1. Identification of controller and general information"
The Controller processes your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter as „Regulation“), with Act No. 502 of 23 May 2018 on supplementary provisions to the regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the Data Protection Act) (hereinafter as „Act“), or with other legislation in relation to personal data protection (hereinafter as „Personal data protection legislation“).
The Controller obtains personal data directly from you as a data subject (hereinafter as „Data subject“) or from another person who provides us with your personal data. Thus, situation when the Controller obtains personal data even from a person other than you may arise, therefore, this document provides information to all Data subjects either pursuant to Article 13 of the Regulation, as well as pursuant to Article 14 of the Regulation.
All personal data processed by the Controller about you as the Data subject are processed only for reasonable purposes, for a limited period of time and using a maximum possible level of securing, to which the Controller has adopted appropriate internal personnel, technical and organizational security measures.
2. How can you get information about personal data processing?
In matters related to personal data processing and protection, you may contact the Controller at the address Glycospot ApS , Østmarken 9, 2860 Søborg, Denmark or via e-mail to e-mail address email@example.com.
3. Information on processing operations
The Controller processes the personal data solely in accordance with the principle of lawfulness. In this point, you can find information on legal bases for processing, types of personal data processed, periods for their retention and purposes of personal data processing.
Legal bases for processing - When are we entitled to process your personal data?
Performance of contractual obligations – we process your personal data when performing the contract if we have entered into a contract with you as the Data subject, to the extent necessary for the performance of the contractual obligations.
Compliance with legal obligations – in some cases, we process your personal data also for compliance with legal obligations. Such legal obligations are, for example, obligations arising out of accounting legislation.
Legitimate interest – we also process your personal data on the basis of legitimate interest, solely in cases when processing is necessary for our legitimate interests or legitimate interests of a third party provided that your interests or your fundamental rights and freedoms are not overriding such legitimate interests. Legitimate interest is applied, for example, when keeping a list of our business partners and customers, or for certain activities related to our promotion on the website and when providing our services (e.g. when providing a response to your messages sent via our contact form on the website).
Consent – in certain cases, we are entitled to process your personal data on the basis of the consent requested from you. For example, processing of your personal data is based on your consent when you subscribe for our newsletter. We always process the personal data only if there is a legal basis for their processing. Therefore, processing is always carried out in accordance with the principle of lawfulness.
Categories of the personal data processed - Which personal data do we process?
The Controller processes only such personal data which are necessary for the processing operation (purpose of the processing), always in accordance with the principle of minimisation.
For the legal bases of personal data processing where the Controller performs contractual obligations or legal obligations, the personal data processed by the Controller are mostly specified by legislation. When processing personal data on the legal basis of the consent or legitimate interest, we determine the categories of personal data processed separately for each purpose of the processing.
Retention period – How long do we keep your personal data?
The Controller stores the personal data depending on the purpose of the personal data processing. When setting a retention period, the Controller takes into account the principle of storage limitation, i.e. the Controller processes the personal data for a necessary period solely and after such period elapses, the Controller erases your personal data.
Purposes of the personal data processing
We always process your personal data for a specific purpose, which are following:
|Purpose of the processing||Legal basis||Personal data or categories of personal data||Retention period|
|Registration on website and maintenance of the profile of registered user||Contract performance||Ordinary personal data||@Ordinary personal data|
|Performance of the contractual duties (e.g. fulfilment of the order, delivery, including pre contractual relations)||Contract performance||Ordinary personal data||5 years following the day of the contract fulfilment|
|Compliance with the accounting legislation obligations||Compliance with legal obligation||Ordinary personal data||5 years following the end of the financial year, that the accounting records relate to|
|Keeping a register of the business partners and customers||Legitimate interest, which lays in the need of the Controller to be able to identify his business partners or customers at any time (for the proper execution of contractual obligations or for the proof of legal claims)||Ordinary personal data||5 years following the day of the contract fulfilment|
|Providing a response to the messages of Data subjects sent via contact form on the website||Legitimate interest, which lays in the interest of the Controller on responding to the messages in order to deal with the demands included in these messages||Ordinary personal data||1 year following the reception of the message or until the execution of the demand, depends on which of the conditions stated above happens earlier|
|Newsletter – providing Data subjects with the information about the new products, sales, etc.||Consent of the Data subject||e-mail address||3 years from the confirmation of the subscription to the newsletter|
|Presentation of Controller on the website||Legitimate interest, which lays in the interest of the Controller on providing the website visitors with synoptical and fully operational website, which is secured by the usage of the analytical and functional cookies||Ordinary personal data||5 years following the year which they are related to|
Other purposes of personal data processing by the Controller outside the website are documented by the Controller in the records of processing activities.
