- INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA
Your data security is important to us, and we therefore take great care to ensure that your personal data is handled responsibly. Below you can read how Cepheo Danmark A/S (hereinafter ”Cepheo”, "we", "us " or "our ") process personal data about you when we act as data controller. You can also read about your rights in relation to our processing.
- CEPHEO’S ROLE AS DATA CONTROLLER
In connection with the operation of our business, we process certain personal data. We do this in order to serve you in the best possible way. We mainly collect and process general (non-sensitive) personal data.
If you have any questions regarding our processing of your personal data, please contact Cepheo here:
Cepheo Danmark A/S
Reg. no.: 438 024 53
Paulas Passage 1
1799 København V
Name: Ross Thorpe
Phone: +45 2310 4547
- WHAT PERSONAL DATA DO WE COLLECT AND WHY?
Personal data covers any information that can be used to identify an individual, including, but not limited to, his or her first and last name, age, gender, home or other physical address, mobile number, email address or other contact information, whether relating to his or her private residence or place of work.
We use personal data about you to improve our service and to ensure the quality of our products and services and our contact with you.
We process personal data about you in a number of different situations. Read more about our processing in the different situations below.
3.1 Visitors to Cepheo’s website and users of Cepheo’s online services
When you visit Cepheo’s website (e.g. cepheo.dk) or use our other online services (on, for example LinkedIn) Cepheo may process information about your IP address as well as information about your computer, device and browser.
We also process personal data that you provide to us in connection with your use of the website or our online services, for example, when you use our online chat and when you use our online contact form, including your name, address, telephone number, email address and any other information you provide to us.
We use your personal data so that we can make relevant products, supplies, benefits and services ("Services") available to you and to improve your experience of our websites and online services and the Services we offer. We also use personal data to show you content on our and other sites based on your activities and preferences, and to limit the number of times you see the same content.
The legal basis for processing is our legitimate interests in making our website (and online services) available to you (Article 6(1)(f) of the General Data Protection Regulation) or your consent (Article 6(1)(a) of the General Data Protection Regulation and Section 3 of the Danish Executive Order on Cookies).
Information collected on the website is stored as far as it is necessary in relation to the fulfilment of the purpose. The personal data may be stored for a longer period if necessary for the establishment, exercise or defence of a legal claim. You can read more about our storage of cookies below.
The personal data collected includes user behaviour, browser type, device category, information about your preferred settings and IP address.
Other examples of personal data collected and analysed:
- date and time of visit
- which pages are visited on the website
- information on the browser and operating system used
Before we set cookies, you will be informed about the use and purpose of collecting the personal information. Before setting other than necessary cookies on your IT-equipment, we obtain your consent. Cookies necessary to ensure the functionality and settings of the website is used without your consent.
If you consent to cookies for marketing purposes, you also consent to Cepheo using various social media plugins (e.g. LinkedIn). Cepheo and the social media provider are joint data controllers for the processing of your data in relation to the social media.
Processing for marketing and statistical purposes takes place on the basis of your consent in accordance with Article 6(1)(a) of Data Protection Regulation and Section 3 of the Danish Executive Order on Cookies. You can change or withdraw your consent from the Cookie Declaration on our website at any time by clicking on the Cookiebot icon on the website.
Processing for other purposes, such as improving functionality, statistics, and analysis of website visits etc., is carried out on the basis of our legitimate interests under Article 6(1)(f) of the General Data Protection Regulation. The legitimate interests of Cepheo are to develop, optimise and maintain the website so that it functions optimally.
Some cookies are set by third parties, which are detailed in our Cookie Declaration. You can re-find the Cookie Statement by clicking on the icon in the bottom left corner on our website.
3.3 Customers of Cepheo
When you are a customer of Cepheo, Cepheo processes personal data about your name, your address, email address, your purchases, payment information, information from publicly available sources, and other information that you provide to us.
We process the personal data for the purpose of fulfilling the agreement with our customers, for the purpose of providing the Services, managing customer relationships, invoicing, keeping statistics and performing quality management as well as for maintaining our customer records and providing general service, marketing and sales to our customers.
The legal basis for processing is the agreement with you (Article 6(1)(b) of the General Data Protection Regulation) or our legitimate interests in managing your information as a customer with us (Article 6(1)(f) of the General Data Protection Regulation).
