Holst, Advokater > Aarhus, Denmark > Firm Profile
Holst, Advokater Offices
HANS BROGES GADE 2
8000 AARHUS C
Denmark
- Go to...
- Rankings
- Lawyer Profiles
- Legal Developments
Holst, Advokater > The Legal 500 Rankings
Denmark > Insolvency Tier 3
Holst, Advokater has a strong transactional focus and sees work on insolvency mandates arising out of the construction and real estate, and agriculture sectors. Henrik Steen Jensen and Andreas Kjærsgaard Mylin head the practice group and are key points of contact. Jensen is experienced when it comes to acting as a trustee in bankruptcy estates, whilst Mylin has more than 25 years' experience working on restructuring and insolvency cases.Practice head(s):
Henrik Steen Jensen; Andreas Kærsgaard Mylin
Other key lawyers:
Søren Skov; Anders Roug; Rene Møller-Olsen
Testimonials
‘Holst is very competent in the intersection between insolvency law and construction law.’
‘They give clear recommendations and are good at describing pros and cons.’
‘A skilled team, with a strong focus on bankruptcies in the construction sector.’
‘Søren Skov is extremely strong in construction bankruptcies.’
‘Andreas Kærsgaard Mylin is dedicated, skilled and pragmatic.’
Key clients
Allianz Trade/Euler Hermes
Atradius, Filial af Atradius Crédito y Caución S.A. de Seguros y Reaseguros, Spanien
Danske Bank A/S
Djurslands Bank A/S
Jyske Bank A/S
Nordea Danmark, Filial af Nordea Bank Abp, Finland
Nykredit Group
Realkredit Danmark A/S
Skandinaviska Enskilda Banken (SEB)
Spar Nord Bank A/S
Sparekassen Kronjylland
Sydbank A/S
The Danish Debt Collection Agency (Gældsstyrelsen)
Tokio Marine Europe, filial af Tokio Marine Europe S.A., Luxembourg
Tryg Garanti
Vestjysk Bank A/S
Denmark > Real estate and construction
Holst, Advokater leverages its ‘extensive experience within real estate’ to undertake a broad range of matters, including insolvencies, construction contracts and lease agreements, on behalf of operators and distressed contractors in the public and private sectors. Holger Schöer and Carsten Led-Jensen jointly lead the team; Schöer has over 25 years experience in international construction projects, while Led-Jensen is a key contact for large-scale arbitrations and complex contracts.Practice head(s):
Holger Schöer; Carsten Led-Jensen
Other key lawyers:
Pernille Svit Westphal Riis; Stine Kalsmose Jakobsen
Testimonials
‘We always receive advice that has a practical operational aim. It is not only the focus on legal rights that drives the process, but equally a focus on getting the “the conflict” resolved quickly.’
‘Holger Schöer is a top-level legal adviser who has simple solutions to complex legal matters. He is available and always delivers on time with high quality.’
‘Pernille Svit Westphal Riis is always available, structured and precise.’
‘They are quick to come back with answers when approached. They are specialists in construction law.’
‘The collaboration with Holst’s construction team is unique as they are highly available with down to earth counseling.’
‘Extensive experience within real estate. Easy to handle ad hoc cases but also larger difficult ones.’
‘It is clear to see that the team is tight knit and there is good integration between the disciplines.’
‘In my work with Holger Schöer, I have always received precise answers to my questions, and the tasks are solved with a very high level of professionalism.’
Key clients
JV ZMM Nordhavnen
Elcon A/S
Arena Randers
NRE Denmark A/S
Calum A/S
Energinet
Hoffmann A/S
Kemp & Lauritzen A/S
Enemærke & Petersen A/S
Schmidt Hammer Lassen Architects LLP
Wicotec Kirkebjerg A/S
MT Højgaard Danmark A/S
Arbejdernes Andels Boligforening
Work highlights
- Assisted Energinet (Danish TSO for gas and power) with legal advice, perusal of tender documents, negotiations with tenderers, tender evaluation, choice of risk profiles, contract management, and dispute resolution in relation to sub-projects on the Baltic Pipe project.
- Advised the contractor regarding a major civil works contract in Denmark for a global market leader in the data and high-tech industry.
- Advised the executing contractor on the consequence of the employer’s termination of a contract regarding the construction of a large data centre.
