This Privacy Policy was last updated on 17th of August, 2023
This Privacy Policy describes how KMD A/S ("we" or "us") processes your personal data following the introduction of the EU Data Protection Regulation (and references to articles below refer to the EU Data Protection Regulation). The Privacy Policy applies to the information that you provide to us and/or that we collect about you as part of a customer relationship, supplier relationship or other collaborative relationship, as a user of our services or through your browsing of our website, etc. In the Privacy Policy you can read about how we handle your information and how long we keep information about you, etc.
Personal data may also be covered by another privacy policy of ours that we disclose in connection with a specific service, website or processing operation. Such Personal Data is not covered by this Privacy Policy (unless otherwise stated in that other privacy policy).
Our Privacy Policy is divided under the following headings:
1. Contact details for the controller and data protection officer
2. Description of the processing of personal data
2 A. Customer, supplier, business partner or person related to them (e.g. employee or consultant)
2 B. User of kmd.dk and/or recipient of marketing, newsletters, etc.
2 C. Events
2 D. Social Media
3. Cookies
4. KMD-developed apps
5. Your rights
6. Security
7. Complaint to the Data Protection Authority
8. Updating this policy
KMD A/S is the data controller for the processing of your personal data. Here you can see our contact information:
KMD A/S
Lautrupparken 40, DK-2750 Ballerup
CVR no.: DK26911745
Telephone: + 45 4460 1000
Email: info@kmd.dk
Our Data Protection Officer can be contacted here:
Email: privacy@kmd.dk
By letter: KMD A/S, Lautrupparken 40, 2750 Ballerup, att. "Data Protection Advisor"
In order to provide clear and transparent information about how we process your personal data, we have divided our Privacy Policy into different sections. Depending on whether you are a customer, supplier, business partner or related person (e.g. employee or consultant), whether you use our website kmd.net, receive marketing from us, register and participate in our events and/or visit our profiles on Social Media, different parts of the policy apply to you.
Purpose of processing:
We collect and process information about customers, suppliers and business partners and persons associated with them, e.g. employees or consultants, in order to communicate and cooperate in concluding/complying with/fulfilling agreements with you or the company or organization with which you are associated (e.g. as an employee or consultant) and to comply with requests from you.
Categories of personal data we process:
We process general personal data such as name, position, contact information including for example the name of the company or organization you work for, address, e-mail and telephone number, user name, response to customer satisfaction surveys, information about you related to the solution of common tasks, including for example your tasks in project plans, your input at meetings in meeting minutes, etc. The information may also include your CV when KMD and the company or organization you work for submit a bid as a prime/subcontractor or as a consortium to a customer in a bidding process.
Sources:
We collect personal data from the following sources:
Lawfulness of processing:
We process your personal data based on the following processing bases:
Beneficiaries:
We may share your personal data with:
Transfer to countries outside the EU/EEA:
Several of our customers, suppliers and partners who assist us and service providers of various IT tools, including IT collaboration tools, are established outside the EU/EEA. We may therefore share your personal data with recipients in countries outside the EU/EEA (third countries). However, this assumes that:
The transfer of personal data to our parent company, NEC Corporation, in Japan is based on the EU Commission's decision to consider Japan a safe third country.
You may at any time obtain information or, where appropriate, a copy of the necessary safeguards on which the transfer of personal data to recipients outside the EU/EEA is based by writing to us in accordance with point 1.
Storage:
We will keep information about you for as long as we need to:
Voluntarily:
When we collect personal data from you, it is voluntary for you to provide the information to us. If you do not provide us with the personal data, the consequence may be that we cannot fulfil the purposes above, including
Objective:
We collect and process personal data, including your IP address, for marketing and statistical purposes. This may be, for example, to target our communications with you based on your areas of work and interest and to send you relevant marketing, information and inspiration in the form of, among other things, gated content and follow-up to your inquiry to us via contact form.
We collect and process information about your behavior on our website to analyze the use of our website, optimize the user experience and target our communications to you, including by online marketing on Social Media. We collect the information on the basis of cookies in accordance with our Cookie-Policy and if you have consented to the use of non-essential cookies. As a general rule, information collected about your behavior on our website on the basis of cookies will not be attributed to you as an individual. However, if via our website you have requested or agreed that you will receive, gated content and follow-up email from KMD's Sales Team or follow-up to your enquiry to us via contact form or similar, we will link this personal data to your behavior on our website in order to target our communications and marketing, including for example what we present on our website and advertising on other websites.
