GENERAL INFORMATION
This document relates to CO:PLAY Advokatpartnerselskab, CVR no. 41110546 with registered address Strandvejen 58, 1., 2900 Hellerup ("CO:PLAY", "we" or "us") and sets out CO:PLAY's Privacy Policy regarding the collection and Processing of Personal Data (this "Privacy Policy") when we act as Data Controller. This Privacy Policy covers the processing of Personal Data that takes place in the course of conducting our business. If you are, or have been, employed by us, the Processing of Personal Data about you will to a relevant extent be covered by our internal Privacy Policy etc.
‍
The Privacy Policy describes for what purposes and on what legal basis we Process your Personal Data under the General Data Protection Regulation (GDPR).
‍
Unless otherwise stated, this Privacy Policy uses definitions of terms as set out in GDPR.

As a law firm, the starting point for our Processing of Personal Data is the obligations we have as part of a regulated profession. These obligations are described in more detail in chapters 12-15b of the Danish Administration of Justice Act. Section 126 of the Danish Administration of Justice Act sets out the requirements for good legal practice, which all lawyers are obliged to observe. The Administration of Justice Act thus sets the overall framework for our business and thus also our Processing of Personal Data as part of the practice of law.

CO:PLAY collects and Processes a number of personal data about you, e.g. when you use our website, register for one of our events, you or your company establish a client relationship with us or otherwise as part of our practice of law.
‍
In most situations, CO:PLAY is considered a Data Controller. This is the case, for example, when we Process Personal Data about our clients and their employees in order for us to fulfill our task as a lawyer. We only act as Data Processor when we specifically handle a Processing of Personal Data on behalf of a client. In that case, the client is the Data Controller for the Processing of your Personal Data. This is specifically the case as part of the operation of our whistleblower scheme CO:WHISTLE, or when we make other specific tools available to clients according to their instructions.

In the Privacy Policy we inform you about your rights and how we Process and protect your Personal Data. You can read more about your rights in connection with our Processing of your Personal Data in the GDPR and on the Danish Data Protection Agency's website. You can access further information here.

All questions regarding this Privacy Policy should be directed to Sille Grostøl(sg@coplay.law).

THE PERSONAL DATA WE PROCESS

Below, you will find an overview of the types of personal data we process about you, the purposes for which we process them, and the legal basis for such processing.

The source of the personal data may be our client, yourself, another person associated with the party you represent, or public authorities, including the courts. In certain cases—such as legal proceedings, legal investigations, or similar matters—personal data may have been provided to us by other parties or third parties.

In specific circumstances, and following an individual assessment, we may process non-sensitive personal data collected for one purpose for another, provided that such further processing is permissible under the GDPR and remains compatible with the original purpose. If such further processing occurs, you will be notified in accordance with the GDPR.

USE OF COOKIES
When you visit our website, you will be asked to consent to our collection of personal data about your behavior on the website through the use of "cookies." The purpose of this is partly (i) to technically remember your preferences as part of your visit to our website and (ii) for statistical and marketing purposes. If you wish to refuse the use of non-essential cookies, click "only necessary cookies."

You can always withdraw or change your consent by deselecting cookies in the cookie settings.

We collect general personal data, including information about your behavior on and use of the website, as well as your IP address.

The processing of your personal data is based on your consent, cf. Article 6(1)(a) of the General Data Protection Regulation (GDPR). When processing is related to technical cookies, your personal data is processed based on a legitimate interest in ensuring the website functions optimally, cf. Article 6(1)(f) of the GDPR.

We store your personal data for as long as necessary for the purpose(s) for which the data is processed.

We use the following suppliers, who may receive your data:
- Google Ireland ltd.

We may disclose your Personal Data to relevant recipients such as:
a. Courts
b. Public authorities such as the Danish Tax Authority or similar
c. Companies that provide a service that is necessary for CO:PLAY to provide its services (e.g. digital infrastructure or similar services)

In some cases, it may be necessary to transfer personal data to countries outside the EU/EEA, including to a specific client, counterparty, court or similar. In that case, the transfer will be made in accordance with Article 49(1)(b) of the GDPR, according to which the transfer may take place if necessary for the performance of a contract between the data subject and the controller or for the implementation of measures taken at the request of the data subject prior to the conclusion of such a contract. When transferring personal data in other situations, including to our business partners or suppliers, the personal data will be processed by our data processors and the processing will therefore take place according to our instructions. The processing will generally be based on the European Commission's standard contractual clauses as our transfer basis.

We store personal data in connection with legal advice and assistance for 10 years after the conclusion of the case in question, unless there are special circumstances that make it necessary to store the personal data for a shorter or longer period, cf. the Danish Bar and Law Society's guidelines. If you are employed by one of our clients, we will store your Personal Data for as long as we enter into a business relationship with the client.

Accounting information and information collected in connection with the requirements of the Danish Money Laundering Act is stored for five years. Personal data regarding our suppliers and business partners is also stored for five years after the end of the collaboration.

When making payment arrangements for our suppliers and business partners, we store personal data in order to support invoicing etc. for the financial year plus five years as stipulated in the Danish Bookkeeping Act.

When you participate in a course or seminar with us, we process your Personal Data for as long as it is necessary to complete and evaluate the course or seminar in question. Often a course will be part of our broader client and customer contact, including our establishment of networks for the purpose of knowledge sharing etc.

If you request to no longer be part of such initiatives, we will delete the relevant Personal Data unless there is an exceptional basis for continuing to process the relevant Personal Data under GDPR.

We may also have specifically requested your consent to store relevant contact information in order to market future events etc. to you. In that case, the consent forms the basis for our Processing of your Personal Data, cf. GDPR Article 6(1)(a).

Personal data in connection with marketing is stored for as long as you wish to receive marketing from us and for two years thereafter.

You are entitled to request access to and further information about the Processing of your Personal Data or request that we correct, rectify, complete, erase or restrict the Processing of your Personal Data. You are entitled to request two (2) times a year a free copy of your Personal Data that we Process. We are entitled to charge a reasonable fee based on our administrative costs if you request additional copies.

You are entitled to have the Processing of your Personal Data restricted if;
a. you have contested the accuracy of the Personal Data,
b. the Processing is unlawful and you have requested its restriction,
c. we no longer need your Personal Data for the original purpose but we require it to establish, exercise or defend rights, or
d. an assessment of which consideration outweighs the request for erasure is ongoing.

Where our Processing is automated and based on consent or performance of a contract, you have the right to data portability. Data portability means that you can receive the Personal Data to which you have given us access in a structured, commonly used and machine-readable format and that you have the right to transfer the Personal Data to another controller, cf. Article 20 of the GDPR.

If our processing of your Personal Data takes place on the basis of a Consent, you may withdraw this Consent at any time. However, this does not affect the lawfulness of the processing carried out before the consent is withdrawn.


CHANGES
‍
We reserve the right to change this Privacy Policy to ensure that it is in accordance with applicable law or as a result of changes to our Processing of Personal Data.

CONTACT INFORMATION
If you wish to exercise your rights, withdraw your consent or have any questions regarding our Processing of your Personal Data, please contact Sille Grostøl at e-mail: sg@coplay.law.

If you wish to complain about our Processing of your Personal Data, please submit your complaint to the Danish Data Protection Agency. You can read more about how to complain to the Danish Data Protection Agency here.