Lawyer Profiles
Photo | Name | Position | Profile |
---|---|---|---|
Mr Svend Bjerregaard | Partner | View Profile | |
Mr Steffen Ebdrup | Partner | View Profile | |
Mr Morten Fendinge Olsen | Partner | View Profile | |
Mr Jacob Fenger | Partner | View Profile | |
Mr Thue Hagenau | Partner | View Profile | |
Mr Claus Hedegaard Eriksen | Partner | View Profile | |
Mr Anders Hedetoft | Partner | View Profile | |
Ms Stine Kalsmose Jakobsen | Associate partner | View Profile | |
Mr Erik Jensen | Partner | View Profile | |
Mr Carsten Led-Jensen | Partner | View Profile | |
Mr Rene Møller-Olsen | Associate partner | View Profile | |
Mr Anders Roug | Associate partner | View Profile | |
Mr Jakob Schmidt | Partner | View Profile | |
Mr Christian Skadborg | Associate partner | View Profile | |
Mr Henrik Steen Jensen | Partner | View Profile | |
Mr Henrik Christian Strand | Associate Partner | View Profile |
Legal Developments
GDPR decisions – November 2021
6th December 2021Sensitive data submitted in unencrypted emails draws severe criticism
On 3 February 2021, the Danish Municipality of Silkeborg reported a personal data breach, as the municipality on that day had submitted an email to Danmarks Statistik Consulting containing a list of personal ID numbers, school name and school code on 12,915 pupils. The report stated that the email due to a human error had been sent unencrypted.GDPR decisions – October 2021
29th October 2021EUR 412,000 fine for failing security measures
The Norwegian DPA has imposed a fine of EUR 412,000 on Norwegian municipality of Østre Toten. In January 2021, the municipality experienced a cyberattack entailing that the data of the municipality became encrypted and back-ups were deleted.GDPR decisions – September 2021
6th October 2021WhatsApp fined EUR 225 million for inadequate information
In 2018, the Irish Data Protection Commission initiated extensive investigations on whether WhatsApp complied with the transparency principle. The DPC examined whether WhatsApp observed its obligations under the GDPR regarding compliance of the obligation to inform and the transparency in the obligation to inform towards users and non-users of WhatsApp. During the investigation, the DPC found that WhatsApp had seriously violated Article 12, 13 and 14 of the GDPR in respect of the information provided to users. Following the investigation, the DPC presented its draft decision in December 2020 to the other concerned European supervisory authorities. Subsequently, the DPC received objections from eight supervisory authorities. As the DPC could not reach any consensus with the supervisory authorities, the DPC initiated a dispute resolution process pursuant to Article 65 of the GDPR on 3 June 2021. Based on a number of factors, the European Data Protection Board (EDPB) required that the DPC should reassess and increase its proposed fine. In addition to the infringements which the DPC had already found, the EDPB found that WhatsApp had violated the transparency principle under Article 5 (1), lit. a of the GDPR, and required the DPC to take such circumstance into consideration when deciding on the final amount of the fine. On these grounds, the DPC set the fine at EUR 225 million. Regarding Articles 12 and 13, the DPC found that WhatsApp had not provided information “in a short, transparent, concise, easily accessible and easy to understand, and in a clear and plain language” about the kind of data collected. The DPC made clear that the transparency principle also includes making information easy for children to understand when addressed to them. Among others, WhatsApp had provided information of such general character that the DPC regarded it as meaningless. Often, users had to go through several links to find FAQs in order to obtain information which they could not find elsewhere on WhatsApp’s website. In that connection the DPC found that it would be unreasonable to expect that users would search the WhatsApp website after not having found adequate information in the declaration of confidentiality. In respect to Article 14, one of the issues was that a user’s consent gave WhatsApp access to the user’s contacts. The DPC found that such data had been illegally processed since such contacts (in particular the ones with no WhatsApp account) had not received any information about this processing and could thus not in any way have provided their consent. Considering the severity and the far-reaching character of the infringements, the DPC concluded that WhatsApp had also violated the transparency principle under Article 5 (1), lit a. Read the decision here: https://edpb.europa.eu/system/files/2021-09/edpb_bindingdecision_202101_ie_sa_whatsapp_redacted_en.pdfFine for failing information about tv-surveillance
