(external personal data policy)
for Done by Deer A/S concerning the processing of personal data
It is important for us to protect and respect your privacy when you have chosen to use Done by Deer A/S as a business partner, have visited our website or otherwise have been in contact with us.
It is therefore important that we process your personal data securely and appropriately so that you can feel confident in the cooperation with us.
We have high ethical standards and have established strict internal procedures to ensure that we process your data in the best possible way.
Personal data can be many things.
It can be a name, an address and a telephone number. It can also be a picture or an IP address.
Personal data are all types of information that can be used to identify a person. Therefore, it is not the individual piece of information which determines if something can be called personal data.
We collect personal data about you in the following ways:
Below is stated why we do what and on which basis
The purpose of collecting and using your personal data can be divided into the following categories:
We delete your personal data when we no longer need it - according to the purpose for which we collected it. We attach importance to:
We must store some personal data for at least five years for the purpose of legislation, i.e. the Danish Bookkeeping Act. This could be personal data for issuing invoices so that we can settle tax and VAT correctly and provide documentation to the authorities.
We do so to safeguard our financial interests and legal position if someone would think that we have acted actionably. In such case we must be able to document what personal data we have received; which agreement was concluded with the customer and what we have done in relation to the customer so that we can safeguard our interests. We 'clean' the documents of the personal data which are not necessary for that purpose.
We check on an ongoing basis that the personal data we process about you are not incorrect or misleading.
We do that by regularly asking you to confirm the personal data we have registered. You can, and we encourage you to, always use the contact information at the bottom to notify us of your changes, so that we consistently have the correct data about you.
We do not sell, publish or otherwise disclose your personal data to others, unless:
• it is necessary for us to sell our products or perform our service to you, or
• it is necessary for us to comply with the law, or
• you have given us your consent, or
• it is as part of our use of processors, both inside and outside the EU
If it is necessary
We cooperate with selected and trusted partners to deliver our products and services to you, i.e. our own companies in the group, partners, sub-suppliers and processors.
We disclose the necessary personal data to them so that in overall terms we can provide our ser-vices to you.
This could be the delivery of products to your address, purchase of products or outsourcing of our IT systems. It may also be the Central Office of Civil Registration so that we can update any changes to names or addresses in databases about our customers.
If you have given your consent
We disclose personal data to businesses, organisations or individuals outside our business and group if we have your consent.
Your consent and thus the disclosure to our partners mean that our partners may contact you for the purpose of sales and marketing.
You can always object to this form of disclosure, and you can also opt out of contacts for marketing purposes in the Central Office of Civil Registration.
If required by law, or in order to protect ourselves, a partner or a third party
In certain cases, the law allows us to disclose your personal data without your consent. Sometimes we must do it. Sometimes we can do it.
To the extent permitted by law, we can disclose personal data for either protecting or enforcing our rights. The same applies to rights belonging to our partners and third parties.
Examples where it can be relevant include the prevention of fraud or other criminal acts.
Our use of processors, both within and outside the EU
We obtain your consent before we dis-close your personal data to partners in third countries unless the said partners serve as our proces-sors. A third country can be e.g. certain countries in Africa. The US is not a third country due to what is known as the Privacy-Shield agreement between the US and the EU if the company in the US has acceded to the Privacy-Shield agreement.
If we disclose your personal data to third countries, we have ensured that their level of protection of personal data matches the requirements made by us in this policy and the requirements we are subject to in relation to the law.
In this section, you can read that you have a number of rights in connection with our processing of your personal data, among other things that you have:
If you want to know more, or exercise your rights, we ask you to contact us via the contact info at the bottom.
The right to have incorrect personal data rectified
We check that the personal data we process about you are not incorrect or misleading. We do that by regularly asking you to confirm the personal data we have registered.
You have the right to have rectified (corrected) your personal data which we hold.
The right to access your personal data and receive a copy
You always have the right to access the personal data we have registered about you and receive a copy of the personal data.
You can also be informed of the purposes of the processing, for how long we keep your personal data, if we make automated decisions (including profiling), to whom we disclose the personal data and from where we have the personal data. However, this does not apply if you are already aware of the personal data.
