GDPR PRIVACY POLICY
We safeguard the data of our employees, customers, suppliers, and business partners and know how important it is to meet the requirements of the Data Protection Act – known as GDPR (General Data Protection Regulation).
DATA CONTROLLER:
We are the data controller. Any enquiries regarding customer data and other registered personal data should be made to the COO of the company.
DATA AND PURPOSE:
We collect and register only the most necessary personal data/general information about contacts at customers, suppliers, or other business partners.
This information consists of the contact’s name, work telephone number, and e-mail address, which can be registered under the associated company. The purpose here is of legitimate interest, e.g., contact details of customers and other business partners as well as information about purchase history. In addition, the purpose is for us to be able to fulfill contracts and/or agreements associated with delivery of goods and/or services.
The information originates from business partners or from the contact themself. In connection with sourcing of new potential customers, the general information may be obtained from websites or publicly available databases.
PROCESSING AND AUTHORIZATION:
We process personal data related to contact details of customers and business partners as well as customers' purchase history and information for use in fulfilling contracts/agreements in accordance with the guidelines of the Danish Data Protection Agency. Consent is not required for the processing of this information provided that the processing has a legal basis and is necessary to the purpose.
DATA STORAGE AND ACCESS:
Customer and personal data are registered in the company's ERP system and CRM database. Information regarding quotations and contracts/agreements is stored and hosted on a cloud service and registered in the company's CRM database. All information is stored under secure conditions.
All employees have signed a confidentiality agreement pertaining to the ISO 9001:2015 certification.
RIGHTS OF ACCESS, RECTIFICATION, AND DELETION:
The registered contact has the right to gain insight into the personal data that the company holds as well as to have these data rectified or deleted. As soon as possible and generally within 4 weeks of a request, the information must be provided. When information has been provided, the person can request similar information after 6 months at the earliest.
INFORMATION ABOUT THE EMPLOYEES:
The employee can view stored information about them at any time. The information is archived in the HR module and GDPR drive, to which relevant managers have access.
COMPLAINTS:
If a registered contact is dissatisfied with the processing of personal data, a complaint can be made to the company's COO, the daily contact person, or a relevant manager. If this does not lead to clarification, a complaint can subsequently be addressed to the Danish Data Protection Agency. Their current contact address can be found at www.datatilsynet.dk.
Peter Rosenkrands
CEO