It is of great importance to P-Secure ApS (hereinafter “P-Secure”) to protect personal data.
This personal data policy governs P-Secure’s handling of personal data related to leads, customers, suppliers, collaborators, employees etc. in order to ensure compliance with the EU General Data Protection Regulation 2016/279 (GDPR) and Danish law.
Personal data is any information relating to an identified or identifiable natural person (i.e. a “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal data may be collected or handled by P-Secure when a lead, customer, supplier, collaborator, employee etc. actively provide P-Secure this personal data by filling in different types of forms, sending emails to and procuring services and/or deliverables from P-Secure.
Additionally, P-Secure collect data on how visitors use the P-Secure websites and Social Media platforms.
Generic personal data (the list is not exhaustive)
Name, age, education, e-mail, phone number, IP-adress etc.
Confidential personal data
Confidential information is where special protection may be relevant in the application of the data protection rules. In this category is Personal Identification Number, but, depending on the circumstances, could also be information on income, employment, family relations, etc.
Sensitive/special categories of personal data
Racial or ethnic origin, Political beliefs, Religious or philosophical beliefs, Trade union affiliation, Genetic data, Biometric data for unique identification, Health information, Sexual relationships or sexual orientation.
Any personal data collected or handled by P-Secure is handled in accordance with the EU General Data Protection Regulation 2016/279 (GDPR), Danish law and this personal data policy.
Personal data will only be collected for specified, explicit and legitimate purposes. Further, personal data will solely be used for the purposes for which the data was originally collected for.
Any personal data shall be adequate, relevant and limited to what is strictly necessary in relation to the purposes for which they are processed.
To the extent reasonably possible, P-Secure will adopt a privacy-by-design approach to data protection.
Any personal data that is processed are regarded as confidential information. P-Secure will ensure confidentiality by ensuring its employees and suppliers are aware of the confidential nature of personal data and by educating its employees and suppliers on how personal data may be processed.
P-Secure will only keep personal data for as long as it’s relevant for the purpose it was originally collected for.
Personal data received in connection with requests or questions without establishing a customer relationship will be deleted after 2 years.
Customer data will be kept until 5 years after the end of the customer relationship due to legal requirements including the Danish Bookkeeping Act.
In some cases, there will be a need to preserve records beyond the above periods in order to be able to deal with actual audits, tax matters or legal claims.
- Request access to your personal data. This enables you to receive a copy of the personal data we hold about you.
- Request correction of the personal data that we hold about you. This enables you to have incomplete or inaccurate data that we hold about you corrected.
- Request erasure of your personal data. The enables you to ask to delete your personal data where there is no good reason for us continuing to process it. This is sometimes referred to as the “right to be forgotten”.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your data, such as during the period of time it might take us to respond to a claim by you that the data is inaccurate or that our legitimate interest in processing it is outweighed by yours.
- Request us to transfer personal data that you gave us to you in a commonly used electronic format. This is known as the right to portability.
- Object to processing of your data. This enables you to object to processing of your personal data which is carried out.
- Request not to be subject to automated decision making. This enables you to ask us not to make a decision about you based purely on automated processing of your data, which affect your legal position (or has some other significant effect on you). We do not as a rule make decisions of this nature based solely on automated processing and without any human assessment whatsoever. We would notify you specifically if we did.
You are also entitled to submit any complaint you may have about our processing of your personal data to the Danish Data Protection Agency.
Find contact information on www.datatilsynet.dk.
When acting as a data processor, P-Secure always enter into a data processing agreement with customers on whose behalf P-Secure process personal data.
P-Secure always enter into a data processing agreement with suppliers who process personal data on behalf of P-Secure itself or as a sub-processor to P-Secure.
External suppliers can, for example, provide systems for organizing P-Secure's work, services, CRM system, IT hosting or bookkeeping.
It is our responsibility to ensure that your personal data is processed properly. Therefore, we place high demands on our suppliers, and our suppliers must guarantee that your personal data is protected.
P-Secure will only transfer personal data to a country governed by the EU/EEA data protection rules.
In the event P-Secure becomes aware that the security of personal data collected by P-Secure has been breached or is likely to be breached P-Secure will take the necessary actions to mitigate such breach. The foregoing also applies in the event of unauthorised or accidental disclosure/access to personal data.
P-Secure may become aware of a breach of personal data protection by its own employees discovering a breach, by a customer/supplier informing P-Secure of such breach etc. Irrespective of how P-Secure becomes aware of a breach of personal data protection, P-Secure will take the necessary actions to mitigate such breach.
P-Secure will handle data breaches according to the procedure set out in P-Secure’s personal data procedures.
In the event of any actual or suspected data protection breach please contact P-Secure by using contact information in clause 10 below.
In the case of a personal data breach, P-Secure will without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the Danish Data Protection Agency in accordance with the EU General Data Protection Regulation 2016/279 (GDPR) and Danish law.
P-Secure is committed to conducting training of its employees regarding protection of personal data, data privacy and this personal data policy. The purpose for such training is for P-Secure’s employees to be aware of the obligations under the EU General Data Protection Regulation 2016/279 (GDPR) and Danish law in relation to personal data and data privacy, however training is not intended to enable P-SECURE’s employees to offer advice on the matter.
Training is provided on a regular basis, and new employees will receive training as part of the introduction process.
For further information regarding P-Secure’s personal data policy please contact:
P-Secure ApS
CVR: 43151517
info@P-Secure.com
Strandvejen 100, 2900 Hellerup
This personal data policy is reviewed yearly and has been approved by P-Secure’s management.
Copenhagen, December 2023