Privacy Policy

1. Identification of controller and general information

The controller when processing your personal data is the company GlycoSpot ApS, with its registered address at Østmarken 9, 2860 Søborg, Denmark, registered at the CVR, registration number: 36487976 (hereinafter as „Controller”). The Controller processes the personal data on website www.gylocospot.dk (hereinafter also as “the website”). This privacy policy and information on processing of personal of data subjects regulate conditions for personal data processing by means of website, which is operated by Controller, who processes the personal data on the website (hereinafter as „Privacy policy”).

The Controller processes your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter as „Regulation”), with Act No. 502 of 23 May 2018 on supplementary provisions to the regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the Data Protection Act) (hereinafter as „Act”), or with other legislation in relation to personal data protection (hereinafter as „Personal data protection legislation”).

The Controller obtains personal data directly from you as a data subject (hereinafter as „Data subject”) or from another person who provides us with your personal data. Thus, situation when the Controller obtains personal data even from a person other than you may arise, therefore, this document provides information to all Data subjects either pursuant to Article 13 of the Regulation, as well as pursuant to Article 14 of the Regulation.

All personal data processed by the Controller about you as the Data subject are processed only for reasonable purposes, for a limited period of time and using a maximum possible level of securing, to which the Controller has adopted appropriate internal personnel, technical and organizational security measures.

Protecting your personal data is one of our priorities, thus we are hereby (via this Privacy policy) informing you on personal data processing, as well as on your rights, which you as the Data subject may exercise against the Controller. At the same time, in this Privacy policy, you will find information about the specific purposes for personal data processing, about which personal data and what types of personal data we process, on what legal basis, to whom your personal data are provided and so on.

2. How can you get information about personal data processing?

In matters related to personal data processing and protection, you may contact the Controller at the address Glycospot ApS , Østmarken 9, 2860 Søborg, Denmark or via e-mail to e-mail address info@glycospot.dk.

3. Information on processing operations

The Controller processes the personal data solely in accordance with the principle of lawfulness. In this point, you can find information on legal bases for processing, types of personal data processed, periods for their retention and purposes of personal data processing.

3.1 Legal bases for processing – When are we entitled to process your personal data?

Performance of contractual obligations – we process your personal data when performing the contract if we have entered into a contract with you as the Data subject, to the extent necessary for the performance of the contractual obligations.

Compliance with legal obligations – in some cases, we process your personal data also for compliance with legal obligations. Such legal obligations are, for example, obligations arising out of accounting legislation.

Legitimate interest – we also process your personal data on the basis of legitimate interest, solely in cases when processing is necessary for our legitimate interests or legitimate interests of a third party provided that your interests or your fundamental rights and freedoms are not overriding such legitimate interests. Legitimate interest is applied, for example, when keeping a list of our business partners and customers, or for certain activities related to our promotion on the website and when providing our services (e.g. when providing a response to your messages sent via our contact form on the website).

Consent – in certain cases, we are entitled to process your personal data on the basis of the consent requested from you. For example, processing of your personal data is based on your consent when you subscribe for our newsletter. We always process the personal data only if there is a legal basis for their processing. Therefore, processing is always carried out in accordance with the principle of lawfulness.

3.2 Categories of the personal data processed – Which personal data do we process?

The Controller processes only such personal data which are necessary for the processing operation (purpose of the processing), always in accordance with the principle of minimisation.

For the legal bases of personal data processing where the Controller performs contractual obligations or legal obligations, the personal data processed by the Controller are mostly specified by legislation. When processing personal data on the legal basis of the consent or legitimate interest, we determine the categories of personal data processed separately for each purpose of the processing.

3.3 Retention period – How long do we keep your personal data?

The Controller stores the personal data depending on the purpose of the personal data processing. When setting a retention period, the Controller takes into account the principle of storage limitation, i.e. the Controller processes the personal data for a necessary period solely and after such period elapses, the Controller erases your personal data.

3.4 Purposes of the personal data processing:

We always process your personal data for a specific purpose, in three areas of compliance, which are shown in the following accorditions:

Legal Basis: Contract performance

Personal data or categories of personal data: Ordinary personal data

Retention Period: @Ordinary personal data

Legal Basis: Contract performance

Personal data or categories of personal data: Ordinary personal data

Retention Period: 5 years following the day of the contract fulfilment

Legal Basis: Compliance with legal obligation

Personal data or categories of personal data: Ordinary personal data

Retention Period: 5 years following the end of the financial year, that the accounting records relate to

Legal Basis: Legitimate interest, which lays in the need of the Controller to be able to identify his business partners or customers at any time (for the proper execution of contractual obligations or for the proof of legal claims)

Personal data or categories of personal data: Ordinary personal data

Retention Period: 5 years following the day of the contract fulfilment

Legal Basis: Legitimate interest, which lays in the interest of the Controller on responding to the messages in order to deal with the demands included in these messages

Personal data or categories of personal data: Ordinary personal data

Retention Period: 1 year following the reception of the message or until the execution of the demand, depends on which of the conditions stated above happens earlier

Legal Basis: Consent of the Data subject

Personal data or categories of personal data: e-mail address

Retention Period: 3 years from the confirmation of the subscription to the newsletter

Legal Basis: Legitimate interest, which lays in the interest of the Controller on providing the website visitors with synoptical and fully operational website, which is secured by the usage of the analytical and functional cookies

Personal data or categories of personal data: Ordinary personal data

Retention Period: 5 years following the year which they are related to

Other purposes of personal data processing by the Controller outside the website are documented by the Controller in the records of processing activities.

