1. DATA CONTROLLER
The legal entity responsible for the processing of your personal data is:
Company Registration (CVR) No: 39154765
Niels Hemmingsens Gade, 10, 5th floor
1153 Copenhagen K
2. CONTACT US
If you have any questions concerning our processing of personal data, or if you want to exercise your rights, please contact us by email:
3. WHAT IS PERSONAL DATA?
5. WHAT PERSONAL DATA DO WE PROCESS?
The type of data that we process about you may include but is not limited to:
a) Identity information, such as date of birth, age, nationality, gender, etc.
b) Contact information, both personal and professional, such as name, organi¬sation (company) name, registration number, VAT registration number, postal address, phone number, mobile phone number, e-mail address, fax number, etc.
c) Employment information, e.g., information regarding your employment or other relationship with the party for which you are a contact person, such as job title, role, position.
d) Information regarding the services we perform, such as case name, case description, patent, IP right or other IPR data, IPR holders, inventors.
e) Unique user information, such as login ID, username, password, security question.
f) Device information, such as IP address, language settings, browser type, browser settings, time zone, operating system, platform, screen resolution, re¬sponse time, download error.
g) Traffic and usage information regarding our external systems, such as which links you click and when, which functions you use and when, how you reached and left the service, session time, session ID, delivery notifications when we contact you.
h) Traffic and usage information regarding our website, such as which links you click and when, the address of the website from which you arrived.
i) Geographic information, your geographical location.
6. ON WHICH BASIS DO WE OVERALL COLLECT DATA ABOUT YOU?
In general, we rely on the following legal grounds to process your data:
a) Performance of a contract – when we enter into a contract with you
b) To comply with legal obligations
c) Consent – where appropriate, for instance within marketing
d) Legitimate interest after balancing your interests and rights
The above lawful grounds imply that we may use your personal data to facilitate the provision of our professional services, including client services, conflicts checking, bill¬ing and marketing. We may need to disclose your personal data to authorities or as otherwise required by law or court order. The legal grounds are further specified here¬under in the section Description of Processing.
7. YOUR RIGHTS
You have the following rights:
a) You are entitled to request access to, rectification or erasure of your personal data.
b) You are entitled to oppose the processing of your personal data and to request restriction of the processing of your personal data.
c) You have a right to oppose the processing of your personal data for direct marketing purposes.
d) If the processing of your personal data is based on your consent, you are en¬titled to revoke such consent. Revocation of your consent will not affect the lawfulness of the processing carried out prior to your revocation of consent. If you withdraw your consent, the processing of your personal data will cease and the data will be erased, unless there are objective grounds for their con¬tinued retention, e.g., documentation purposes.
e) You are entitled to receive personal data which you have provided to us in a structured, commonly used, and machine-readable format (data portability) or to have it transmitted to another controller.
f) You can always lodge a complaint with a data protection authority, for example the Danish Data Protection Agency.
See the Danish Data Protection Agency’s guidance on the rights of data subjects for more about your rights here (in Danish).
Depending on the circumstances of the processing the rights may be subject to restrictions or conditions.
To exercise your rights please contact us using the above contact information.
8. DESCRIPTION OF PROCCESSING
Your personal data will normally and overall be used by aera for purposes such as:
- Provision of our legal and consultancy services
- Client relations
- Compliance with anti-money laundering legislation and legislation against the financing of terrorism
- Courses, seminars, and events
- Social Media
- Digital Publications
- Use of our website and cookies
We describe further the purposes for which we process personal data below.
8.1 Provision of our services
In connection with our provision of services to a client, we always create a case file in our management system. One or several parties who are involved in the matter in different ways will be named as contacts. If you are such a person, we will process personal data about you, regardless of whether you are part of the client’s organisation or are associated with the other party.
We will use the personal data to communicate with you, handle the case and to make any registrations in authorities’ electronic service systems. Hereunder plan, organize, lead, perform and follow up on our assignments and services in in order to e.g., assign cases and assignments, administer services, perform control of conflict of interest, administer and allocate client responsibility and case responsibility, create client teams as well as perform timekeeping and bill¬ing.
