information
- Information about your position and workplace
- Information if you are interested in meeting, calls, marketing material or other.
Purpose
To be able to market CO:PLAY
The processing may also be carried out on the basis of a legitimate interest in carrying out marketing. The processing is therefore carried out in accordance with Article 6(1)(f) of the GDPR.
3.
USE OF COOKIES
When you visit our website, you will be asked to consent to our collection of personal data about your behavior on the website through the use of "cookies." The purpose of this is partly (i) to technically remember your preferences as part of your visit to our website and (ii) for statistical and marketing purposes. If you wish to refuse the use of non-essential cookies, click "only necessary cookies."

You can always withdraw or change your consent by deselecting cookies in the cookie settings.

We collect general personal data, including information about your behavior on and use of the website, as well as your IP address.

The processing of your personal data is based on your consent, cf. Article 6(1)(a) of the General Data Protection Regulation (GDPR). When processing is related to technical cookies, your personal data is processed based on a legitimate interest in ensuring the website functions optimally, cf. Article 6(1)(f) of the GDPR.

We store your personal data for as long as necessary for the purpose(s) for which the data is processed.

We use the following suppliers, who may receive your data:
- Google Ireland ltd.
4.
RECIPIENTS OF PERSONAL DATA
We may disclose your Personal Data to relevant recipients such as:
a. Courts
b. Public authorities such as the Danish Tax Authority or similar
c. Companies that provide a service that is necessary for CO:PLAY to provide its services (e.g. digital infrastructure or similar services)

In some cases, it may be necessary to transfer personal data to countries outside the EU/EEA, including to a specific client, counterparty, court or similar. In that case, the transfer will be made in accordance with Article 49(1)(b) of the GDPR, according to which the transfer may take place if necessary for the performance of a contract between the data subject and the controller or for the implementation of measures taken at the request of the data subject prior to the conclusion of such a contract. When transferring personal data in other situations, including to our business partners or suppliers, the personal data will be processed by our data processors and the processing will therefore take place according to our instructions. The processing will generally be based on the European Commission's standard contractual clauses as our transfer basis.
5.
STORAGE OF PERSONAL DATA
We store personal data in connection with legal advice and assistance for 10 years after the conclusion of the case in question, unless there are special circumstances that make it necessary to store the personal data for a shorter or longer period, cf. the Danish Bar and Law Society's guidelines. If you are employed by one of our clients, we will store your Personal Data for as long as we enter into a business relationship with the client.

Accounting information and information collected in connection with the requirements of the Danish Money Laundering Act is stored for five years. Personal data regarding our suppliers and business partners is also stored for five years after the end of the collaboration.

When making payment arrangements for our suppliers and business partners, we store personal data in order to support invoicing etc. for the financial year plus five years as stipulated in the Danish Bookkeeping Act.

When you participate in a course or seminar with us, we process your Personal Data for as long as it is necessary to complete and evaluate the course or seminar in question. Often a course will be part of our broader client and customer contact, including our establishment of networks for the purpose of knowledge sharing etc.

If you request to no longer be part of such initiatives, we will delete the relevant Personal Data unless there is an exceptional basis for continuing to process the relevant Personal Data under GDPR.

We may also have specifically requested your consent to store relevant contact information in order to market future events etc. to you. In that case, the consent forms the basis for our Processing of your Personal Data, cf. GDPR Article 6(1)(a).

Personal data in connection with marketing is stored for as long as you wish to receive marketing from us and for two years thereafter.
5.
YOUR RIGHTS
You are entitled to request access to and further information about the Processing of your Personal Data or request that we correct, rectify, complete, erase or restrict the Processing of your Personal Data. You are entitled to request two (2) times a year a free copy of your Personal Data that we Process. We are entitled to charge a reasonable fee based on our administrative costs if you request additional copies.

You are entitled to have the Processing of your Personal Data restricted if;
a. you have contested the accuracy of the Personal Data,
b. the Processing is unlawful and you have requested its restriction,
c. we no longer need your Personal Data for the original purpose but we require it to establish, exercise or defend rights, or
d. an assessment of which consideration outweighs the request for erasure is ongoing.

Where our Processing is automated and based on consent or performance of a contract, you have the right to data portability. Data portability means that you can receive the Personal Data to which you have given us access in a structured, commonly used and machine-readable format and that you have the right to transfer the Personal Data to another controller, cf. Article 20 of the GDPR.

If our processing of your Personal Data takes place on the basis of a Consent, you may withdraw this Consent at any time. However, this does not affect the lawfulness of the processing carried out before the consent is withdrawn.


CHANGES
‍

We reserve the right to change this Privacy Policy to ensure that it is in accordance with applicable law or as a result of changes to our Processing of Personal Data.
8.
CONTACT INFORMATION
If you wish to exercise your rights, withdraw your consent or have any questions regarding our Processing of your Personal Data, please contact Sille Grostøl at e-mail: sg@coplay.law.

If you wish to complain about our Processing of your Personal Data, please submit your complaint to the Danish Data Protection Agency. You can read more about how to complain to the Danish Data Protection Agency here.
Services
About us
Team
News
Career
Contact
Proud sponsor of
Team CO:PLAY - Giant store
Visit us
Strandvejen 58, 1. , 2900 Hellerup
Contact us
E-mail
contact@coplay.law
Phone:
+45 7027 8899
Copyright © 2024 CO:PLAY
Know Your CustomerBusiness TermsPrivacyPolicyWhistleblower