GENERAL INFORMATION

This document pertains to CO:PLAY Law Firm, CVR no. 41110546, with its registered address at Strandvejen 58, 1., 2900 Hellerup ("CO:PLAY," "we," or "us") and establishes CO:PLAY's Privacy Policy regarding the collection and processing of personal data (this "Privacy Policy") when we act as a Data Controller. This Privacy Policy covers the processing of personal data that occurs as part of our business activities. If you are or have been employed by us, the processing of your personal data, to the extent relevant, will be governed by our internal Privacy Policy.

This Privacy Policy outlines the purposes and legal basis for processing your personal data in accordance with the General Data Protection Regulation (GDPR). Unless otherwise stated, this Privacy Policy adopts the definitions of terms as provided in the GDPR.

As a law firm, our processing of personal data is based on the obligations we uphold as part of a regulated profession. These obligations are further detailed in Chapters 12-15b of the Danish Administration of Justice Act. Section 126 of the Administration of Justice Act establishes the requirements for good professional conduct that all lawyers are required to adhere to. Consequently, the Administration of Justice Act sets the overall framework for our business, including our processing of personal data as part of legal practice.

CO:PLAY collects and processes various personal data, for example, when you visit our website, sign up for one of our events, establish a client relationship with us, or otherwise engage with us in connection with our legal services.

In most cases, CO:PLAY acts as the Data Controller. This applies when we process personal data about our clients and their employees to fulfill our duties as legal advisors. We only act as a Data Processor when we process personal data on behalf of a client. In such cases, the client is the Data Controller. This specifically applies to our operation of the whistleblower scheme CO:WHISTLE or when we provide other specific tools to clients under their instructions.

This Privacy Policy informs you about your rights and how we process and protect your personal data. You can find more information about your rights under the GDPR and on the Danish Data Protection Agency’s website. Further details are available here.

For any questions regarding this Privacy Policy, please contact Christian Wiese Svanberg (cws@coplay.law) or Sille Grostøl (sg@coplay.law).

CONTACT INFORMATION
If you wish to exercise your rights, withdraw your consent or if you have any questions regarding our Processing of your Personal Data, please contact Christian Wiese Svanberg at e-mail: cws@coplay.law or Sille Grostøl at e-mail: sg@coplay.law.

If you wish to complain about our Processing of your Personal Data, please submit your complaint to the Danish Data Protection Agency. You can read more about how to complain to the Danish Data Protection Agency here.

THE PERSONAL DATA WE PROCESS

Below, you will find an overview of the types of personal data we process about you, the purposes for which we process them, and the legal basis for such processing.

The source of the personal data may be our client, yourself, another person associated with the party you represent, or public authorities, including the courts. In certain cases—such as legal proceedings, legal investigations, or similar matters—personal data may have been provided to us by other parties or third parties.

In specific circumstances, and following an individual assessment, we may process non-sensitive personal data collected for one purpose for another, provided that such further processing is permissible under the GDPR and remains compatible with the original purpose. If such further processing occurs, you will be notified in accordance with the GDPR.

USE OF COOKIES
When you visit our website, you will be asked to consent to our collection of personal data about your behavior on the website through the use of "cookies." The purpose of this is partly (i) to technically remember your preferences as part of your visit to our website and (ii) for statistical and marketing purposes. If you wish to refuse the use of non-essential cookies, click "only necessary cookies."

You can always withdraw or change your consent by deselecting cookies in the cookie settings.

We collect general personal data, including information about your behavior on and use of the website, as well as your IP address.

The processing of your personal data is based on your consent, cf. Article 6(1)(a) of the General Data Protection Regulation (GDPR). When processing is related to technical cookies, your personal data is processed based on a legitimate interest in ensuring the website functions optimally, cf. Article 6(1)(f) of the GDPR.

We store your personal data for as long as necessary for the purpose(s) for which the data is processed.

We use the following suppliers, who may receive your data:
- Google Ireland ltd.

We may disclose your Personal Data to relevant recipients such as:
a. Courts
b. Public authorities such as the Danish Tax Authority or similar
c. Companies that provide a service that is necessary for CO:PLAY to provide its services (e.g. digital infrastructure or similar services)

In some cases, it may be necessary to transfer personal data to countries outside the EU/EEA, including to a specific client, counterparty, court or similar. In that case, the transfer will be made in accordance with Article 49(1)(b) of the GDPR, according to which the transfer may take place if necessary for the performance of a contract between the data subject and the controller or for the implementation of measures taken at the request of the data subject prior to the conclusion of such a contract. When transferring personal data in other situations, including to our business partners or suppliers, the personal data will be processed by our data processors and the processing will therefore take place according to our instructions. The processing will generally be based on the European Commission's standard contractual clauses as our transfer basis.

We store personal data in connection with legal advice and assistance for 10 years after the conclusion of the case in question, unless special circumstances make it necessary to store the personal data for a shorter or longer period, cf. the Danish Bar and Law Society's guidelines. If you are employed by one of our clients, we will store your personal data for as long as we maintain a business relationship with the client.

Accounting information and data collected in compliance with the requirements of the Danish Anti-Money Laundering Act are stored for five years. Personal data regarding our suppliers and business partners is also stored for five years after the end of the collaboration.

For payment arrangements with our suppliers and business partners, we store personal data to support invoicing, etc., for the financial year plus five years, as required by the Danish Bookkeeping Act.

If you request to no longer be part of such initiatives, we will delete the relevant personal data unless there is an extraordinary basis for continuing to process the data under the GDPR.

Additionally, if we have specifically requested your consent to store your contact information for marketing purposes, such consent will form the basis for our processing of your personal data, cf. GDPR Article 6(1)(a).

Personal data related to marketing is stored for as long as you wish to receive marketing from us and for two years thereafter.

You are entitled to request access to and further information about the Processing of your Personal Data or request that we correct, rectify, complete, erase or restrict the Processing of your Personal Data. You are entitled to request two (2) times a year a free copy of your Personal Data that we Process. We are entitled to charge a reasonable fee based on our administrative costs if you request additional copies.

You are entitled to have the Processing of your Personal Data restricted if;
a. you have contested the accuracy of the Personal Data,
b. the Processing is unlawful and you have requested its restriction,
c. we no longer need your Personal Data for the original purpose but we require it to establish, exercise or defend rights, or
d. an assessment of which consideration outweighs the request for erasure is ongoing.

Where our Processing is automated and based on consent or performance of a contract, you have the right to data portability. Data portability means that you can receive the Personal Data to which you have given us access in a structured, commonly used and machine-readable format and that you have the right to transfer the Personal Data to another controller, cf. Article 20 of the GDPR.

If our processing of your Personal Data takes place on the basis of a Consent, you may withdraw this Consent at any time. However, this does not affect the lawfulness of the processing carried out before the consent is withdrawn.


CHANGES
‍
We reserve the right to change this Privacy Policy to ensure that it is in accordance with applicable law or as a result of changes to our Processing of Personal Data.