Personal data policy
The data protection policy applies to Dataminds A/S, henceforth denoted as Dataminds.
The policy should help ensuring and documenting that Dataminds protects all personal data according to the conditions in the Danish and European data protection regulations. The policy informs of the handling and usage of the registered personal data too.
Dataminds handles personal data regarding:
We have produced a list of the treatment of personal data. The list provides an overview of the types of handling, Dataminds is responsible of. By request, we provide the lists to the supervision authority.
Registering personal data is necessary for Dataminds to be able to form employment-, customer-, and supplier contracts.
The personal data is handled and archived regarding:
- Administration of employee data, including recruitment, employment, retirement and payment of salaries
- Master data of customers and marketing, orders, sales and implementation of projects
- Master data of suppliers and requisitions and purchases
- Master data of our customer's customers and employees
We use personal data for the above purposes only and we only compile the data necessary to fulfil the objective.
Dataminds has introduced the following guiding principles for storage and deletion of personal data:
- Personal data is stored in physical folders.
- Personal data is stored in IT-systems and on server drives.
- Personal data is only stored as long as it is necessary for the purpose of the handling.
- Personal data of employees is deleted 5-6 years after retirement, depending on the time of the year for the ending of employment.
- Personal data of applicants is deleted 1-2 years after reception, depending on the time of the year for the receival of appliance.
- Personal data of our customer's customers and employees is deleted as agreed with our customer. If no agreement is signed, personal data of our customer's customers and employees is automatically deleted 1-2 years after the agreement of cooperation has ended, depending on the time of the year for this ending.
- Each year, in the first week of May, Dataminds deletes data that meets the above criteria for deletion.
Dataminds has completed the following safety measures for protection of personal data:
Only employees, who have an occupational need of access to the registered personal data, can access this, through either physical access or using IT-systems with control of access rights.
- All computers have a password and employees are not allowed to entrust their passwords to others.
- On each computer, a firewall and an antivirus program must be installed and regularly updated.
- Personal data is deleted responsibly when IT-equipment is phased out and maintained.
- USB-keys, external hard drives etc. with personal data must be stored in a locked drawer or closet.
- Physical folders are stored in locked offices or in locked closets.
- Personal data in physical folders is deleted by shredding.
- Personal data, that must be sent pr. email to an external receiver, is sent safely, for instance as encrypted and password-protected attachments.
- All employees must be instructed in handling and protecting personal data.
- Exchange of large amounts of personal data is offered through an SSL-secured web portal.
Personal data regarding employees can be passed on to public authorities, including tax authorities and pension funds.
Dataminds solely uses data processors who can guarantee that they will implement the appropriate technical and organisational safety measures for fulfilling the legal requirements of the personal data law.
Data processors being used:
|Data processor||Server placement||Type of basis for agreement|
|Microsoft Corporation||EU||Data processing agreement|
|Danløn||Denmark||Data processing agreement|
|Visma E-conomic||Denmark||Data processing agreement|
|Google Analytics||USA||EU model clause agreement|
|Pipedrive, Estonia||EU||Data processing agreement|
Dataminds handles the rights of the registered persons, including the right to gain insights, withdrawal of consent, rectification and deletion, and informs the registered persons about the handling of their personal data. Registered persons have the right to complain to the Danish data supervision authority ("Datatilsynet").
In case of violation of the personal data security, Dataminds reports the violation to the data supervision authority as soon as possible, but no more than 72 hours after the violation. Dataminds' DPO is responsible of reporting the violation. The report describes the violation, the groups affected and what consequences, the violation can have. Furthermore, Dataminds describes how it has remedied, or how it will remedy, the violation. In cases where the violation involves a high risk for the persons about whom Dataminds handles personal data, we will inform these people. Dataminds documents all violations of the personal data security.
Personal data policy and cookies
You will always be notified prior to compilation of your personal information. The personal data, we compile, can for instance include your name, your email-address and similar data for identification.
Personal information is compiled and used regarding:
- Application for newsletters
- Administration of CRM
- Administration of user accounts/-profiles
- Participation in competitions or other events
- Forwarding other marketing material, including invitations to events
- Other marketing initiatives
We would like to inform you that the above usage only applies in case you have submitted your explicit consent prior to the usage unless we have the legal basis for contacting you without preceding consent.
Your information will be deleted, when keeping it to fulfil one or more of the above objectives is no longer necessary. The information can, when anonymity is ensured, be handled and kept for a longer period.
You can block all cookies, delete existing cookies from your computer, or receive a warning before a cookie is stored. You can obtain further information on how to avoid cookies by clicking this link: https://cookiesandyou.com/ https://cookiesandyou.com/
We have implemented security measures to ensure that our internal procedures fulfil our high standards of security policies. Thus, we strive to protect the quality and integrity of your personal information.
At any time, you have the right to gain insights regarding the personal information about you, that we handle, under certain legal exemptions. Furthermore, you have the right to take exception to the compilation and to the further handling of your personal information, and you have the right to get your personal information rectified, deleted or blocked.
Our websites can contain links to other webpages or to integrated sites. We are not responsible for the content of other firms' websites or their practices regarding compilation of personal information. When you are visiting other webpages, we urge that you read the owner's policy on protecting personal information and other relevant policies.