Furthermore, we use information about your name, work email, company and position to respond to your request via contact form or regarding gated content e.g. a white paper in order to target our follow-up to be relevant to you.
Categories of information:
We collect general information such as name, position, profession/field of work, place of employment, contact details, professional areas of interest, IP addresses, and your behavior on our website.
Here you will find a more detailed explanation:
(a) "log data": when you visit our websites, a so-called log data record (so-called server log files) is temporarily stored on our web server. This consists of:
(b) "contact form data": when contact forms are used, the data sent through them are processed: name, e-mail address, telephone number and time of transmission.
We would like to point out that we evaluate your user behavior when we send emails with gated content. Emails contain links with tracking i.e. we can see that you open the email and gated content. We associate the above data with your email address and an individual ID.
Sources:
We collect information from you in connection with contact forms, gated content and via cookies that you accept on our website.
Lawfulness of processing:
We process your personal data based on the following processing bases:
Receiver:
We disclose or transfer information about you to the following recipients:
Transfer to countries outside the EU/EEA:
If you have consented to the use of third-party cookies that allow personal information about you to be inferred, as set out in our Cookie Policy, then information about you may be disclosed to the third party on that basis.
Several of the providers that use cookies are established outside the EU/EEA. We may therefore share your personal data with recipients in countries outside the EU/EEA (third countries). However, this assumes that:
You can obtain information or a copy of the necessary guarantees on which the transfer of personal data to recipients outside the EU/EEA is based at any time by writing to us.
Most providers that use cookies process data on a global level. Therefore, if you are located in the EU, please be aware that when you use Social Media, personal data may also be processed outside the EU by those Social Media.
If your personal data is transferred to countries outside the EU, the social media provider provides appropriate safeguards, for example by entering into standard contractual clauses issued by the European Commission or by complying with approved Binding Corporate Rules, to ensure that the transfer of data takes place with the same level of data protection equivalent to the GDPR.
For the transfer of personal data to the United States to Social Media, which have certified themselves under the EU-U.S. Data Privacy Framework with the American Department of Commerce, the basis for the transfer of personal data from the EU to the United States may be based on the European Commission's decision that this ensures an adequate level of protection.
You can find further information on the transfer of personal data to countries outside the EU in the respective privacy policies of the cookie provider in question (see above).
Storage:
We will keep information about you for as long as we need to:
in respect of limitation of criminal and civil liability and other legal claims, where applicable. If it is not relevant, we will delete the data beforehand.
For example, we will retain information regarding your consent and any withdrawal of consent to receive gated content emails and follow-up emails from KMD's Sales Team for up to 2 years after the last email is sent.
Voluntarily:
When we collect personal data from you, it is voluntary for you to provide the information to us. If you do not provide us with the personal data, the consequence will be that we cannot fulfil the purposes above, including that we cannot target our communications based on your areas of interest and focus or send you email marketing in the form of gated content.
Objective:
We process personal data about you when you register for or participate in an event with us in order for you to participate in the event. Events in this context cover events, courses, webinars and the like organized by KMD. In some cases, we may also process personal data about you in the form of images and/or videos in order to market us on the Social Media (as described in section 2.D Social Media below) on which we are located, on our website or in a newsletter when you attend an event.
Categories of information:
We process the following personal data about you: name, position, the company or organization you work for, as well as address, e-mail address and telephone number. We may also process your payment details.
It is necessary for us to record the above personal data about you in order to register you for our event.
We may also process personal data about you in the form of images and/or videos taken from the event in which you participate, either as a participant or presenter.
Sources:
We collect personal data from the following sources:
Lawfulness of processing:
We process your personal data based on the following processing bases:
For those attending an event:
For you as a presenter:
Receiver:
We disclose or transfer information about you to the following recipients:
Transfer to countries outside the EU/EEA:
As a general rule, KMD does not transfer your personal data to countries outside the EU/EEA in connection with events. In some cases, however, we use personal data about you in the form of images and/or videos to promote us on our Social Media profiles.
We may therefore share your personal data with recipients in countries outside the EU/EEA (third countries). However, this assumes that:
You can obtain information or a copy of the necessary guarantees on which the transfer of personal data to recipients outside the EU/EEA is based at any time by writing to us.
Most Social Media process data on a global basis. If you are located in the EU, you should therefore be aware that when you use the Social Media, personal data may also be processed outside the EU by the Social Media concerned.
