This policy describes how we use and protect personal data and ensure that employees are familiar with the rules that apply to the use of the personal data that they can access as part of their work. This policy is a supplement to our other policies on IT security, internet, email and the like.
This policy aims to meet the requirements of the General Data Protection Regulation (GDPR) and, in particular, article 13.
When the policy refers to articles of law, this pertains to the GDPR, and when it refers to paragraphs, this pertains to the Danish Data Protection Act.
2. GENERAL PROVISIONS ON THE PROCESSING OF PERSONAL DATA
All processing of personal data at our company is subject to the principles of lawfulness, fairness and transparency. Personal data is only collected for legitimate purposes which have been specifically indicated, and we comply with the data mining principle. We strive to ensure that all information is correct and up to date, and we prioritise the principles of storage limitation, integrity and confidentiality and, in particular, accountability.
3. DATA CONTROLLER
NORMANN COPENHAGEN APS is a data controller, and we make sure that your personal data is processed in accordance with legislation.
NORMANN COPENHAGEN APS
Data controller: Morten Toft
DK-2100 Copenhagen Ø
Business reg. no. (CVR) 10 00 88 24
Telephone no.: +45 3527 0526
4. PURPOSE OF PROCESSING; CATEGORIES OF DATA BEING PROCESSED
There may be many reasons for processing personal data, but the following examples are the most common. We will inform you if, in exceptional cases, we process personal data for purposes that do not fall within the categories below. The same applies if we collect or process personal data from other persons than you.
- Processing orders.
- Fulfilling complaints and warranty obligations
- Sales follow-ups
- Communication in connection with your orders or other enquiries that you sent us
- Ensuring user-friendliness and security
- Optimising our digital solutions
- The possibility to participate in customer surveys, competitions, draws, etc. via digital solutions
- Archive of registered products and the associated personal data
- Legal requirements (exercise of public authority
4.1 What data do we collect?
VWe use data about you to fulfil our agreement with you, to improve our service and to ensure the quality of our products and services. The personal data we process consists of:
4.1.1Automatically collected data
We have a number of digital solutions based on different technologies aimed at ensuring user-friendliness and security. These technologies can collect data automatically so as to offer the best possible solution, either directly by us or by a third party on our behalf. Analysis of clickstream data and cookies is an example of this.
All visits to a digital solution involve information being sent from your browser to a server. We optimise the digital solutions by analysing this data. Third parties collect data on our behalf. Data about your browser may be collected for system administration and to carry out internal, marketing-related analyses based on your behaviour. Examples of data that is collected and analysed:
- Date and time of visit
- Pages visited in the solution
- Your IP address
- The geographic location of the IP address
- Information on the browser and computer used (type, version, operating system, etc.)
- URL of the referring site (the site where the visitor came from)
We use internal data providers that act as data processors for us. We are data controllers with respect to the collected data, and the collected data will not be passed on without consent unless required by law.
4.1.2 Information that you provide
We record information that you provide in connection with a physical visit or a visit to our website.
The data that you actively provide is usually general and may include name, address, telephone number, email address, etc. The data usually originates from:
- Information that you share via social media
- Information sent by email
- Information that we receive from you in connection with orders on our online shop
- Information that you share with us when you participate in surveys, events and competitions
This list is not exhaustive.
5. BASIS FOR PROCESSING
Personal data is processed mainly pursuant to article 6.1.b, as processing is necessary in order to fulfil the contractual obligations between us.
As much as possible, certain data, including sensitive data, is processed on the basis of consent, cf. directly below.
6. RECIPIENTS AND TRANSFER OF PERSONAL DATA
We may pass on your data if this is required pursuant to a legal obligation. Transfer can also take place following an order from a court or other authority or to protect trademarks, rights or property. This involves exchanging information with other companies and organisations for the purpose of protecting against fraud.
We use service providers and data processors that carry out work on our behalf. For example, the services could include server hosting and system maintenance, analysis, payment solutions, control of address and creditworthiness, email service, etc. These partners may gain access to data to the extent necessary to provide their services. Partners will be contractually obligated to process all data with strict confidentiality, and they are therefore not permitted to use data for purposes extending beyond their contractual obligations to us. We check that our partners are in compliance with their obligations with regard to data processing. If we pass on your data to a service provider or data processor outside the EU, we make sure that they are in compliance with the requirements imposed by legislation for such transfers.
We never collect personal data that was not provided by you during registration, purchase, participation in a survey, etc.
7. DURATION OF STORAGE AND ERASURE POLICY
We save your data for as long as we have a legitimate and objective reason to do so, which includes being able to provide you with the best service possible.
Generally, all personal data will be erased five years after the termination of the customer relationship, which is defined as the last active transaction. Personal data may be kept longer if there is an objective reason to do so, e.g. if a legal claim needs to be established, alleged or defended, cf. article 17.3.e.
Cookies, however, are erased at the latest 12 months after use, cf. section 4.
8. RIGHT OF ACCESS, RIGHT TO RECTIFICATION AND RIGHT TO ERASURE (article 13.2.b, article 15.)
You have the right to request access to the data that we process. The information you can request consists of:
- That personal data is being processed
- What is being processed/span>
- The purpose of the processing
- The categories of personal data in question (general or sensitive)
- The period during which processing and storage takes place
- The right to request rectification or erasure
- The right to submit a complaint to the Danish Data Protection Agency
You have the right to have incorrect data about you corrected without undue delay. You must take the initiative for such rectification.
