Data controller. How we collect your data

Transcription

1 PRIVACY POLICY Version released Keeping your personal information safe is important to Shipley. Our privacy policy explains how we use your personal information. Data controller If you have any questions regarding the processing of your personal data or your rights, please contact: Shipley Nordic ApS CVR Exclusive owner of the following subsidiaries: Shipley Denmark ApS CVR Shipley Sweden AB Org.nr Shipley Estonia OÜ Register code: (hereinafter called Shipley or we ) registered at Toftebakken Birkerod, Denmark Contact person regarding personal data: Henning Simonsen Telephone: henning.simonsen@shipleynordic.com Shipley is the data controller of all personal information that is collected about you and ensures that your personal information is processed in accordance with the relevant applicable laws at any time. With the customer's consent, Shipley can also act as data processor for personal data that Shipley uses on behalf of the customer. When processing personal information, Shipley equally ensures that such is done in accordance with the relevant applicable laws at any time. How we collect your data Shipley uses personal information to give you as a customer - or potential customer - the best possible service and the best possible user experience. Shipley also uses personal information in connection with recruitment activities. Unless required to do so by national law or EU regulations, Shipley in its role as data controller does not use personal data covered by the following GDPR articles: 9 (sensitive personal data revealing racial or ethnic origin, etc.) 10 (personal data relating to criminal convictions and offence) 87 (national identification numbers such as CPR-numbers) Side 1

2 Thus, Shipley in its role as data controller uses only "common" personal data as defined in GDPR article 6. Shipley registers personal data with the aim to provide the service you as a customer have asked for, and to process invoices electronically. Examples: Answers to your inquiries about an offer for a product or services Improvements of our products and services Personalization of our communication and marketing with you Invoicing Internal administration of your relationship with us We collect personal data as follows: Information you provide to us, for example when contacting Shipley about consultancy services or registering for a training course, registering for our newsletter or asking for information about Shipley's courses Information we receive by you using our services, for example your searches on our web site Information we receive in connection with your job application and possible recruitment When placing an order with us, we will typically ask for the following information: Name Job title / function in your company Address (business address only) (business related only) Phone number (business related only) Payment information Evaluation of Shipley's services When registering for our newsletter and in connection with information about training courses, we will ask for some of the above information. When applying for a job or being recruited by Shipley, we will typically as for the following information: Full name Data of birth CPR-number (for taxation and pension purposes) Address (private address) (private ) Phone number (private number) Marital status Education Courses Job title / function of your current and previous employments Bank registration and account number References Side 2

3 How we use your data Shipley uses your data as described below. Data minimization We collect, use and store only those personal data that are necessary for the purposes for which they are processed. Other than that, applicable law may dictate which data are necessary to collect and store for our business operations. Updating of data As our services depend on accurate and updated information, we will ask you inform us, when the data we have on you are no longer accurate or need updating. If Shipley on its own finds that the information is incorrect, we will update it. Storage of data We store data only for as long as permitted by law and delete data when they are no longer necessary. The storage period depends on the type of information and the reason for storing the data. It is therefore not possible to give an overall general timeframe of when precisely each information is deleted. Example: 1. Material containing personal information - that we in our role as data controller use on behalf of our clients - is deleted at the latest 12 months after completion of the contract or final invoicing or completion of complain proceedings relating to the contract. 2. Information about participation in a training course, evaluation of the course and related personal data are deleted at the latest 60 months after the course. Participants have the option to allow Shipley to store such information for a longer period (for example, to participate in future courses, in connection with the planning of the course, etc.). 3. Customer data used exclusively in Shipley's CRM system - that are not used, for example, to send newsletters about training activities or training catalogues - are deleted at the latest 60 months after registration in the CRM system. Re. 1. and 2: If for business related purposes it is necessary to continue using these data, Shipley will, before expiry of the deadline for deletion, contact the registered customer to seek the customer's voluntary, specific, informed and explicit consent to continue using these data. Transfer of data Shipley use cookies relating to your use of our web site, for example, which pages you may look at, your geographic location, etc. are transferred to third parties to the extent these data are available. This information is used for targeted marketing. In addition to that, we use several third parties, so-called data processors, for storing and using data. These data processors use the data exclusively on our behalf and are not allowed to use them for their own purposes. In all instances where Shipley uses third parties, we have concluded a data processing agreement with the respective party, which ensures your rights the same way as if it were Shipley itself processing your data. We only use data processors in EU countries or countries, which protect your information adequately. Side 3

4 Security We have taken the necessary technical and administrative measures to ensure that your personal information is not accidentally or wilfully deleted, published, lost, corrupted, passed on to unauthorized parties, misused or in any other way used unlawfully. Your rights with respect to the personal data, we hold on you You have the right at any time to object to us registering your personal data. You also have the right to access the data, we have registered about you. Should you wish your data to be deleted, you need to be aware that some of the functionalities and other Shipley services may no longer work for you or may no longer be accessible to you. Inquiries about personal data issues should be directed to Shipley as noted under "Contact person regarding personal data". Your specific rights are the following: Right of access Within the restrictions of the law, you have the right, amongst others, to access your personal information, to have incorrect information rectified, to have the information restricted, the right to data portability and the right to object to the use of your personal information, including with respect to automated individual decisionmaking. Right to withdraw your consent Your consent to receive newsletters/information about our courses is voluntary, and you can at any time withdraw your consent by unsubscribing from our newsletter. Should you have additional questions or wish to withdraw other types of consent, please get in touch with the afore-mentioned "Contact person regarding personal data". Right to object You have the right to object to Shipley using your personal data on legitimate grounds, as noted above. Shipley will then no longer use your personal data unless Shipley demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Right to complain Should you disagree with Shipley's use of your data or your message concerning these data, you have the right to lodge a complaint with the national supervisory authority. The contact details are: Side 4

5 Datatilsynet DANMARK Borgergade 28, København K Tel dt@datatilsynet.dk ESTLAND Andmekaitse Inspektsioon Väike-Ameerika Tallinn Tel info@aki.ee SVERIGE Datainspektionen Drottninggatan 29, plan 5 Box Stockholm Tel datainspektionen@data inspektionen.se -o0o- Side 5