If your personal data is transferred to countries outside the EU, the Social Media provider provides appropriate safeguards, for example by entering into standard contractual clauses issued by the European Commission or by complying with approved Binding Corporate Rules, to ensure that the transfer of data takes place with the same level of data protection equivalent to the GDPR.
For the transfer of personal data to the United States to Social Media, which have certified themselves under the EU-U.S. Data Privacy Framework with the American Department of Commerce, the basis for the transfer of personal data from the EU to the United States may be based on the European Commission's decision that this ensures an adequate level of protection.
You can find further information on the transfer of personal data to countries outside the EU in the respective privacy policies of the social media concerned.
You may withdraw your consent at any time by writing to KMD via email to marketing@kmd.dk.
Storage:
We will keep information about you for as long as we need to:
Specifically, the following deletion deadlines apply:
Purpose of treatment:
We may process your data on social media sites where we have pages managed by us. We are on the following platforms:
hereinafter collectively referred to as "Social Media". We use information collected through our Social Media pages to inform about and market KMD and our products and services. In addition, we use the information for statistical purposes.
If you participate in an event hosted by KMD, KMD may upload images and/or videos featuring you to our Social Media pages. You can read about our processing of such information about you in section 2.C Events, above.
Categories of data we process:
The information collected through our Social Media pages is made available to us in aggregated statistics to a very limited extent. As this is aggregated information, it is not possible for us to identify individuals.
We can obtain aggregate information on visitors' gender, age group, country, city and language, as well as types of jobs, seniority, types of companies and number of employees in the company that the visitor is employed.
Below you can see what aggregated information we get from which Social Media:
In addition, we use marketing and advertising via Google, Facebook, LinkedIn and Twitter, where we address targeted advertisements to a target group based on the target group's search history, clicks, who the target group likes and who the target group follows on that Social Media.
Comments posted by users on our Social Media pages do not constitute a collection of personal data by us and we are not data controllers of such information. Messages written on our profiles are public and can be viewed by anyone. However, we may have a legal obligation to process the contact information of a user who posts comments on our Social Media pages and contact the person who posted them. This may happen if, for example, the person complains or writes something else that obliges us to contact the person.
Sources:
When you visit our pages on Social Media, that medium often places cookies on the device you are using to access. This may be your computer, tablet or phone, for example. The Social Media in question therefore processes information about you when you visit our page on the Social Media managed by us. It is irrelevant whether you have a profile on the Social Media or not. You can find LinkedIn's cookie policy here, Facebook's here, Instagram's here, Twitter's here and YouTube's here.
The Social Media and KMD A/S are joint data controllers for the processing of personal data that takes place on our pages on the Social Media. This means that Social Media must share and determine responsibility with us for complying with data protection rules. Personal data processed about you when you visit our pages on the Social Media is collected and processed by the Social Media, including, inter alia, to provide the Insight function and other statistical functions (i.e. functions that, for example, enable us to receive aggregated statistics from the Social Media about visits to our page in order for us to determine the target audiences for our advertisements on our page on the Social Media).
It is the Social Media that collect, process and have access to the personal data about you, and if you wish to exercise your rights or if you believe that the data is being processed in breach of the rules, you can contact the Social Media concerned.
Read more in LinkedIn's privacy policy here, Facebook's here, Instagram's here, Twitter's here and YouTube's here
Read more about the Facebook Insight feature here: https://www.facebook.com/legal/terms/information_about_page_insights_data
Read more about the terms of KMD's and Facebook's joint data responsibility for the Insight feature here: https://www.facebook.com/legal/terms/page_controller_addendum
Please note that despite sharing joint responsibility with the social media, KMD has no influence over the data processing activities carried out by the social media. The options open to us depend essentially on the respective provider's corporate policy.
If we receive a request from you regarding the exercise of your rights in relation to the processing of insight data by, for example, Facebook, LinkedIn, Instagram, Twitter and YouTube, we are obliged to forward all relevant information to the social media concerned so that the social media can respond to your request in a timely manner.
Lawfulness of processing:
We process your personal data based on the following processing bases:
Receiver:
We disclose or transfer information about you to the following recipients:
Marketing agencies and other service providers who (as data processors) assist us with marketing/advertising targeting.
Transfer to countries outside the EU/EEA:
As a general rule, KMD does not transfer your personal data to countries outside the EU/EEA.
