1 General information
1.1 Complyon A/S (”we”, ”our”, ”us”) are concerned with protecting your personal data.
a) Providing our services to you as a customer b) Your visit to our website (the ”Website”) c) Marketing activities
1.3 Please read the Personal Data Policy thoroughly in order to understand how we process personal data.
1.4 Any questions or requests regarding data privacy can be directed at: email@example.com.
2 Providing our services to you as a customer
2.1 Customer Information
2.2 Our product is a B2B solution, meaning that the processing of personal data is an accessory activity to the overall purpose of delivering our service to business customers. However, in order to deliver such service by way of contract, we process the following personal data about employees of all our business customers:
Contact/admin person(s): Name, mail address, phone number, company, job title
2.3 The legal base for processing customer information is Article 6(1)(b) of the GDPR, which relates to processing necessary for fulfilling a contract.
2.4 The data retention period is up to 6 months after the termination/expiry of the contract with you as a customer.
2.5 Any personal information necessary for bookkeeping reasons in accordance with the Danish Bookkeeping Act will be stored up to 6 years after the end of the contract based on Article 6(1)(c) of the GDPR, which relates to processing that is necessary to fulfill a legal obligation.
2.6 If we have reason to store personal data as part of the protection of our legitimate interests, including for example legal disputes, we reserve our right to store your personal data for an extended period and minimum until the legal dispute has been determined.
2.7 User creation
2.8 Each business customer will have the opportunity to create employee user profiles in our solution in order to facilitate data and procedure mapping. For this activity, we are a data processor, meaning that you as a customer is responsible for compliance with GDPR and we can assist in any inquiry upon instruction. The required information regarding user details are:
Customer profile users (employees/consultants): Name, mail address, phone number, profile picture (voluntary)
2.9 The legal base for processing customer information is on our behalf the data processor hosting agreement entered between customer and Complyon, cf. Article 28 of the GDPR. Any individual use of data protection right for customer user profiles must be directed at customer (employer of the data subjects). We are also happy to assist, as long as we are instructed by the customer.
2.10 The data retention period is regulated by the data processor hosting agreement, but presumably user data will be deleted within a short period of time after the end of the customer contract.
2.11 Third-party plugins
2.12 It is possible to login to the Complyon solution through a third-party plugin. The available plugins will be visible at the login page.
2.13 The third-party plugins are part of the hosting solution and is made available for the purpose of allowing customer to choose the available third-parties as an administrative tool. This means that the use a third-party plugin takes place on behalf of customer and that each created user profile will be processed to the extent customer has permitted the third-party to share with the Complyon solution.
2.14 We use this option only to make it easier for each user to create a profile. The Complyon interface does not allow any third-party to gain access to user data other than for validation as part of the login interface. With regard to a third-party’s other use of data, customer and each user can read more about this in the privacy link available with such third-party, as well as the sharing details can be administered directly with the third-party in question.
2.16 In order to ensure that the services we offer meet your requirements, we may ask for your feedback in the form of surveys, customer satisfaction analysis or market research. Any feedback received from you will only be used for the purpose of improving our services and will not be disclosed.
2.17 The legal base for processing feedback is Article 6(1)(f) of the GDPR, which relates to a legitimate interest. Our interest must be seen considering the contract entered and that feedback is voluntary.
2.18 The data retention period 5 years after receipt. To the extent possible, we will store your feedback in an anonymous form, and we have a long duration of storage in order to measure our own performance over time.
3 Your visit to the Website
3.1 Inquiries through our contact form
3.2 When you send an inquiry to us through our contact form, we use the personal data that you have stated in the contact form to answer you.
3.3 The legal base for processing feedback is Article 6(1)(f), which relates to a legitimate interest. Our interest relies on the fact that you have made the inquiry and will expect us to provide an answer.
3.4 The data retention period is up to 6 months after completion of processing (latest correspondence).
4 Marketing activities
4.1 Email marketing
4.2 We use customer contact information (see customer information section above) to send promotion material via email, if we have received a marketing consent.
4.3 The legal base for processing email marketing is Article 6(1)(a), which relates to a consent from the data subject.
4.4 It is possible to withdraw a marketing consent at any time by contacting us or using the unsubscribe link available in every email sent.
4.5 The data retention period is until the consent is withdrawn.
4.6 Contact to potential customers
4.7 We use publicly available information to identify potential customers and reach out to such customers in accordance with Danish marketing rules.
4.8 For this purpose, we process the following personal data about relevant contact persons employed by the potential customer: Name, mail address, phone number, company, job title and LinkedIn URL.
4.9 The legal base for processing potential customer information is Article 6(1)(f) of the GDPR, which relates to a legitimate interest. Our interest is to be able to present our services to other businesses in line with marketing rules and without overriding any personal privacy of potential customer contact persons.
4.10 The data retention period is until no interest has been shown by the potential customer.
5 Security and transfers of data
5.1 We have implemented appropriate technical, organisational and physical measures to ensure a level of protection of your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access in accordance with the data protection legislation in Denmark and the EU.
5.2 Despite our efforts to establish a secure environment for the Website, you should be aware that no information is completely secure on the Internet. Therefore, you should always take the necessary safeguards on your own equipment.
5.3 We transfer your personal data to Security-cleared data processors, who are assisting us with IT or other services.
5.4 We may also transfer your personal data to third parties if we are obliged to do so according to legislation or in order to protect our interests in legal disputes. We will inform you if such situation should occur.
5.5 All personal data are stored on secure servers in the EU except for the following specific processing activities:
a) For email marketing, cf. point 4.1 above, we use The Rocket Science Group LLC d/b/a Mailchimp who has processing activities in the United States. The transfer of data takes place based on the EU US Privacy Shield scheme. Our agreement with Mailchimp is available at https://mailchimp.com/legal/data-processing-addendum/. b) For email technical and marketing purposes we use Twilio from SendGrid Inc. who has processing acitivities in the United States. The transfer of data takes place based on the EU US Privacy Shield scheme. Our agreement with SendGrid is available at https://sendgrid.com/policies/privacy/privacy-shield-certification/.
6 Your rights
6.1 You have the right of access to the personal data we are processing concerning you, as well as to have your personal data updated, rectified or erased, or to obtain a copy of your personal data. All requests shall be made in writing to firstname.lastname@example.org.
6.2 If you want to lodge a complaint over our processing of your personal data, please contact us directly. If we cannot help you, you can lodge a complaint to the Danish Data Protection Agency, Borgergade 28, DK-1300 Copenhagen.
7.1 We reserve our right to make changes to the Personal Data Policy from time to time. If such changes are substantial, we will notify you via email, if we have your email.