Personal data about our customers is stored for as long as the customer relationship exists. After the end of the customer relationship, the personal data is stored in accordance with the Danish Bookkeeping Act for a subsequent period of 5 years from the end of the financial year to which the accounting material relates.
If you have purchased a product from Cepheo which includes a guarantee, Cepheo will retain relevant personal data about you for this guarantee period in order to honour the guarantee.
3.4 Customer service
When you contact our customer service via e-mail, chat or telephone, etc., we record the personal in-formation that you give us.
The purpose of Cepheo’s use of the personal data is to service and assist you with your queries and to pro-cess your request to exercise your rights.
The legal basis for our processing is our legitimate interests under Article 6(1)(f) of the Data Protection Regulation. The legitimate interests we pursue are handling your enquiry, follow-up and general customer service.
3.5 Business partners and/or suppliers to Cepheo
When you are a business partner or supplier to Cepheo or are a contact person of a business partner/supplier, we process personal data about your name, company name, work telephone number, email address as well as publicly available information and other information you provide to us.
We process personal data for the purpose of contract management, receiving goods and services from our suppliers and business partners, and where appropriate to fulfil agreements with our customers.
The legal basis for processing is the agreement with you (Article 6(1)(b) of the General Data Protection Regulation) or our legitimate interests in managing the relationship with you/the company you represent as a business partner/supplier (Article 6(1)(f) of the General Data Protection Regulation).
Personal data about our business partners and/or suppliers is stored for as long as the cooperation continues. After the end of the cooperation, the personal data are stored in accordance with the Danish Bookkeeping Act for a subsequent period of 5 years from the end of the financial year to which the ac-counting data relate.
3.6 Marketing recipients
When you receive marketing communications, including newsletters from Cepheo, we process personal data about name, address, telephone number, email address, and product interest. We also process information about your marketing or communication preferences, your use of the marketing we send to you (including, for example, whether you have opened an email from us, whether the email has been read and which links you have opened), and any other information you provide to us.
We process your personal data for the purpose of marketing our company and Services, and for setting up and managing your marketing subscription. We use the personal data about your preferences and usage to understand the way customers receive our marketing messages and to improve our marketing to you and other customers going forward.
We will only send you marketing material by email, text messages or other electronic means once we have obtained your consent where this is required under the Danish Marketing Practices Act.
We also use personal data about you to show you content on our and other sites based on your activities and preferences, and to limit the number of times you see the same content, as well as to measure the effectiveness of our content and marketing. For this purpose, we may upload your email address to advertising tools with for instance Google or Facebook for the purpose of sending targeted marketing messages.
The legal basis for processing is our legitimate interests in complying with your wish to receive marketing communications from us to which you have consented under the Danish Marketing Practices Act (Article 6(1)(f) of the General Data Protection Regulation).
We store personal data about recipients of marketing communications for as long as contact is ongoing and the registered has not withdrawn their consent. If the registered withdraws their consent, documentation regarding the original consent for is stored for 2 years after the date of withdrawal in accordance with the guidelines of the Danish Consumer Ombudsman.
3.7 Participants in competitions
When you participate in competitions, we process personal data about name, address, telephone number, email address and response to the competition in question.
We process your personal data for the purposes of managing competitions, drawing winners, etc.
The legal basis for processing is our legitimate interests in running the competition and contacting the winner (Article 6(1)(f) of the General Data Protection Regulation).
When you participate in a competition with us but are not drawn as a winner, your personal data in rela-tion to the competition will be deleted immediately after the winner is drawn.
If you are a winner of the competition, your personal data will be stored for up to 2 years after the prize has been awarded. To the extent that personal data are involved in transactions, the personal data will be retained in accordance with the Danish Bookkeeping Act for a subsequent period of 5 years from the end of the financial year to which the accounting records relate.
3.8 Visitors to Cepheo’s office (s)
When you visit one of Cepheo’s offices, we process personal data about your name, company name, and any other information you choose to provide to us.
We process this personal data for security reasons. The legal basis for processing is our legitimate interests in preventing crime (Article 6(1)(f) of the General Data Protection Regulation).
We keep our visitor records at the reception desk for up to 30 days after the visit has taken place. Our visitor records are stored securely and are only reviewed if there is a specific need to do so, for example in the event of a security breach. These records are reviewed only by persons who have a work-related need to do so.
3.9 Participants in Cepheo’s events
When you register and participate in events organised by Cepheo, we process personal data about your name, address, telephone number, and email address, the event being attended.
