Policies - Privacy
Edition 01, 15-06-2018
GENERAL
In this policy on the processing of personal data ("Personal Data Protection Policy") we explain how we, Dancert ( "us", "our", "we"), collect and use your personal data when you communicate with us, order our services or visit our website, (the "Website").
Our services are aimed at business operators, and the data we process are therefore primarily related to the enterprise you represent.
If you approach us as a private individual, your data will be processed in compliance with this policy.
Our Personal Data Protection Policy applies to personal data you provide us with or that we collect from the Website or from other sources.
Dancert is the data controller of your personal data. For all communication Dancert, please use the contact details provided below.
One of the reasons why we use cookies on the Website is to optimise your use of the Website, which is described in more detail in our cookie policy.
WHAT PERSONAL DATA WE COLLECT AND FOR WHAT PURPOSE
When you visit the Website: When you visit the Website we automatically collect data about you and your use of the Website. Such data include your IP-address, what type of browser you use, what pages you visit, what links you activate and general information about your navigation and use of the Website.
The purpose is to (pursue our legitimate interests of) improving user experience and the functionalities of the Website and to be able to register the amount of time visitors spend on the Website and to show you relevant information.
The legal basis for processing is set out in the General Data Protection Regulation ("GDPR"), point f) of article 6, paragraph 1, (the "balancing of interests" rule).
When you request for a certificate and other promotional materials: The data we collect include your name, e-mail address and your telephone number, what enterprise you represent, what industry you are from, your consent and your interests and preferences if you choose to provide such information.
The purpose is to enable us to send you our application form and pursue our legitimate interest in sending you promotional material.
The legal basis for processing is set out in the GDPR, point f) of article 6, paragraph 1, (the "balancing of interests" rule).
When you order a service or receive a quote from us: The data we collect include your name, what enterprise you represent, your telephone number, method of payment, information about the services ordered by you and the time and method of delivery.
The purpose of such processing is to enable us to deliver the services offered or agreed upon, and to otherwise enable us to perform the contract concluded with you or the enterprise you represent, and to handle your right to lodge a complaint.
The legal basis for processing is to enable us to perform the contract and provide the services ordered, see point b) or f) of article 6, paragraph 1, in the GDPR (the "balancing of interests" rule).
When you apply for a job:
Applications for vacancies must be posted via our recruitment system: www.teknologisk.dk/job. Here you will automatically gain access to our recruitment policy, in which we inform you how we process your personal data throughout the recruitment process.
If you send your application by e-mail, the e-mail itself and any attachments will be deleted so that we do not undertake any processing of your personal data.
When you have queries or otherwise interact with us: The data we collect include your name, e-mail address and telephone number and what enterprise you represent as well as your question.
The purpose of processing is to reply to questions and be able to communicate with you in order to provide the service you request.
The legal basis for processing is set out in the GDPR, point f) of article 6, paragraph 1, (the "balancing of interests" rule).
If you are the contact person of an enterprise who is one of our clients: The data we collect include your name, e-mail and telephone number, what enterprise you represent, as well as any other data that you choose to provide, apart from any sensitive data.
The purpose of processing is to enable us to communicate with you, for instance by mail and telephone, and to provide you and the enterprise you represent with the best possible service, for instance by taking into account special wishes and needs and to enable us to provide the enterprise you represent with relevant information.
In addition, we use the information to contact you or the enterprise you represent in order to establish how satisfied you are with the services we provide and/or to send you information about the same or similar services that we think may be interesting to you or the enterprise you represent.
The legal basis for processing is set out in the General Data Protection Regulation ("GDPR"), point f) of article 6, paragraph 1, (the "balancing of interests" rule).
If you represent a supplier: The data we collect include your name, e-mail and telephone number, what enterprise you represent, as well as any other data that you choose to provide, apart from any sensitive data.
