Privacy Policy

The purpose of this Privacy Policy is to inform you of the information that we collect from you when you use our website or in any other context. In connection with the collection of the information, we act as data controller and we are therefore required by law to provide you with certain information about us and about why and how we use your information, as well as the rights you have of your personal data.

Data Controller

Conscensia A/S is responsible for the processing of your personal data in connection with your use of our website or when we have a relationship with you in another context, for example, if you are a customer, potential customer or business partner to us. This is described in more detail below.

Contact information on the data controller is as follows:

Conscensia A/S
Nordvestvej 31
9000 Aalborg
Denmark
VAT nr.: DK26459400
www.conscensia.com
Tel. +45 88 82 62 62
dataprotection@conscensia.com

We are not required to have a Data Protection Advisor, so any inquiries about our use of your personal information should be directed to us through the above contact information.

The purposes and legal basis for the processing of your personal data

We process your personal information in the following cases:

• When using our website
• When you submit an inquiry through our website
• When you sign up for our newsletter
• In connection with establishing customer relationships
• If you are a customer with us
• If you are a supplier or partner to us or any other part of our network
• If you request access to your personal information
• If you ask us not to contact you in the future

When using our website

When you use our website to browse our products and services and see the information we provide, a number of cookies are used by us and third parties that allow the website to function, collect useful information about visitors and help us make your user experience better.

Some of the cookies we use are strictly necessary for our website to function and we do not ask for your consent to place these on your computer.

For more information on our use of cookies, please see our cookie policy.

When you submit an inquiry through our website

When you submit an inquiry via the contact form on our website, we ask you for your contact information in the form of name and e-mail address.

We use this information to respond to your inquiry, including providing you with any information about our products and services that you have requested. We may also choose to email you several times after your inquiry to follow up on your expression of interest and ensure that we have answered your inquiry to your satisfaction. We will do this on the basis of our legitimate interest in providing you with accurate information prior to submitting an offer.

Your inquiry will be forwarded to our email address and stored solely in our email mailbox, which is located on servers in the EU. The query is then processed exclusively by mail correspondence to the email address you provided in connection with your inquiry.

We do not use the information you provide us to make any automatic decisions that may affect you.

We keep email requests for 1 year before deleting them.

When you sign up for our newsletter

If you sign up for our newsletter, you will give us your name, company name and email address.
We do this in order for the service to work, so we know who to send the newsletters to.
You can unsubscribe from our newsletter at any time. You can either use “unsubscribe” at the bottom of the newsletter or write to us directly at dataprotection@conscensia.com Then we take you off the list and delete all your information.

However, we may need to keep some of your information for a period of time anyway. We are obliged to prove that we have fulfilled the obligation of deleting. We therefore reserve your name in order to prove that we have complied with our deletion obligation and thereby comply with the rules. The legal basis for this is Article 5, paragraph 2 and 6, paragraph 1 point c of the Data Protection Regulation.
We will at least delete your e-mail address so that we fulfill your desire for deletion to the fullest extent possible.

Our legal basis for collecting and storing your name and email address is the consent you have given us when you signed up for the newsletter. The legal basis for this is Article 6, paragraph 1 point a in the Data Protection Regulation.
It is not a legal requirement that you must provide us with your personal information and that we must store and use it.
If you do not want us to receive and store your name and email address, simply do not sign up for our newsletter. The only consequence is that you will not receive the newsletter.

In connection with establishing a customer

In connection with the startup of customer, we collect and process the information necessary for us to establish the customer relationship with you. Our legal basis for processing your personal data when you become a customer is GDPR Article 6, paragraph 1 point b. The processing of personal data is necessary for us to comply with our contract with you. If you do not wish to submit this information, the consequence is that you will not be able to become a customer with us.

If you are our customer

If you are our customer, we collect and process the information necessary for us to perform the agreed task. It can be, for example, name, e-mail, telephone number, address, VAT number, order and purchase history.

Our legal basis for processing your personal data when you are our customer is GDPR Article 6, paragraph 1 point b. The processing of personal data is necessary for us to comply with our contract with you.

