PRIVACY POLICY

This personal data policy is dated 25.05.2022

 

This policy describes how Normann Copenhagen ApS processes personal data

that you provide us or that we collect about you through Normann Copenhagen ApS’ website.

 

In this privacy policy, personal data is defined as types of information that are identified or identifiable to a person. In other words, every piece of information that directly or indirectly could be attributed to you.


1. 
CONTACT INFORMATION ABOUT THE DATA CONTROLLER

1.1 Normann Copenhagen ApS is the data controller, and we make sure that your personal data is processed in accordance with applicable legislation.

1.2 Normann Copenhagen ApS has joint data control responsibility with Meta for personal data that is collected using Meta’s analysis tool when you visit our Facebook page. You can read more in about this in section 2.4.
1.3 If you have questions or comments about this personal data policy, or if you want to exercise one or more of your rights as described in section 5, you can contact customer service:

NORMANN COPENHAGEN APS 
Niels Hemmingsens Gade 12
DK-1153 Copenhagen K
Central Business Register (CVR) no. 10008824 
Tel. no.: +45 35 55 44 59
Email: [email protected]


2. WHAT PERSONAL DATA DO WE COLLECT FOR WHICH PURPOSES AND WHAT IS THE LEGAL BASIS FOR PROCESSING?
2.1 Use of cookies on our website
When you visit our website, we collect data on your use of the website, for example, on what type of browser you use, your search terms, your IP address, including your network location, and information about the device you use to visit the website. We also collect information about which products and services you click on and add to your cart. The data is collected using cookies when you give your consent through our cookie banner. You can read more about this in our cookie policy.

2.1.1 The purpose is:
2.1.1.1 to prepare statistics and analyze how our customers use and move around on our website so that we can optimize the user experience and the website’s functionality,
2.1.1.2 to recommend products to you that we think you might be interested in on our website, and
2.1.1.3 to carry out marketing of our products to you, including through Facebook, Instagram, YouTube and Google, as well as
2.1.1.4 to improve security on our website.
Our processing is limited to personal data that is necessary for fulfilling the purposes above.

2.1.2 The legal basis for our processing of your personal data is:
2.1.2.1 You have given your consent to the processing of your personal data for one or more specific purposes; cf. Article 6 (1) (a) of the General Data Protection Regulation.

2.2 Purchasing
When you purchase a product or communicate with us on the website, we collect the data that you give us yourself, for example, name, address, email address, telephone number, payment method, data about the time of purchase, which products you purchase and, if applicable, return, as well as delivery and information about the IP address from which the order was placed.
2.2.1 The purpose is:
2.2.1.1 to be able to set you up as a customer, deliver the products you have ordered, fulfill our agreement with you, and
2.2.1.2 to be able to administer your rights to return products and make complaints,
2.2.1.3 to prevent fraud, and
2.2.1.4 to be able to comply with statutory requirements, including those that apply to bookkeeping and accounting.
Our processing is limited to personal data that is necessary for fulfilling the purposes above.


2.2.2 The legal basis for our processing of your personal data is:
2.2.2.1 The processing of personal data is necessary in order to fulfill an agreement to which you are a party to and take measures at your request prior to entering into a contract; cf. Article 6 (1) (b) of the General Data Protection Regulation.

2.2.2.2 The processing of personal data is necessary in order to prevent fraud; cf. Article 6 (1) (f) of the General Data Protection Regulation.
2.2.2.3 The processing of personal data is necessary with regards to bookkeeping and accounting; cf. Article 6 (1) (c) of the General Data Protection Regulation.

2.3 Newsletter
When you subscribe to our newsletter, we collect data about your name, email address and IP address. We also collect data when you subscribed to the newsletter, when you unsubscribed from the newsletter, as well as data on where and when you open the newsletter, and whether links have been clicked on.
2.3.1 The purpose is:
2.3.1.1 to be able to deliver newsletters to you,
2.3.1.2 to prepare statistics for optimizing the newsletter and for marketing our services, as well as
2.3.1.3 to be able to document your consent to receive the newsletter.
Our processing is limited to the personal data that is necessary for fulfilling the purposes above.

2.3.2 The legal basis for our processing of your personal data is:
2.3.2.1 With regard to dissemination of marketing material, you have given your consent to the processing of your personal data for one or more specific purposes; cf. Article 6 (1) (a) of the General Data Protection Regulation.
2.3.3 Your email address will be retained for as long as you subscribe to our newsletter. You can unsubscribe from the newsletters at any time by clicking the “unsubscribe from newsletter” link, which can be found in all newsletters you receive from us.
If you have corrections to your contact details, you can always change this data, either by unsubscribing from the newsletter and then subscribing again, or by contacting us at [email protected].

2.4 Social media
When you visit our Facebook page, please note that we use Meta’s analysis tool “Facebook Page Insights” for collecting and processing your personal data.
2.4.1   The purpose is:
2.4.1.1 to obtain statistics on visitors and,
2.4.1.2 gain insight into user behavior on our Facebook page, including number of likes, who posts likes, number of page views, interactions on the page, removal of likes, scope of page posts, etc.
Our processing is limited to the personal data that is necessary for fulfilling the purposes above.

2.4.2.  The legal basis for our processing of your personal data is:
2.4.2.1 you have given your consent to the processing of your personal data for one or more specific purposes; cf. Article 6 (1) (a) of the General Data Protection Regulation and,
2.4.2.2 the processing of the personal data is necessary for us, or a third party, to be able to pursue a legitimate interest, and your interests, or fundamental rights, and rights of freedom are assessed as not taking precedence; cf. Article 6 (1) (f) of the General Data Protection Regulations. The legitimate interest(s) that are pursued are to obtain statistics on visitors and gain insight into user behavior on our Facebook page.