We point out that the right to access may be limited by regard for the protection of the personal data of other persons and our trade secrets.
The right to have your personal data erased
You always have the right to require that your personal data kept by us be erased. If we no longer have a purpose for keeping the personal data, we will erase them as soon as possible after your request.
The right to request limitation of the processing
You are always entitled to request us to limit the processing of your personal data.
The right to object to processing
You are always entitled to object to our processing of your personal data. This covers the right to object to our use of the personal data for marketing purposes. We will consider your objection, as soon as possible.
The right to withdraw consent
You can always withdraw the consent(s) that you have given us.
The right to request information about transfer to countries and organisations outside the EU
Currently, we do not transfer personal data to a country outside the EU.
The right to avoid profiling and that we make automated decisions
You always have the right to avoid that we make profiles of you and your personal data or make automated decisions.
We make every effort to ensure that your personal data are processed safely and that your rights are protected optimally, and we regularly review our procedures and the handling of personal data.
If, against expectation, you think that we do not process your inquiry and your rights in compliance with the law, we ask you to contact us, either by e-mail with the text 'complaint' in the subject field. You can write to us at firstname.lastname@example.org.
We will then pass on your inquiry to a senior employee in our company, so that any misunderstandings and misconceptions can be clarified.
If you still think that we do not process your inquiry and your rights in compliance with the law, you can complain to the Danish Data Protection Agency:
Datatilsynet (the Danish Data Protection Agency)
DK-1300 Copenhagen K
Telephone: + 45 33 19 32 00
Even though we are indeed very fond of children at Done by Deer A/S, our business is aimed at businesses and adults. We do not intentionally collect personal data from and about children.
We realise that e.g. children’s use of electronic devices can never mean with 100% certainty that we do not receive personal data about children.
We have attempted to design our systems in the best possible way, so that we cannot receive personal data from children, and we erase the personal data immediately if we become aware that we have unintentionally received personal data about children.
If you are a parent or guardian and believe that your child has given personal data to us intentionally or unintentionally, we ask you to contact us as soon as possible via our contact person data at the bottom.
We are obliged to protect your personal data. Both because it follows from legislation, but also because our own internal ethical rules require us to take proper care of your personal data.
We use relevant and adequate technical and organisational security measures to ensure that no unauthorised access is created for the personal data which we keep. The purpose is to ensure that the personal data is not used, destroyed, changed, published or is otherwise misused.
In this section you can read that
We have internal rules on data security that contain guidelines and procedures
That includes that personal data is only accessible to employees who need it.
We also ensure ongoing information and training of our employees in relation to correct handling of personal data and make sure that the employees adhere to the rules.
All our employees are covered by a general duty of non-disclosure, that extends to personal data, in our contracts of employment.
In terms of IT, we have implemented the following measures:
The greatest risk of misuse of personal data is people's own conduct.
It is up to the individual person to take proper care of its own personal data (e.g. never disclose passwords to others), and it is up to our company to take into account human intervention.
Although we have taken the above measures to limit risks of processing personal data, it cannot be a 100% guarantee that unintended events do not occur.
Therefore, we disclaim liability for any loss resulting from unintended events relating to our use and processing of your personal data to the extent we can do so under current legislation.
Thus, we will not accept liability for losses of any kind that occur in relation to the use of our business, our products and services, our website, systems, apps and other software to the extent that we can do so under current legislation.
We recommend that you also initiate measures to protect your personal data.
You can do that by closing your browser after use, by logging out of all accounts after use, by installing anti-virus and anti-malware and other software that may improve the security on your computer.
We recommend that you update software, the apps you use, your computer and mobile devices on an ongoing basis and never disclose your password to others.
As mentioned, we have taken many measures to ensure the processing of your personal data.
Should our IT systems and other security measures nevertheless be compromised, we will inform you without undue delay if the compromising entails a high risk relating to your rights and freedoms.
On our website and in other communication from us, there may be links to the websites of other businesses that do not belong to our company.
We are not responsible for the contents of these websites, and our personal data policy does not apply to the websites of these businesses.
Our company is the controller and ensures that your personal data are processed in compliance with the law:
Done by deer A/S
CVR no. 36 45 63 29
Telephone number: +45 4422 6603