2. Data controller
Contact person: ID® Identity A/S
Address: Lægårdvej 138, DK-7500 Holstebro
CVR no.: 16278874
Telephone no.: +45 97492144
3. Processing of personal data
We use data about our customers to provide them with products and services and to improve the quality thereof. The data include ordinary personal data.
3.1 Collection of data
Our digital solutions are based on different technologies with the objective of ensuring user friendliness and security. These technologies can automatically collect data in order to offer the best possible solution, either directly by us or by a third party on our behalf. Cookies and data flow analysis are examples of this; see below.
3.1.2 Data flow
Data about your computer can be collected for system administration and internal marketing-related analyses. These data are statistical information about user behaviour in digital solutions.
The following are examples of data:
- date and time of visit
- the pages visited in the solution
- the visitor’s IP address
- information about the browser and computer used
- URL from referrer
The purpose of these data is to optimise our digital solutions. The data are collected via a third party on our behalf.
3.2 Data actively provided by you
In addition to automatically collected data, we also process data that users have actively given us. Examples are name, address, email and telephone number. If you provide data on behalf of another person, you are responsible for ensuring that you have the right to share the data with us.
There may also be data which we obtain in connection with your inquiries to, for example, our Customer Service or Finance Department.
3.3 Purpose of collection
We collect and store your data for specific purposes or other lawful business purposes. These may, for example, be the following:
- Execution of orders in webshop, by email or telephone
- Personal data in connection with placing of orders
- Info about registered products
- Purchase history
- Order processing and communication in connection with your order or other inquiries
- Confirmation of your identity in your communication with us
- Customisation of content of digital solutions
- We can target offers and campaigns at the individual customer based on customer behaviour history and demographic data combined with third-party solutions and data.
- Marketing purposes, including the collection of data about your activities on id.dk to optimise the user experience and targeted communication directly to you – this may be in the form of personal and electronic contact.
3.4 Relevant and necessary personal data
We only process personal data that are relevant and sufficient in relation to the purposes defined above. We do not process more personal data than needed for the specific purpose. Before we process your personal data, we check whether it is possible for us to minimise the amount of data about you.
We only collect, process and store the personal data that are necessary to meet our stated purpose. In addition, there may be statutory requirements for the type of data that it is necessary to collect and store for our business activities. The type and extent of the personal data we process may also be necessary to perform a contract or other legal obligation.
We use solutions that ensure that data are only accessible to relevant employees, so that you are protected from unauthorised access to your personal data.
3.5 Checking and updating of your personal data
We check that the personal data we process about you are not misleading or incorrect. Your personal data will be updated regularly.
It is important to us that your data are correct, so please inform us if there are any changes to your data. You may notify us of the changes via the contact details at the top of this policy.
3.6 Erasure of your personal data
We keep your personal data for as long as necessary for a legitimate purpose, or for as long as required by law. We therefore erase your personal data on a continuous basis when the purposes for which they were collected or subsequently processed no longer necessitate the processing.
3.7 No disclosure of your personal data without your consent
If we disclose your personal data to partners and players, including for marketing purposes, we will obtain your consent and inform you about what your data are used for. You may object to such disclosure at any given time.
If we are legally obligated to disclose your personal data, we do not obtain your consent. This may, for example, be in connection with reporting to a public authority.
We use service providers and data processors which perform work on our behalf. These services may, for example, be server hosting and system maintenance, analysis, payment solutions, email service etc. These partners may be granted access to data to the extent necessary to provide their services. The partners will be contractually obligated to treat all data as strictly confidential and thus do not have permission to use the data for any other purpose than what is covered by the contractual obligation between the partner and ID® Identity.
We obtain your consent before we disclose your personal data to third country partners as defined in the General Data Protection Regulation. In this case, we ensure that their level of protection meets the requirements we have laid down in this policy based on the current legislation.
3.7.1 Special information about Google Analytics
We use Google Analytics as a web analysis tool in our digital solutions. In this connection, web analysis data are sent from our digital solutions for analysis in the service provided by Google. Here, Google Analytics acts as ‘data processor’ and ID® Identity as ‘data controller’, and our data may only be disclosed by agreement or to comply with legal requirements.
4.1 Protection of your personal data and data security
We have adopted an internal IT security policy containing instructions and measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to data which have been transmitted, stored or otherwise processed.
Data transfer via the Internet is never 100% secure, but we do our best to protect your personal data and support digital communication.
5. Your rights
In accordance with the General Data Protection Regulation, you have a number of rights in relation to our processing of data about you.
If you wish to exercise your rights, you need to contact us via the contact details provided at the top of this policy.
5.1 Right of access (right to view data)
You have the right to obtain access to the data we process about you as well as a number of additional data. Access may, however, be restricted to protect other persons’ personal data or business secrets.
5.2 Right to rectification (correction)
You have the right to have incorrect data about you rectified.
5.3 Right to erasure
In exceptional cases, you have the right to have data about you erased prior to the time of our ordinary general erasure of data.
5.4 Right to restriction of processing
In some cases, you have a right to have the processing of your personal data restricted. If you have a right to restriction of processing, we may, in future, only process the data – except for storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
5.5 Right to object
In certain cases, you have the right to object to our, otherwise lawful, processing of your personal data.
You may also object to the processing of your data for direct marketing purposes.
5.6 Right to transmit data (data portability)
In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit these personal data from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency’s guide to the rights of data subjects, which you can find at www.datatilsynet.dk
5.7 Right to withdraw your consent
You have the right to withdraw your consent at any time. You can do so by contacting us via the contact information listed above in clause 2. If you choose to withdraw your consent, this will not affect the legality of our processing of your personal data on the basis of the consent you have previously given us and up to the time of withdrawal. Consequently, the withdrawal of your consent will not take effect until then.
You can read more about your rights in the Danish Data Protection Agency’s guide about the rights of data subjects, which you can find at www.datatilsynet.dk.
6. Policy update
Updated May 2018