Privacy Policy
1. Introduction
This privacy notice explains how ConnectedYou Europe ApS ("ConnectedYou", "we", "us", "our") processes personal data in various situations. We provide you with this information as we are required to do so under the General Data Protection Regulation (the "GDPR").
Below, please find information on the various situations where we process personal data:
• Business purposes
• Websites operations (cookies)
• Webshop
• Managing the software platforms and solutions offered by us
• Marketing
2. Controller
ConnectedYou Europe ApS acts as a data controller for the processing of personal data in connection with the below mentioned purposes.
3. Description of the processing
Below, please find the specific purposes for our data processing, the categories of personal data that we process, the legal basis for such processing, and the retention periods that we have decided (in specific situations, we may defer from our general retention periods in case of e.g., complaints, objections, or other specific situations).
3.1 Business purposes
Purpose 1: Communication with you when you represent a customer, partner, supplier, or another third party.
- Category: Name and contact information, title, and position. The relationship to the business that you represent.
- Legal basis: Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing business contacts and fulfilling any agreement, we may have concluded with the company you represent.
- Retention: As long as the business relationship exists and up to 5 years after the end of the financial year in which the customer or supplier relation-ship has ended or after the last contact. Retention is 5 years due to the nature of industry dynamics where business cycles are long and in few years existing solutions businesses have may become obsolete creating opportunities for adoption of our solutions.
Purpose 2: Communication via the website comments form or chat function.
- Category: Name, email, phone number and any information that you chose to include in the message/communication. Further, we collect your IP address and browser user agent string to help spam detection.
- Legal basis: Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing communications with you and to pre-vent spam in this regard.
- Retention: Up to 2 years after the last contact.
Purpose 3: Managing and answering general inquiries.
- Category: Name and contact information, title, and position. The subject of your inquiry.
- Legal basis: Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing general inquiries.
- Retention: Up to 2 years after the last contact.
Purpose 4: Accounting and Book keeping purposes. Information is shared with the firm(s) that provide us with accounting and auditing services.
- Category: Information stated on invoices etc.
- Legal basis: Article 6(1)(c) of the GDPR. The legal obligations derive from the Danish bookkeep-ing legislation.
- Retention: As long as the business relationship exists and up to 5 years after the end of the financial year in which the customer or supplier relationship has ended or after the last contact.
3.2 Website operations
Purpose 1: To compile statistics in order to optimize the user experience on our website and the services we offer.
- Category: Information about country of the visitor, pages viewed.
- Legal basis: According to the Danish Executive Order on Cookies we are required to obtain you consent to use performance cookies for statistical and analytical purposes. At the same time we obtain your consent to the processing of your personal data, c.f. Article 6(1)(a) of the GDPR.
- Retention: Up to 2 years
Purpose 2: Processing of personal data via our social media accounts.
- Category: IP address and any information that you have made available in relation to our social media accounts, including reactions related to posts, sharing of posts and comments provided regarding our posts.
- Legal basis: Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in branding our business via social media and interacting with our customers and other third parties. We are joint controllers with the social media providers. See more in section 4.3 below.
- Retention: Information related to our posts on social media will be deleted, when the post is removed, or if you chose to withdraw your comment, reaction etc. The IP address is processed based on your consent.
3.3 Webshop
Purpose 1: Managing orders via our webshop and delivering the products you have purchased.
- Category: Name, address, email ad-dress, phone number, potential relationship with a specific company, as well as your account and payment information, including credit card information.
- Legal basis: The legal basis for our processing of your name and contact details, including your ad-dress, as well as your payment information, is article 6(1)(b) of the GDPR, as the processing is necessary in order for us to fulfil our end of the purchase agreement. Further, we are obligated to store bookkeeping information, including information related to payments/transactions in accordance with the Danish bookkeeping legislation. Based on the GDPR, our legal basis in that regard is article 6(1)(c).
- Retention: Personal data pertaining to your order will as a starting point be deleted 5 years after the end of the financial year where your last order has been handled/ concluded. In specific situations, we may defer from our general retention periods (in case of e.g., complaints, objections or other specific situations).
Purpose 2: Screening orders for fraud.
- Category: We use the device information that we collect to help us screen for potential risk and fraud (in particular, your IP address).
- Legal basis: The legal basis for our processing is article 6(1)(f) of the GDPR, as we pursue our legitimate interest in preventing risks and fraud.
- Retention: Personal data pertaining to your order will as a starting point be deleted 5 years after the end of the financial year where your last order has been handled/concluded. In specific situations, we may defer from our general retention periods (in case of e.g., com-plaints, objections or other specific situations).
3.4 Managing the software platforms and solutions offered by us
Purpose 1: Managing the user accounts.
- Category: Account name, username, password, user email ID, company information, payment details and information on SIMs/eSIMs and devices managed through the platforms.
- Legal basis: The legal basis for our processing is article 6(1)(f) of the GDPR, as we pursue our legitimate interest in ensuring that you are able to log on to the portal/account and, in relation to the portal, managed ConnectedYou services and products.
- Retention: Personal data pertaining to accounts will as a starting point be deleted 2 years after the end of the financial year where your account has been deleted. In specific situations, we may defer from our general retention periods (in case of e.g., complaints, objections or other specific situations).
3.5 Marketing
Purpose 1: Sending newsletters (direct marketing).
- Category: Name, email address and the preferences you have given in connection with your subscription.
- Legal basis: Article 6(1)(a) of the GDPR, as we ask for your consent to send newsletters.