The purpose of processing is to enable us to communicate with you and the enterprise you represent, for instance by e-mail or telephone, in connection with the tasks that you or the enterprise you represent perform for us as suppliers.
The legal basis for processing is set out in the General Data Protection Regulation ("GDPR"), point f) of article 6, paragraph 1, (the "balancing of interests" rule).
RECIPIENTS OF PERSONAL DATA, INCLUDING THIRD-COUNTRY TRANSFERS
We only share your personal data with third parties if we are required to do so by law or in order to be able to provide the services we offer via the Website.
Transfers to data processors. Your personal data will only be transferred to business partners who process the data on our behalf. Such enterprises are data processors and instructed by us to process data in respect of which TI is the data controller. Data processors must not use the data for any purpose other than performing their contract with us, and their processing of such data is subject to non-disclosure agreements. We have concluded written data processor agreements with all data processors processing personal data on our behalf.
To the extent that we process personal data outside the EU/EEA, such processing will be in compliance with the standard contractual clauses adopted by the EU Commission.
WHEN DO WE ERASE YOUR PERSONAL DATA
Data collected about your use of the Website will be erased at the latest 36 months after you last visited the Website.
Data collected in the course of your interaction with us, or in connection with your inquiries and requests for information will be erased when they are no longer necessary for the purpose for which they were collected.
As a rule, data will be erased ten years after the end of the calendar year in which the agreement to collect them was concluded. However, the data may be stored for longer periods of time, if i) we have a legitimate interest in storing the data for a longer period of time, if ii) it is necessary to establish, submit or defend a legal claim, or if iii) such storage is necessary in order to meet legal requirements. Accounting materials will be stored for five years until the end of a financial year in order to comply with the requirements of the Danish Bookkeeping Act.
YOUR RIGHTS
In order to ensure that the manner in which we process your data is transparent, we disclose your rights in the next section.
Right to access
At any time you have the right to ask us what personal data we have recorded about you, what purpose such registration serves, what categories of personal data we store and the potential recipients of such data as well as information about the source of the data.
You have the right to have the personal data we process about you handed to you in the form of a copy. If you wish to receive a copy of your personal data, you must send a written request to gdpr@teknologisk.dk. You may be asked to provide documentation that confirms your identity.
Right to rectification
You have the right to have your data rectified in case of inaccuracy or incompleteness. If you become aware of errors in the data we have registered about you, please write to us to have the data rectified.
Right to erasure
In certain circumstances you are entitled to have all or some of your personal data erased by us, for instance if you withdraw your consent and the continued processing cannot be based on another legal basis. To the extent that the continued processing of your data is necessary, for instance in order to enable us to fulfil our legal obligations or in order to establish, submit or defend a legal claim, we are not obliged to erase your personal data.
Right to restriction of processing
In certain circumstances you have the right to obtain the restriction of the processing of your personal data so that they can only be stored, for instance if you believe that the information we store about you is incorrect.
Right to object
At any time you have the right to object to our processing your personal data for direct marketing purposes, which includes profiling purposes to the extent that it is related to such direct marketing.
At any time you also have the right to object to our processing of data on the grounds of our legitimate interests for reasons relating to your particular situation.
Right to withdraw your consent
At any time you also have the right to withdraw your consent to a particular type of processing of your personal data, for instance in connection with signing up for our newsletter.
Right to lodge a complaint
You can complain to the Danish Data Protection Agency about the manner in which we process your personal data. You may lodge your complaint by sending an e-mail to dt@datatilsynet.dk or by calling +45-3319 3200.
CONTACT DETAILS
If you have any questions about or comments on this Personal Data Protection Policy or wish to exercise one or several of your rights, you can contact us:
Danish Technological Institute/Dancert A/S
Gregersensvej 1
DK-2630 Taastrup
Email: gdpr@teknologisk.dk
CHANGES TO OUR PERSONAL DATA POLICY
If we make changes to our Personal Data Protection Policy, we will notify you of such changes by posting the revised policy on the Website.