4. Rights of the data subjects
Protection of your personal data as of the Data subject is governed by the provisions of the Regulation. As the Data subject, you may exercise your rights against the Controller by means of a request. Your rights are as follows:
Right of access
You have the right to obtain a copy of the personal data which we hold about you, as well as the information on how we use your personal data. In most cases, your personal data will be provided to you by electronic means of communication, unless otherwise requested by you.
Right to rectification
We take reasonable measures in order to ensure that the data which we hold about you are accurate, complete and up-to-date. In case the personal data we hold are inaccurate, incomplete or outdated, we will modify, update or complete such personal data on basis of your request.
Right to erasure
Under certain circumstances, you have the right to ask us to erase your personal data, for example, if the personal data we have obtained about you, are no longer necessary to fulfil the original purpose of processing or if you withdraw your consent to the personal data processing. We assess exercising your right to erasure (right to be forgotten) on the basis of individual circumstances of each particular case of processing.
However, your right has to be assessed in the light of all relevant circumstances. For example, there may be certain circumstances or cases arising for us from applicable legislation when your personal data cannot be erased. In such case, we will not be able to accept your request.
Right to restriction of processing
You have also the right to ask us not to process your personal data. If you believe that the personal data we process about you are not accurate, that the processing is unlawful and you request the restriction of their processing, that we no longer need your personal data, but they are required by you as the Data subject for the exercise of legal claims or if you believe that we as the controller are not entitled to further process your personal data, we will not further process your personal data on the basis of your request.
Right to data portability
Under certain circumstances, you have right to transmit the personal data to another subject according to your choice. However, the right to portability applies only to personal data that we process under the contract to which you are one of the parties or on the basis of the consent which you have granted us.
Right to object
You have the right to object to processing of your personal data, for example if we process your personal data based on the legitimate interest or to processing in which profiling occurs. If you object to such personal data processing, we will not further process your personal data unless we demonstrate compelling legitimate grounds for such processing.
Right to withdraw the consent
If we process your personal data on the basis of your consent, you have the right to withdraw such consent for further processing of your personal data. You may withdraw your consent at any time in writing, by e-mail or orally (in person).
Rights in relation to profiling or automated decision-making
If we process the personal data by profiling or automated decision-making, you have the right to refuse the automated decision-making including profiling, from which a legal or other similar significant consequence arises. However, when processing personal data, we do not use automated individual decision-making or profiling at all.
Right to lodge a complaint or request
If you believe that we breach Personal data protection legislation when processing your personal data or that we have not handled your request in accordance with such legislation, you can lodge a complaint with the supervisory authority which is Datatilsynet – Danish Data Protection Agency, Carl Jacobsens Vej 35, 2500 Valby, Denmark, webpage: www.datatilsynet.dk, telephone number: +45 33 19 32 00; E-mail: firstname.lastname@example.org.
5. Exercising rights of Data subjects
You may exercise your rights stated in the previous point of this document:
- in writing, by sending request to the address Glycospot ApS, Østmarken 9, 2860 Søborg, Denmark or
- via e-mail address email@example.com.
Response to exercising your rights is provided free-of-charge. Under certain circumstances, in case of repeated, unreasonable or disproportionate request to exercise your rights, we are entitled to charge a reasonable fee.
Response to exercising your rights is provided free-of-charge. Under certain circumstances, in case of repeated, unreasonable, or disproportionate request to exercise your rights, we are entitled to charge a reasonable fee.
We do not process your personal data by profiling or any form of automated individual decision-making.
Thus, when processing personal data by the Controller, neither profiling nor processing via automated individual decision-making occurs to evaluate your personal aspects.
7. Transfer to third countries and international organizations
We do not transfer and do not plan to transfer your personal data to the third countries or international organizations.
Your personal data may be provided to recipients – state authorities, courts, law enforcement authorities, etc., which are entitled to process your personal data in certain cases.
In some cases, we provide your personal data also to other subjects, especially third parties and processors such as bookkeeping companies, companies providing website management services and advertising and marketing services or banks providing the payment services. We have concluded data processing agreements with all processors and have a transparent list of all our processors.
When processing your personal data, we use only processors who have taken appropriate technical and security measures to comply with the requirements of the Personal data protection legislation for the safe processing of your personal data.