4. Rights of the data subjects

Protection of your personal data as of the Data subject is governed by the provisions of the Regulation. As the Data subject, you may exercise your rights against the Controller by means of a request. Your rights are as follows:

Right of access:
You have the right to obtain a copy of the personal data which we hold about you, as well as the information on how we use your personal data. In most cases, your personal data will be provided to you by electronic means of communication, unless otherwise requested by you.

Right to rectification:
We take reasonable measures in order to ensure that the data which we hold about you are accurate, complete and up-to-date. In case the personal data we hold are inaccurate, incomplete or outdated, we will modify, update or complete such personal data on basis of your request.

Right to erasure:
Under certain circumstances, you have the right to ask us to erase your personal data, for example, if the personal data we have obtained about you, are no longer necessary to fulfil the original purpose of processing or if you withdraw your consent to the personal data processing. We assess exercising your right to erasure (right to be forgotten) on the basis of individual circumstances of each particular case of processing.

However, your right has to be assessed in the light of all relevant circumstances. For example, there may be certain circumstances or cases arising for us from applicable legislation when your personal data cannot be erased. In such case, we will not be able to accept your request.

Right to restriction of processing:
You have also the right to ask us not to process your personal data. If you believe that the personal data we process about you are not accurate, that the processing is unlawful and you request the restriction of their processing, that we no longer need your personal data, but they are required by you as the Data subject for the exercise of legal claims or if you believe that we as the controller are not entitled to further process your personal data, we will not further process your personal data on the basis of your request.

Right to data portability:
Under certain circumstances, you have the right to transmit the personal data to another subject according to your choice. However, the right to portability applies only to personal data that we process under the contract to which you are one of the parties or on the basis of the consent which you have granted us.

Right to object:
You have the right to object to processing of your personal data, for example if we process your personal data based on the legitimate interest or to processing in which profiling occurs. If you object to such personal data processing, we will not further process your personal data unless we demonstrate compelling legitimate grounds for such processing.

Right to withdraw the consent:
If we process your personal data on the basis of your consent, you have the right to withdraw such consent for further processing of your personal data. You may withdraw your consent at any time in writing, by e-mail or orally (in person).

Rights in relation to profiling or automated decision-making:
If we process the personal data by profiling or automated decision-making, you have the right to refuse the automated decision-making including profiling, from which a legal or other similar significant consequence arises. However, when processing personal data, we do not use automated individual decision-making or profiling at all.

Right to lodge a complaint or request:
If you believe that we breach Personal data protection legislation when processing your personal data or that we have not handled your request in accordance with such legislation, you can lodge a complaint with the supervisory authority which is Datatilsynet – Danish Data Protection Agency, Carl Jacobsens Vej 35, 2500 Valby, Denmark, webpage: www.datatilsynet.dk, telephone number: +45 33 19 32 00; E-mail: dt@datatilsynet.dk.

5. Exercising rights of Data subjects

You may exercise your rights stated in the previous point of this document:

– in writing, by sending request to the address Glycospot ApS, Østmarken 9, 2860 Søborg, Denmark or
– via e-mail address info@glycospot.dk.

Response to exercising your rights is provided free-of-charge. Under certain circumstances, in case of repeated, unreasonable or disproportionate requests to exercise your rights, we are entitled to charge a reasonable fee.

Response to exercising your rights is provided free-of-charge. Under certain circumstances, in case of repeated, unreasonable, or disproportionate requests to exercise your rights, we are entitled to charge a reasonable fee.

6. Profiling

We do not process your personal data by profiling or any form of automated individual decision-making.

Thus, when processing personal data by the Controller, neither profiling nor processing via automated individual decision-making occurs to evaluate your personal aspects.

7. Transfer to third countries and international organizations

We do not transfer and do not plan to transfer your personal data to the third countries or international organizations.

8. Recipients

Your personal data may be provided to recipients – state authorities, courts, law enforcement authorities, etc., which are entitled to process your personal data in certain cases.

In some cases, we provide your personal data also to other subjects, especially third parties and processors such as bookkeeping companies, companies providing website management services and advertising and marketing services or banks providing the payment services. We have concluded data processing agreements with all processors and have a transparent list of all our processors.

When processing your personal data, we use only processors who have taken appropriate technical and security measures to comply with the requirements of the Personal data protection legislation for the safe processing of your personal data.

9. Validity

This Privacy policy is valid and effective as of 01.12.2021. In case of change of this Privacy Policy, the Controller will inform you of the changes, at least 14 days in advance.