If you are our supplier or partner or in any other part of our network

If you or your company is a supplier, partner and/or otherwise part of our network, we collect business card information (e.g. name, email, telephone number etc.) in order to build cooperation and relationships between you, our company and other relevant players in our network.
Our legal basis for using your personal information is “legitimate interests”. Meaning that our interest in processing the information overshadows your fundamental rights that we shouldn’t use your personal information. The legal basis for this is Article 6, paragraph 2 point f of the Data Protection Regulation.
We have determined that your fundamental rights as a person are sufficiently balanced against your (and our) interest in being part of our network and/or business partner, and thus, allowing us to collect and store your personal information.

If you request access to your personal data

If you request access, we will identify you properly before providing any personal information to you. We do this to ensure that we do not unduly disclose personal information that a fake person has requested us to disclose.

This will in some cases mean that we request a copy of your health card and/or photo ID, such as passport or driver’s license. We believe that it may be one of the necessary means to ensure identity and compliance. However, it depends on the situation, e.g. how well we know you.

Our legal basis for receiving additional identity information on you is Article 5, paragraph 2 and 6, paragraph 1 point c of the Data Protection Regulation. This means that the legislation sets out some criteria for how we can legally fulfill your request for access.

If you ask us not to contact you in the future

If you specifically ask us not to contact you in the future, we will save a copy of your request to register your request and comply with it not to be contacted.The legal basis for receiving additional identity information on you is Article 5, paragraph 2 and 6, paragraph 1 point c of the Data Protection Regulation. This means that the legislation sets out some criteria for how we can legally fulfill your desire not to be contacted in the future.

Otherwise, if you do not want us to store your personal information, the consequence could be that we will contact you by mistake and against your request. In addition, it could mean that we cannot document that we have fulfilled your desire not to be contacted in the future.

Transfer of personal data

We use external data processors and data controllers who have access to personal data from our website and in our systems in order to fulfill the purposes, e.g. for customer registration in customer system, accounting and for backup.

The data processors handle personal data according to our instructions and only for the purposes we have mentioned here in the privacy policy. We have instructed the companies to comply to various security requirements so that personal information is treated confidentially and responsibly.

Other data controllers only receive personal data from us on a legal basis and are independently required to comply with applicable laws.

Transfer of your personal data to a third country (outside the EU/EEØ)

As a general rule, we do not forward your personal data to countries outside the EU/EEØ. If necessary, this will be done in accordance with legislation, including ensuring the necessary basis for secure transfer.

Storing your personal information

Conscensia will only keep your personal data for as long as necessary to fulfill the purpose of processing your information. However, special rules may apply and in some areas your personal data may be stored for an extended period of time. Below we describe how long we keep your personal information, depending on your relationship with our company.

If you are our customer

Your personal information is stored so that we can document our sales and accounting to public authorities, should this become relevant. The legal basis is paragraph 10 point 1 of the Danish Bookkeeping Act.
In addition, they are stored for the sake of the Danish Limitation Act. The legal basis for this is Paragraph 2 and 3.
We do this as our advisory responsibilities are valid for up to 10 years. If a customer believes that we have provided defective advice, either through concrete advice or general guidance, we will be able to counter the views by showing the course of the purchase and/or the case, including correspondence with you and notes we may have made in connection with you as a customer.

We would like to be able to document this with any relevant correspondence that may have occurred with you. We therefore keep your personal data in connection with your customer relationship for up to 10 years.

When you complete our customer satisfaction survey via Surveymonkey

If you complete a customer satisfaction survey, such as a questionnaire, we will receive your name, company name, e-mail, telephone number and IP address and at the same time you will allow us to contact you. We do this to provide you with oral and/or written feedback on the completed survey.
Our legal basis for collecting and storing your name, company name and email address is the consent you have given us, when you signed up. The legal basis for this is Article 6, paragraph 1 point a in the Data Protection Regulation. Our legal basis for collecting your IP address is “legitimate interests”, because it technically allows the system to work. The legal basis for this is Article 6, paragraph (2). 1 (f) of the Data Protection Regulation.

We have determined that your fundamental rights as a person are sufficiently balanced against your (and our) interest in completing our surveys and thereby allowing us to receive and store your IP address.

