Like all other businesses in the EU, we are covered by the General Data Protection Regulation of 27 April 2016 (GDPR), which together with the Danish Personal Data Protection Act contains the guidelines for our personal data processing.
We respect your privacy and your rights to protect your personal data. Therefore, we will ensure lawful, reasonable and transparent processing of your data, no matter from where and why we have received your data.
Personal data is all identifiable information about a person. The most common data is first and last names, address, email address, telephone number and other contact details, regardless of whether these are your private or professional details.
If you are a client with us or if you are owned by, employed by or otherwise part of a client with us, we collect and process your ordinary personal data, including in particular information about your contact details, identity, title, education and employment as well as property, tax and other financial information.
We do so to enable us and our clients to fulfil the agreement we will conclude or have concluded with you or the client you represent (Article 6(1)(b) of the GDPR), and to be able to pursue our legitimate interests in continuing to develop our business, e.g. in connection with preparing internal statistics, providing services to you and keeping you in our network (Article 6(1)(f) of the GDPR).
In order for us to meet our obligations under the Danish Money Laundering Act, in addition to your contact details and as part of your identity information, we also receive your civil registration number and further control information (e.g. identification). It is used for the Know Your Customer procedure we must implement, including identifying owner and control structures and beneficial owners. We have a duty of notification, which means that your personal data may be disclosed to public authorities. We store the information about you that only relates to our obligations under the Danish Money Laundering Act for five years after the close of the case.
If we are tasked with completing a sale for our clients, we also receive the necessary civil registration numbers to enable us to use them in the registration process in accordance with the Danish Registration of Property Act.
If you are our business partner, external supplier or in any other way part of our network, we collect and process your ordinary personal data, including contact details as well as the data and the history you may have as a former client or similar with us.
We do so to pursue our legitimate interest in keeping you as a business partner, external supplier of services or otherwise in our network in our common interest (Article 6(1)(f) of the GDPR).
We do so to pursue our legitimate interests in delivering the service that you buy or performing the task for our clients that is the reason for our processing your data (Article 6(1)(f) of the GDPR).
Outside the above relations you will generally be informed, or your consent will be obtained, if we process your personal data.
If, in exceptional cases, we need to collect sensitive personal data, we will not do so without your consent (Article 6(1)(a) and Article 9(1)(a) of the GDPR).
We disclose your personal data to our chain office, to other businesses within our chain cooperation, to our other business partners, external suppliers and Ejendomstorvet.dk (see below).
We only disclose your personal data when appropriate in order to deliver the service you buy from us (Article 6(1)(b) of the GDPR), or in relation to the legitimate interests pursued by us (Article 6(1)(f) of the GDPR).
Moreover, we may disclose your personal data to public authorities if required by law.
We will not disclose your personal data for the purpose of marketing to you without your consent. You can opt out of receiving marketing from our business partners or us at any time by contacting us.
If your personal data is disclosed to third countries, we will inform you.
When we disclose your data, including your address, to Ejendomstorvet.dk, we do so with a view to marketing, statistics and references.
Ejendomstorvet.dk is a portal for business premises and commercial properties. Ejendomstorvet.dk uses your data to prepare and maintain a database of properties sold, which can be accessed by the customers of Ejendomstorvet.dk.
- collects and discloses your data on the basis of Article 6(1)(f) of the GDPR;
- keeps your data confidential and secure;
- has implemented appropriate technical and organisational security measures to prevent the accidental or unlawful destruction, loss or impairment of the data and to protect the data from unauthorised access, misuse or processing in contravention of data protection legislation;
- process your data as long as is necessary to fulfil the purpose of processing.
We take physical, technical and organisational measures to secure the processing and storage of your personal data. In this way, we protect your data against accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access.
Under the General Data Protection Regulation, you have a number of rights in relation to our processing of data about you. If you want to exercise your rights, you must contact us.
You have the right of access to the data that we process about you as well as to certain other data.
You have the right to have incorrect personal data about you rectified.
In special cases, you have the right to have personal data about you erased, prior to the time of our ordinary, general erasure.
In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to restriction of processing, we may in future only process your data – except for storage purposes – with your consent, or for the purpose of establishment, exercise or defence of legal claims or to protect a person or important public interests.
In certain cases, you have the right to object to our otherwise legal processing of your personal data. You may also object to processing of your personal data for direct marketing purposes.
In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and have the right to have those data transmitted from one controller to another without hindrance.
If we base our processing of your personal data on consent (Article 6(1)(a) of the GDPR), you also have the right to withdraw your consent.
You can read more about your rights in the Danish Data Protection Agency’s guidance on the rights of data subjects, which you can find on www.datatilsynet.dk.
You can complain to us if you are dissatisfied with the manner in which we process your personal data by contacting us.
You are also entitled to complain to the Danish Data Protection Agency. You can find the contact details of the Danish Data Protection Agency on www.datatilsynet.dk.
EDC Poul Erik Bech A/S, May 2018