Privacy Policy for Vitus Law Firm

1. Data Controller

Vitus Law Firm
Egebjergvej 1
DK-8751 Gedved
CVR no.: 25447085
E-mail: kontakt@advvitus.dk
Phone: +45 66 46 51 66

Vitus Law Firm is the data controller for the personal data we collect and process in connection with our legal services, client relationships and website inquiries.

2. Purpose of Processing Personal Data

We process personal data for the following purposes:

  • to respond to inquiries and communicate with clients and potential clients;
  • to establish, administer and perform agreements regarding legal assistance and related advisory services;
  • to comply with our professional, legal and regulatory obligations as a law firm, including obligations under anti-money laundering legislation;
  • to manage case administration, client records, invoicing, bookkeeping and internal quality assurance;
  • where relevant, to assist clients with digital, IT and AI-related advisory services requiring lawful processing of business-related data.

3. Categories of Personal Data

Depending on the nature of the matter, we may process the following categories of personal data:

  • general contact information such as name, address, telephone number and e-mail address;
  • identification and customer due diligence information, including CPR number, passport or driver’s licence information where required by law;
  • financial information and business-related information;
  • sensitive personal data, including health information, information concerning criminal offences or other confidential matters, where necessary for the handling of the case;
  • information concerning counterparties, family members, employees, owners, advisers or other persons relevant to the matter.

4. Legal Basis for Processing

Our processing of personal data is carried out on the basis of:

  • Article 6(1)(b) GDPR, where processing is necessary for the performance of a contract or prior to entering into a contract;
  • Article 6(1)(c) GDPR, where processing is necessary for compliance with legal obligations applicable to Vitus Law Firm;
  • Article 6(1)(f) GDPR, where processing is necessary for our legitimate interests in administering and safeguarding legal matters;
  • Article 9(2)(f) GDPR, where processing of special categories of personal data is necessary for the establishment, exercise or defence of legal claims;
  • applicable Danish legislation, including anti-money laundering obligations and accounting obligations.

Where consent is required for a specific purpose, such consent will be obtained separately.

5. How We Collect Personal Data

We collect personal data directly from you through contact forms, telephone calls, e-mails, meetings and documents provided in connection with a case.

Where relevant and legally permissible, we may also collect information from:

  • public registers;
  • courts and public authorities;
  • counterparties and their advisers;
  • banks, accountants, auditors or other professional advisers;
  • other third parties involved in the relevant matter.

6. Disclosure of Personal Data

We only disclose personal data where necessary for the performance of our legal services, compliance with legal obligations or the protection of legitimate legal interests.

Recipients may include:

  • courts, public authorities and regulatory bodies;
  • counterparties and opposing counsel where relevant to the matter;
  • banks, accountants, auditors and external professional advisers;
  • IT suppliers and other data processors acting on our behalf under data processing agreements.

Access to personal data within Vitus Law Firm is restricted to persons who need such access in order to handle the relevant matter.

7. Retention and Deletion

We retain personal data only for as long as necessary for the purposes for which the data was collected and in accordance with our legal retention obligations. GDPR requires that retention periods are purpose-based, documented and limited to what is necessary.

As a general rule:

  • case-related documents and personal data are retained for up to 10 years after the matter has been concluded;
  • accounting and invoicing information is retained in accordance with statutory bookkeeping obligations;
  • inquiries that do not lead to an engagement are normally deleted within 24 months unless a longer retention period is justified.

When retention is no longer necessary, personal data is securely deleted or anonymised.

8. Data Security

We have implemented appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

Such measures include, among other things:

  • access control and password protection;
  • encrypted communication where relevant;
  • secure storage systems;
  • ongoing assessment of internal procedures and IT security.

9. Your Rights

Under the General Data Protection Regulation, you have the right to:

  • request access to the personal data we process about you;
  • request correction of inaccurate or incomplete personal data;
  • request deletion of personal data where deletion is legally possible;
  • request restriction of processing;
  • object to our processing where applicable;
  • request data portability where relevant;
  • withdraw consent at any time where processing is based on consent.

You also have the right to lodge a complaint with:

The Danish Data Protection Agency (Datatilsynet)
Carl Jacobsens Vej 35
DK-2500 Valby
www.datatilsynet.dk

10. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy when necessary in order to reflect changes in legislation, regulatory requirements or our internal procedures.

The latest version will always be available on our website.

Last updated: 11 November 2025