Data Protection Policy
1.INTRODUCTION
1.1. Scope and purpose
1.1.1. This Data Protection Policy (the “Policy”) describes the situations where we may process certain personally identifiable information (“Personal Data”) of which our customers are the controllers of the Personal Data. This Policy does not apply to the processing of Personal Data for which Mighty Admins is considered the controller of the Personal Data. Here we refer to the Privacy Policy.
1.1.2. This Policy shall apply between Mighty Admins and the Client Entity (“Customer”) it is servicing , where we may process Personal Data of which the Customer is the controller.
1.1.3. In connection with the provision of the Corporate Services and Business AdministrationServices to our Customers, Mighty Admins ApS may process Personal Data acting on behalf of and under the authority of the Customer (acting as sole controller), who initiates and delegate the processing of Personal Data to Mighty Admins and ultimately review, control and approve the processing.
1.1.4. Mighty Admins shall only carry out the processing of Personal Data on the instruction of the Customer and in accordance with this Policy and the Service Agreement. This Policy does not apply to the processing of Personal Data concerning the Customer’s representatives, stakeholder and ultimate beneficial owners which may be carried out by Mighty Admins as required by applicable laws for AML and KYC purposes.
2. TYPES OF PERSONAL DATA AND DURATION OF PROCESSING
2.1. Data subjects
2.1.1. A Data Subject may includes individuals representing the Customer or individuals which have a personal, contractual or statutory relationship to the Customer or are otherwise connected to such individuals. The most common Data Subjects includes: employees, contractors, family members, representatives or other past, existing or prospective connections to the Customer and/or their employees or other individual connection including family members, representatives or others connected hereto.
2.2. Types of personal data
2.2.1. In connection with the services provided under the Service Agreement Mighty Admins may be processing the following types of Personal Data:
– Contact information (such as name, job function, telephone number, e-mail address)
– General demographic information (such as gender, date of birth, nationality, address, etc.)
– Personal identification documentation (such as passport numbers, tax identification number, utility bills)
– Financial information (such as bank account numbers, transaction information, source of funds, source of wealth)
– Information on shareholdings and assets legally or beneficially owned by a Data Subject
– Information on individuals and organizations which can or may be connected to a Data Subject.
2.3. The volume of data
2.3.1. We process only the personal data necessary to fulfil our intended purpose and the information necessary to fulfil the services described under the Service Agreement. In addition, it may be decided by law what type of data it is necessary to collect and store in relation to running a law firm. The type and scope of the personal data we process may also be required to fulfill a contract or other legal obligation.
2.4. Duration of processing of Personal Data
2.4.1. Personal Data will be processed for as long as Mighty Admins provide services to the Customer and Personal Data will be stored after that date to the extent necessary for legitimate business purposes, AML and/or compliance purposes.
2.4.2. The Customer may instruct Mighty Admins to delete or return the Personal Data at the end of the processing period. Mighty Admins shall though be authorized to keep a copy of the Personal Data for as long as required by law as well as the exercise or defense of a legal claim for as long as legally required for such purpose. At the end of such period Mighty Admins will delete the Personal Data.
3. SECURITY AND CONFIDENTIALITY
3.1. Security
3.1.1. To protect the Customer from unauthorized access to their Personal Data, we use IT solutions that automatically ensure that all data is only available to relevant people.Mighty Admins shall implement appropriate technical and organizational measures to ensure a level of security of Personal Data appropriate to the risk required pursuant to applicable Data Protection Laws and, shall take all measures required pursuant to Article 32 GDPR.
3.2. Confidentiality
3.2.1. Mighty Admins, its employees and its consultants shall ensure that Personal Data received from the Customer pursuant to the Service Agreement is kept confidential and will only be used or reproduced to the extent necessary to fulfil the obligations under the Service Agreement.
4. DISCLOSURE OF PERSONAL DATA
4.1. Pursuant to the services set out in the Service Agreement, Mighty Admins may be from time to time be obliged to disclose Personal Data to third parties.
4.2. Third parties include, for example:
– Danish Business Authority
– Danish Tax Agency
– The Customers advisors
– Other Public Authorities
– Subcontractors
4.3. The disclosure of personal data to a third party will always be authorized by the by the Customer or otherwise necessary to fulfil the services set out in the Service Agreement or otherwise legally justified.
5. PERSONAL DATA BREACH INCIDENT
5.1. Mighty Admins shall notify the Customer without undue delay after becoming aware of a Personal Data Breach. Mighty Admins shall provide the Customer with sufficient information for the Customer to meet any reporting obligations of a Personal Data Breach under the Data Protection Laws.
5.2. Mighty Admins shall investigate the Personal Data Breach and take the necessary steps to eliminate or contain the impact of the Personal Data Breach.
6. COOPERATION AND RIGHTS OF THE DATA SUBJECT
6.1. Upon the request of the Customer, Mighty Admins shall to the extent required under the Data Protection Laws cooperate to assist with requests relating to processing of Personal Data.
6.2. Further to section 6.1, Mighty Admins shall upon the request of the Customer to the extent possible cooperate to assist the Customer with ensuring compliance with its obligation pursuant to Articles 32 to 36 GDPR.
6.3. Mighty Admins shall further cooperate as requested by the Customer to enable that the Customer comply with its obligations pursuant to Articles 16 to 21 GDPR regarding the exercise of rights by the Customer Data Subjects.
6.4. The Customer as the controller has the responsibility to provide the Data Subjects with the information required in accordance with Articles 13 and 14 GDPR .
6.5. Notwithstanding the above Mighty Admins shall not be obligated to delete copies of the Personal Data that it holds, if further processing is required to comply with legal obligations to which Mighty Admins is subject of.
7. AMENDMENTS AND MODIFICATIONS
7.1. Any amendments and/or modifications to this Policy shall be published on the website of Mighty Admins. Any amendments and/or modifications shall not reduce or otherwise limit the rights of the Customer.