Privacy Policy
Last updated Jun 2021
For persons in contact with Keepit A/S, and all of its affiliates, either as customers, potential customers, suppliers, business partners, contact persons, website visitors and/or job applicants.
In connection with our administration, operation, and provision of services, we, Keepit A/S, collect and process, in the role as data controller, personal data on customers, potential customers, suppliers, business partners, contact persons, website visitors and/or job applicants. This Privacy Policy provides information to you about our processing of personal data, which we are required to give by law.
1. Categories of personal data and purposes
We process your personal data for the following purposes:
- Customer administration, e.g., to process, negotiate and handle orders, invoices, agreements, payments, maintain our business relationships including user account administration and handling support requests within the services we provide etc.
- Business partner/supplier administration, e.g., to process, negotiate and handle agreements, collaborations, payments, maintain our business relationships etc.
- Direct marketing, sales, customer relationship management and business partner/supplier relationship management, e.g., con-tacting potential customers, manage and maintain information on business partners, suppliers, and customers, etc.
- Recruitment, e.g., processing and handling job applications
- To improve and provide our website and services.
Information on how we process personal data in one of our many services is described in the respective data processing agreements with our customers. Our most recent data processing agreement can be found at https://www.keepit.com/data-processing-agreement/. In such cases, we act as a data processor and process data on behalf of and in accordance with instructions given by our customers. For more information regarding how we process personal data as a data processor, please contact us using the contact information in section 7 of this Privacy Policy.
We collect and process the following types of personal data:
2. Sources
The personal data are collected directly from you or your employer who is a customer with us or a business partner/supplier. Furthermore, personal data are collected directly from you when you have accepted the use of cookies during your visit on our website. We also receive personal data from third parties for direct marketing purposes provided you have given your permission to such marketing.
If you are a job applicant and have given us your explicit consent to the processing of your references from your previous employer, we may collect such references from your previous employer(s).
3. Data provided on a voluntary basis
When we collect personal data directly from you, you either provide us with the personal data on a voluntary basis or in order for us to comply with the law. It will depend on the specific circumstances whether you are under an obligation to provide us with such personal data.
The consequence of not providing us with the personal data mentioned above will be that we cannot pursue the specific purposes set out above, which for example means that we cannot process and handle orders, provide you with our services, a functional website etc.
If you have provided us with your consent to a specific processing activity, you have the right to withdraw such consent without any conse-quences for you. However, if you withdraw your consent, the withdrawal will not affect any processing based on your consent given before the withdrawal. If you wish to withdraw your consent, please contact us using the contact information in section 7 of this Privacy Policy.
4. Disclosure and transfers of personal data
We may disclose non-sensitive personal data to third parties, e.g., our business partners, provided that the disclosure is necessary and in compliance with the GDPR and Danish Data Protection Act. Furthermore, we use different services providers and suppliers who process personal data on our behalf and, thus, acts as data processors, e.g., information technology suppliers.
Some of our business partners, service providers and suppliers are located in countries outside the EU/EEA. In such cases, we only transfer personal data in compliance with GDPR chapter V and the European Data Protection Board’s (EDPB) recommendations on supplementary measures. If we transfer personal data to countries which are not deemed to have an adequate level of security, we enter into the EU standard contractual clauses and, if deemed necessary, apply supplementary measures in accordance with the European Data Protection Board’s recommendations.
You may request more information regarding our use of data processors and/or our documentation on our legal basis and legal grounds for any transfers to countries located outside the EU/EEA. To make such request, please contact us using the contact information in section 7 of this Privacy Policy.
5. Storage period
We store personal data for as long as it is necessary to fulfil the purposes set out in this Privacy Policy and to be able to document our right to process the personal data and compliance with data protection legislation and any other relevant legislation, and after this for a limited time due to our purposely determined back-up and deletion routines.
Your personal data may, therefore, be subject to different retention policies based on the personal data in question and the purposes to which the personal data is collected. Below are a few examples of our retention periods:
- As a general rule, we store personal data for the duration of our business relationship with you and until five (5) years after the termination of such business relationship.
- Correspondence with you as a potential customer will in general be deleted two (2) years after the time of such correspondence.
- We delete job applications and other personal data related hereto as soon as we do not need it anymore and no later than 6 months after we have received the personal data unless you have given your explicit consent to an additional retention period of 6 months.
6. Your rights
Subject to the applicable restrictions in the Danish Data Protection Act and General Data Protection Regulation, you have the following rights:
- The right of access to personal data
- The right to rectification of inaccurate and inadequate personal data
- The right to erasure of personal data
- The right to restriction of processing of personal data
- The right to object
- The right to data portability
The right to object
You have the right to object – on grounds relating to your particular situation – to processing of personal data where the legal basis for our processing is legitimate interests, as stated above. If you exercise your right to object, we may no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defense of legal claims.
You also have the right at any time to object to the processing of your personal data for marketing purposes, which includes the right to object to profiling in so far as it relates to direct marketing. If you object to our processing for the purpose of direct marketing, your personal data may no longer be processed for this purpose.
You also have a right to submit a complaint to the competent supervisory authority, including the Danish Data Protection Agency. You will find the contact information of the Danish Data Protection Agency on www.datatilsynet.dk. You can also read more about your rights on www.datatilsynet.dk.
7. Contact
Please contact our data protection officer if you have any questions about the processing of your personal data or how to exercise your rights.
Contact details:
Keepit A/S
Per Henrik Lings Allé 4, 7.sal
DK-2100 København Ø
CVR.: 30806883
Tlf.: (+45) 88 70 40 70
business@support.keepit.com or dpo@keepit.com