Privacy policy for EDC Poul Erik Bech A/S

Privacy policy for EDC Poul Erik Bech A/S

EDC Poul Erik Bech A/S has laid down this privacy policy to be able to tell you how we collect, process and store your personal data when you are in contact with us and buy our services, whether on our website, in a business relationship or after a case has been closed.

Like all other businesses in the EU, we are covered by the General Data Protection Regulation of 27 April 2016 (GDPR), which together with the Danish Personal Data Protection Act contains the guidelines for our personal data processing.

We respect your privacy and your rights to protect your personal data. Therefore, we will ensure lawful, reasonable and transparent processing of your data, no matter from where and why we have received your data.

Personal data is all identifiable information about a person. The most common data is first and last names, address, email address, telephone number and other contact details, regardless of whether these are your private or professional details.

If you are a client with us or if you are owned by, employed by or otherwise part of a client with us, we collect and process your ordinary personal data, including in particular information about your contact details, identity, title, education and employment as well as property, tax and other financial information.

We do so to enable us and our clients to fulfil the agreement we will conclude or have concluded with you or the client you represent (Article 6(1)(b) of the GDPR), and to be able to pursue our legitimate interests in continuing to develop our business, e.g. in connection with preparing internal statistics, providing services to you and keeping you in our network (Article 6(1)(f) of the GDPR).

In order for us to meet our obligations under the Danish Money Laundering Act, in addition to your contact details and as part of your identity information, we also receive your civil registration number and further control information (e.g. identification). It is used for the Know Your Customer procedure we must implement, including identifying owner and control structures and beneficial owners. We have a duty of notification, which means that your personal data may be disclosed to public authorities. We store the information about you that only relates to our obligations under the Danish Money Laundering Act for five years after the close of the case.

If we are tasked with completing a sale for our clients, we also receive the necessary civil registration numbers to enable us to use them in the registration process in accordance with the Danish Registration of Property Act.

If you are our business partner, external supplier or in any other way part of our network, we collect and process your ordinary personal data, including contact details as well as the data and the history you may have as a former client or similar with us.

We do so to pursue our legitimate interest in keeping you as a business partner, external supplier of services or otherwise in our network in our common interest (Article 6(1)(f) of the GDPR).

If you use our website or are otherwise in contact with us, including for the purpose of ordering services or prospectuses or registering for our newsletter, we collect your ordinary personal data, including contact details and any other data you give us when you contact us. [We use cookies on our website. You can read more about cookies below.]

We do so to pursue our legitimate interests in delivering the service that you buy or performing the task for our clients that is the reason for our processing your data (Article 6(1)(f) of the GDPR).

Outside the above relations you will generally be informed, or your consent will be obtained, if we process your personal data.

If, in exceptional cases, we need to collect sensitive personal data, we will not do so without your consent (Article 6(1)(a) and Article 9(1)(a) of the GDPR).

We disclose your personal data to our chain office, to other businesses within our chain cooperation, to our other business partners, external suppliers and Ejendomstorvet.dk (see below).

We only disclose your personal data when appropriate in order to deliver the service you buy from us (Article 6(1)(b) of the GDPR), or in relation to the legitimate interests pursued by us (Article 6(1)(f) of the GDPR).

Moreover, we may disclose your personal data to public authorities if required by law.

We will not disclose your personal data for the purpose of marketing to you without your consent. You can opt out of receiving marketing from our business partners or us at any time by contacting us.

If your personal data is disclosed to third countries, we will inform you.

When you receive information that other data controllers process your personal data, you should be aware that their privacy policy and personal data processing may differ from ours.

When we disclose your data, including your address, to Ejendomstorvet.dk, we do so with a view to marketing, statistics and references.

Ejendomstorvet.dk is a portal for business premises and commercial properties. Ejendomstorvet.dk uses your data to prepare and maintain a database of properties sold, which can be accessed by the customers of Ejendomstorvet.dk.

Ejendomstorvet.dk:

  • collects and discloses your data on the basis of Article 6(1)(f) of the GDPR;
  • keeps your data confidential and secure;
  • has implemented appropriate technical and organisational security measures to prevent the accidental or unlawful destruction, loss or impairment of the data and to protect the data from unauthorised access, misuse or processing in contravention of data protection legislation;
  • process your data as long as is necessary to fulfil the purpose of processing.

You have a right to know what data Ejendomstorvet.dk is processing about you. Moreover, you have a number of rights, which you can read more about in Ejendomstorvet.dk’s privacy policy and at Ejendomstorvet.dk.

We mainly collect your personal data from you. In addition, we may receive and collect data about you from others, e.g. public sources, your employer, your employees or our clients. If this is the case, you will generally be informed about this at our first subsequent contact. The information mentioned may be given by reference to this privacy policy.

We take physical, technical and organisational measures to secure the processing and storage of your personal data. In this way, we protect your data against accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access.

We may regularly change this privacy policy, and reserve the right to do so, because we want to continually ensure that we meet the requirements for correct processing of your personal data.

Under the General Data Protection Regulation, you have a number of rights in relation to our processing of data about you. If you want to exercise your rights, you must contact us.

  • Right to see data (right of access)

You have the right of access to the data that we process about you as well as to certain other data.

 

  • Right to rectification (correction)

You have the right to have incorrect personal data about you rectified.

 

  • Right to erasure

In special cases, you have the right to have personal data about you erased, prior to the time of our ordinary, general erasure.

 

  • Right to restriction of processing

In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to restriction of processing, we may in future only process your data – except for storage purposes – with your consent, or for the purpose of establishment, exercise or defence of legal claims or to protect a person or important public interests.

 

  • Right to object

In certain cases, you have the right to object to our otherwise legal processing of your personal data. You may also object to processing of your personal data for direct marketing purposes.

 

  • Right to transmit data (data portability)

In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and have the right to have those data transmitted from one controller to another without hindrance.

If we base our processing of your personal data on consent (Article 6(1)(a) of the GDPR), you also have the right to withdraw your consent.

You can read more about your rights in the Danish Data Protection Agency’s guidance on the rights of data subjects, which you can find on www.datatilsynet.dk.

You can complain to us if you are dissatisfied with the manner in which we process your personal data by contacting us.

You are also entitled to complain to the Danish Data Protection Agency. You can find the contact details of the Danish Data Protection Agency on www.datatilsynet.dk.  

EDC Poul Erik Bech A/S, May 2018