Privacy Policy

1. Data Controller

CN DK Consulting ApS is the data controller for the personal data we process in connection with the services we provide to our clients. If you wish to exercise your legal rights (see section 8) or have concerns about how we process your personal data, you are welcome to contact us.

2. Categories of Personal Data

Depending on the nature of the assignment, we may process different categories of personal data, including:

• Basic identification and contact information (name, address, email, phone number, etc.).
• National identification details (such as CPR number when required by law).
• Financial information (e.g., tax details, bank information for transactions).
• Information related to legal matters, including sensitive data or information concerning criminal offenses when relevant to the case.

3. Sources of Personal Data

We primarily collect personal data directly from you as our client. In some cases, we may also receive information from third parties such as:

• Business partners, counterparties, or advisors involved in a matter.
• Publicly available sources and registers (e.g., CVR register).
• Authorities or other relevant stakeholders connected to the assignment.

4. Purpose and Legal Basis

We process personal data only to the extent necessary to carry out our consulting services, which may include:

• Legal and business advisory services.
• Assistance in relocation, investment and company establishment.
• Communication with public authorities, courts, or business partners.

The legal basis for our processing is GDPR Article 6(1)(a), (b), (c) and when applicable, Article 9(2)(f) for sensitive data. Processing of CPR numbers is carried out under §11(2) of the Danish Data Protection Act. Information on criminal matters may be processed under GDPR Article 10 and §8 of the Danish Data Protection Act.

5. Disclosure of Personal Data

We only share personal data when it is necessary for carrying out the assignment and where a legal ground exists. Recipients may include:

• Public authorities and courts.
• Opposing parties in legal or administrative cases.
• External advisors such as lawyers, accountants, or auditors.
• IT and cloud service providers under signed data processing agreements.

6. Retention Period

Personal data is kept only for as long as it serves a legitimate purpose. When the purpose no longer applies, the data will be securely deleted, unless legal or regulatory obligations require longer storage.

7. Withdrawal of Consent

Where processing is based on your consent, you may withdraw that consent at any time by contacting us. Withdrawal will not affect the lawfulness of any processing carried out before consent is withdrawn.

8. Your Rights

Under GDPR, you have the following rights with respect to your personal data:

• Access: Request access to the data we process about you.
• Rectification: Request correction of inaccurate information.
• Erasure: In certain cases, request deletion of your data earlier than our normal retention period.
• Restriction: Request that we restrict how we process your data in specific situations.
• Objection: Object to processing based on legitimate interests.
• Data portability: Receive your data in a structured, commonly used, machine-readable format and have it transferred to another controller.

9. Complaints

If you are dissatisfied with how we process your personal data, you may file a complaint with the Danish Data Protection Agency (Datatilsynet). Their contact details are available at https://www.datatilsynet.dk/.