We will process basic personal data about you, including contact details such as name, company, title or position, email address, telephone, address, and your place of employment. If we are to make registrations in public authorities’ data¬bases we may, in order to be able to identify you, have to process some of your personal data, including your personal iden-tification number.
Personal data are in general provided by our clients, counterparts or third parties.
We will process your personal data based on Article 6(1)(b) of the General Data Protection Regulation if you as a client is a person, as processing is necessary for the entering into or performance of a contract with our client about the provi¬sion of legal or consultancy services. If you are a counterparty, data will be pro¬cessed based on Article 6(1)(f) on the balancing of legitimate interests where the legitimate interest is enforcement and defence of the legal claim. In case of sensitive personal data or personal identification numbers, processing will be carried out based on Article 9(2)(f) on enforcement or defence of legal claims.
If it becomes necessary to make official registrations, we may share your per¬sonal data with certain public authorities through the data registration portals of such authorities, such as, but not limited to, the European Union Intellectual Property Office and the Danish Business Authority.
We will keep your personal data as long as they are necessary for the purpose or purposes for which they are being processed. As a general rule, data will be kept for 5 years following the conclusion of a case but under special circum¬stances such periods may be shorter or longer, including for the purpose of com¬plying with legal requirements for the erasure or keeping of data. If our provision of services is denied the personal data will be deleted immediately hereafter.
8.2 Client Relations
aera will process personal data about you for the purposes of establishing or cultivating our client relationship, business partnerships, networks, etc. as well as adding of matters in our internal practice management system, hereunder invoicing, payments, and other financial follow ups.
Regarding the types of personal data, aera may collect name, company, ad¬dress, title, email address, telephone number, financial information, network in which the contact was established (if applicable), and, in certain cases, birthday and anniversaries, etc. In addition, we may process information as well as name, address, company, title, and email address of counterparties, if relevant.
Typically, we will process data of this sort only if you choose to provide them to us voluntarily, e.g., as part of your email auto signature, on your business card, etc. We may also collect personal data about you from other sources – e.g., publicly accessible sources such as your employer’s website, LinkedIn.com, CVR.dk, BIQ.dk, etc. In our marketing of events, etc., we may also use client lists of our existing clients and event lists of our network relationships. We will in that connection process company names from our client system and event lists and any data you may have shared on your LinkedIn profile such as indus¬try, position, geographical location, and seniority.
The purpose of our collecting, using, and retaining the data is to e.g., cultivate, nurture, and maintain our relationship with you and your business. We will also use the data in our marketing and in our advertising of events and other activi¬ties. In addition, aera will process data for the purpose of establishing a client relationship and designating the relevant point of contact in the company, or the individual concerned, including for the purpose of matter and contract manage¬ment as well as invoicing. In addition, we will process data about counterparties, if relevant, in order to check for conflicts.
The legal basis is the contract between aera and our client (please see Article 6(1)(b) of the General Data Protection Regulation) and aera’s legitimate inter¬ests, including the establishing and maintenance of client relationships, matter and contract management, and timely and accurate invoicing, (please see Arti¬cle 6(1)(f) of the General Data Protection Regulation).
Regarding retention, the personal data will be kept as long as they are relevant and for an additional period of 5 years, except where special cir-cumstances require a shorter or longer retention period in accordance with relevant legislation.
aera will not disclose your personal data to third parties, except where we are legally required to do so, e.g., in case of disclosure to public authorities or your employer. In connection with our targeted advertising of events, etc., we will only disclose company names on LinkedIn.
8.3 Courses, seminars, and events
When you attend one of our courses, seminars, or events, we may use your personal data to keep in touch with you before, during and after the event in question. We may e.g., register and use the information to run our events, here¬under confirm your registration, prepare name badges, and forward material from events.
