DATA PROTECTION POLICY OF ESIGNATUR DANMARK A/S
1.1 This Data Protection Policy (‘Policy’) applies to all data which you provide to us and/or which we collect about you (‘Data Subject’), whether in the course of our customer or supplier relationship, when you participate in events hosted by us, if you are a shareholder to us or when you make use of our service, including when visiting our website. In this Policy you can read more about the data we collect, how we handle your data and how long we will retain your data etc. Please read this Policy and contact us if any aspect of the Policy is unacceptable to you. The current version of the Policy is always available at https://www.esignatur.dk/persondatapolitik.
2. Data Controller
2.1 The data controller responsible for the processing of your personal data is:
ESIGNATUR DANMARK A/S
Lersø Parkallé 107
DK-2100 København K
+45 4358 4058
CVR number: 38491687
2.2 The general legal processing framework is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, and the attendant rules. In addition, the Danish Act No. 502 of 23 May 2018 on supplementary provisions to the EU Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data will apply (the "Data Protection Act").
2.3 All questions concerning this Policy, the processing of your data and any suspected non-compliance should initially be directed to this email address: firstname.lastname@example.org.
3. Purpose of Processing
3.1 As a Data Suject to us we may be required to process your personal data or we may need to process your personal data to the extent required for us to provide the services you request and comply with the obligations imposed on us as providers of digital signatures and related products.
4. Personal data we process about you
4.1 We collect the following personal data directly from you:
4.2 When you or the company you are employed with becomes a customer with us and we create you as an administrator or user, we collect your name, your email address, your e-ID (either Danish NemID, Norwegian BankID or Swedish BankID), your generated ID number and possibly: employee number, job title, phone number, username and encrypted password.
4.3 If you or the company you are employed with is a supplier to us, we collect common work-related personal information from you in the form of contact information, provided by you when ordering or executing an order including name, phone number, e-mail address and job title.
4.4 When you visit our website, we may collect your IP address and the following general personal information if you sign up to be contacted: Name, email address and phone number.
4.5 If you are a shareholder in the Company, we will collect your full name, picture identification, CPR number, phone number and e-mail address and ownership information. In connection with the payment of dividends, we also collect your registration and account no.
6. Why we process your Personal data
6.1 In fact, we use your personal data for a variety of purposes, depending on whether you are a customer, the contactperson at one of our customers or a supplier, shareholder with us, or just a user of our website.
6.2 Are you a customer with us or are you an employee with one of our customers, we use your personal data to:
6.3 If you are a supplier to us or employed by one of our suppliers, we use your personal data to:
6.4 Are you a shareholder with us, we use your personal data to:
6.5 If you are a sole user of our website, we use your personal data to:
7. Legal basis for Processing your Personal data
7.1 When you become a customer or supplier of ours or enter into an agreement of some kind with us, we will process your general Personal data for that specific purpose and for the purposes of managing the on-going customer or supplier relationship with you, organising events. The legal basis of Processing is Article 6(1)(b) of the GDPR, as the Processing of your Personal data is necessary for the performance of our agreement with you or in order to take steps at your request prior to entering into an agreement with us.
7.2 We may a If you are employed by a company who is a customer or a supplier to us, we have the ability to process your general personal data, because we have a legitimate interest in processing your information, cf. Article 6 (1) of the Personal Data Regulation. 1 (f) and Section 6 (1) of the Data Protection Act.
7.3 In some We also have a legitimate interest in processing your personal information (your name and e-mail address) for marketing purposes, cf. Article 6 (1) of the Personal Data Regulation. 1 (f) and Section 6 (1) of the Data Protection Act. 1. Hence, our legitimate interest is to know your preferences, so we can customize our offerings to you and ultimately provide products and services that better services your needs and wishes. We are of course always in compliance with the marketing law in force at the time in question. Is likewise with reference to Article 6 (1) of the Personal Data Regulation. 1 (f) and Section 6 (1) of the Data Protection Act. 1, that we prepare various statistics on the number of customers, purchases, use of the website, etc.
7.4 When When you are a shareholder in the Company, we are legally obliged to process personal data about you, Article 6 (1) of the Personal Data Regulation. 1 (c), Data Protection Act Section 6, subsection 1, § 11, paragraph 1. 2, 1) and section 50-54 of the Danish Companies Act. For example, it may be necessary for the Company's shareholder register, including the safeguarding of the owner's identity, as well as documentation of share transactions and alike in accordance with the rules of the Danish Bookkeeping Act.
