Personal Data Policy
Personal Data Policy
For Epoke A/S
relating to the processing of personal data
Personal Data Policy
This personal data policy explains how we use personal data that we have registered about customers, suppliers and others who use our website or who purchase our products or services. If you have any questions or comments about our personal data policy – or if you would like to contact us about any other matter – then please contact us by email, at gdpr@epoke.dk.
We collect personal data in several ways
We collect personal data about you when you:
- Use our website and apps
- Purchase our products
- Use our services
- Are in contact with our customer service
- Participate in campaigns, competitions or surveys
- Choose to provide us with your personal data
- Provide information to third parties whom we collaborate with
In the following text, you can learn why and for what purpose we do this.
We use personal data in several ways
Read on to learn about the following activities:
- We collect and use personal data for specific purposes
- We delete personal data when storing it is no longer necessary
- We check and update personal data on an ongoing basis
- In certain situations, we disclose personal data
We collect and use personal data for specific purposes
We collect and use personal data, the purpose of which can be divided into the following categories:
1) We must know certain personal data in order to supply our products. For example, a company name, company address, company telephone number and if required, mobile phone number and e-mail address, i.e. the necessary identification and contact information.
This naturally constitutes our legal basis for data processing. If we cannot process this personal data, we cannot supply our service.
Another data processing basis is for example, a consequence of legislation, which means that we must register and archive certain personal data to ensure that we comply with tax regulations and the Danish Accounting Act.
If we wish to use your personal data in any other way, we will inform you. We will inform you before we act and at the same time, we will inform you about the purpose of its use.
2) We store certain personal data so that we can pursue our interests in the future if there is a need for this. Our basis for processing is our ‘legitimate interests,’ as the term is understood in the applicable personal data legislation. Among other things, this means that on the basis of a specific assessment, we store data for a period of time. The period of time and the extent of the personal data processing is determined on the basis of the criteria that are stated in the section ‘We delete personal data when storing it is no longer necessary’.
We delete personal data when storing it is no longer necessary
We make a discretionary estimate to determine when we no longer need to use the personal data, and we delete the personal data if we no longer have a use for it in relation to the purpose for which it was collected.
We place importance on a number of things, including:
- Which service we have supplied, e.g. whether we have supplied a product or advice, as stated in the next section.
- How much time has passed since we had a relationship with you as an employee, customer, partner, etc.
- Whether there has been dialogue or correspondence since then.
- Whether we know that you contact us regularly to order new goods, since we want to provide you with the best possible service.
- Whether you have provided your consent for us to store personal data, among other things, for the purpose of marketing in the future.
- What responsibilities we take on in relation to you and what liabilities we risk in relation to the advice that we provide.
We must store some personal data for at least five years because of legislation, e.g. the Danish Accounting Act. For example, personal data is used to issue invoices, so we can calculate tax and VAT correctly and can document this to the authorities.
Since our services cover a product and advice, where we have responsibility to you or to others, we store some personal data for at least 10 years. This includes among other things, contact personal data/written correspondence.
We do this to pursue our economic interests and legal position, should someone claim that we have acted wrongfully. In such a case, we can document which personal data we have received, what agreement we entered into with the customer and what we did in relation to the customer, so that we can pursue our interests. We clean the documents of personal data that is not necessary for this purpose.
We do not sell, publish or disclose in any other way, personal data to others, unless:
- It is necessary for us to be able to carry out our service to you.
- It is necessary to ensure that we comply with legislation.
- You have provided your consent to do this.
- It is necessary to protect a partner or third party (there are strict regulations in the legislation for the disclosure of such personal data on this basis).
- It is part of our use of data processors, both inside and outside the EU.
Should it be necessary. We collaborate with trusted partners on the supply of our service to you, e.g. our own intercompanies/partners, subcontractors and data processors.
We disclose personal data to them so that we can generally provide our services to you.
If you have provided your consent. We disclose personal data to companies, organisations or individual people outside of our company and group, if you have provided your consent.
If it is required by law, or if it is to protect ourselves, a partner or third party.
The law allows that in certain situations we can disclose personal data without your consent. Sometimes we must do it. Sometimes we may do it.
To the extent that the legislation allows, we can disclose personal data for the purpose of protecting or enforcing our rights. The same applies to rights associated with our partners and third parties.
Your rights
You have the right to:
- Have incorrect personal data corrected
- Access your personal data and to have a copy supplied to you
- Have your personal data deleted
- Require limitation
- Object to processing
- Withdraw your consent
- Require information about disclosure to countries and organisations outside of the EU
- Avoid profiling
- Complain about our processing of your personal data
If you would like to learn more about your rights, please contact us by using the contact information below.
Complaints
If you believe that we fail to treat your inquiry or your rights in accordance with the law, then please contact us by e-mail, at gdrp@epoke.dk. A senior member of staff at Epoke will clear up any misunderstandings or mistaken perceptions.
If you still believe that we do not treat your inquiry or your rights in accordance with the law, then you may submit a complaint to the Danish Data Protection Agency:
The Danish Data Protection Agency
Borgergade 28
1300 Copenhagen K, Denmark
Tel. +45 33 19 32 00
How do we store personal data?
We are obligated to store personal data. We use relevant and responsible technical and organisational security measures to ensure that there is no unauthorised access to personal data that we store. The aim is to ensure that personal data is not used, destroyed, changed, made public or in any other way misused.
In this section, you will learn that:
- We have internal regulations about information security relating to personal data.
- We have implemented IT technical measures.
- User conduct is important in order to ensure that there is a sufficiently high level of security.
- We inform the affected individuals if a risk of a data breach has arisen or if a data breach has occurred.
We have internal regulations relating to information security, which contain guidelines and procedures.
Our regulations relating to information security also include that we train our employees in the correct processing of personal data on an ongoing basis, and we check that employees comply with the regulations. Among other things, this means that we have:
- Installed systems for processing personal data that are in accordance with the industry’s requirements and guidelines.
- Limited access to personal data to only those employees who need to have access and only to the extent necessary.
- Entered into agreements with suppliers who process personal data on our behalf in order to ensure that the processing is executed in accordance with the legislation and our own regulations.
- Carried out risk assessments and documented all of the IT systems that process personal data. We do this to ensure that we have an informed basis for the level of security for the processing personal data.
Risk and exemption of liability
It is the responsibility of the individual to take good care of their own personal data, just as our company must take human involvement into consideration.
Even though we have carried out the above-named initiatives to limit risk with the processing of personal data, we cannot provide 100% security against unintentional incidents.
We disclaim liability for any losses resulting from unintentional incidents relating to our use or processing of personal data to the extent that we may do this in pursuance of applicable legislation.
In addition, we cannot be held liable for losses of any kind resulting from the use of our company, products, services, website, systems, apps or other software to the extent that we may do this in pursuance of applicable legislation.
Contact information
Epoke A/S is the data controller and ensures that personal data is processed in accordance with the legislation:
Epoke A/S
Address: Vejenvej 50, 6600 Vejen
Central Business Register (CVR) no: 14125345
Tel.: +45 7696 2200
E-mail: gdpr@epoke.dk
Website: www.epoke.dk