For the purposes of a course, seminar, or event we will only process basic per¬sonal data, including name, company or your place of employment, title or posi¬tion, email address, address, and telephone.
We obtain the personal data we process from yourself or from your employer, if your employer has registered you for a course, seminar, or event.
If you are a party to a contract with us, we will process your personal data as described above based on Article 6(1)(b), as the data are necessary for per¬forming a contract to which you are a party. The personal data may also be processed based on Article 6(1)(f) where the legitimate interest is to administer seminars and send out evaluation forms etc.
We will keep your personal data as long as they are necessary for the purposes of the course, seminar or event in question and for the evaluation of such course, seminar or event. A course, or the like, may be one of a number of re¬lated activities described in advance. In such situations we will keep your per¬sonal data until the entire process or activities have been completed and evalu¬ated. If you are employed by one of our clients, we will keep your data as long as we have a business relationship with the client in question. In case of an event that is subject to an attendance fee, we will keep invoicing data during the relevant financial year plus five years, as laid down in the Danish Bookkeeping Act.
We will not disclose personal information about you to any third party except where necessary for the running of the event. In certain circumstances, there¬fore, your contact details may be shared with external co-organizers and pay¬ment providers for processing on aera’s behalf. Such third parties are not al¬lowed to use the data for their own purposes.
We will use your personal data for the purposes of marketing, hereunder for the purposes of being able to target communication specifically to you. Targeted communication includes newsletters and invitations.
We will only use basic personal data, such as name, title or position, email ad¬dress, telephone and your place of employment. We will also register the lan¬guage in which you wish to receive such material.
The personal data we use are provided by you or are collected from publicly accessible sources. The information may also be obtained through your use of our website.
The legal basis for our data processing is the rule on balancing of legitimate interests (please see Article 6(1)(f)). The legitimate interests pursued are our interest in carrying out marketing activities and our interest in targeting the ma¬terial we send out. We will not disclose your personal data to third parties.
aera may use third party service providers for circulation of newsletters and in¬vitations. Such third parties will act solely on our behalf and upon our instructions and are not allowed to use the information for their own purposes.
If you have registered for our newsletter option, we will keep your personal data for as long as you wish to receive material from us and for an additional two years. If we have collected publicly accessible information about you for the purpose of being able to carry out marketing activities, we will keep such data for as long as the rele¬vant activity is ongoing and for an additional two years. Personal data provided when sub¬scribing for newsletters and invitations to events will be erased when you un¬subscribe. You may unsubscribe from newsletters at any time, using the “un¬subscribe” link at the bottom of the newsletter or by mailing us at .
8.5 Social Media
The types of personal data which is collected includes but is not limited to your IP address and the information made available by you on e.g. LinkedIn and Facebook via your set¬tings, your response to content posted by us, your sharing of such consent, and any comments on our content.
The purposes for the collection of such personal data is image branding and marketing of aera and recruitment.
So-called “social media plugins” on our websites provides us with information about the number of visitors on the websites in response to social media adver¬tisements.
The legal basis for the processing of your personal data is aera’s legitimate in¬terests in making content available on social media to users who follow aera, in branding aera’s image and in marketing aera in accordance with Article 6(1)(f) of the General Data Protection Regulation.
Regarding cookies, when you visit our social media sites on e.g., LinkedIn or our websites such as www.aera-ip.com where social media plugins have been installed, our social media service providers collect and process your personal data using cookies, subject to your consent to the service provider, as applica¬ble. Such collection and processing take place even if you have no account on the social media.
When you visit our social media sites such as on LinkedIn/ Facebook, aera re¬ceives anonymous demographic and geographic statistics from e.g., LinkedIn/Facebook on the visitors on our website www.aera-ip.com and/or our LinkedIn/Facebook site. It happens via LinkedIn/ Facebook plugins (“LinkedIn Insight Tag” and ”Facebook Pixel”).
aera is a joint data controller with our social media providers for personal data collected and processed in connection with your visit to our social media sites and our website. It means, among other things, that you may contact both aera and the social media providers to exercise your rights under the General Data Protection Regulation and the Data Protection Act.
