The data protection policy applies to Dataminds A/S, henceforth denoted as Dataminds.

The policy should help ensuring and documenting that Dataminds protects all personal data according to the conditions in the Danish and European data protection regulations. The policy informs of the handling and usage of the registered personal data too.

Dataminds handles personal data regarding:

1. Employees
2. Customers
3. Suppliers

We have produced a list of the treatment of personal data. The list provides an overview of the types of handling, Dataminds is responsible of. By request, we provide the lists to the supervision authority.

Registering personal data is necessary for Dataminds to be able to form employment-, customer-, and supplier contracts.

The personal data is handled and archived regarding:

• Administration of employee data, including recruitment, employment, retirement and payment of salaries
• Master data of customers and marketing, orders, sales and implementation of projects
• Master data of suppliers and requisitions and purchases
• Master data of our customer's customers and employees

We use personal data for the above purposes only and we only compile the data necessary to fulfil the objective.

Dataminds has introduced the following guiding principles for storage and deletion of personal data:

• Personal data is stored in physical folders.
• Personal data is stored in IT-systems and on server drives.
• Personal data is only stored as long as it is necessary for the purpose of the handling.
• Personal data of employees is deleted no later than 6 years after the end of employment, depending on the time of year the employment ended.
• Personal data of our customer's customers and employees is deleted as agreed with our customer. If no agreement is signed, personal data of our customer's customers and employees is automatically deleted no later than 2 years after the agreement of cooperation has ended, depending on the time of the year for this ending.
• When you submit a job application to Dataminds, we process the personal data you provide for the purpose of assessing your application and carrying out the recruitment process. We typically process information such as your name, contact details, application, CV, and any attachments.
• We store your application for up to 6 months after the completion of the recruitment process, after which it is deleted. If we wish to keep it longer, we will obtain your consent. Your information is treated confidentially and will not be shared with third parties without your consent.
• The processing is carried out in accordance with data protection legislation and the GDPR, and you have the right to access, rectify, and delete your data. You can contact us at mail@dataminds.com if you wish to exercise your rights.
• Each year, in the first week of May, Dataminds deletes data that meets the above criteria for deletion.
• For further information about the processing of employees’ personal data, please refer to the staff handbook.

Dataminds has completed the following safety measures for protection of personal data:

Only employees, who have an occupational need of access to the registered personal data, can access this, through either physical access or using IT-systems with control of access rights.

• All computers have a password and employees are not allowed to entrust their passwords to others.
• On each computer, a firewall and an antivirus program must be installed and regularly updated.
• Personal data is deleted responsibly when IT-equipment is phased out and maintained.
• USB-keys, external hard drives etc. with personal data must be stored in a locked drawer or closet.
• Physical folders are stored in locked offices or in locked closets.
• Personal data in physical folders is deleted by shredding.
• Personal data, that must be sent pr. email to an external receiver, is sent safely, for instance as encrypted and password-protected attachments.
• All employees must be instructed in handling and protecting personal data.
• Exchange of large amounts of personal data is offered through an SSL-secured web portal.

Personal data regarding employees can be passed on to public authorities, including tax authorities and pension funds.

Dataminds solely uses data processors who can guarantee that they will implement the appropriate technical and organisational safety measures for fulfilling the legal requirements of the personal data law.

Data processors being used:

Dataminds handles the rights of the registered persons, including the right to gain insights, withdrawal of consent, rectification and deletion, and informs the registered persons about the handling of their personal data. Registered persons have the right to complain to the Danish data supervision authority ("Datatilsynet").

In case of violation of the personal data security, Dataminds reports the violation to the data supervision authority as soon as possible, but no more than 72 hours after the violation. Dataminds' DPO is responsible of reporting the violation. The report describes the violation, the groups affected and what consequences, the violation can have. Furthermore, Dataminds describes how it has remedied, or how it will remedy, the violation. In cases where the violation involves a high risk for the persons about whom Dataminds handles personal data, we will inform these people. Dataminds documents all violations of the personal data security.

You will always be notified prior to compilation of your personal information. The personal data, we compile, can for instance include your name, your email-address and similar data for identification.

Personal information is compiled and used regarding:

• Application for newsletters
• Administration of CRM
• Administration of user accounts/-profiles
• Participation in competitions or other events
• Forwarding other marketing material, including invitations to events
• Statistics
• Other marketing initiatives
• We would like to inform you that the above usage only applies in case you have submitted your explicit consent prior to the usage unless we have the legal basis for contacting you without preceding consent.

Your information will be deleted, when keeping it to fulfil one or more of the above objectives is no longer necessary. The information can, when anonymity is ensured, be handled and kept for a longer period.

We have implemented security measures to ensure that our internal procedures fulfil our high standards of security policies. Thus, we strive to protect the quality and integrity of your personal information.

At any time, you have the right to gain insights regarding the personal information about you, that we handle, under certain legal exemptions. Furthermore, you have the right to take exception to the compilation and to the further handling of your personal information, and you have the right to get your personal information rectified, deleted or blocked.

Our websites can contain links to other webpages or to integrated sites. We are not responsible for the content of other firms' websites or their practices regarding compilation of personal information. When you are visiting other webpages, we urge that you read the owner's policy on protecting personal information and other relevant policies.