We take care of your data

Dataprocessing and storage

Policy of handling and protecting personal data

The data protection policy applies to Dataminds A/S, henceforth denoted as Dataminds.

The policy should help ensuring and documenting that Dataminds protects all personal data according to the conditions in the Danish and European data protection regulations. The policy informs of the handling and usage of the registered personal data too.

List of the handling of personal data

Dataminds handles personal data regarding:

  1. Employees
  2. Customers
  3. Suppliers

We have produced a list of the treatment of personal data. The list provides an overview of the types of handling, Dataminds is responsible of. By request, we provide the lists to the supervision authority.

Registering personal data is necessary for Dataminds to be able to form employment-, customer-, and supplier contracts.

Purpose and legality of the handling

The personal data is handled and archived regarding:

  • Administration of employee data, including recruitment, employment, retirement and payment of salaries
  • Master data of customers and marketing, orders, sales and implementation of projects
  • Master data of suppliers and requisitions and purchases
  • Master data of our customer's customers and employees

We use personal data for the above purposes only and we only compile the data necessary to fulfil the objective.

Storage and deletion

Dataminds has introduced the following guiding principles for storage and deletion of personal data:

  • Personal data is stored in physical folders.
  • Personal data is stored in IT-systems and on server drives.
  • Personal data is only stored as long as it is necessary for the purpose of the handling.
  • Personal data of employees is deleted 5-6 years after retirement, depending on the time of the year for the ending of employment.
  • Personal data of applicants is deleted 1-2 years after reception, depending on the time of the year for the receival of appliance.
  • Personal data of our customer's customers and employees is deleted as agreed with our customer. If no agreement is signed, personal data of our customer's customers and employees is automatically deleted 1-2 years after the agreement of cooperation has ended, depending on the time of the year for this ending.
  • Each year, in the first week of May, Dataminds deletes data that meets the above criteria for deletion.
Data security

Dataminds has completed the following safety measures for protection of personal data:

Only employees, who have an occupational need of access to the registered personal data, can access this, through either physical access or using IT-systems with control of access rights.

  • All computers have a password and employees are not allowed to entrust their passwords to others.
  • On each computer, a firewall and an antivirus program must be installed and regularly updated.
  • Personal data is deleted responsibly when IT-equipment is phased out and maintained.
  • USB-keys, external hard drives etc. with personal data must be stored in a locked drawer or closet.
  • Physical folders are stored in locked offices or in locked closets.
  • Personal data in physical folders is deleted by shredding.
  • Personal data, that must be sent pr. email to an external receiver, is sent safely, for instance as encrypted and password-protected attachments.
  • All employees must be instructed in handling and protecting personal data.
  • Exchange of large amounts of personal data is offered through an SSL-secured web portal.
Transmitting

Personal data regarding employees can be passed on to public authorities, including tax authorities and pension funds.

Data processors

Dataminds solely uses data processors who can guarantee that they will implement the appropriate technical and organisational safety measures for fulfilling the legal requirements of the personal data law.

Data processors being used:

DATA PROCESSOR SERVER PLACEMENT TYPE OF BASIS FOR AGREEMENT
Microsoft Corporation EU Data processing agreement
Danløn Denmark Data processing agreement
Visma E-conomic Denmark Data processing agreement
Google Analytics USA EU model clause agreement
Pipedrive, Estonia EU Data processing agreement
Rights

Dataminds handles the rights of the registered persons, including the right to gain insights, withdrawal of consent, rectification and deletion, and informs the registered persons about the handling of their personal data. Registered persons have the right to complain to the Danish data supervision authority ("Datatilsynet").

Violation of the personal data security

In case of violation of the personal data security, Dataminds reports the violation to the data supervision authority as soon as possible, but no more than 72 hours after the violation. Dataminds' DPO is responsible of reporting the violation. The report describes the violation, the groups affected and what consequences, the violation can have. Furthermore, Dataminds describes how it has remedied, or how it will remedy, the violation. In cases where the violation involves a high risk for the persons about whom Dataminds handles personal data, we will inform these people. Dataminds documents all violations of the personal data security.

Personal data policy

Compilation of personal information

You will always be notified prior to compilation of your personal information. The personal data, we compile, can for instance include your name, your email-address and similar data for identification.

Usage of personal information

Personal information is compiled and used regarding:

  • Application for newsletters
  • Administration of CRM
  • Administration of user accounts/-profiles
  • Participation in competitions or other events
  • Forwarding other marketing material, including invitations to events
  • Statistics
  • Other marketing initiatives
  • We would like to inform you that the above usage only applies in case you have submitted your explicit consent prior to the usage unless we have the legal basis for contacting you without preceding consent.

Your information will be deleted, when keeping it to fulfil one or more of the above objectives is no longer necessary. The information can, when anonymity is ensured, be handled and kept for a longer period.

Security

We have implemented security measures to ensure that our internal procedures fulfil our high standards of security policies. Thus, we strive to protect the quality and integrity of your personal information.

Access to your personal information etc.

At any time, you have the right to gain insights regarding the personal information about you, that we handle, under certain legal exemptions. Furthermore, you have the right to take exception to the compilation and to the further handling of your personal information, and you have the right to get your personal information rectified, deleted or blocked.

Links to other websites etc.

Our websites can contain links to other webpages or to integrated sites. We are not responsible for the content of other firms' websites or their practices regarding compilation of personal information. When you are visiting other webpages, we urge that you read the owner's policy on protecting personal information and other relevant policies.

Handling of personal data on behalf of our customers

For all projects, that Dataminds implements, the condition that we do not compile and handle personally identifiable information (information that can be used to identify you), without your prior knowledge and consent to either us or our customer, applies.

All information will be handled confidentially and anonymously for both our customers and third-party agents. We do not use the information to send out spam-emails or to market with individuals as targets.

When doing surveys, your contact information is handled confidentially and is not passed on to our customer or third-party, unless you are being clearly informed that we do so. Dataminds is a member of ESOMAR and follows the ethical and professional standards defined by this organisation. ESOMAR is the international industry association (World association for market, social and opinion research), that, among other things, defines the industry standards for opinion polling and market analysis.

Change of information etc.

If you wish that we update, change or delete personal information about you, that we have registered, if you wish to gain access to the personal data about you that is handled, if you do not wish to receive further messages from us, or if you have any questions regarding the above guidelines, you can direct the questions at mail@dataminds.com. You can also write us using our address:

Dataminds A/S
Att.: DPO
Søren Frichs Vej 38A
8230 Åbyhøj

The privacy policy in force can be found on our websites at any time. Potential changes, adjustments, revisions etc. will be valid from the time of disclosure on our websites. This concerns earlier registered personal data too.

For more information on how we handle personal data, contact:

Kasper Pilman Kristensen
Partner
+45 2212 1269
kpk@dataminds.com

Operation, security and documentation

ISO

Dataminds is ISO27001- and ISO27701-certified by Bereau Veritas. Secure handling of data and private information is our highest priority. This is why Dataminds follows the international ISO standard for information security.

See certificate

ESOMAR

Dataminds is an ESOMAR member. This means we abide by the international recognized ESOMAR principles, which have become the standard for ethical operations and quality in marketing research.