We refer in addition to our section about cookies below and to our Cookie Pol¬icy which can be found here.
8.6 Digital Publications
In regard to digital publications, we collect your IP address.
The purpose is to make our digital publications more interactive and improve your reader experience when we share publications on our website.
The legal basis for the processing of your IP address is aera’s legitimate interest in making our publications more reader-friendly and interactive in accordance with Ar¬ticle 6(1)(f) of the General Data Protection Regulation.
8.7 Use of our website and cookies
When you use our website, personal data may be collected in order to send you alerts, reports or messages by email or the like, to detect and prevent security threats, to perform maintenance and debugging, to prevent abuse of our ser¬vices, to ensure content is presented effectively to you and your device, as well as troubleshooting, data analysis, testing, research and or for statistical pur¬poses.
The personal data may include your identity information, contact information, employment information, unique user information, device information, traffic and usage information regarding our external systems and websites as well as geo¬graphic information.
This use is based on Article 6(1)(f) of the General Data Protection Regulation, where the legitimate interest is to provide you with a website that works optimally, hereunder to improve the quality of our services and the web¬sites we provide.
The retention period is our contractual relationship period, or 26 months from collecting the information.
We will treat the data as confidential, and we will generally not disclose the data to third parties. Data may, however, be disclosed to authorities, courts, specific clients, and or counterparties, e.g., if required to do so by law or court order, in connection with ongoing or prospective legal proceedings, or in order to establish, exercise or defend our legal rights (including the provision of information to others for the purposes of fraud prevention and reduction of credit risk).
In addition, we may need to share your personal data within aera and its subsidi¬aries. The original lawful grounds and purposes listed above and hereunder will remain the same. We shall take all reasonable steps to ensure that transferred information is kept secure in accordance with applicable law.
The data may be passed on to external suppliers, including insurers, professional ad¬visers, agents, suppliers, subcontractors, business partners and IT service providers working with or for us, in so far as reasonably necessary for the purposes set out in this policy.
Furthermore, if we buy or sell a business or assets, we may provide potential sellers or buyers of such business or assets with your personal data. If we, or a substantial part of our assets, are acquired by a third party, your personal data may be disclosed to such acquirer.
Regarding transfer of personal data to countries outside the EU/EEA, the data will not be transferred to countries outside the EU/EEA unless such transfer is made to a spe¬cific authority, court, client, counterparty, or the like. In such case, the transfers will made based on Article 49(1)(b)-(e) of the General Data Protection Regulation. Trans¬fer of personal data to a country outside the EU/EEA (a third country) that is considered to provide an adequate level of protection does not require a specific authorization. Personal data can without further measures be transferred to such third countries. Transfer to so-called “unsafe” third countries may be carried out based on a variety of appropriate safeguards that have been established to provide an adequate level of protection of the data subjects’ rights. Where no appropriate safeguards are provided, transfer of personal data to “unsafe” third countries may take place based on specific legal basis for the transfer. The transfer can, without the listing being exhausting, take place based on consent, for the perfor¬mance of a contract with a company established in such third country and if necessary, in relation to legal claims. The specific legal bases are stated in article 49(1) of the General Data Protection Regulation.
By submitting your personal data to aera, you agree that you do not object to any such transfer, processing, or storage.
10. MANDATORY PROVISION OF INFORMATION
If we are to make registrations on your behalf in public databases, we must be able to uniquely identify you to the relevant authority. We may therefore need your personal identification number in order to provide our services to you.
If we are to supply a service to you that is subject to the Danish Act on Measures to Prevent Money Laundering and Financing of Terrorism it is necessary for us to have copies of documents that uniquely identify you.
You have the right to file a complaint with the Danish Data Protection Agency about aera’s processing of your personal data.
You can find the contact information of the Danish Data Protection Agency on www.datatilsynet.dk