COOKIE AND PERSONAL DATA POLICY FOR
Our Cookie & Personal Data Policy describes how we use and safeguard personal data, and aims to ensure that our customers know what rules apply to the use of their personal data.
- General rules on the processing of personal data
Any processing of personal data within our business is subject to the principles of legality, reasonableness and transparency. Personal data is collected solely for the expressly stated and legitimate purposes, and we observe the principle of data mining. We endeavour to ensure that all information is correct and current, and that the principles of storage limitation, integrity, confidentiality, and not least, responsibility, are paramount.
If you have any questions regarding our processing of personal data and this personal data policy, you are welcome to contact us at any time.
- DATA CONTROLLER
Concept carcare is the data controller, and we ensure that your personal data is processed in accordance with legislation.
CBR. Nr.: 29773432
- Purposes of processing; categories of processed personal data
The purposes of processing personal data can be manifold, but the following examples cover the most common purposes. In exceptional cases, where we need to process personal data for other purposes than the ones exemplified below, you will be duly informed. This also applies if we collect or process personal data from someone other than you.
- Fulfilment of orders.
- Registration of vehicles.
- Compliance with claims and warranty requirements.
- Following up on sales, rentals and garage visits.
- Communications relating to your order or other requests made to us.
- Ensuring user friendliness and security.
- Optimising our digital solutions.
- Optional participation in customer surveys, competitions, prize draws, and more via digital solutions.
- Archive of registered products and related personal data.WHAT DATA IS COLLECTED:
We use data about you in order to fulfil our agreement with you, to improve our service and to ensure the quality of our products and services. The personal data we process includes:
- Data collected automatically
We have an array of digital solutions based on different technologies designed to ensure user friendliness and security. These technologies may automatically collect data in order to offer the best solution available, either directly from us or from a third party on behalf of us. The analysis of clickstream data and cookies are examples of these.
All visits to a digital solution involve transfer of information from the browser you are using to a server. It is through analysis of this data that we optimise the digital solutions. Data is collected via a third party on our behalf. Data about your browser may be collected to manage our systems and to perform internal marketing-related analyses based on your behaviour. Examples of data collected and analysed:
- Data and time of visit
- Solution pages visited
- IP address used by you
- Geographical location of the IP address
- Information about the browser and computer used (type, version, OS etc.)
- Referring URL (the originating page redirecting the visitor to our solution)
We use Google Analytics, which acts as data processor on our behalf. We are data controllers for the collected data, and responsible for keeping the collected data from being disclosed, unless by court order or if consent is given.
- Information which you provide
We will, of course, record the information which you provide us with in conjunction with a physical visit or a visit to our website.
Examples of data actively provided by you are most often general and include name, address, phone number, e-mail address, VIN number, reg. number etc. and most commonly originates from:
- Information shared with us via social media
- Information sent via e-mail
- Information we receive from you in relation to an order fulfilment
- Information related to online bookings
- Information shared with us by you, when you participate in surveys, events and competitions
This list is not exhaustive.
- Basis of processing
Personal data is mainly processed under Article 6(1)(b), where processing is necessary for us to meet our contractual obligations to you.
Certain information, including sensitive information, will be processed based on consent, wherever possible, see note immediately below.
- Recipients and disclosure of personal data
We may disclose or share your information if we are required to do so in order to meet our legal obligations. Any such disclosure may also happen following a court order or an instruction from another authority, or to protect trade marks, rights or property. This includes the exchange of information with other companies and organisations with fraud prevention in mind.
We use service providers and data processors, who perform work on our behalf. The services may include server hosting and system maintenance, analysis, payment solutions, address and solvency verification, e-mail services etc. These collaborative partners may gain access to data to the extent necessary to perform their services. The collaborative partners will be bound by contract to process all data in a strictly confidential manner, and as such, they will not be allowed to use data for any other purposes than as stated in their contractual obligations to us. We check that our data processing partners meet their obligations to us. If we disclose your information to a service provider or data processor outside the EU, we ensure that we meet the legal demands for such transfers.
We will never collect any personal data that you have not provided through registration, purchase or participation in a survey or similar.
