Privacy Policy
Last updates: June 2021
for persons in contact with Keepit A/S, and all of its affiliates, either as customers, potential customers, suppliers, business partners, contact persons, website visitors and/or job applicants.
In connection with our administration, operation, and provision of services, we, Keepit A/S, collect and process, in the role as data controller, personal data on customers, potential customers, suppliers, business partners, contact persons, website visitors and/or job applicants. This Privacy Policy provides information to you about our processing of personal data, which we are required to give by law.
1. Categories of personal data and purposes
We process your personal data for the following purposes:
- Customer administration, e.g., to process, negotiate and handle orders, invoices, agreements, payments, maintain our business relationships including user account administration and handling support requests within the services we provide etc.
- Business partner/supplier administration, e.g., to process, negotiate and handle agreements, collaborations, payments, maintain our business relationships etc.
- Direct marketing, sales, customer relationship management and business partner/supplier relationship management, e.g., contacting potential customers, manage and maintain information on business partners, suppliers, and customers, etc.
- Recruitment, e.g., processing and handling job applications
- To improve and provide our website and services.
Information on how we process personal data in one of our many services is described in the respective data processing agreements with our customers. Our most recent data processing agreement can be found at https://www.keepit.com/data-processing-agreement/. In such cases, we act as a data processor and process data on behalf of and in accordance with instructions given by our customers. For more information regarding how we process personal data as a data processor, please contact us using the contact information in section 7 of this Privacy Policy.
We collect and process the following types of personal data:
Categories of
data subjects
Categories of personal data
Legal basis for collection and processing of personal data
Customers
/Customer contact persons
Non-sensitive categories of personal data:
Contact information, such as name, e-mail address, phone number, as well as information on employer, position, etc., and personal data related to our professional relationship, such as personal data in our correspondences regarding the services that we have provided and potential feedback on these services.
Special categories of personal data:
None
The processing is necessary for the performance of the contract or in order to take steps at the request of the customer prior to entering into a contract cf. GDPR art. 6(1)(b) as well as our legitimate interests in communicating with the customers/contact persons and processing, negotiating, and handling orders, agreements, etc. cf. GDPR art. 6(1)(f).
Business partners / suppliers / contact persons at business partners / suppliers
Non-sensitive categories of personal data:
Contact information, such as name, e-mail address, phone number, as well as information on your employer, position, etc. and personal data related to our professional relationship, such as personal data in our correspondences regarding the services we receive and the operating of our business.
Special categories of personal data:
None
The processing is necessary for the performance of the contract or in order to take steps at the request of the business partner/supplier prior to entering into a contract cf. GDPR art. 6(1)(b) as well as our legitimate interests in communicating with our business partners/suppliers, and processing, negotiating and handling agreements, collaborations, etc. cf. GDPR art. 6(1)(f).
Potential customers / contact persons at potential customers
Non-sensitive categories of personal data:
Personal data provided by you when you fill out our contact form or sign up for a free trial, such as your name, company information, e-mail address, phone number, as well as information on your employer, position, etc., information appearing in our correspondence as well as any information provided by third parties.
Special categories of personal data:
None
The processing of the personal data provided by you is based on your explicit consent, cf. GDPR art. 6(1)(a).
Our processing of the personal data provided by third parties is based on our legitimate interest in marketing and selling our services and communicating with interested potential customers, cf. GDPR art. 6(1)(f).
Website visitors
Non-sensitive categories of personal data:
Personal data collected from cookies, provided that you have given your consent to our use of cookies, such as information on your browser, IP address, time used on our website, device, operating system, and other software details that will appear from your visit.
For more information on our use of cookies, please see our Cookie Policy.
Special categories of personal data:
None.
The processing of personal data for e.g., the purpose of basic functional features is primarily based on our legitimate interests in ensuring the performance, functionality and security of our website, cf. GDPR art. 6(1)(f).
Where the processing of your personal data for marketing purposes etc. requires consent (e.g., if we disclose your personal data to third parties for the purpose of direct marketing), the processing of your personal data will be based on your explicit consent, cf. GDPR art. 6(1)(a).
Job applicants
Non-sensitive categories of personal data:
Name, e-mail address, phone number, current employer and other personal data voluntarily provided by you in your application, e.g., interests, educations and skills, address, photo etc. as well as references from prior employers.
Sensitive categories of personal data:
None. We kindly ask you not to provide us with any sensitive categories of personal data when applying for a job with us.
