Vi passer på dine personlige oplysninger
Gennemsigtighed er vigtigt for os
Det er vigtigt for os at beskytte dine personlige oplysninger og sikre en korrekt håndtering heraf. Her finder du information om, hvordan vi behandler dine personlige oplysninger i henhold til gældende lovgivning i Persondataforordningen (GDPR).
Læs mere nedenfor her.
HOW DO WE RECEIVE PERSONAL DATA?
When an entity (for example a customer or supplier) enters into a contract with us we receive certain types of personal data. In addition to this, further information, including personal data, is acquired upon use of our services and products. Below you will find information on how we, BrandFactory, use, store and process personal data and what rights the individual has.
Handling of personal data
The majority of the personal data that we collect consists of Customer- and/or Supplier information as well as User information. Please find a detailed description below.
Customer- and Supplier Information:
- In the event that the Customer or the Supplier is a legal entity, appointing a physical contact person, such contact person shall be considered a “Customer” or a “Supplier”. Customer- and Supplier Information means the name of the contact person, phone number and/or e-mail address. In addition to this, we process other information provided to us by the Customer or the Supplier. For example, if the Customer or the Supplier is a sole trader we may process the social security number as well.
- If the Customer has entered into an agreement concerning administration of web shops or similar services, then the term ”User” means a physical person who is employed by or is a consultant for the Customer or other physical users of the service.
- User information means data concerning the User provided by the Customer, for example User’s name, phone number and/or e-mail address.
Use of personal data
According to the General Data Protection Regulation, which enters into force on 25th of May 2018, personal data may only be collected for “specified, explicit and legitimate purposes”.
The personal data may only be processed in a manner compatible with these purposes.
In order to process personal data under the General Data Protection Regulation, we also need something called “legal basis” for processing, this means that legal support will be required.
Processing shall be lawful only if and to the extent that at least one of the following applies: (1) the processing is necessary for the performance of a contract with the Customer or the Supplier, (2) the processing is necessary for compliance with a legal obligation (for example the Bookkeeping Act), (3) the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interest of the data subject (balancing of interests), or (4) in specific cases, where the data subject has given consent to the processing.
We do need to process and handle certain personal data in order to provide our services and products.
Below you will find examples of the purposes for which we process personal data and with what legal basis we process such data. Certain processing requires consent. In such cases we will collect consent for that particular data processing prior to commencement. An example of such an event is e-mailing a newsletter to a User.
Provision of services
We process personal data, only to the extent necessary to identify the Customer as our customer, identify the User as the Customer’s user (when the customer has provided information about its Users), or to fulfil our contractual obligations with the Customer regarding delivery of services and products. For example, ensuring operations and support of our services. We may also process personal data in relation to administration, billing of the services, credit checking, handling support cases to the Customer or the User or assisting the Customer in matters of services or agreements as well as fulfilling our obligations under the agreement with the Customer.
Legal basis: Performance of contract
The above detailed processing is a prerequisite for providing our services. If such processing is barred, we cannot provide the services. However, the Customer’s payment obligations remain during the term of the agreement.
OTHER COMMUNICATIONS CONCERNING SERVICES
We process personal data when communicating with our customers, for example, to provide service information and updates to ensure the service works as well as possible. We may also process personal data when communicating with our customers when it comes to questions about our services. In addition to this, we may process personal data that we collect separately from the Customer, for example if the Customer chooses to respond to a survey that we have sent.
Legal basis: balancing of interests
Our legitimate interest for such processing is to keep the Customer informed about our services and their availability as well as educating our employees and improving our ways of working in order to offer good service. Examples of personal data used for these purposes include the name of the Customer, customer number, e-mail, phone number, the type of service and if the service is being used.
DEVELOPMENT OF SERVICES
In order to develop our business, services and products we may, from time to time, have to process personal data. For such purposes, we may compile statistics for analysis needs.
Legal basis: balancing of interests
Our legitimate interest for such processing is to optimize our services and products in order to provide the best services to our Customers over the longer term.
We process different types of data in order to market our products and services to the Customer. For these purposes, we may communicate with the Customer via letters, phone, e-mail and via our web. In addition to this, we may compile statistics for analysis needs.
Legal basis: balancing of interests
Our legitimate interest for such processing is to market our existing as well as our new services. For such purposes, we may process customer data, for example name, address, phone number, type of company and/or industry affiliation.
INFORMATION SECURITY AND PREVENTION OF MISUSE OF SERVICES
We process personal data in order to ensure safe use of our services and products and to detect or prevent different types of illegal use or use that in any way violates the terms of the services. We may also process such data to prevent misuse of the services as well as to detect and prevent fraud, virus attacks etc.
Legal basis: performance of a contract (Customer data)
The processing described above is a prerequisite for providing the services. If such processing is barred, we cannot provide the services. However, the Customer’s payment obligations remain during the term of the agreement.
We process personal data with the purpose to be compliant with legal obligations.
Legal basis: legal obligation
Example of processing for such purposes is storage of billing records and accounting information in order to comply with the Bookkeeping Act.
