This Privacy Policy was last updated on 25th of May, 2018

Privacy Policy for KMD A/S

This Privacy Policy describes how KMD A/S ('we' or 'us') processes your personal data after the implementation of the EU General Data Protection Regulation (and references to articles below refer to the EU General Data Protection Regulation). The Privacy Policy applies to data which you provide to us and/or which we collect about you as part of a customer relationship, supplier relationship or other business partnership, as user of our services or our websites etc. In the Privacy Policy, you can read how we process your data and for how long we store data about you etc.
Personal data may also be covered by another privacy policy with us. We will inform you of this in connection with a specific service, a specific website or specific processing. Such personal data are not covered by this Privacy Policy (unless otherwise specified on the other relevant privacy policy).
Our Privacy Policy is divided into the following headlines:

1. Contact details of controller and data protection officer
2. Description of the processing of personal data
2 A. Customer, supplier, business partner or person related to any of these (e.g. employee or consultant)
2 B. User of kmd.dk and/or recipient of marketing, newsletters etc.
3. Cookies
4. KMD-developed apps
5. Your rights
6. Security
7. Complaint to the Danish Data Protection Agency
8. Updating this policy

1. Contact details of controller and data protection officer

KMD A/S is controller for the processing of your personal data. Our contact details are:

KMD A/S
Lautrupparken 40-42, DK-2750 Ballerup
CVR no.: DK26911745
Telephone: + 45 4460 1000
Email: info@kmd.dk

Our Data Protection Officer can be contacted at:

Email: privacy@kmd.dk
By letter: KMD A/S, Lautrupparken 40-42, DK-2750 Ballerup, attn. ”Data Protection Officer”

2. Description of the processing of personal data

In order to provide clear and transparent information about how we process your personal data, we have divided our Privacy Policy into different sections. Depending on whether you are a customer, supplier, business partner or person related to any of these (e.g. employee or consultant), whether you use our website kmd.dk and/or receive marketing, newsletters, etc. from us, then different parts of the policy apply to you.

A. Customer, supplier, business partner or person related to any of these (e.g. employee or consultant):

Purpose of processing:

We collect and process data about customers, suppliers and business partners and person related to any of these, e.g. employees or consultants, to be able to communicate and cooperate on the conclusion of/compliance with/performance of agreements with you or the company or organization to which you are related (e.g. as an employee or a consultant) and to meet requests from you.

Categories of data which we process:

We process general personal data such as name, position, contact details, including name of the company or organization you work for, address, email and telephone number, user name, etc.

Sources:

We collect the personal data from the following sources:

  • Directly from you or the company or organization to which you are related (e.g. as an employee or a consultant).

Processing basis:

We process your personal data on the following processing basis:

  • When it is necessary in order for us to pursue a legitimate interest (Article 6(1) (f)). We have a legitimate interest in being able to contact you, communicate with you and cooperate with you on the conclusion of/compliance with/performance of agreements with you or the company or organization to which you are related (e.g. as an employee or a consultant) and to meet requests from you. This includes a legitimate interest in storing documentation of our cooperation for purposes of invoicing and resolving any disputes.
  • When necessary to perform an agreement with you or in order for us to manage requests and similar prior to you entering into an agreement with us (Article 6(1) (b))
  • When processing is necessary in order for us to meet a legal obligation (Article 6(1) (c)). In some cases, we are legally obliged to store material that includes your personal data. This could be for the purpose of documenting audit trails and similar subject to the provisions of the Danish Bookkeeping Act.

Recipients:

We may to the necessary extent share your personal data with:

  • the customers, suppliers and business partners who assist us (e.g. as processors) or with whom we cooperate on the conclusion of/compliance with/performance of agreements with you or the company/organization to which you are related (e.g. as an employee or a consultant). This means that we can share your data with for instance our service providers of IT tools and consulting business partners.
  • our auditors, lawyers, external consultants
  • consolidated companies to the extent legal. You can see an overview of our consolidated companies here.

Transfer to countries outside the EU/EEA:

Some of our suppliers and service providers of various IT tools, including tools for cooperation, are based outside the EU/EEA. As a result, we sometimes share your personal data with recipients in countries outside the EU/EEA (third countries). However, it is a condition that:

  • the relevant third country/company in the third country is assessed by the EU Commission to be a country/company which generally ensures an adequate level of protection of personal data, either through law or other measures
  • standard provisions have been agreed between us and the relevant recipient of your personal data on data protection adopted by the EU Commission.
  • the relevant recipient has acceded to an approved code of conduct or an approved certification scheme or
  • the relevant recipient has a set of Binding Corporate Rules

You may at any time request information about or a copy of what appropriate safeguards form the basis for the transfer of personal data to recipients outside the EU/EEA by writing to us, see clause 1.