The processing of personal data in relation to the recruiting process is based on our legitimate interests in evaluating your professional and social competencies and characteristics in connection with the recruitment, cf. GDPR art. 6(1)(f) and the Danish Data Protection Act section 6(1).
Our processing of references from previous employers as well as our storage of a job application for a period longer than 6 months is based on your specific consent, cf. GDPR art. 6(1)(a).
Sources
The personal data are collected directly from you or your employer who is a customer with us or a business partner/supplier. Furthermore, personal data are collected directly from you when you have accepted the use of cookies during your visit on our website. We also receive personal data from third parties for direct marketing purposes provided you have given your permission to such marketing.
If you are a job applicant and have given us your explicit consent to the processing of your references from your previous employer, we may collect such references from your previous employer(s).
Data provided on a voluntary basis
When we collect personal data directly from you, you either provide us with the personal data on a voluntary basis or in order for us to comply with the law. It will depend on the specific circumstances whether you are under an obligation to provide us with such personal data.
The consequence of not providing us with the personal data mentioned above will be that we cannot pursue the specific purposes set out above, which for example means that we cannot process and handle orders, provide you with our services, a functional website etc.
If you have provided us with your consent to a specific processing activity, you have the right to withdraw such consent without any consequences for you. However, if you withdraw your consent, the withdrawal will not affect any processing based on your consent given before the withdrawal. If you wish to withdraw your consent, please contact us using the contact information in section 7 of this Privacy Policy.
Disclosure and transfers of personal data
We may disclose non-sensitive personal data to third parties, e.g., our business partners, provided that the disclosure is necessary and in compliance with the GDPR and Danish Data Protection Act. Furthermore, we use different services providers and suppliers who process personal data on our behalf and, thus, acts as data processors, e.g., information technology suppliers.
Some of our business partners, service providers and suppliers are located in countries outside the EU/EEA. In such cases, we only transfer personal data in compliance with GDPR chapter V and the European Data Protection Board’s (EDPB) recommendations on supplementary measures. If we transfer personal data to countries which are not deemed to have an adequate level of security, we enter into the EU standard contractual clauses and, if deemed necessary, apply supplementary measures in accordance with the European Data Protection Board’s recommendations.
You may request more information regarding our use of data processors and/or our documentation on our legal basis and legal grounds for any transfers to countries located outside the EU/EEA. To make such request, please contact us using the contact information in section 7 of this Privacy Policy.
Storage period
We store personal data for as long as it is necessary to fulfil the purposes set out in this Privacy Policy and to be able to document our right to process the personal data and compliance with data protection legislation and any other relevant legislation, and after this for a limited time due to our purposely determined back-up and deletion routines.
Your personal data may, therefore, be subject to different retention policies based on the personal data in question and the purposes to which the personal data is collected. Below are a few examples of our retention periods:
- As a general rule, we store personal data for the duration of our business relationship with you and until five (5) years after the termination of such business relationship.
- Correspondence with you as a potential customer will in general be deleted two (2) years after the time of such correspondence.
- We delete job applications and other personal data related hereto as soon as we do not need it anymore and no later than 6 months after we have received the personal data unless you have given your explicit consent to an additional retention period of 6 months.
Your rights
Subject to the applicable restrictions in the Danish Data Protection Act and General Data Protection Regulation, you have the following rights:
- The right of access to personal data
- The right to rectification of inaccurate and inadequate personal data
- The right to erasure of personal data
- The right to restriction of processing of personal data
- The right to object
- The right to data portability
The right to object
You have the right to object – on grounds relating to your particular situation – to processing of personal data where the legal basis for our processing is legitimate interests, as stated above. If you exercise your right to object, we may no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defense of legal claims.
You also have the right at any time to object to the processing of your personal data for marketing purposes, which includes the right to object to profiling in so far as it relates to direct marketing. If you object to our processing for the purpose of direct marketing, your personal data may no longer be processed for this purpose.
You also have a right to submit a complaint to the competent supervisory authority, including the Danish Data Protection Agency. You will find the contact information of the Danish Data Protection Agency on www.datatilsynet.dk. You can also read more about your rights on www.datatilsynet.dk.
Contact
Please contact our data protection officer if you have any questions about the processing of your personal data or how to exercise your rights.
Contact details:
Keepit A/S
Per Henrik Lings Allé 4, 7. Sal
2100 Copenhagen
Denmark
CVR No.: 30806883
Email address: DPO@keepit.com
Tel.: (+45) 88704070