- Upon customer registration, we collect certain information provided by the customer. We also collect information when the Customer communicates with us, for example, to receive certain information or when the Customer decides to respond to a survey that we have sent or subscribe to our newsletter.
- We collect User data when the Customer contacts and provides us with information in order to facilitate for the Customer to identify who the user is in relation to billing management. We also collect User data when a Customer contacts us regarding a support matter and provides us with contact information in order for us to follow up on such support matter.
- We collect personal data generated when a Customer or User uses our services, for example the information needed in order to administrate orders or forward a message when sending an e-mail.
- We collect personal data from other sources such as private of public records, for example Bisnode.
We never store personal data longer than necessary. The personal data that we collect, generated upon usage of our services and products, is processed for different purposes and due to this, the personal data will be kept for a different amount of time. How long we store the data depends on the area of use and our obligations according to law.
- Unless we state otherwise, most Customer and User data (provided that nothing else has been required by or agreed with the Customer) is kept during the time the Customer is an active customer with us. When the agreement is terminated, the personal data is erased (or anonymised) after no more than 15 months, except if otherwise required by law (for example, according to the Bookkeeping Act).
- Credit information is erased no later than 3 months after collection.
- The personal data stored due to legal obligations shall be stored as long as the law requires us to.
Transfer of data
Due to certain circumstances, we may share personal data with others, this will be detailed below.
OTHER COMPANIES WITHIN THE GROUP
As some functions within the group are shared, certain information may be transferred to other companies within the group. Such companies may process personal data with the purpose to provide offers or other marketing regarding products and services that may be of interest for the Customer.
SUPPLIERS OR OTHER PROCESSORS PROCESSING PERSONAL DATA ON OUR BEHALF
We hire sub-contractors/suppliers for different services. For example, it may be suppliers of technical platforms (outsourcing), system vendors, assemblers, fitters, or companies that handle some of our mailings. We only provide personal data to sub-contractors if and to the extent that is absolutely necessary in each individual case. We always ensure that such sub-contractors comply with the General Data Protection Regulation.
Transfer to contractors in third countries.
Some of our contractors run part of their business in countries outside of the EU/EEA area (“third countries”). If we were to transfer personal data to sub-contractors/suppliers in such third country, we would implement appropriate security measures and ensure that transferred personal data will be processed in accordance with applicable data protection legislation. We shall ensure that the sub-contractor enters into an agreement with us where they undertake to comply with the provisions approved by the European commission regarding the protection of privacy.
We implement appropriate technical and organisational measures, which are compliant with industry standards and applicable data protection legislation, to ensure that all information that we process is protected from unauthorized access. Only a limited number of employees have access to the personal data and their management of the personal data is strictly regulated.
You, as a physical person, have the right to know what we do with your personal data, for example when, how and why your personal data is processed. In addition to this, in some cases, you are entitled to have access to your personal data and have it transferred, corrected, erased or blocked. Below you will find your rights detailed and how you can exercise them.
- Right to access - you have the right to access your personal data, which means that you are entitled to receive a confirmation whether personal data concerning you is actively being processed or not and in such case, have access to the personal data as well as further information about the processing. A request for such processing transcript shall be made in writing and signed by you. If, for some reason, we are unable to meet your request we must provide you with a valid reason. Requests shall be sent to the address detailed below, please mark the request with “Processing Transcript” (Swe. registerutdrag)
- Right to data portability - you are entitled to data portability, which means that you may, under certain circumstances, have the right to receive the personal data that you have provided us with, for the purpose of transferring such personal data to another controller.
- Right to rectification, erasure and restriction - you are entitled to correction, erasure and restriction of the processing of your personal data as well as the right to object to such processing. There may be exceptions, for example legal obligations to process.
- Right to file a complaint to an authority – you are entitled to file a complaint to your national supervisory authority (Integritetsskyddsmyndigheten, former Datainspektionen, in Sweden) if the processing of your personal data does not comply with the EU data protection regulation.
- Right to withdraw consent – if you have consented to a certain type of processing, you always have the right to withdraw your consent. The withdrawal of the consent shall not affect the lawfulness of the processing based on consent, prior to the withdrawal.
- Right to object to balancing of interests - when the processing is based on balancing of interests, you have the right, at any time, to object to such processing.
- Right to object to direct marketing - at any time, you have the right to object to processing of personal data in relation to you for direct marketing. Upon objection, the personal data shall not be processed for such purpose anymore.
If you, as a physical person, consider that we are in violation of applicable data protection legislation in processing your personal data you should report this to us as soon as possible. You can also contact the Supervisory Authority to file your complaint.
5 gode tips til en succesfuld messe
BlogMesser kan være en effektiv metode til at skaffe nye leads og skabe interesse for dit brand og dine produkter – hvis det altså gøres rigtigt. Sørg for at få mest muligt ud af det ved at følge disse fem gode råd.
Er din firmabil en del af din branding
BlogBilindpakning og dekorationer på køretøjer er en af de mest effektive metoder, når du vil øge kendskabet til dit brand – og så er det endda også en af de mest økonomiske. Vil du læse mere om alle fordelene?