The Spanish data protection agency (the AEPD) levies fine of EUR 1,000 against a hairdresser’s The hairdresser (the data controller) had set up tv-surveillance in the saloon. Meanwhile, the hairdresser had not informed about such data processing according to Article 13 of the GDPR, hence, the AEPD issued a fine against the hairdresser. The AEPD noted that observance of the obligation to inform could have been met by hanging up a poster in the saloon providing such information. Read the decision here (in Spanish) https://www.aepd.es/es/documento/ps-00226-2021.pdfDanish municipality (Favrskov) reported to the police and should expect a fine for an inappropriate level of security
On 19 August 2020, the Danish DPA received a notification from the Danish Municipality of Favrskov about a personal data breach. The notification stated that a laptop computer holding names and personal ID numbers of about 100 persons with physically and/or mentally reduced functional capacity had been stolen during a break-in to the offices of the municipality. The harddisk of said computer was not encrypted, and the programme, in which the confidential and sensitive personal data were stored, was not installed with safety measurements for logging the usage of the programme. The DPA established during its investigation of the matter that the municipality also for a long period before 12 August 2020 had not ensured encryption of the municipality’s laptop computer harddisks which entailed an inappropriate level of security. The requirements of Article 32 of the GDPR set out that the municipality has a duty to ensure that data being processed by employees of the municipality are not made available to anyone unauthorised. The DPA found (i) that the municipality had not provided for appropriate technical measurements ensuring a level of security adequate to provide for the risks and rights of the data subjects, and (ii) that Article 32 had been severely violated. Please see the whole press release here (in Danish): https://www.datatilsynet.dk/presse-og-nyheder/nyhedsarkiv/2021/sep/favrskov-kommune-indstilles-til-boede-Contact:
Henrik Christian Strand, Associated Partner E, hcs@holst-law.com M, +45 3010 2186 Pernille Kristensen, Attorney E, pkr@holst-law.com M, +45 3010 2224GDPR decisions – August 2021
6th September 2021The Danish Immigration Service reported to the Police and is facing a DKK 150,000 fine (about EUR 20,200)
The Danish DPA initiated the case when they through various media found out that a possible logging error present in an IT system related to two deportation centres could have affected the rights of the residents. In June 2020, several data breaches occurred when an IT system failed to log activities on the residents of the two deportation centres, i.a. regarding the residents’ observation of obligations and rules as immigrants. The failing registration entailed that casework was initiated for reducing some of the residents’ cash benefits and several residents were reported to the police for not observing the provisions under the Danish Aliens Act. The DPA found that the processing of the Danish Immigration Service (DIS) of personal data was in contradiction to the rules on appropriate security measures since the DIS had not implemented procedures for a systematic application of data from the log registering the residents’ activities in the two deportation centres. In addition, the DPA found that the DIS had not identified and taken into account the risks pertaining to the data subjects in connection with the data processing in the system. Finally, the DPA found that the DIS had not carried out adequate backup of the data that was processed in the system which was the reason why the DIS could not regenerate a lot of the data that went missing during the IT failure in June 2020. The DPA noted that where data is used in criminal cases or is used for control measures subject to sanctions, it must be ensured that all activities are logged, and that a safety backup is made with intervals ensuring that data is not lost in the event of IT failures. The DPA also noted that backup procedures must be tested according to a “disaster recovery test” with intervals fixed depending on the risk there may be to the data subjects’ rights. The DPA reasoned its decision by stating that it is important that trustworthiness remains about data which is processed by authorities and forwarded to the police, and which eventually might end up as evidence in court. The DPA assessed that it is very important that such data are correct since it is not only a question of loss of rights on the part of the people at issue, however, it will also entail failing confidence in both authorities and the courts of law if the data are incorrect. Read the whole decision here (in Danish): https://www.datatilsynet.dk/presse-og-nyheder/nyhedsarkiv/2021/aug/udlaendingestyrelsen-indstilles-til-boedeFine in consequence of video surveillance conflicting the GDPR
