We take data protection seriously
To protect your data in the best way possible, we continuously assess the level of risk involved in our data processing and how it may adversely affect your basic rights. We are especially aware of the risk of your being exposed to discrimination or ID theft or suffer financial loss, loss of reputation or data confidentiality.
In the event that the decisions we need to make depend on our being able to process sensitive personal data, biometric information or information about your criminal record, we analyze the consequences of the data processing in order to protect your privacy. This analysis is completed before we commence the processing of your personal data.
CORNATOR A/S is the data controller and we ensure that your personal data are processed in compliance with legislation.
Toldboden 1, 8800 Viborg
Phone: +45 7020 7970
We ensure fair and transparent data processing
When we ask you to make your personal data available to us, we inform you of the data we process about you and the purpose of our processing. You receive information about this on the date on which your personal data are collected.
If we collect data about you from others, e.g. a supplier, government body or partner, we inform you of this within ten (10)days of having collected your personal data. We also inform you of the purpose of the collection and the legal framework that permits us to collect your personal data.
Processing of personal data
We use this type of data about you
We use data about you to improve our service and ensure quality in our products and services as well as in our communication with you.
The data we use include:
Standard personal data
In some cases, we may need to combine your data with data we receive from other operators, e.g. from social media. If the combination may reveal your identity and information of a personal or sensitive nature, we obtain your consent for our processing.
Before we collate data, we assess whether there is a risk that our processing will have an adverse effect on your privacy. If this is the case, we inform you of our processing and its purpose and ask for your consent to continue processing the data.
You are entitled to object to this form of data processing and are entitled to restrict processing if you believe that the data we collate about you are inaccurate.
We collect and store your personal data for specific purposes
We collect and store your data for specific purposes and other lawful commercial purposes. This takes place when we need:
- To process your purchases and deliver our services
We only process relevant personal data
We only process data about you that are relevant and adequate for the purposes defined above. The purpose is vital in determining the types of data that are relevant to us. The same applies to the scope of the personal data we use. We do not e.g. use more data than what is required for the specific purpose.
Before we process your personal data, we check whether it is possible for us to minimize the volume of data about you. We also check whether some of the types of data we use can be applied in an anonymized or pseudonymized form. This is possible if it does not impact adversely on our obligations or the services we offer you.
We only process necessary personal data
We only collect, process and store the personal data required in order to fulfil our set objectives. Legislation may also dictate the type of data we need to collect and store in our commercial operations. The type and scope of the personal data we process may also be necessary in order to fulfil a contract or other legal obligation.
We want to ensure that we only process personal data that are required for each of our specific purposes. That is why our IT systems are programmed only to collect the data volume required. It is also ensured automatically that the scope of the processing is not unnecessarily wide and that the storage period is not excessively long.
In order to protect you against unauthorized persons gaining access to your personal data, we also use solutions that automatically ensure that data are only accessible to relevant employees. Our IT systems also protect against an unlimited number of people being given access to data.
We check and update your personal data
We check that the personal data we process about you are not incorrect or misleading. We also ensure that we update your personal data continuously.
As our service depends on your data being correct and up to date, we ask you to inform us of any changes to your data. Please use the contact details above to notify us of changes to your data.
In order to ensure the quality of your data, we have adopted internal rules and defined procedures for checking and updating your personal data.
We delete your personal data when they are no longer required
We delete your personal data when they are no longer required for the purpose for which we collected, processed and stored your data.
We obtain your consent before processing your personal data
We obtain your consent before processing your personal data for the purposes described above unless we have a legal right to collect them. We inform you of such rights and about our legitimate interest in processing your personal data.
Your consent is voluntary and you are entitled at any time to withdraw your consent by contacting us. Please use the contact details above if you require further information.
If we wish to use your personal data for any other purpose than the original purpose, we will inform you of the new purpose and ask for your consent prior to commencing data processing. If we have any other legal basis for the new processing, we will inform you of this.
We do not disclose your personal data without your consent
If we disclose your personal data to partners and operators, e.g. for use in marketing, we obtain your consent and inform you of the purpose for which your data is to be used. You are entitled at any time to object to this form of disclosure and you are also entitled to opt out of contact for advertising purposes in the Danish CPR register.
We do not obtain your consent if we are legally obliged to disclose your personal data, e.g. as part of our reporting to a government body.
We obtain your consent prior to disclosing your personal data to partners in third countries. If we disclose your personal data to partners in third countries, we ensure that their level of data protection complies with the requirements set out in this policy pursuant to applicable legislation. We make requirements of the processing of data and of the fulfilment of the rights you have e.g. to object to profiling and to complain to the Danish Data Protection Agency.
We protect your personal data and apply internal data security rules
We have adopted internal data security rules which contain instructions and measures that protect your personal data against destruction, loss and change, against unauthorized publication and against unauthorized third parties gaining access to or knowledge of your data.
We have defined procedures for the allocation of access rights to those employees who process sensitive personal data and data that reveal information about personal interests and habits. We check access through logging and supervision. To avoid data loss, we continuously back up our data sets. We protect the confidentiality and authenticity of your data by using encryption.
In the event of security breaches that result in a high risk of discrimination, ID theft, financial loss, loss of reputation or other significant inconvenience, we will inform you of the security breach as soon as possible.
You are entitled to access to your personal data
You are entitled at any time to be informed about the data that we process about you, their origin and the purpose for which we use them. You are also entitled to know how long we store your personal data and who receives data about you to the extent to which we disclose data in Denmark and abroad.
If you request it, we can also inform you of the data we process about you. Access may, however, be restricted in order to protect the privacy of others, commercial secrets and intellectual property rights.
You may exercise your rights by contacting us. Our contact details can be found above.
You are entitled to have inaccurate personal data rectified or erased.
If you believe that the personal data we process about you are inaccurate, you are entitled to have them rectified. You need to contact us and state the nature of the inaccuracies and how they can be rectified.
In some cases, we will be under obligation to erase your personal data. This applies if e.g. you withdraw your consent. If you believe that your data are no longer required for the purpose for which we collected them, you may ask to have them erased. You may also contact us if you believe that your personal data are being processed in contravention of the law or other legal obligations.
When you contact us with a request to have your personal data rectified or erased, we check whether conditions have been met and, if so, implement rectification or erasure as soon as possible.
You are entitled to object to our processing of your personal data.
You are entitled to object to our processing of your personal data. You are also entitled to object to our disclosure of your data for marketing purposes. You may use the contact information at the top to send us an objection. If your objection is found to be justified, we will ensure that we stop processing your personal data.
You are entitled to receive the personal data you have made available to us as well as the data we have collected about you from other operators on the basis of your consent. If we process data about you as part of a contract to which you are party, you can also be sent your data. You are also entitled to transfer your personal data to another service provider.
If you wish to exercise your right to data portability, you will receive your personal data from us in a standard format.
If you wish to gain access to your data, have them rectified or erased or object to our data processing, we will check whether this is possible and respond to your enquiry as quickly as possible and within a month of our receiving your enquiry.
You may complain to the Danish Datatilsynet –www.datatilsynet.dk – if
- you do not get the information you are entitled to according to the rules of insight
- improper information about you are placed on the internet
- information about you improperly have been disclosed