However, several of our customers, suppliers and partners who assist us and service providers of various IT tools, including IT collaboration tools, are established outside the EU/EEA. We may therefore share your personal data with recipients in countries outside the EU/EEA (third countries). However, this assumes that:
You can obtain information or a copy of the necessary guarantees on which the transfer of personal data to recipients outside the EU/EEA is based at any time by writing to us.
Most social media process data on a global basis. If you are located in the EU, you should therefore be aware that when you use social media, personal data may also be processed outside the EU by those social media.
If your personal data is transferred to countries outside the EU, the social media provider provides appropriate safeguards, for example by entering into standard contractual clauses issued by the European Commission or by complying with approved Binding Corporate Rules, to ensure that the transfer of data takes place with the same level of data protection equivalent to the GDPR.
For the transfer of personal data to the United States to Social Media, which have certified themselves under the EU-U.S. Data Privacy Framework with the American Department of Commerce, the basis for the transfer of personal data from the EU to the United States may be based on the European Commission's decision that this ensures an adequate level of protection.
You can find further information on the transfer of personal data to countries outside the EU in the respective privacy policies of the social media concerned (see above).
Storage:
We will keep information about you for as long as we need to:
We have no control over how long data held by social media sites is stored for their own purposes. For details, please refer directly to the operators of the social media (see references to their privacy policies above).
On the use of cookies, please see our Cookie Policy. If cookies involve the collection of personally identifiable information, this will be disclosed in our Cookie Policy and/or this Privacy Policy.
For personal data collected via KMD-developed apps, please see Processing of personal data in KMD apps.
You have a number of rights under the GDPR in relation to our processing of data about you.
If you want to exercise your rights, please contact us. See our contact details in section 1.
We will comply with your request as soon as possible in accordance with applicable law. If - for any reason - we are unable to comply with your request, we will contact you.
Right to see information (right of access):
You have the right to access the data we process about you, including the purposes of the processing, as well as a range of additional information.
Right of rectification (correction):
You have the right to have inaccurate information about yourself corrected.
Right to erasure:
In exceptional cases, you have the right to have information about you deleted before the time of our general deletion occurs.
Right to restriction of processing:
In certain cases, you have the right to restrict the processing of your personal data. If you have the right to restrict processing, we may only process the data in the future - apart from storage - with your consent, or for the establishment, exercise or defence of legal claims, or to protect an individual or important public interests.
Right to object:
In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You may - for reasons relating to your particular situation - ask us not to process your personal data in cases where the processing is based on Article 6 (1) (e) (task carried out in the public interest or in the exercise of official authority) or Article 6 (1) (f) (legitimate interest), including profiling based on these provisions. The extent to which we process your data for such purposes is set out in this Privacy Policy. We may then no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defense of legal claims.
You can also object to the processing of your data for direct marketing and marketing profiling purposes. We may then no longer process the personal data for this purpose.
Withdrawal of consent:
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you withdraw your consent, it will not affect the lawfulness of the processing carried out before you withdrew your consent.
If you have consented to receive gated content and follow-up emails from the KMD Sales Team via email, you may withdraw your consent at any time by using the unsubscribe link in the email broadcasts or by writing to us at marketing@kmd.dk.
Data portability:
In certain cases, you have the right to receive your personal data (only data concerning yourself that you have provided to us) in a structured, commonly used and machine-readable format and to have this personal data transferred to another controller (data portability).
General:
There may be conditions or restrictions attached to the use of the above rights. It is therefore not certain that you have the right to data portability in the specific case, for example - this depends on the specific circumstances of the processing activity in question.
At KMD, we have an information security management system. We process all data, including your personal data, in accordance with the security policies, processes and controls contained in our ISO27001 certified information security management systems. This means that your personal data is protected against destruction, loss or alteration, against unauthorized disclosure, and against unauthorized access or knowledge.
You have the right to lodge a complaint with the Data Protection Authority if you are unhappy with the way we process your personal data:
Danish Data Protection Agency, Carl Jacobsens Vej 35, DK-2500 Valby, tel. +45 3319 3200, email: dt@datatilsynet.dk.
We are committed to fundamental principles of privacy and data protection. We therefore regularly review this Privacy Policy to keep it up to date and in compliance with applicable principles and legislation. The Privacy Policy is subject to change without notice.
Material changes to the Privacy Policy will be posted on our website together with an updated version of the Privacy Policy.
Any changes we may make to the Privacy Policy in the future will be posted on this page and may be notified to you by email.