Loading...
Personal data processing and protection policy2018-11-30T16:00:10+01:00

Personal data processing and protection policy

ScandiSales kontor

Personal data processing and protection policy

This data protection policy applies to ScandiSales A/S.

The policy is intended to help ensure and document that ScandiSales protects all personal data in accordance with the provisions of the GDPR. This policy also informs about the processing and use of registered personal data.

1. List of the processing of personal data

ScandiSales processes personal data about:

  • Employees
  • Customers
  • Suppliers and other partners

We have drawn up a list of our processing of personal data. The list gives an overview of the processing the company is responsible for.

Personal data is a prerequisite for ScandiSales’ ability to enter into employment, customer and supplier contracts.

2. Purpose and legal basis for the processing

The personal data is processed and stored in connection with:

  • Personnel administration, including recruitment, employment, resignation and payment of salaries
  • Master data for customers and customer products as well as marketing, orders and sales
  • Master data for suppliers and other partners as well as requisitions and purchases

We only use personal data for the stated purposes and we only collect the data that is necessary to fulfil the purpose.

3. Storage and deletion

ScandiSales has implemented the following general guidelines for storage and erasure of personal data:

  • Personal data is stored in physical folders.
  • Personal data is stored in IT systems and on server drives.
  • Personal data is only stored for as long as necessary to fulfil the purpose of processing.
  • Personal data about employees is erased five years after employment concludes, if they are no longer required, and personal data on applicants is erased after twelve months.

4. Data security

ScandiSales has taken the following security measures for the protection of personal data:

  • Only employees who have a work-related need to access registered personal data have access to them, either physically or via IT systems with rights management.
  • All computers are protected by access codes and employees may not give their access codes to others.
  • Computers must have a firewall and antivirus software installed that is continually updated.
  • Personal data is erased in a proper manner when phasing out or replacing IT equipment.
  • USB sticks, external hard drives etc. containing personal data must be stored in locked drawers or cabinets.
  • Physical folders must be placed in locked cabinets.
  • Personal data in physical folders is deleted by shredding.
  • All employees have been instructed in the processing and protection of personal data.

5. Disclosure

Employee personal data may be shared with public authorities, e.g. SKAT, Statistics Denmark and pension companies. We do not obtain employee consent if we are legally obligated to disclose personal data, e.g. as part of a mandatory reporting to an authority.

6. Data Processors

ScandiSales only engages data processors who can guarantee that they will implement the appropriate technical and organisational security measures necessary to comply with the requirements of the GDPR.

7. Rights

ScandiSales protects the rights of data subjects, including the right to access, withdrawal of consent, rectification and erasure and will inform the data subject about the company’s processing of personal data. Data subjects have the right to complain to the Danish data Protection Agency.

8. Breach of personal data security

In the event of a breach of personal data security, ScandiSales will report the breach as quickly as possible, and within 72 hours, to the Danish Data Protection Agency. The company’s CEO is responsible for this being performed. The report will describe the breach, which groups of persons are affected and what consequences the breach may have for these persons, as well as how ScandiSales has remedied or will remedy the breach. In cases where the breach entails a high risk for those persons about whom ScandiSales processes personal data, these persons will be notified. ScandiSales documents all breaches of personal data security.

9. Changes to data etc.

If you wish us to update, amend or erase personal data we have registered about you, wish to gain access to the personal data about you that is processed or do not wish to receive further messages from us or if you have any questions regarding the above, you can direct your inquiries to our DPO, Alice Kuch, at ak@scandi.dk. You can also write to us at the following address:

ScandiSales A/S
Att.: DPO Alice Kuch
Industriholmen 15A
DK-2650 Hvidovre

Our current privacy policy can always be found on our website. Any amendments, adjustments, revisions etc. will come into force from the time of publication on the website. This also applies to previously registered personal data.

May 16 2018.

Copyright 2018 ScandiSales | All Rights Reserved | ScandiSales A/S | Industriholmen 15A | DK-2650 Hvidovre | Tel: (+45) 70 22 99 66 | mail@scandi.dk | Webdesign by Stylize