The Norwegian DPA has issued a NOK 100,000 fine (about EUR 9,600) to beauty parlour Waxing Palace AS specialising in hair removal using wax, since the beauty parlour had video monitored the reception in contradiction to the GDPR. It follows from the GDPR that all processing of personal data must be subject to a lawful basis for processing. Following an actual complaint about the usage of a surveillance device in the premises of the beauty parlour, the DPA assessed that the parlour had no lawful basis for the video surveillance, nor did they inform sufficiently about the surveillance. The DPA found that the illegal video surveillance affected both staff and customers of the beauty parlour. The surveillance did not comprise areas of the parlour where treatments were made. Nevertheless, the DPA took into account that the business is of a kind where many customers will expect their visit there to be of a private matter and not a situation which may become subject to video monitoring. Finally, the DPA also noted that the data controller must always inform about its data processing to the data subjects whose personal data is being registered. In the current matter, such information must, among others, ensure that it is clear to the data subject which areas are caught by the camera. The deadline for Waxing Palace AS to file a complaint about the decision was on 20 August 2021. Read the whole decision here (in Danish): https://www.datatilsynet.no/aktuelt/aktuelle-nyheter-2021/gebyr-til-waxing-palace-as/EUR 2 million fine for data processing in connection with a customer loyalty program
According to the media, the Austrian data protection agency (Datenschutzbehörde) has issued a EUR 2 million fine to JÖ-Bonus Club GmbH, an Austrian multi-partner program through which various benefits can be obtained from different partners. To join the loyalty program, a consent is required. Meanwhile, the consent was constructed in such way that it did not comply with the rules of the GDPR because the consent declaration did not adequately inform that the users consented to profiling. According to the GDPR, information about personal data processing must be in an easily accessible form, using clear and plain language. However, JÖ-Bonus Club had designed the registration for the loyalty program in such way that information about the profiling could only be found if scrolling downwards. The consent itself had been placed higher up so that the consent was obtained before the information about the profiling was made. JÖ-Bonus Club had realised the error and corrected it following an approach from the Austrian DPA. Nevertheless, the processing of data on approx. 2.3 million individuals, who had already provided their (invalid) consent, continued. The DPA concluded that JÖ-Bonus Club had breached its obligation to provide a consent in an easily accessible form, using clear and plain language. Therefore, the DPA found that the consents were invalid and that the profiling made on the basis of said consents was illegal. It was considered an aggrevating circumstance that the processing continued regardless JÖ-Bonus Club knowing that the consents obtained were invalid.Contact:
Henrik Christian Strand, Associated Partner E: hcs@holst-law.com M: +45 3010 2186 Pernille Kristensen, Attorney E: pkr@holst-law.com M: +45 3010 2224GDPR decisions – July 2021
11th August 2021 Recordings of phone conversations without prior consent made by the Danish Business Authority drew criticism from the Danish Data Protection Agency.GDPR decisions – May 2021
2nd June 2021Court of law approves the opportunity for compensation in the event of a non-pecuniary loss following a data breach
At the end of 2018, four PCs were stolen from the town hall of Gladsaxe. A spreadsheet was stored on the local drive of one of the PCs containing personal data on 20,620 citizens for inter-municipal reimbursement purposes. The personal data consisted of personal ID numbers, names, addresses and in some cases summarising information about housing benefits and health information.GDPR decisions – April 2021
6th May 2021Application of old TLS version drew criticism from the Danish DPA
When looking into a case initiated by the DPA itself, the DPA established that the self-service solution available with the Police for applying for a firearms certificate (www.digimeld.politi.dk/vaaben/HTML/index.aspx?type=p70401) - during which your personal ID number must be entered - warns you about the page using weak encryption and that unauthorised persons in consequence thereof may have access to the data that is entered. The self-service solution only supported TLS version 1.0, but the Danish National Police had stated that this version was the best, which the said solution could support, and that work was in progress for replacing it. The DPA stated that forms and web-solutions for processing personal data are subject to safety requirements, including in particular that the data controller must ensure that personal data do not become accessible to anyone unauthorised. Data that can be characterised as worthy of protection, including information on personal ID numbers, must therefore be ensured in such way that the contents cannot be accessed by anyone unauthorised, which is done by encrypting the transport layer (TLS) subject to version 1.2 or higher versions. The DPA established that TLS versions 1.0 and 1.1 contain known vulnerabilities which do not ensure the necessary confidence and integrity of the data being exchanged. Hence, the DPA found grounds for criticising the Danish National Police for not processing personal data in compliance with the rules provided for in Article 32.1 of the GDPR. Read the whole decision here (in Danish): https://www.datatilsynet.dk/tilsyn-og-afgoerelser/afgoerelser/2021/apr/utilstraekkelig-kryptering-i-selvbetjeningsloesning-hos-politietFine for disclosing video surveillance
