GDPR

DATA PROTECTION POLICY FOR LARSEN &AMP; BIRKEHOLM'S CORPORATE AND PRIVATE CLIENTS

Patentbureauet Larsen & Birkeholm A/S (L&B) is committed to protecting the confidentiality, integrity and availability of our clients', customers' and employees' information, including personal data. We are committed to protecting personal data and work continuously to ensure ongoing compliance with data protection legislation, including the GDPR.

L&B provides IP consultancy and management services to such an extent that we consider ourselves data controllers. Especially for administration services, we consider ourselves more than data processors, as L&B to a certain extent determines the purpose of the processing and does not work alone or narrowly under instructions.

This data protection policy contains information about L&B's processing of personal data when we are the data controller, which you can read more about below.

1. Categories of personal data collected for the various
processing areas, etc.

A. Third parties and authorities

We use other third parties, for example subcontractors, in connection with the provision of our services. Such third parties may be provided with or entrusted with personal data necessary for them to provide the agreed service.

L&B enters into the agreements necessary to ensure that the necessary security is in place to protect the data and comply with our data protection obligations.

We may sometimes be required to disclose personal data to public authorities or third parties as required by and in accordance with applicable law or regulation.

This may be, for example, to check that we are complying with applicable laws and regulations, to investigate an alleged infringement, establish, exercise or defend legal rights. We will only comply with requests to disclose personal data where we are under a duty to do so.

B. Visitors to our office

We do not collect personal data about visitors, including clients and other guests, except for the counsellor's entry in his or her calendar. There is no video surveillance in the office.

C. Visitors to www.lbpatent.com

We do not collect personal data in connection with visits to the website. However, in connection with our whistleblower scheme, which applies to L&B employees under the Money Laundering Act, the employee must provide certain personal information.

2. Disclosure of personal data referred to in point 1

We only disclose personal data when we have a lawful basis to do so. All employees of the company have been made aware that the Personal Data Act has been replaced by the Data Protection Regulation and the Data Protection Act as of 25 May 2018, and the rules on erasure and/or destruction of personal data have been reviewed.

3. Consent requirement/information obligation

The GDPR provides for a requirement that consent must be given in relation to the processing of personal data and the controller must be able to demonstrate that the consent has been given specifically for the purpose of processing the personal data, see also above under "use of personal data/basis of processing". In the context of the collection of personal data, the data subject is referred to read the company's personal data policy and in this context has been invited to familiarize himself/herself with the purpose of the collection of the personal data and further the below-mentioned possibility to withdraw consent and the right to request the rectification/erasure of data and the domestic basis for the processing, as well as the right of appeal to
.

The provision of personal data may be refused, but clients are informed that if the required personal data are not provided or if they refuse to provide the data, the administration/management/processing and issuance of rights, etc. cannot
take place.

4. Use of personal data/basis of processing

Clients' personal data are used/recorded for the purpose of collecting costs/due payments, which involve PBS and banks, for the purpose of responding to and processing enquiries and for the purpose of processing ordinary client cases in order to comply with public requirements, both in terms of registration with authorities and otherwise to ensure the proper processing of a case.

5. Retention of personal data

In the case of ordinary client cases and court cases, all personal data is deleted and shredded within five years of the end of the case.

6. Disclosure of personal data received

As far as ordinary client matters are concerned, personal data are used in connection with the registration of rights, the conduct of legal proceedings and the like, where partners/subcontractors and public authorities require the provision of personal data.

7. Data portability

The Regulation establishes a number of rights for the data subject, including a right to data portability. Such transfers will be made to another controller where technically feasible, see also point 1.

8. Personal data protection, in relation to software etc.

L&B does not independently develop software or products or services that are used to record personal data. L&B uses Economics and CPI, with whom data processing agreements have been concluded.

9. Duration of personal data retention

L&B deletes personal data when L&B no longer has a work-related need to process them. The retention period is determined in relation to L&B's obligations under applicable legislation, including the Accounting Act and the Money Laundering Act, as well as to ensure documentation.

10. Rights of the data subject

As a data subject, you have certain rights which L&B as data controller is obliged to fulfil. You can contact L&B and obtain insight into what personal data L&B processes about you, as well as have any incorrect personal data corrected. If you want personal data deleted, L&B's processing of them restricted, or to object to L&B's processing, you can
contact L&B. You may also contact L&B if you wish to exercise your right to data portability (transfer of data to another controller).
Where we process personal data based on your consent, you have the right to withdraw your consent at any time. To withdraw consent to our processing of your personal data, please contact us.

11. Contact

Data controller is Larsen & Birkeholm A/S Skandinavisk Patentbureau, CVR-nr. 78 84 83 16, Banegårdspladsen 1, DK-1570 Copenhagen V.

If you wish to exercise your rights as described above, or if you have any questions about our processing of your personal data or this Privacy Policy, please feel free to contact us

Larsen & Birkeholm
Att.: Susanne Skjødt
Banegårdspladsen 1, 1570 Copenhagen V.
Phone: 33 13 09 30
E-mail: adm@lbpatent.dk

12. Complaint
If you wish to complain about our processing of personal data, please send an email with the details of your complaint to adm@lbpatent.dk. We will process the complaint and get back to you.

You also have the right to complain to the Data Protection Authority in relation to your rights and L&B's processing of your personal data. For more information on how to complain to the Data Protection Authority, please visit the Data Protection Authority's website at www.datatilsynet.dk.

Copenhagen, 25 May 2018

Larsen & Birkeholm A/S, Scandinavian Patent Office