- Storage time and policy on erasure
We will store information about you for as long as we have a legitimate objective reason to do so, including facilitating the best possible service for you and your car.
As a general rule, all personal data is erased 5 years after the termination of the customer relationship, by which is meant the latest active transaction. Personal data may be stored for a longer period, if it is objectively necessary to do so, e.g. to establish a legal claim, to take legal action, or to defend against any such claim, in accordance with Article 17(3)(e)..
However, in accordance with section 4, cookies will be erased no more than 12 months after their use.
- Right of access, and right to rectification and erasure (Articles 13(2)(b) and 15.)
You have the right to request access to details surrounding the information, which we process. The details, which you may request, are:
- Whether personal data is processed
- What is processed
- The purposes of the processing
- The relevant categories of personal data (normal or sensitive)
- The period for which the personal data will be processed and stored
- The right to
- request rectification or erasure
- filing a complaint to Datatilsynet (the Danish Data Protection Agency)
You have the right to have incorrect information about you rectified without undue delay. You have to actively request any such rectification.
You may also request erasure (the “right to be forgotten”) of your data, but only after the expiry of our legal storage duty pursuant to the Bookkeeping Act (“bogføringsloven”). You may also contact us if you think your personal data is processed in a manner breaching applicable law or any other legal obligations.
When you contact us with a request to rectify or erase your personal data, we will investigate whether the conditions are met, and if so, complete any rectifications or erasures as soon as possible.
If you want access to the information we have registered about you via our cookies, you need to contact us via e-mail at firstname.lastname@example.org or phone on 24 45 09 49. If incorrect data is registered, or if you have any other objections, you may contact us by the same means. You have the option to obtain details on, what information we have registered about you, and you may object to us registering this information
- Data portability and profiling
You have the right to receive the personal data, which you provided us with, and the data about you which we have collected via other agents subject to your consent. If we process data about you under a contract, to which you are a party, you may also have your data sent to you. You also have the right to transfer these data to another service provider.
If you wish to exercise your right to data portability, you will receive your personal data from us in a commonly used format.
Normally, we will not perform profiling, i.e. automated decisions for the purposes of analyses or similar.
Where consent is a necessary basis for processing, we must be able to demonstrate the existence of such consent. This is why we always require written consent.
Consent is a voluntary, specific, informed and unambiguous indication of intention on the processing of personal information. You may withdraw your consent at any time, and if your consent is our only basis for data processing, any subsequent processing will cease. However, this does not change our obligations and rights regarding storage.
You may withdraw your consent by contacting us using the contact information under 1.
- What are cookies?
- Cookie types and their purpose
You can opt out of cookies from Google Analytics here: http://tools.google.com/dlpage/gaoptout
- Delete or disable cookies in your browser
You may always reject cookies on your computer by changing your browser settings. Where to find the settings varies depending on which browser you are using. Be aware, however, that if you reject cookies, many functions and services on the internet will be unavailable to you.
All browsers give you the option to delete all or individual cookies. The method varies depending on which browser you are using. Remember: If you use multiple browsers, you will have to delete cookies from all of them.
Read more about deleting and managing cookies here: http://minecookies.org/cookiehandtering
We protect your personal data, and we have a set of internal rules about information and IT security.
Our internal security rules contain instructions and precautions to protect your personal data against destruction, loss, alteration, unauthorised publication and being accessed by or disclosed to unauthorised parties.
We have established procedures in place for the allocation of access rights to our employees processing personal data, including sensitive data. We check their actual access through logging, codes and supervision. We regularly back up our datasets to avoid the loss of data.
In the case of a security breach resulting in a high risk to you of discrimination, identity theft, financial loss, loss of reputation, or any other serious inconvenience, we will inform you of the security breach as soon as possible. In addition, we are bound by law to report any such breach.
- Complaints (Article 77)
Any registered person has the right to file a complaint to Datatilsynet (the Danish Data Protection Agency) regarding our processing of personal data.
Complaints may be filed by contacting
Borgergade 28, 5.
1300 København K
tlf: 3319 3200
- VERSION AND UPDATES