Norwegian car wash business Miljø- og Kvalitetsledelse AS has been fined NOK 35,000 (about EUR 3,500) by the Norwegian DPA for illegally disclosing personal data from a video surveillance. When malicious damage was made to a purchase terminal, Miljø- og Kvalitetsledelse AS sent uninvited recordings and data from the video surveillance of the car wash system to the employer of the person, which Miljø- og Kvalitetsledelse AS assumed had caused the malicious damage. The DPA found that the disclosure lacked legal basis and was contrary to Articles 6.1 and 5.1 (a) of the GDPR. The recordings had already been surrendered to the Police, and the DPA found the forwarding of the recordings to the data subject’s employer unnecessary for preventing and clarifying the malicious damage. Miljø- og Kvalitetsledelse AS have an appeal period of 3 weeks from the time of receiving the decision. Read the whole decision here (in Norwegian). https://www.datatilsynet.no/aktuelt/aktuelle-nyheter-2021/miljo--og-kvalitetsledelse-as-far-gebyr/District Court of the Hague reduces administrative fine by 24%
The Dutch DPA had imposed an administrative fine of EUR 460,000 on a hospital in consequence of violating Article 32 of the GDPR when failing to implement satisfactory measurements for protecting patients’ personal data. The fine constituted a basic fine of EUR 310,000 plus two additional fines of each EUR 75,000, totaling EUR 460,000 in consequence of the hospital not having implemented two-factor authentication, and not having made regular controls on logins for access to medical records. The case was brought before the District Court of the Hague who found the fine too high. The court did not find the basic fine of EUR 310,000 unreasonable, but the additional fines should be reduced since the hospital had taken steps to prevent that personal data found on digital platforms could be accessed by unauthorised staff. Furthermore, during the objection period, the hospital had implemented two-factor authentication and intensified logins, which the court considered a willing to cooperate, hence the fine was reduced to a total of EUR 350,000. Read the whole decision here (in Dutch). https://uitspraken.rechtspraak.nl/inziendocument?id=ECLI:NL:RBDHA:2021:3090Contact:
Henrik Christian Strand, Associated Partner E: hcs@holst-law.com M: +45 3010 2186 Pernille Kristensen, Attorney E: pkr@holst-law.com M: +45 3010 2224GDPR decisions – March 2021
12th April 2021 Decision delivered in France may greatly impact the option of legally using European subsidiaries with parent companies in the USA for hosting of data.GDPR decisions – February 2021
8th March 2021Phone conversations recorded by on-call GPs
A Danish citizen had filed a complaint about her phone conversation with an on-call GP in the Region of Southern Denmark being recorded and the fact that the on-call GP subsequently denied to erase the recordings. The Danish Data Protection Agency found that it was alright for the on-call GP to record phone conversations, but on the other hand found that the GP generally saved the recordings for too long. During the case it was revealed that the on-call GP in question had recorded and saved approx 7.5 million conversations since January 2013.The Danish Supreme Court finds in favour of Danish municipality
23rd February 2021 The Western Division of the Danish High Court had previously acquitted a Danish municipality in a case where the municipality’s mechanical ditch cleaners had caused damage to a telecommunications cable situated in a roadside ditch.Employer acquitted of liability – workplace, person to be charged, instructions and supervision was at issue
3rd February 2021 On 5 July 2019, one of the Danish district courts (the District Court of Herning) found that a master painter was liable for compensation in connection with an injury accident caused when an apprentice fell off a balcony and suffered severe head injuries.GDPR decisions – January 2021
1st February 2021 Norwegian company fined EUR 95,000 for insufficient basis for processing Innovation Norway carried out four credit ratings of a one-man business, which the owner of the business complained about to the Norwegian data protection authority. The credit ratings were made over a 3-month period. Innovation Norway was not able to identify any customer relation or connection to the owner or his business justifying said credit ratings, and therefore the Norwegian DPA decided that there was no basis for processing. The DPA issued a fine amounting to approx EUR 95,000 (NOK 1 million).Looking back at GDPR matters in 2020
