Privacy policy

Introduction

KLEIN NORDIC must, pursuant to Article 13 of the Personal Data Regulation, draw up and adopt a policy for the processing of personal data.

Purpose

The purpose of this policy is, subject to the rules of the Personal Data Regulation, to establish the framework and requirements for the company's procedure for the collection and processing of personal data.

Data Protection Officer (DPO)

KLEIN NORDIC does not have a separate Data Protection Advisor function (Data Protection Officer), so contact with the company regarding personal data must be made to the company's management (info@kleinnordic.com).

Data controller

KLEIN NORDIC is the data controller for the processing of personal data in KLEIN NORDIC.

Data security

KLEIN NORDIC has outsourced its IT operations and, in this connection, has entered into both an outsourcing and a data processor agreement. In this context, it has been agreed that the data processor shall take all necessary measures in accordance with Article 32 of the Data Protection Regulation. It is clear that taking into account the current level, implementation costs and the nature, scope, coherence and purpose of the treatment in question, as well as the risks of varying probability and seriousness to the rights and freedoms of natural persons, appropriate technical and organizational measures must be taken to ensure a level of security. suitable for these risks. KLEIN NORDIC has in the company's IT security policy with accompanying appendices described the procedural and access restrictions that have been established to ensure access to the submitted personal data. A risk assessment has also been carried out in the group to ensure confidentiality, integrity and availability in relation to data. In addition, reference is made to the outsourcing and data processor agreement entered into.

Purpose of processing personal data

KLEIN NORDIC processes personal data for the purpose of fulfilment of contractual obligations towards employees, customers, and partners.

KLEIN NORDIC processes personal data:

  • Employment

  • Salaries

  • Contact with relevant personnel at customer or partners companies

What personal information does KLEIN NORDIC process

KLEIN NORDIC only processes the personal information that is relevant and necessary to safeguard the interests of the customer and the employee. Specifically, the following categories of personal data are processed:

  • General personal information: Name, CPR number, Contact information, Payment information

  • Sensitive personal information: E.g. Trade union relations and Health information when appropriate or necessary to support KLEIN NORDIC’’s employees, or customer or partner personnel’s needs.

Who shares KLEIN NORDIC personal information with (if any)

The employees KLEIN NORDIC have a duty of confidentiality i.a. in accordance with the rules of the Danish Financial Business Act and may not unjustifiably disclose or disclose personal data of which they have become aware in connection with their work. KLEIN NORDIC only discloses information to the extent that KLEIN NORDIC is entitled/obliged to do so in accordance with the law, when KLEIN NORDIC obtains consent to it, or it is legitimate in accordance with the balance of interests. Depending on the specific situation, KLEIN NORDIC may pass on personal information to, for example, the following:

  • Public authorities; for example, TAX

  • Police and courts

  • Data processors (subcontractors) who work according to KLEIN NORDIC instructions and with whom written agreements have been entered into

Recipients of personal data in third countries, including international organizations

KLEIN NORDIC as a data processor can in some situations transfer contact information to specific data processors outside the EU and the EEA, specifically in the USA or Ukraine. In all cases, the data processors concerned are subject to appropriate security measures that comply with the requirements of the EU Personal Data Regulation, respectively:

  • That the data processor in question is certified in accordance with the "Privacy Shield" (USA)

  • That the data processor in question has entered into a data processor agreement in accordance with the EU Commission's standard agreements (Ukraine)

How long does KLEIN NORDIC store personal information

KLEIN NORDIC stores personal information for at least as long as a customer relationship exists. After termination of the customer relationship, the personal information will be stored for another 36 months.

How KLEIN NORDIC collects personal information

KLEIN NORDIC first and foremost collects the information directly from the customer. But can also receive or retrieve information from third parties.

What rights does the customer have

The following states the customer's right of access, rectification, deletion, restriction, objection and data portability. If the customer wants to make use of his rights, KLEIN NORDIC must be contacted by the customer, cf. the contact details of data controllers:

  • Right to see his information (insight): Both current and former customers have quite a little insight into the information that KLEIN NORDIC processes about the customer. The rules are described in Article 15 of the Regulation.

  • Right to rectification (correction): The customer has the right to have incorrect information about himself corrected. The customer also has the right to have his information supplemented with additional information if this will make the personal information more complete and / or up to date. The rules are described in Article 16 of the Regulation.

  • Right to be forgotten: The customer has the right to have his personal information deleted if it is either in accordance with legislation or with regard to that KLEIN NORDIC must be able to assert a legal claim, it is no longer necessary for KLEIN NORDIC to store or process the customer's information. The rules are described in Article 17 of the Regulation.

  • Right to restrict processing: The customer has in certain cases the right to have the processing of his personal data restricted. If the customer has the right to have the processing restricted, KLEIN NORDIC may in the future only process the information - apart from storage - with the customer's consent, in order for legal claims to be established, asserted or defended, or to protect a person or important public interests. The rules are described in Article 18 of the Regulation.

  • Right of objection (to protest): The customer has in certain cases the right to object to KLEIN NORDIC otherwise lawful processing of personal data. The customer can also object to the processing of his information for direct marketing. The rules are described in Article 21 of the Regulation.

  • Right to data portability (to transmit information): The customer has in certain cases the right to receive his personal information in a structured, commonly used and machine-readable format and possibly. to transfer this information from one data controller to another without hindrance. The rules are described in Article 20 of the Regulation. The customer can read more about his rights in the Danish Data Protection Agency's guide on the data subjects' rights, which can be found at www.datatilsynet.dk.

Who can the customer complain to

The customer has the right to lodge a complaint with the Danish Data Protection Agency if the customer is dissatisfied with the way in which KLEIN NORDIC processes the personal data. The Danish Data Protection Agency's contact information can be found at www.datatilsynet.dk.

Compliance with personal data policy

To ensure compliance with the company's personal data policy, there are:

  • Quarterly review of outsourcing and data processor agreement to ensure that both data security and delivery are delivered in accordance with the agreement and the legislation in force in the area at any given time.

  • Annual review of data flow and processes secured by registering all data flows and processes in the software system, which annually requests a review.