This policy describes how we use and protect personal data and ensure that employees are familiar with the rules that apply to the use of the personal data that they can access as part of their work. This policy is a supplement to our other policies on IT security, internet, email and the like.

This policy aims to meet the requirements of the General Data Protection Regulation (GDPR) and, in particular.

When the policy refers to articles of law, this pertains to the GDPR, and when it refers to paragraphs, this pertains to the Danish Data Protection Act.

We save your data for as long as we have a legitimate and objective reason to do so, which includes being able to provide you with the best service possible.

Generally, all personal data will be erased five years after the termination of the customer relationship, which is defined as the last active transaction. Personal data may be kept longer if there is an objective reason to do so, e.g. if a legal claim needs to be established, alleged or defended, cf.

All processing of personal data at our company is subject to the principles of lawfulness, fairness and transparency. Personal data is only collected for legitimate purposes which have been specifically indicated, and we comply with the data mining principle. We strive to ensure that all information is correct and up to date, and we priorities the principles of storage limitation, integrity and confidentiality and, in particular, accountability.

If you have questions about the way we process personal data and about this privacy policy, you are always welcome to contact our data controller, carpentryandco, who is in charge of this area internally.

There may be many reasons for processing personal data, but the following examples are the most common. We will inform you if, in exceptional cases, we process personal data for purposes that do not fall within the categories below. The same applies if we collect or process personal data from other persons than you.

• Processing orders.
• Fulfilling complaints and warranty obligations
• Sales follow-ups
• Communication in connection with your orders or other enquiries that you sent us
• Ensuring user-friendliness and security
• Optimizing our digital solutions
• The possibility to participate in customer surveys, competitions, draws, etc. via digital solutions
• Archive of registered products and the associated personal data
• Legal requirements (exercise of public authority)

4.1 What data do we collect?

We use data about you to fulfil our agreement with you, to improve our service and to ensure the quality of our products and services. The personal data we process consists of:

4.1.1Automatically collected data

We have a number of digital solutions based on different technologies aimed at ensuring user-friendliness and security. These technologies can collect data automatically so as to offer the best possible solution, either directly by us or by a third party on our behalf. Analysis of clickstream data and cookies is an example of this.
All visits to a digital solution involve information being sent from your browser to a server. We optimize the digital solutions by analyzing this data. Third parties collect data on our behalf. Data about your browser may be collected for system administration and to carry out internal, marketing-related analyses based on your behavior. Examples of data that is collected and analyzed:

• Date and time of visit
• Pages visited in the solution
• Your IP address
• The geographic location of the IP address
• Information on the browser and computer used (type, version, operating system, etc.)
• URL of the referring site (the site where the visitor came from)

We use internal data providers that act as data processors for us. We are data controllers with respect to the collected data, and the collected data will not be passed on without consent unless required by law.

4.1.2 Information that you provide

We record information that you provide in connection with a physical visit or a visit to our website.

The data that you actively provide is usually general and may include name, address, telephone number, email address, etc. The data usually originates from:

• Information that you share via social media
• Information sent by email
• Information that we receive from you in connection with orders on our online shop
• Information that you share with us when you participate in surveys, events and competitions

This list is not exhaustive.

Personal data is processed mainly. As much as possible, certain data, including sensitive data, is processed on the basis of consent, cf. directly below.

We only transfer personal data to third parties in accordance with what is indicated in this privacy policy.

We may pass on your data if this is required pursuant to a legal obligation. Transfer can also take place following an order from a court or other authority or to protect trademarks, rights or property. This involves exchanging information with other companies and organizations for the purpose of protecting against fraud.

We use service providers and data processors that carry out work on our behalf. For example, the services could include server hosting and system maintenance, analysis, payment solutions, control of address and creditworthiness, email service, etc. These partners may gain access to data to the extent necessary to provide their services. Partners will be contractually obligated to process all data with strict confidentiality, and they are therefore not permitted to use data for purposes extending beyond their contractual obligations to us. We check that our partners are in compliance with their obligations with regard to data processing. If we pass on your data to a service provider or data processor outside the EU, we make sure that they are in compliance with the requirements imposed by legislation for such transfers.

We never collect personal data that was not provided by you during registration, purchase, participation in a survey, etc.

