As a data controller company, we attach great importance to data protection. We take care of the personal information we manage and ensure that we live up to data protection legislation.
We provide the persons we process data about ("the data subjects") information about our data processing and the rights of a data subject.
Contact regarding data protection
You are always welcome to contact our HR department with any queries you may have regarding the processing of your data.
You can contact our legal department as follows:
Please bear in mind that regular e-mail is not a secure form of communication. Do not write anything in your e-mail, which is private or sensitive, or which you otherwise believe should be protected.
Our processing of personal data:
Categories of personal data
The data we process about you may include:
- ▪ General personal data, such as
- ▪ identification data, such as address, telephone number and e-mail
- ▪ data that is included in our correspondence with you
Purpose and legal basis
Our data processing has the following purpose:
- ▪ Administration of customer relationships, maintenance and development of customer relationships and continuous trade
- ▪ Statistical purposes: We perform trade and reporting analyses on the general customer data we collect
The legal basis for our processing of personal data is:
- ▪ The legal basis for our collection and registration of the additional personal data is section 6(1) of the data protection law, cf. Article 6(1)(f) of the Data Protection Regulation concerning processing that is necessary for a legitimate interest not exceeding the interests of the data subjects. The legitimate interest that justifies the processing is the need to promote Skamol's business and offer customers the best service and good offers.
- ▪ Information about you will only be disclosed in compliance with the processing rules of data protection legislation and other Danish legislation. In each case, we will assess whether the disclosure requires your express consent or whether the disclosure may be carried out on another legal basis.
- ▪ In the event that we disclose general customer data to other companies in Skamol's name for marketing purposes, we will comply with the legal requirements for the specific procedures to be followed, including the possibility for you to raise objections. Our disclosure will made in accordance with the provisions in Article 6(1)(f) of the Data Protection Regulation concerning processing that is necessary for a legitimate interest not exceeding the interests of the data subjects. The legitimate interest that justifies the processing is the need to promote Skamol's business and offer our customers the best service and good offers.
- ▪ Statistic. The legal basis for data processing operations solely for statistical and scientific purposes is section 6(1) of the data protection law, cf. Article 6(1)(e) of the Data Protection Regulation concerning processing that is necessary for the performance of a task in the public interest. Only data required for the study is used and the data is used exclusively for statistical purposes.
Categories of recipients
We disclose or transfer personal data to the following categories of recipients:
- ▪ Other companies in the Skamol group as part of our marketing efforts in compliance with applicable rules thereof
- ▪ Our data processors on the basis of data processing agreements
Your data will be erased when it is no longer required.
In general, Skamol follows the retention period applicable under the Danish Bookkeeping Act. In order to ensure the correct processing of recurring customer relationships, potential complaint cases and liabilities under guarantees, as well as fulfil our obligations, we have estimated that it is necessary to retain data for up to five years after the current business relationship has ended.
You have a number of rights in relation to our processing of data about you under existing laws.
You can exercise your personal data rights by contacting us. You can find our contact information at the top of this policy.
Once you have requested to have access to your personal data, to have it rectified or erased or have raised an objection to our data processing, we will investigate the possibility of accommodating your request. We will reply to your request as soon as possible and no later than one month after we have received it.
- ▪ Right to view data (right of access):
You have the right to access the data we process about you, as well as a number of additional data.
- ▪ Correction of data (right of rectification):
You have the right to have the personal data we collect about you corrected if you believe that it is inaccurate. You can do this by contacting us and telling us where the inaccuracies are and how they can be corrected. We will assess whether or not we believe your request is justified in all cases. When you contact us with a request regarding the correction or erasure of your personal data, we will investigate whether or not the conditions are met and if so, implement the changes or deletions as soon as possible.
- ▪ Right to erasure:
Personal data will generally be erased when it is no longer required. In some specific cases, you have the right to have specific data about you erased prior to our normal date for erasure. This applies, e.g. if you withdraw your consent and we have no another basis for processing the data. You may ask to have your data deleted if you believe that it is no longer necessary for the purpose we acquired it for. You may also contact us if you believe that your personal data is being processed in violation of the legislation or other legal obligations.
- ▪ Right to restriction of processing:
If you contest the data we have registered or otherwise process, you may request to restrict the processing of the data until we have been able to determine if the data is correct. You may also request restriction instead of erasure if you believe our processing of the data to be unlawful, that we no longer require the data or if you believe your legitimate interests precede the interests of the data controller. If the request to restrict the processing of your data is upheld, henceforth, we may only process the data with your consent or for the purpose of determining, establishing or defending legal requirements, or for protecting a person or important public interests.
- ▪ Right to transmit data (right to data portability):
You have the right to receive personal data you have made available to us, as well as data we have obtained about you from other operators on the basis of your consent. Your data may also be forwarded to you if we process data about you as part of a contract in which you are a party. You also have the right to transfer this personal data to another service provider. You can also ask us to send the data directly from the data controller to another authority or company. If you wish to exercise your right to data portability, you will receive your personal data from us in a widely used and machine-readable format.
- ▪ Right to object:
You have the right to object to our processing of data about you. You may also object to our disclosure of your data for marketing purposes. You can submit your objection by using the contact information at the top of this policy. We will terminate the processing of your data if your objection is justified.
- ▪ Right to receive information about new purposes:
- ▪ Right to withdraw your consent:
You may withdraw your consent at any time if our processing of your data is carried out on the basis of your consent. We will no longer be able to process the data if you withdraw your consent. The lawfulness of the processing carried out on the basis of your consent prior to the withdrawal is not affected by your withdrawal. If we have a different legal basis for the processing other than consent, which pursues a specific objective - such as the retention of data for reasons of compliance with accounting rules - this processing may continue to be carried out.
You have the opportunity to appeal to the Danish Data Protection Agency if you are not satisfied with our response. This generally means that if you are not satisfied with the way your personal data has been processed, you may appeal to the Danish Data Protection Agency, who then investigates the matter and makes a decision.
Contact information for the Danish Data Protection Agency can be found at www.datatilsynet.dk.
NB! You can write to the Danish Data Protection Agency via Digital Post at Borger.dk, where your enquiry will be sent securely (encrypted). We recommend that you use Digital Post if your enquiry contains confidential or sensitive personal information.