- Retention: Personal data pertaining to our distribution of electronic newsletters will be deleted 2 years after our last newsletter has been distributed, unless you have withdrawn your consent (i.e., unsubscribed) before such time.
Purpose 2: Facilitating marketing events, webinars, pitch meetings, participating in industrial fairs, etc.
- Category: Name and contact information, title, and position. The relationship to the business that you represent.
- Legal basis: Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing your personal data when participating in marketing events etc.
- Retention: Up to 5 years after the last communication. Retention is 5 years due to the nature of industry dynamics where business cycles are long.
If personal data are processed for the purpose of direct marketing, you have the right at any time to object to the processing of your personal data for such marketing, including to object to profiling in so far as it relates to direct marketing. If you object to processing for the purpose of direct marketing, the personal data will no longer be processed for this purpose.
4. Categories of recipients
We may process and share your personal data with other companies, including our data processors, for the purposes of (i) perform-ing our contractual obligations and the obligations set forth by applicable law and regulatory authorities; (ii) providing and administering access to services that you have requested (iii) answering customer service matters and correcting mistakes; (iv) improving your user experience; (v) providing you, as a user of products and services, with advertisements, offers, and recommendations that are personalized and adapted based on data we have about you; (vi) analyzing market trends and future demands.
When you use our website and webshop, you may share information with social media providers, such as Facebook, LinkedIn, or Twitter, through an implemented social plug-in (such as a Like button). If you choose to share information via a social plug-in, your browser will transfer the following data to the social medium:
- Date and time of your visit
- The internet address or URL for the address you are temporarily visiting
- Your IP address
- The browser you are using
- The operating system you are using
- The information for which you have used this specific plug-in
We are joint controllers with the social media providers in relation to the personal data processed on social media and/or personal data collected through our website and sent to social media providers (e.g. by way of social media plug-ins). Further information on the joint controllership agreement can be found here:
- Meta: https://www.facebook.com/legal/controller_addendum
- LinkedIn: https://dk.linkedin.com/legal/privacy-policy
- Twitter: https://twitter.com/da/privacy
Additionally, we refer to the terms and conditions for the relevant social media provider.
In some cases, we may buy or sell assets or businesses. In these types of transactions, user information is typically one of the business assets that are transferred. We may disclose personal information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
5. Transfer to third countries
Further, we transfer your personal data to our data processor, Shopify, located in Canada. Shopify is subject to the Canadian Personal Information Protection and Electronic Documents Act (PIPED ACT) and thereby considered as a country providing an adequate level of data protection.
If you want additional information about our transfer of personal data to third countries, you may make a request for such additional information by contacting us.
6. Your rights
As a starting point and depending on the specific situations, you have the following rights:
- Right to withdraw consent: Where you have given your consent for our processing of your personal data, you have the right to withdraw your consent at any time. You can withdraw your consent by contacting us (see contact details below). If you withdraw your consent, the withdrawal will not affect the lawfulness of processing that has already been carried out based on your consent.
- Right of access: You have the right to have confirmed whether collection or processing your personal data has taken place, and, if so, you have the right to request a copy of your personal data in a digital format.
- Right of rectification: You have the right to require that we correct any inaccurate personal data, and that we complete incomplete personal data.
- Right of erasure: In certain circumstances, you have the right to request that we erase personal data concerning you; for ex-ample, if it is no longer necessary for the purposes in which it was originally collected.
- Right to restrict processing: In certain circumstances, you have the right to request that we restrict the processing of your personal data, for example, if you believe that the personal data is not accurate or lawfully processed.
- Right to object to the processing: In certain circumstances, you have the right to request that we stop processing your personal data.
- Right to data portability: In certain circumstances, you have the right to receive the personal data you have provided us with in a structured, commonly used, machine readable format, and the right to have us transmit the data to another entity, where technically feasible.
You can read more about your rights in the Danish Data Protection Agency's guidelines on data subjects' rights, which is available at datatilsynet.dk (in Danish) and at datatilsynet.dk (in English). Please contact us if you wish to exercise any of your rights. The relevant contact details are stated below.
7. Complaint to a supervisory authority
If you want to lodge a complaint with a supervisory authority about our processing of your personal data, you can do so by contact-ing the Danish Data Protection Agency via their website, www.datatilsynet.dk.
8. Mandatory processing of personal data (relevant for recruitment purposes)
Under the data protection rules, you are entitled to be informed of whether the provision of personal data is a statutory requirement, or a requirement necessary to enter into a contract, and of whether you are obligated to provide the personal data and of the possible consequences of failure to provide such data.
It should be noted in that respect that under the Danish Health Information Act, an employee must state of its own motion or at the employer's request to that effect whether the employee knows that (s)he suffers from an illness or shows symptoms of an illness which will significantly affect the employee's ability to carry out the work in question. Further, as a potential future employee, you are subject to the general duty of transfer which means that you must not knowingly withhold information that may be relevant to your opportunity for being employed. Moreover, it should be noted that if you are offered a position, we will use certain personal data about you to draft your employment agreement, including your name and address; see the provisions of the Danish Employment Contracts Act.
If you do not wish to provide the information that you are required to provide under the provisions of the Danish Health Information Act and/or according to your duty of transfer or the information necessary for drafting an employment agreement, or any other in-formation which we are required to collect from you by law, we will be unable to offer you a position.
9. Changes
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.
10. Contact information
ConnectedYou Europe ApS
CVR number: 39235897
Byværnsvej 5
2860 Søborg
esim@connectedyou.io