Storage:

We store data about you for as long as we need to be able to:

  • pursue the purposes specified above
  • document:
  • cooperation
    • our right to process the personal data and
    • our compliance with the rules on processing of personal data and other legislation, e.g. the Danish Bookkeeping Act (which requires us to store accounting records for five years from the end of the financial year which the accounting records concern);

      in relation to limitation of criminal and civil liability and other legal requirements if relevant. If not relevant, we will erase the data before.

Voluntariness:

When we collect personal data from you, it is voluntary whether you want to provide the data. If you do not provide the personal data, the consequence might be that we cannot pursue the purposes specified above, including:

  • that we cannot enter into a customer/supplier relationship or other partnership with you, including communicating and have regular contact with you or the company to which you are related (e.g. as an employee or a consultant)
  • that we cannot meet your requests and
  • that we cannot give you access to our services and systems.

B. User of kmd.dk and/or recipient of marketing, newsletters, etc.

Purpose:

We collect and process personal data for marketing purposes. This could be to target our communication to you based on your work or interests and send you relevant marketing, information and inspiration in the form of e.g. newsletters, invitations to events, whitepapers and information about new solutions/services etc.

KMD reserves the right to collect data about your IP address. An IP address is a unique number assigned to network units, e.g. computers that communicate with each other over the Internet. KMD uses your and other users' IP address to target communication/marketing and for statistical purposes.

We collect and process data about your behavior on our website to analyze the use of our website, optimize the user experience and to target our communication to you. We collect the data based on cookies in accordance with out Cookie Policy. Cookies are small data files that are stored on the user’s IT equipment in order to allow the device to be recognized. Generally, collected data about your behavior on our website based on cookies cannot identify you as a person. However, if you have requested or accepted to receive marketing, newsletters, invitation to events, whitepapers through our website, then we will link such personal data with your behavior on our website for the purpose of targeting our communication and marketing, including the content presented on our website and advertisements on the websites of others.

If you have given your consent, we will use your name, email address and your data about professional interests to send you emails with marketing in the form of e.g. newsletters and invitations to events etc. If you have also provided your title and company (voluntary), we will use these data to target the content of newsletters and invitations to events that we send to you to match your selected areas of interest. We target by selecting content which we find is most interesting for you based on your title (job function) and sometimes the industry to which your company belongs as well as the size of your company.

We also use data about your name, email, telephone number, company and position to meet your request to have access to/receive specific protected content on our website, e.g. a whitepaper and to contact you for sales purposes.

Categories of data:

We collect general data such as your name, position, profession/job, place of employment, contact details, professional interests and in some cases IP addresses, your behavior on our website.

Sources:

We collect data from you and via cookies which you accept on our website.

Processing basis:

We process your personal data on the following processing basis:

  • When it is necessary in order for us to pursue a legitimate interest (Article 6(1) (f)). We have a legitimate interest in processing your data for marketing purposes. Our legitimate interest consists in knowing your professional interests and preferences, allowing us to tailor our communication and offers to you and eventually offer products and services that match your needs and wishes.
  • When you have given your consent to receive emails from us with newsletters and invitations to events etc. (Article 6(1) (a)). You may withdraw your consent to receive newsletters and invitations to events etc. by email at any time by using the unsubscribe link in the emails or on our website. Your withdrawal of your consent does not affect the legality of the emails with newsletters and invitations sent prior to your withdrawal of your consent. When we give you access to/send specific protected content on our website and subsequently contact you for sales purposes, it is also based on your consent. If you have consented to the use of third party cookies, which makes it possible to derive personal data about you, see our Cookie Policy, then such disclosure of data about you to the third party will be based on such consent.
  • When necessary to perform an agreement with you or in order for us to manage requests and similar prior to you entering into an agreement with us (Article 6(1) (b))

Recipients:

We disclose or make data about you available to the following recipients:

  • processors who help us issue newsletters, target marketing/advertisements and for statistical purposes and
  • third parties: if you have consented to the use of third party cookies, which makes it possible to derive personal data about you, see our Cookie Policy, then collection/disclosure of data to the relevant third parties will take place in accordance with our Cookie Policy. Kmd.dk uses Google's services for statistical and marketing purposes and Facebook for marketing purposes. Read more about the basis for Google's processing of personal data in Google's privacy and personal data policy and your possibilities of managing your privacy settings on Google's website www.google.com. Read more about the basis for Facebook's processing of personal data in Facebook's information on protection of personal data and security and your possibilities of managing your privacy settings on Facebook's website www.facebook.com.