5th January 2021 2020 is drawing close to an end, and also in terms of the GDPR, it is a fact that COVID-19 has taken up massive attention. New questions arose, to which answers were needed, e.g.: Is it allowed for an employer to register data about COVID-19? Is it allowed to transfer data about COVID-19? Where can such data be stored? In several countries, an app was launched as an additional aid for contagion tracing. In addition to such apps, which helped break the chains of infection more rapidly for countries’ own citizens, other apps were introduced to foreign citizens travelling though or to a particular country. As a result, more questions arose since the laws of several countries were to be observed too. Holst, Advokater provided advice to the Robert Koch Institute and the German Ministry of Health about the possibility of extending access to download the German COVID-19 app in Denmark and for Danish citizens.GDPR decisions – December 2020
5th January 2021 Danish municipality reported to the Police and is facing EUR 6,700 fine The Danish Data Protection Agency (the DPA) has reported the municipality of Guldborgsund to the Police and recommended a fine of EUR 6,700 (DKK 50,000) since the municipality failed to act with necessary alertness in connection with a security breach.GDPR decisions – November 2020
5th January 2021 The Irish DPA fines Tusla Child and Family Agency EUR 75,000 In May 2020, the Tusla Child and Family Agency (Tusla) was imposed with an administrative fine of EUR 75,000, which has now been heard and confirmed by an Irish court of law.GDPR decisions – October 2020
9th November 2020 All-time high fine of GBP 20 million imposed on British Airways for data breach The Information Commissioner’s Office (the ICO) has given a penalty notice of GBP 20 million (about EUR 22 million) to British Airways (BA) for infringements of the GDPR in 2018 affecting more than 400,000 of the company’s customers.GDPR decisions – September 2020
15th October 2020 In 2019, the Finnish DPA received complaints on the electronic direct marketing and neglection of rights of the data subject, contrary to what is provided for under the GDPR. The topics of direct marketing included various courses within building supply and asbestos removal. The data subjects reported that they had received direct marketing messages from the company without consenting to it first. Some of the data subjects had responded to the marketing message and requested the controller to stop sending such messages. Despite this, the data subjects still received direct marketing messages from the controller.GDPR decisions – August 2020
3rd September 2020 Danish DPA commits personal data breach and misses the 72-hour notification deadlineGDPR decisions – July 2020
18th August 2020 Fine of approx. EUR 28,000 issued due to unlawful basis for processingGDPR decisions – June 2020
3rd August 2020Publication of club magazines from the early 1980s found lawful
On 16 June 2020, the Danish Data Protection Agency (DPA) decided in a matter in which a citizen had complained about a sailing club that had posted three club magazines from 1981 and 1982 on the internet, thereby revealing information on the name, former address, age and a photo of the complainant, and the sailing club had refused to delete this information.
When hiring people to work in Denmark
9th July 2020 If you are considering hiring or posting employees to Denmark, you must be familiar with Danish labour market regulations and you must comply with such. Holst, Advokat has prepared a general guide to employment law and labour law in Denmark.Cannabis – Licence to import, develop and cultivate
2nd July 2020The Danish medicinal cannabis pilot programme runs until 31 December 2021. The programme entails that licences can be issued for the import of cannabis for Danish patients, and companies may apply for a license to cultivate, produce and distribute medicinal cannabis in Denmark. In parallel to the pilot programme, a development scheme has been introduced making it possible to apply for a cannabis cultivation and handling licence with a long-term view to producing cannabis suitable for medicinal use.
Incoterms 2020
2nd July 2020 On 1 January 2020, a new version of Incoterms rules came into force. The new version contains clarifications and modifications which your company should be aware of when applying the rules.Cannabis – A growing market
19th June 2020Since 1 January 2018, Danish doctors have had the opportunity of prescribing cannabis products for their patients; A four-year medicinal cannabis pilot programme has been introduced in Denmark implying that licences for importing cannabis for Danish patients can be issued. Today it is also possible to cultivate, produce and distribute medicinal cannabis in Denmark. In parallel to the pilot programme, a development scheme has been introduced making it possible to apply for a cannabis cultivation and handling licence with a view to producing cannabis suitable for medicinal use.
The schemes have entailed the creation of hundreds of new jobs in Denmark, and the production of medicinal cannabis is expected to become an important export article.
- Insolvency
- Real estate and construction