Privacy Policy – General Data Protection Regulation (GDPR)
The purpose of this policy
We process personal data about you in various instances. This site provides information about how we process personal data, which data we are permitted to use and what your rights are. By way of example, we process your data when you enter into a client relationship with us and we provide you with advice in our capacity as patent counsels in one of our cases where one of our clients is involves , or if you otherwise come into contact with us, or when you visit our website or apply for a job with us.
We are generally obliged to inform you whenever we process your personal data. However, there are certain cases in which we need not inform you, e.g. in situations where we are bound by a duty of confidentiality and where other interests considerably outweigh your right to be informed.
Data Controller
The legal entity acting as data controller for the processing of personal data undertaken by COPA, is:
COPA Copenhagen Patents K/S
VAT no.: 34576408
Rosenørns Allé 1, 2ndfloor.
DK - 1970 Frederiksberg.
Please contact us with any questions related to data protection:
T
+45 3324 0080
M
+45 4018 0052
E
copa@copenhagenpatents.com
Personal data processing
You can read more about how we process personal data in the table below.
|
Purpose |
Data subject |
Category of personal data |
Legal basis |
Source |
Retention period |
|
Manage client relations, incl. registration of new clients and cases, provide counselling, issue invoices, carry out quality assurance and quality control. |
Clients, incl. Client employees. |
Non-sensitive personal data, such as names, titles, addresses, telephone numbers and e-mail addresses |
The processing is necessary for performing contracts with our clients or to take steps at the request of the clients prior to entering into contracts, cf. Art. 6 (1)(b) of the General Data Protection Regulation ("GDPR"). Moreover, such processing is necessary for us to pursue our legitimate interests in managing our client relations, fulfilling contracts with clients, administering and developing our business and services, and handle the operation and maintenance of IT systems that are used as part of our client relations management, cf. Art. 6(1)(f) of the GDPR. |
Clients, incl. Client employees. |
10 years calculated from the from the termination of a case or client relationship, unless specific circumstances require a shorter or longer storage period. |
|
|
|
||||
|
Provide advice |
Clients, parties, business partners and their employees. |
Non-sensitive personal data, such as name, position, organisation, address, e-mail address, telephone number. We generally do not want to receive sensitive personal data and personal data about criminal convictions and offences. If such data are received in this context, we delete them immediately, unless we have a substantive reason for processing them. |
We process non-sensitive personal data about our clients that is necessary for the performance of contracts with our clients and to provide advice, cf. Art. 6 (1)(b) of the GDPR. We process non-sensitive personal data about our clients’ employees if this is necessary for our clients and COPA to pursue legitimate interests in managing the clients’ interests, cf. Art. 6(1)(f) of the GDPR. We process and forward our clients’ names and addresses to patent authorities, such as the Danish Patent and Trademark Office and the European Patent Office. Generally, we do not process sensitive information on criminal convictions or offences about clients or clients’ employees. In cases where we do exceptionally process sensitive personal data or personal data regarding criminal convictions and offences pertaining to clients, counterparties and the employees of clients or counterparties, such processing is only performed when necessary in order for a legal claim to be established, exercised or defended, cf. Art. 9(2)(f) of the GDPR. |
Clients, parties, business partners and their advisors or employees, and otherwise from publicly available sources. |
10 years calculated from the from the termination of a case or client relationship, unless specific circumstances require a shorter or longer storage period. |
|
Administration of visitors at copenhagenpatents.com |
Visitors at copenhagenpatents.com |
Non-sensitive personal data |
We only process personal data if we have the visitor’s prior consent, cf. Art. 6(1)(a) of the GDPR. You can read more our cookie policy below |
The visitor |
You can read more about the different cookies and used below |
|
Recruitment |
The applicant |
Non-sensitive personal data, incl. name, address, telephone number, e-mail address, educational background, professional experience and any other personal data that the applicant provides, as well as references. Personal data about criminal offences, including the applicant’s criminal record. Generally, we would like to avoid receiving sensitive personal data or CPR no. and we will only exceptionally process such data. |
Processing of non-sensitive personal data is necessary in order for COPA to pursue its legitimate interests in being able to recruit applicants to positions at COPA, cf. Art. 6(1)(f) of the GDPR. We will also process personal data that is necessary to meet an agreement with the applicant or take steps at the request of applicants prior to entering into a contract, cf. Art. 6 (1)(b). We process personal data collected via from references provided that the applicant has consented to this, cf. Art. 6(1)(a) of the GDPR. Vi behandler oplysninger om straffeattest, såfremt det er nødvendigt til varetagelse af en berettiget interesse i at sikre, at ansøgeren kan varetage den stilling hos COPA, som skal besættes, jf. databeskyttelsesforordningens artikel 10, jf. databeskyttelseslovens § 8, stk. 3. We process personal data on criminal records if it is necessary for the purpose of a legitimate interest in ensuring that the applicant is suited for the relevant position at COPA, cf. S. 8(3) of the GDPR. On occasion, the applicants send us profile pictures and CPR numbers as part of the recruitment process. If we receive such personal data, this data is processed as part of the recruitment process. This processing is performed with the consent of the applicant, cf. Art. 6(1)(a) of the GDPR. Such consent can be withdrawn at any time by contacting us. If we cannot delete the picture or the CPR no. without also deleting the application, the request for withdrawal of consent will result in us deleting the entire application. The applicant will then not be considered for the position. |