We process this personal data for the purpose of managing the event and for security reasons, as well as to be able to send you relevant material.
The legal basis for processing is our legitimate interests in holding events (Article 6(1)(f) of the General Data Protection Regulation) or your consent (Article 6(1)(a) of the General Data Protection Regulation and Section 10 of the Danish Marketing Practices Act).
We store personal data of participants in events for the duration of the event and up to 6 months after the event has ended.
- DISCLOSURE OF YOUR PERSONAL DATA TO OTHERS
Cepheo may disclose your personal data to other suppliers and/or service providers in the ordinary course of our business as well as to our group affiliates.
Cepheo may also disclose your personal data to a public authority in situations where we are specifically obliged to disclose your personal data pursuant to legislation and notification obligations to which we are subject.
It may for example be necessary to disclose personal data to the following recipients:
If it is necessary, information may for example be shared with the police, other public authorities, Cepheo’s legal advisors or data processors.
We try to limit the disclosure of personally identifiable information and thus the disclosure of information that can be attributed to you personally.
Cepheo also discloses your personal data to data processors. Our data processors only process your personal data for our purposes and under our instructions.
- TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE EU/EEA
In connection with our processing of your personal data, we may transfer such information to countries outside the EU/EEA (third countries).
Your personal data may be transferred to countries where the European Commission has determined that the level of data protection is equivalent to that in the EU/EEA (secure third countries).
We may also transfer your personal data to unsecure third countries. The transfer of your personal data to unsecure third countries will be based on the Standard Contractual Clauses (SCC) drawn up by the European Commission, which have been specifically designed to ensure an adequate level of protection. We assess the adequacy of the transfer basis and adopt additional measures if necessary to ensure an adequate level of protection for the transfer.
You can read more about the transfer of personal data to countries outside the EU/EEA on the European Commission's website.
If you would like further information about our transfer of personal data to countries outside the EU/EEA, please contact us.
- STORAGE, DATA INTEGRITY AND SECURITY
When your personal data is no longer needed, we will ensure that it is deleted in a secure manner.
It is our policy to protect personal data by taking adequate technical and organisational security measures.
We have implemented security measures to ensure data protection for all personal data that we process. We conduct regular internal follow-ups on the adequacy of and compliance with policies and measures.
- YOUR RIGHTS
As a data subject, you have certain rights under the General Data Protection Regulation. If you want to exercise your rights, please contact us. You can read more about your rights on the website of the Danish Data Protection Agency www.datatilsynet.dk.
You can also – unconditionally and at any time – object to our processing when it is based on our legitimate interests. If you want to exercise your rights, please contact us using our contact details above.
Your rights also include the following:
- Right of information and access: You have the right to receive information regarding if personal data about you is being processed and in such case, you have the right to access the personal data we process about you.
- Right to rectification: You have the right to obtain rectification of any inaccurate and incomplete personal data about you.
- Right to erasure (right to be forgotten): In some cases, you have the right to obtain erasure of information about you before the time when we would normally delete your data. This is in case in the following situations: i) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed, ii) you have withdrawn your consent on which the processing is based and there is no other legal ground for the processing, iii) you have objected to the processing and there are no overriding legitimate grounds for the processing, iv) you have objected to the processing of your data for direct marketing purposes, v) the data has been processed unlawfully.
- Right to restriction of processing: In certain situations, you have the right to obtain restriction of the processing of your personal data. This is the case e.g. where you have contested the accuracy of the personal data and you have demanded correction. When the matter is being investigated you can also demand restriction of the personal data. If you have the right to restrict the processing of your personal data, we may only process personal data in the future – apart from storage – with your consent, or for the establishment, exercise or defence of legal claims, or to protect an individual or important public interests.
- Right to object: In certain situations, where we process your personal data on the legal basis legitimate interest, you have the right to object to our processing of your personal data, and always if the processing is for direct marketing purposes. If we cannot prove that our interest weighs heavier than your interest of having your personal data protected, we will stop our processing of your personal data.
- Right to data portability: In certain situations, where you have provided your consent to the processing of personal data or if we process your personal data based on the legal basis fulfilment of contract, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have such personal data transferred from one data controller to another if possible from a technical point of view.
- Right to lodge a complaint: You can lodge a complaint at any time with the Danish Data Protection Agency about our processing of personal data. See more at datatilsynet.dk where you can also find further information on your rights as a data subject.
This policy is valid from 1. April, 2023.