We use Surveymonkey’s systems to prepare our questionnaire. In this connection, Surveymonkey collects a number of information about you, and your data may be stored outside the EU. You can read SurveyMonkey’s Legal Terms and Policies here: Legal Terms and Policies

If you are a potential customer

If our dialogue with you does not ends up in a cooperation, we will delete your personal information within 1 year.

Among other things, we evaluate whether the correspondence indicates that you may be returning later, whether we have made an offer that is valid for a period of time and generally your purchasing interest.

We continuously review our cases and procedures so that we do not store more personal information than is necessary to fulfill the purposes set out above.

If you request access

We are responsible for proving that we are not at fault for incidents that violates your personal rights.
Therefore, we store your personal information in connection with a request for access for up to 10 years.
We take this action due to our liability to you runs for up to 10 years, if we provide personal information to a wrong person. That way, we can document that we did not act incorrect with a request to get access to your personal data.
The legal basis for this is paragraph 2 and 3 of the Limitation Act and Article 5, paragraph 2 in the Data Protection Regulation and Article 82 point 1-3.

If you are part of our network and/or business partner

Building meaningful and valuable relationships takes a long time. Therefore, as a starting point, we store your information for up to 5 years from the time we receive your personal information.
We will delete the information earlier, if we have not been able to help you or your company within 5 years of receiving your information, e.g. by sending a referral to you.
If we haven’t been able to help you before then, it doesn’t make sense to keep your personal data anymore.
If we work well together and mutually assist each other’s businesses and customers, the 5 years count from our most recent interaction.

If you ask us not to contact you in the future

As a starting point, we store your inquiry for up to 1 year after you contact us, so that we comply with your desire not to be contacted and will not accidentally do so.

If we are your customer

We basically store your information for up to 5 years after our customer relationship with you/your company started.
We do this to ensure our rights in the event of a dispute over the service we have purchased from you and your company.

Your rights as registered

In order to create transparency about the processing of your information, we (as a data controller) must inform you of your rights.

The right to insight

You are entitled at any time to request information from us, about the information we have registered about you, what purpose the registration serves, what categories of personal data and recipients of information, if any, as well as information about where the information came from.

You have the right to have a copy of the personal data we process about you. If you would like a copy of your personal information, you must send a written request to dataprotection@conscensia.com You may be asked to document that you are the person you claim to be.

The right to rectification

You have the right to have incorrect personal information about yourself corrected by us. If you become aware that there is an error in the information that we have registered about you, please contact us in writing so the information can be corrected.

The right to delete

In some cases, you have the right to have all or some of your personal information deleted by us, for example, if you revoke your consent and we have no other legal basis to continue the processing and keep your personal data. To the extent that continued processing of your information is necessary, e.g. for us to comply with our legal obligations, or for legal claims to be established, enforced or defended, we are not required to delete your personal data.

The right to restrict the processing to storage only

In some cases, you have the right to restrict the processing of your personal data to storage only, for example, if you believe that the information we process about you is incorrect.

The right to data portability

In some cases, you have the right to have personal data provided by yourself, delivered in a structured, commonly used and machine-readable format, and you have the right to transfer this information to another data controller.

The right to object

You have the right at any time to object to our processing of your personal data for the purpose of direct marketing, including the profiling in order to target our direct marketing.
You also have the right, at any time, for reasons relating to your personal situation to object to the processing of your personal data, which we make on the basis of our legitimate interests.

The right to withdraw consent

You have the right at any time to revoke a consent you have given to us for a given processing of personal data. If you wish to revoke your consent, please contact us at dataprotection@conscensia.com
To submit a request for your personal information by email, mail or telephone, please use the contact information in this policy.

Your right to complain

You have at any time the right to submit a complaint to the Danish Data Protection Agency, Borgergade 28, 5, 1300 Copenhagen K, Denmark, about our processing of your personal data. Complaints can be submitted by email to dt@datatilsynet.dk or telephone +45 33 19 32 00.

Updates to this Privacy Policy

We regularly review this Privacy Policy and update it from time to time, as our services and use of personal information evolve. If we wish to make use of your personal information in a manner, we have not previously identified, we will contact you to provide information about this and, if necessary, ask for your consent.

We update the version number and date of this document each time it changes.

Version 1.1. January 28, 2020