The applicant and any references (if consent has been obtained) and data that is otherwise publicly available. |
Six months after the date on which the applicant has received notice that their application has been rejected, unless the applicant has given consent for a longer storage period. |
|
Marketing activities, such as sending out newsletters, invitations to various events and other forms of direct communication |
Business relations |
Non-sensitive personal data, such as name, position, e-mail address, telephone number and organisation |
If we have previously been in contact with you in one form or another, we deem that we have a legitimate interest in processing your personal data so that we can maintain our relationship and market our services, while also ensuring that the messages we send to you are as relevant as possible, cf. Art. 6(1)(f) of the GDPR. |
The relevant business relation or through publicly available sources such as LinkedIn or Facebook or through the website of the data subject’s organisation. |
Until the relation him/herself requests that we stop processing |
Transfer and hand-over of personal data
As a general rule, COPA does not transfer your personal data to third parties.
In some cases, we will transfer personal data to our chartered accountants and other professional advisors, e.g. to allow our accountants to audit the accounts, or to receive counselling from other professional advisors. We will also transfer personal data to patent authorities or associates when necessary for a legal claim to be established, exercised or defended.
We also use external suppliers, such as IT suppliers, accountants, etc. which may receive personal data in connection with the assistance they provide to us. COPA enters into data processing agreements with external suppliers processing personal data on behalf of COPA to ensure that all necessary security measures are adopted by our external suppliers.
We do not transfer personal data to countries outside of the EU/EEA unless such a transfer is being made to an associate, patent authority or court.
Security of processing
As a patent law firm, we are obliged to protect the confidentiality, privacy, integrity and accessibility of our client and other business relations data, including personal data. COPA places a high level of priority on client confidentiality and information security and we are strongly committed to ensuring the continuous protection of personal data. We have implemented security measures to ensure the data protection of both client information, personal data as well as other confidential information. We regularly conduct internal reviews in order to ensure that we have an adequate degree of security in place and that we are complying with our policies.
Your rights as a data subject
As a data subject, you have a range of basic rights. However, these rights can be restricted, e.g. where access to personal data that you would otherwise be entitled to receive would entail violating the rights and freedoms of another or violating our duty of confidentiality as legal professionals.
Withdrawal of consent
If our processing of your personal data is based on your consent, you are entitled to withdraw such content at any time. In order to withdraw your consent to our processing of your personal data, please contact us.
If you no longer wish to receive e-mails containing information and marketing materials from COPA, please contact us.
Right to access
As a general rule, you are entitled to be informed as to whether COPA is processing personal data about you and if so, you are entitled to find out what types of personal data we are processing for what purpose, and you are entitled to receive a copy of such data.
Right to rectification
You are entitled to have any incorrect or incomplete personal data rectified. If the personal data is disclosed to others, we will ensure that the recipients are informed of any corrections, provided this is possible and legal.
Right to deletion
You are entitled to request deletion of the personal data that COPA is processing. If the data has been disclosed to others, we will ensure that the recipients are informed of any deletion, provided this is possible and legal.
Right to restriction of processing
You are entitled to request restriction of your personal data to the effect that data may only be stored by COPA. If the data has been disclosed to others, we will ensure that the recipients are informed of any restrictions, provided this is possible and legal.
Right to data portability
In certain cases, you are entitled to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller.
Right to object to COPA’s processing
In certain cases, you are entitled to object to our processing of your personal data.
Changes to this privacy policy
Transparency is an ongoing commitment and we therefore update this privacy policy on a continuous basis.
Kontakt og klage
If you need to make a complaint as to COPA’s processing of your personal data, please send an e-mail with the details of your complaint to: copa@copenhagenpatents.com. We will address your complaint and revert to you.
You are also entitled to complain to the Danish Protection Agency (Datatilsynet):
Datatilsynet
Borgergade 28, 5.
1300 Copenhagen K
T
3319 3200
E
dt@datatilsynet.dk
For more information about how to complain to the Danish Data Protection Agency, please refer to the agency’s website: www.datatilsynet.dk.