Transfer to countries outside the EU/EEA:

If you have consented to the use of third party cookies, which makes it possible to derive personal data about you, see our Cookie Policy, then such disclosure of data about you to the third party will be based on such consent. In such case, Google and Facebook may – depending on your privacy settings with these services – based on cookies set by the services via our website, collect and store your data (e.g. IP address and cookie data) on foreign servers outside the EU/EEA. Google and Facebook are both certified under the Privacy Shield agreement.

Storage:

We store data about you for as long as we need to be able to:

  • pursue the purposes specified above
  • document:
    • our right to process the personal data and
    • our compliance with rules on processing of personal data and other legislation, e.g. the Danish Marketing Act

    • in relation to limitation of criminal and civil liability and other legal requirements if relevant. If not relevant, we will erase the data before.

For example, we will store data regarding your consent and any withdrawal of your consent to receive emails with newsletters and invitations to events for up to 2 years after the last email with newsletters and invitations.

Voluntariness:

When we collect personal data from you, it is voluntary whether you want to provide the data. If you do not provide the personal data, the consequence will be that we cannot pursue the purposes specified above, including that we cannot target our communication based on your interests and focus areas or send you targeted and relevant marketing and information such as newsletters and invitations to events.

3. Cookies

Regarding the use of cookies, please refer to our Cookie Policy. If cookies involve the registration of personally identifiable data, this will appear from our Cookie Policy and/or this Privacy Policy.

4. KMD-developed apps

For personal data collected via KMD-developed apps, please refer to processing of personal data in KMD apps..

5. Your rights

According to the General Data Protection Regulation, you have certain rights in relation to our processing of data about you. 

If you want to exercise your rights, please contact us. See our contact details in section 1.

We will meet your request as soon as possible in accordance with current legislation. If, for some reason, we are unable to meet your request, we will contact you.

Right to see data (access right):

You have the right to access the data we process about you, including the purposes of the processing, and a range of other data.

Right to rectification (change):

You have the right to have inaccurate data about yourself rectified.

Right to erasure:

In special cases, you have the right to have data about you erased before the deadline for our general erasure.

Right to restriction of processing:

In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, in future we may only process data – except for storage – subject to your consent or for the establishment, exercise or defense of legal claims or to protect a person or important public interests.

Right to object:

In certain cases, you have the right to object to our otherwise lawful processing of your personal data. For reasons relating to your particular situation, you may ask us not to process your personal data in those cases where processing is based on Article 6(1) (e) (task carried out in the public interest or in the exercise of official authority) or Article 6(1) (f) (legitimate interest), including profiling based on these provisions. This Privacy Policy specifies the extent to which we process your data for such purposes. After that, we may no longer process the personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is necessary for the establishment, exercise or defense of legal claims.

You may also object to the processing of your data for direct marketing purposes and profiling related to such marketing. After that, we may no longer process personal data for that purpose.

Withdrawal of consent:

If the processing of your personal data is based on your consent, you are entitled to withdraw your consent at any time. If you withdraw your consent, this does not affect the lawfulness of the processing carried out before withdrawal.

If you have given your consent to receive newsletters and invitations to events etc. by email, you may withdraw your consent at any time by using the unsubscribe link in the emails.

Data portability:

In certain cases, you have the right to receive your personal data (only data about yourself provided by you) in a structured, commonly used and machine-readable format and to have such personal data transmitted to another controller (data portability).

General:

Conditions or restrictions may apply to the exercise of the above rights. This means that you do not necessarily have the right to data portability in the specific case – this depends on the special circumstances of the relevant processing activity.

6. Security

KMD has a management system for information security. We process all data, including your personal data, in accordance with the security policies, processes and controls laid down in our ISO27001-certified management systems for information security. This means that your personal data are protected against destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to or knowledge of such data. 

7. Complaint to the Danish Data Protection Agency

You have the right to submit a complaint to the Danish Data Protection Agency if you are not satisfied with the way in which we process your personal data:

Danish Data Protection Agency, Borgergade 28, 5th floor, DK-1300 Copenhagen K., tel. +45 3319 3200, email: dt@datatilsynet.dk.

8. Updating this policy

We are required to comply with the fundamental principles on protection of personal data and data protection. We regular review this Privacy Policy to keep it up-to-date and in accordance with current principles and legislation. The Privacy Policy can be changed without notice. 

Material changes to the Privacy Policy will be published on our website along with an updated version of the Privacy Policy.

Any changes we might make to the Privacy Policy in future, will be published on the website and you may receive email notification.