You have the right to request access to the data that we process. The information you can request consists of:

• That personal data is being processed
• What is being processed
• The purpose of the processing
• The categories of personal data in question (general or sensitive)
• The period during which processing and storage takes place
• The right to request rectification or erasure
• The right to submit a complaint to the Danish Data Protection Agency

You have the right to have incorrect data about you corrected without undue delay. You must take the initiative for such rectification.

You may also request erasure (“the right to be forgotten”), though only after the expiry of our legal obligation to keep the data Act. You can also contact us if you believe that your personal data is being processed in violation of legislation or other legal obligations.

When you contact us with a request for rectification or erasure of your personal data, we will check to see that the conditions are met, and if this is the case, we will rectify or erase the information as quickly as possible.

You have the right to receive the personal data that you have made available to us and data that we have collected about you from other players with your consent. If we process data about you as part of a contract to which you are a party, you can also receive your data. You also have the right to transfer this personal data to other service providers.

If you want to take advantage of your right to data portability, we will send you your personal data in a commonly-used format

We generally do not engage in profiling, i.e. automated decisions used in analyses and similar.

When consent is necessary as a basis for processing data, we must be able to document that we received such consent. Therefore, we always require a written consent.

Consent is a voluntary, specific, informed and unambiguous declaration concerning processing of personal data. You can always withdraw your consent, and if it is the only basis upon which processing is taking place, future processing will cease. Our obligation and right to store data will, however, be unaffected.

The consent can be withdrawn by contacting us using the contact information specified in subsection 1.

We protect your personal data, and we have a set of internal rules on information and IT security.

Our internal security rules include instructions and measures that protect your personal data from being destroyed, lost or changed, against unauthorized disclosure and against unauthorized parties becoming aware of or gaining access to it.

We have established procedures for assigning access rights to the employees that process data, including sensitive data. We control their actual access through log-ins, passwords and monitoring. To avoid data loss, we keep an ongoing backup of our data

In case of a security breach that exposes you to a high risk of discrimination, ID theft, financial loss, loss of reputation or other significant disadvantage, we will notify you of this security breach as quickly as possible. We are also subject to a mandatory duty of notification.

Terms for receipt for newsletters

By accepting and consenting to receive newsletters from us, you are also accepting our terms for the Receipt of Newsletters, which you can find below.

The newsletters are a service offered by carpentryandco Contact and company data:

E-mail: info@ carpentryandco.com
Website: carpentryandco.com

When issuing newsletters and similar, carpentryandco generally only collects the name and email that you specified. Data on your use of the newsletters is collected by our IT system in an anonymized format – including whether the newsletters are opened, for how long they are open, when the email/newsletter is deleted and whether you click on any links. If you click on the newsletter links to our site and accept that the site uses cookies, please note that we may collect further information about you.

When you have subscribed to our newsletter, your email address will be used to issue newsletters that contain information on current knowledge as well as inspiration and ideas, relevant offers, seminars and events, tips & tricks and other marketing materials. We may also use your email address to send informational emails pertaining to our business. Beyond this, your email will not be used for other purposes. The data that we collect on your use of the newsletters will be anonymized and used to improve our service and our ability to target and adjust the content to the recipient’s interests. We issue our newsletter or other communications when we believe we have something interesting and new to tell you. We strive to limit the number of newsletters so that the content is relevant, current and does not clutter up your inbox.

Your data will be stored and processed confidentially and securely. Our company, as well as the subcontractors we use, have implemented the necessary technical and organizational security measures to prevent that your data is misused, disclosed to unauthorized parties, accidentally or unlawfully destroyed, lost or impaired or processed in violation of the personal data legislation. Your email address will be kept for as long as you are subscribed to our newsletter. If you unsubscribe to the newsletter, we will delete your email address from our newsletter contact list. We may still have your data from other contexts. This will not be affected when you unsubscribe from the newsletter. We can therefore continue to process such data in accordance with other consent or authorization that we have received. After unsubscribing from our newsletters, the statistical data on your use of the newsletter will be anonymized, without the possibility of later de-anonymization.

If you have corrections to your contact data, you can always change this data, either by unsubscribing to the newsletter and then subscribing again or by contacting us at: info@carpentryandco.com

You can always unsubscribe from the newsletter by clicking the “unsubscribe from newsletter” link that you can find in all our newsletters. After unsubscribing from the newsletters, you will not receive anything else from us, unless you have consented to us contacting you in another context. When you unsubscribe, you will receive a confirmation that we are deleting you from our list of newsletter recipients. Your email address will then be deleted from our list of newsletter recipients.