The AABO-IDEAL privacy policy

  1. Introduction
      • This personal data policy (in the following referred to as “the Policy”) describes how Aabo-Ideal A/S (in the following referred to as “us”, “we” or “our”) collects and processes personal data in connection with the purchase of services, membership, products or the general use of our website.
      • The Policy is formulated and made available in order to comply with the General Data Protection Regulation (2016/679 of 27 April 2016) (in the following referred to as “GDPR”) and the rules in the regulation regarding the duty of disclosure.
  1. Types of personal data that is processed
    • We process personal data about you when it is relevant and in accordance with applicable legislation. Depending on the specific circumstances, the processed personal data may include the following types of personal information: name, telephone number, email, account status (balance, customer points or similar), bank information (card information or account information), customer number, address, invoicing and bookkeeping vouchers, information for tracking of shipments (e.g. tracking number) and purchase history.
    • If we need to collect and process additional personal data than what is specified above, we will inform you of this. Such information can also be collected in the event of the updating of this Policy.
  1. The purposes of processing personal data
    • We only process your personal data for legitimate purposes in accordance with the GDPR. Depending on the circumstances, personal data may be processed for the following purposes:
      • To be able to deliver or offer the services or products and/or sales offers that we provide.
      • To answer enquiries and/or complaints from users, customers or members.
      • To deliver service notifications and information to users, customers or members.
      • To store personal data to the extent that is a requirement pursuant to applicable legislation, which includes for example the storing of account and bookkeeping vouchers.
      • To send direct marketing to users, customers or members (such as emails, MMS, direct messages on social media, etc.).
      • To send newsletters via email.
      • To perform profiling of users, customers or members by analysing and predicting their preferences and/or behaviour.
      • To be able to provide support and service notifications, including to answer questions or complaints and send updates about our products and services.
      • To be able to improve our products, services or website.
  1. Legal basis for the processing of personal data
    • We only process your personal data when we have a legal basis for processing in accordance with the GDPR. The processing of personal data occurs depending on the specific circumstances on the basis of the following processing authority:
      • If we have requested your consent to process some specific personal data, the processing basis for the specific personal data is your consent, cf. the GDPR, article 6 (1)(a). The consent can always be withdrawn by contacting us via the contact information that is stated at the end of the Policy and if the consent is withdrawn, the personal data that is processed on the basis of the consent is deleted unless it can or must be processed in order to comply with a legal obligation, for example.
      • The processing is necessary in order to fulfil a contract with the data subject, cf. the GDPR, article 6(1)(b) first part.
      • The processing is necessary in consideration of the implementation of provisions that are made upon the data subject’s request prior to entering into a contract, cf. the GDPR, article 6(1)(B), last part.
  1. Passing on and transfer of personal data
    • We only pass on personal data to others when the legislation allows or requires. Our organisation is part of a group where personal data is shared between group companies depending on the specific circumstances.
    • We pass on personal data to the following recipients in the EU/EEC:
      • Danish tax authorities (SKAT) (in connection with bookkeeping, etc.)
      • Banks (in connection with pay-outs, receipt of payments, etc.)
      • Data processors
      • Authorities
      • Any other recipients upon your request
    • We generally use different external and professional organisations as suppliers and business partners to deliver or assist us in providing our services and products. The external organisations will not receive or process personal data unless the legislation allows the transfer and processing of said data. If the external organisations or business partners are data processors for us, their processing of personal data always takes place pursuant to a data processor agreement which meets the requirements of the legislation. If the external organisations or business partners are independent data controllers, their processing of personal data occurs in accordance with their own privacy, data protection or personal data policy, which the external organisations will draw attention to unless the legislation prescribes something else.
    • We do not transfer personal data to countries or international organisations outside of the EU/EEC unless it is necessary upon your specific request.
  1. Deletion and storage of personal data
    • We ensure that personal data is deleted when it is no longer relevant to our processing purposes as described above. We always store personal data for a time period to comply with applicable legislation obligations, including to use for documentation of compliance with the provisions in the Danish Accounting Act. In the event of questions regarding the storage and processing of personal data, you are welcome to contact us at the email address you will find in the last section of this Policy.
  1. Data subjects’ rights
    • Data subjects have a number of rights with which we can help. If a data subject wants to make use of their rights, the person must contact us. The rights include the following:
      • The right to see the information (right of access to documents): Data subjects have the right to access the information that is processed about the person concerned as well as some additional information.
      • The right to rectification (correction): Data subjects have the right to have incorrect information about themselves corrected.
      • Right to deletion: In special cases, data subjects have the right to have information deleted about themselves before the time our standard general deletion takes place.
      • Right to limitation of processing: In certain cases, data subjects have the right to have the processing of their personal data limited. If a data subject has the right to limit the processing, in future we may only process the information – except for storage – with consent or with the view that a legal requirement can be determined, is maintained or defended, or to protect a person or important societal interests.
      • Right to objection: In certain cases, data subjects have the right to object against our or the legal processing of the relevant subject’s personal data.
      • Right to transmit data (data portability): In certain cases, data subjects have the right to receive their personal data in a structured and ordinarily used and machine-readable format and to have this personal data transferred from one data controller to another controller without hindrance.
    • You can read more about your rights in the Danish Data Protection Agency’s guidelines on the rights of data subjects, which you can find at datatilsynet.dk.
    • If you want to use your rights as described above, please use the contact information specified at the end of this Policy.
    • We strive to do everything we can to accommodate your requests regarding our processing of your personal data and your rights as a data subject. If despite our efforts, you wish to submit a complaint, you can do so by contacting the Danish Data Protection Agency (www.datatilsynet.dk).
  1. Changes to this Policy
    • We reserve the right to update and change this Policy. If we change the Policy, we will change the date and version at the top of the document. In the event of significant changes, we will provide notification in the form of a visible message on our website, by email or by using other means of communication.
  1. Contact
    • For questions or comments about this Policy, or in the event of invoking one or more rights, our Security organisation can be contacted at:

Finance Manager
Head of IT and Systems
HR

gdpr@aabo-ideal.com.