8. Sharing your Personal data
8.1 We may share your Personal data with the suppliers and business partners assisting us, for example, with the execution of your orders, deliveries, our events or with IT management, hosting, etc. This means that we may share your Personal data with, for example, our service providers and data processors Zendata, DK-3500 Værløse or Netgroup DK-1264 Cph. K. as well as other collaborators and business partners.
9. Retention and erasure of your Personal data
9.1 We will retain your Personal data in accordance with the following rules:
9.2 If you are a customer or supplier of ours, we will retain your Personal data for up to 5 years from termination of a contract.
9.3 Are you a shareholder in the Company, we keep your personal data until you are no longer a shareholder in the Company. Then we will delete the information that we are not required to preserve, in accordance with the Companies Act, for example a correct and updated shareholder register.
9.4 If you are a user of our website and at the same time neither customer, supplier or former customer/ supplier, or employee of the same – we keep the information we have registered for you for up to 6 months from the time you used one of our services on the website.
10. Your rights
You have the right to access the Personal data we process about you. By writing to us (at the above address – see clause 2.1), you may request access to the Personal data we hold about you, including the purposes for which the Personal data were collected. We will comply with your request as soon as possible.
10.2 Rectification and erasure:
You have the right to request rectification, supplementary Processing, erasure or blocking of the Personal data we process about you. We will comply with your request as soon as possible, to the extent necessary. If, for some reason, your request cannot be complied with, we will contact you.
10.3 Restriction of Processing:
In certain circumstances, you have the right to restrict the Processing of your Personal data. Please contact us at email@example.com if you would like to restrict the Processing of your Personal data.
10.4 Data portability:
You have the right to receive your Personal data (only data about you which you yourself have provided to us) in a structured, commonly used and machine-readable format (data portability). Please contact us at firstname.lastname@example.org if you would like to exercise your rights concerning data portability.
10.5 Right to object:
You have the right to ask us not to process your Personal data in cases where the Processing is based on Article 6(1)(e) (performance of a task carried out in the public interest or in the exercise of official authority) or Article 6(1)(f) (legitimate interests). The extent to which we process your Personal data for such purposes is described in this Policy. You may exercise the right to object at any time by contacting us at email@example.com.
10.6 Withdrawal of consent:
If the Processing of your Personal data is based on your consent, you have the right to withdraw consent at any time. If you withdraw consent, this will not affect the legality of the Processing that was carried out before such withdrawal. Please contact us at firstname.lastname@example.org if you would like to withdraw consent.
If you wish to opt out of receiving promotional and marketing communications in general, including by ordinary post, email, texts, telephone or other electronic media, please write to email@example.com. If we have any doubts about your identity, we may ask you to prove your identity. Other than ordinary communications costs, this is free of charge.
Your exercise of the above rights may be subject to conditions or restrictions. For example, you may not be entitled to data portability in all situations – this will depend on the circumstances of the relevant Processing activity in each case.
11. Any consequences of not providing your Personal data
11.1 If you are required to provide us with Personal data about you, this will be stated clearly where we collect the Personal data. If you do not wish to provide the Personal data we request, it may have the consequence that we will not be able to provide the services you have requested, execute your orders, create a subscription account in your name, etc.
12.1 Our processing of personal data is governed by our Information Security Policy. Our Information Security Policy also lays down how to carry out risk assessments and impact analysis of existing as well as new or changed Processing activities. We have implemented internal rules and procedures to provide and maintain appropriate security from collection to erasure of Personal data, and we will only engage Data Processors to process our Personal data if they maintain a similar appropriate security level.
13. Complaints to supervisory authority
13.1 Any complaint about our Processing of your Personal data may be submitted to the Danish Data Protection Agency:
The Danish Data Protection Agency, Borgergade 28, 5th floor, 1300 Copenhagen K, Denmark, tel.: +45 3319 3200, email: firstname.lastname@example.org
14. Updating this Policy
14.1 The Company is required to comply with the fundamental principles of data protection and privacy law. Therefore, we will review this Policy on a regular basis to keep it up to date and ensure compliance with applicable principles and law. This Policy is subject to change without notice. Material changes will be announced on our website and an updated version of the Policy will be made available.
Any changes that may be implemented in this Policy in future will be announced on this webpage and may, also be notified to you by email.
This version of the Policy is effective 19/11/2018