When you visit our Facebook page, you will gain access to information on how data is processed. You can read more about what type of information Facebook obtains here. Depending on your Facebook account settings, we can process personal or other data through your Instagram profile, including interests. The same purpose and legal basis described in section 2.4 apply to Instagram. In this regard, Normann Copenhagen ApS and Meta (Facebook) have entered into an agreement on joint data control. You can read the agreement here.


3. MANDATORY NOTIFICATION OF CERTAIN PERSONAL DATA

In cases where we process personal data about you as the result of a requirement in accordance with a contract or a requirement that must be fulfilled in order to enter into a contract with you, you are obligated to give us the new personal data we must use in order to comply with our obligations in accordance with the agreement. If you do not give us the data that we require in order to comply with our obligations in accordance with the agreement, the consequence may be that we cannot carry out your purchase. If you want more information on these considerations, you may contact us as indicated in section 1.


4. RECIPIENTS OF PERSONAL DATA
4.1 Data regarding your name, address, email, telephone number, as well as order number and specific delivery requests are passed on to UPS, Danske Fragtmænd (Danish hauler) or another conveyer, which carries out the delivery of the purchased products to you.

4.2 Personal data may be passed on to public authorities if we are obligated to do so by law or to the police in case of suspicion of a breach of law or as part of an investigation into breaches of law. Data about a purchase, including who has carried out the purchase and where the product is delivered, may be passed on to a payment card issuer if the cardholder has stated that the card has been misused in connection with the specific purchase.

4.3 We use service providers and data processors that carry out work on our behalf. These services may be, for example, server hosting and system maintenance, analysis, payment solutions, address and solvency checks, email service, etc. These business partners may gain access to personal data to the extent that is necessary to deliver their services. Partners will be contractually obligated to process all data with strict confidentiality, and they are therefore not permitted to use data for purposes extending beyond their contractual obligations to us. We check that our partners are in compliance with their obligations with regards to data processing. If we pass on your data to a service provider or data processor outside the EU, we make sure that they are in compliance with the requirements imposed by legislation for such transfers.

4.4 Two data processors outside of the EU are Google LLC and Facebook Inc., founded in the United States. The data is transferred on the basis of a standard contract form.


5. YOUR RIGHTS
5.1 In order to create transparency regarding the processing of your data, we, as data controller, must inform you about your rights. If you want to exercise your rights, you may contact us. You can find our contact details in section 1.

5.2 The right of access
5.2.1 You have the right to be informed about what data we have recorded about you, what the purpose of recording is, the categories of the personal data and any recipients of data, as well as information about where the data is from. You also have the right to receive a copy of this information.

5.3 The right to rectification
5.3.1 You have the right to have inaccurate personal data about yourself corrected.

5.4 The right to erasure
5.4.1 In some cases you have the right to have all or some of your personal data deleted by us, for example, if you withdraw your consent, and we do not have another legal basis for continuing the processing. To the extent that continuing to process your data is necessary, for example so that we can fulfill our legal obligations, or so that a legal claim can be determined, exercised or defended, we are not obligated to delete your personal data.

5.5 The right to restrict processing of storage information 
5.5.1 In some cases, you have the right to have the processing of your personal data limited to storage only. In this case, we may only process the data with your consent or in order to determine, exercise or defend a legal claim. 

5.6 The right to data portability
5.6.1 In some cases, you have the right receive personal data, which you have given yourself, provided in a structured, commonly used and machine readable format, and have the right to transfer this data to another data controller.

5.7 The right to object
5.7.1 At any given time, you have the right to object to our processing of your personal data for the purpose of direct marketing, including the profiling that might be carried out in order to better target our marketing activities. At any given time, for reasons regarding your personal situation, you also have the right to object to the processing of your personal data that we carry out on the basis of our legitimate interests, as mentioned in section 3.

5.8 The right to withdraw consent
5.8.1 At any given time, you have the right to withdraw consent that you have given to us for a given processing of personal data. You can do so by contacting us using the contact information indicated above in section 1. If you choose to withdraw your consent, this will not affect the level of activity of our processing of your personal data on the basis of the consent you gave previously and up to the time of withdrawal. Therefore, if you withdraw your consent, it does not take effect until this time.

5.9 The right to complain
5.9.1 At any given time, you have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find a complaint form and contact information at www.datatilsynet.dk.


6. ERASURE OF PERSONAL DATA
6.1 Data collected on your usage of our website, cf. section 2.1, is deleted when the cookie expires after two years. You can read more about this in our cookie policy.

6.2 Data collected in connection with your subscription to our newsletter, cf. section 2.3, is deleted when your consent to the newsletter is withdrawn unless we have another basis for processing the data. However, we can keep documentation of your consent for two years after the last time we have sent electronic marketing to you. After unsubscribing from our newsletters, the statistical data on your use of the newsletter will be anonymized, without the possibility of later de-anonymization.

6.3 Data about you is kept for a longer period of time if we have a legitimate need for longer storage, for example, if it is necessary for a legal claim can be determined, exercised or defended, or if storage is necessary to fulfill statutory requirements. Accounting records are stored for five years until the end of a financial year in order to fulfill the requirements of the Danish Bookkeeping Act.

6.4 Comments or reactions (likes, etc.) that the data subject himself or herself has made on our social media pages are not deleted until the data subject removes his or her own comments and/or reactions.