You may also request erasure (“the right to be forgotten”), though only after the expiry of our legal obligation to keep the data pursuant to the Danish Bookkeeping Act. You can also contact us if you believe that your personal data is being processed in violation of legislation or other legal obligations.
When you contact us with a request for rectification or erasure of your personal data, we will check to see that the conditions are met, and if this is the case, we will rectify or erase the information as quickly as possible.
9. DATA PORTABILITY AND PROFILING
You have the right to receive the personal data that you have made available to us and data that we have collected about you from other players with your consent. If we process data about you as part of a contract to which you are a party, you can also receive your data. You also have the right to transfer this personal data to other service providers.
If you want to take advantage of your right to data portability, we will send you your personal data in a commonly-used format
We generally do not engage in profiling, i.e. automated decisions used in analyses and similar.
When consent is necessary as a basis for processing data, we must be able to document that we received such consent. Therefore, we always require a written consent.
Consent is a voluntary, specific, informed and unambiguous declaration concerning processing of personal data. You can always withdraw your consent, and if it is the only basis upon which processing is taking place, future processing will cease. Our obligation and right to store data will, however, be unaffected.
The consent can be withdrawn by contacting us using the contact information specified in subsection 1.
11.1 What are cookies?
11.2 Types of cookies and their purpose
You can opt out of receiving cookies from Google Analytics here: http://tools.google.com/dlpage/gaoptout
11.3 Delete or disable cookies in your browser
You can always opt out of receiving cookies on your computer by changing your browser settings. The location of these settings will depend on the browser you are using. However, you should be aware that if you do this, there will be many functions and services on the internet that you will not be able to use.
All browsers allow you to delete cookies either collectively or individually. The way this is done depends on the type of browser you are using. Remember, if you use several browsers, you must delete cookies in all of them.
Read more about deleting and managing cookies here: http://minecookies.org/cookiehandtering
We protect your personal data, and we have a set of internal rules on information and IT security.
Our internal security rules include instructions and measures that protect your personal data from being destroyed, lost or changed, against unauthorised disclosure and against unauthorised parties becoming aware of or gaining access to it.
We have established procedures for assigning access rights to the employees that process data, including sensitive data. We control their actual access through log-ins, passwords and monitoring. To avoid data loss, we keep an ongoing backup of our data
In case of a security breach that exposes you to a high risk of discrimination, ID theft, financial loss, loss of reputation or other significant disadvantage, we will notify you of this security breach as quickly as possible. We are also subject to a mandatory duty of notification.
13. COMPLAINTS (article 77)
Anyone is entitled to submit a complaint to the Danish Data Protection Agency concerning our processing of personal data.
Complaints must be sent to
Borgergade 28, 5.
1300 København K
tlf: 3319 3200
DECLARATION OF CONSENT FOR SUBSCRIPTION TO NEWSLETTER ISSUED BY NORMANN COPENHAGEN APS
Terms for receipt for newsletters
By accepting and consenting to receive newsletters from us, you are also accepting our terms for the Receipt of Newsletters, which you can find below.
The newsletters are a service offered by NORMANN COPENHAGEN APS
Contact and company data:
NORMANN COPENHAGEN APS
Data controller: Morten Toft
DK-2100 Copenhagen Ø
Business reg. no. (CVR) 10 00 88 24
Telephone no.: +45 3527 0526
The purpose of the data
When you have subscribed to our newsletter, your email address will be used to issue newsletters that contain information on current knowledge as well as inspiration and ideas, relevant offers, seminars and events, tips & tricks and other marketing materials. We may also use your email address to send informational emails pertaining to our business. Beyond this, your email will not be used for other purposes. The data that we collect on your use of the newsletters will be anonymised and used to improve our service and our ability to target and adjust the content to the recipient’s interests. We issue our newsletter or other communications when we believe we have something interesting and new to tell you. We strive to limit the number of newsletters so that the content is relevant, current and does not clutter up your inbox.
Your data will be stored and processed confidentially and securely. Our company, as well as the subcontractors we use, have implemented the necessary technical and organisational security measures to prevent that your data is misused, disclosed to unauthorised parties, accidentally or unlawfully destroyed, lost or impaired or processed in violation of the personal data legislation. Your email address will be kept for as long as you are subscribed to our newsletter. If you unsubscribe to the newsletter, we will delete your email address from our newsletter contact list. We may still have your data from other contexts. This will not be affected when you unsubscribe from the newsletter. We can therefore continue to process such data in accordance with other consent or authorisation that we have received. After unsubscribing from our newsletters, the statistical data on your use of the newsletter will be anonymised, without the possibility of later de-anonymisation.
Rectification of contact data
If you have corrections to your contact data, you can always change this data, either by unsubscribing to the newsletter and then subscribing again or by contacting us at: firstname.lastname@example.org
Unsubscribing to the newsletter and other enquiries
You can always unsubscribe from the newsletter by clicking the “unsubscribe from newsletter” link that you can find in all our newsletters. After unsubscribing from the newsletters, you will not receive anything else from us, unless you have consented to us contacting you in another context. When you unsubscribe, you will receive a confirmation that we are deleting you from our list of newsletter recipients. Your email address will then be deleted from our list of newsletter recipients.