This Personal Data Policy applies to all of REPHERO’s customers from 1 March 2018. REPHERO can, at any time, change this Personal Data Policy and REPHERO will notify customers of any changes.
1 DATA RESPONSIBILITY
1.1 Data Controller
REPHERO IVS (hereinafter referred to as ”RepHero”, ”we”, ”us” or ”our”) is the data controller and we ensure that your personal data is processed in accordance with the relevant legislation.
1.2 We take your data protection seriously
We gather and process personal data as a natural part of the operation of RepHero and and, therefore, we have adopted this Personal Data Policy. It explains how we process the personal data we gather and use when you use our services.
1.3 We ensure fair and transparent data processing
When we ask you to make your personal data available to us, we inform you which personal data we process and for which purpose. You receive information about this at the time of gathering your personal data.
1.4 Contact information
If you would like to contact us, our contact information is as follows:
Robert Jacobsens Vej 91
DK 2300 Copenhagen S
Email: [email protected]
2 PROCESSING OF PERSONAL DATA
2.1 Using the website without registering for services
2.2 When you register for services on the website or contact us
We use your personal data in order to deliver our services to you, improve our service and ensure quality in our services and in our contact with you.
The personal data we use includes the following:
RepHero does not gather personally identifiable information about the customers from third parties.
2.3 We gather and store your personal data for specific purposes
We gather and store your personal data in connection with specific purposes or other legal business purposes. The processing occurs when we need to:
You can read about the individual services in the following. We always comply with the general principles, which are described after the individual services.
2.3.1 Web server
RepHero offers access to the RepHero server which handle reputation issuses on behalf of our customers
RepHero performs the processing of the following information:
For the purpose of our service, RepHero performs the processing that is used for:
Information is not passed on by RepHero.
We process this information on the basis of your consent and comply with the other terms and conditions in the Personal Data Policy.
2.3.2 Email lists
For marketing purposes, RepHero offers the option to send emails to recipients on your list of contacts.
RepHero processes the following information from your lists of contacts: name and email. In addition, RepHero processes the information that appears in the subject field as well as the issued email.
The information will be used for invoicing, for our statistical purposes, for customer support as well as where we are obliged to use it in accordance with legislation.
Information is not passed on by RepHero.
When creating your customer profile, you can register separately for our newsletter. You will always be able to unsubscribe from this service in any enquiry. You will not receive newsletters or other unsolicited commercial enquiries from our partners without prior consent.
We track the opening of emails via a tracking pixel, which makes a call to the sending server that our newsletter has been opened. When you click on a link in our newsletter, this is tracked via the destination page to which the link indicates.
2.3.4 Passing on personal information to partners
2.4 To be able to deliver our services to you, it is necessary to be able to pass on relevant personal information about you to companies who host our data and operate our servers. We only process relevant personal data.
We only process your personal data that is relevant and adequate in relation to the purposes as defined above. The purpose is critical to which type of personal data about you is relevant to us. The same applies to the extent of the personal data we use. For example, we do not use more personal data that what we need for the specific purpose.
2.5 We only process necessary personal data
We only gather, process and store the personal data that is necessary in relation to fulfilling our established purposes. Moreover, it may be determined by legislation which type of personal data is necessary to gather and store for our business operation. The type and extent of the personal data we process may also be necessary in order to fulfil a contract or another legal obligation.
2.6 We check and update your personal data
We check that your personal data which we process is correct and not misleading. We also ensure that we regularly update your personal data.
Since our services depend on your personal data being correct and updated, we request you to inform us of relevant changes in your personal data. You can use the contact information above under point 1.3 to notify us of your changes. We will also, when needed, ask you to update your information via our newsletter, for example.
2.7 We delete your personal data when it is no longer necessary
We delete your personal data when it is no longer necessary in relation to the purpose that was the reason for our gathering, processing and storing of your personal data.
We store personal information which we are obliged to store in accordance with legislation. Furthermore, we delete inactive profiles after one year from when we have reminded the user of this. Detailed log files regarding recipients of emails from our customers are deleted after one month. We only log the sender and recipient and do not save any email content.
2.8 We obtain your consent before we process your personal data
We obtain your consent before we process your personal data for the purposes as described above unless we have a legal basis to obtain the personal data. We inform you of such legal basis and about our legitimate interest in processing your personal data, e.g. if the processing is necessary in consideration of fulfilling the contract of which you are a part, or in consideration of the implementation of provisions that are made upon your request prior to entering into the contract.
Your consent is voluntary and you can withdraw it at any time by directing enquiry to us. Use the contact information above under point 1.3 if you require further information. However, the withdrawal of consent does not affect the legality of the processing that is based on consent prior to the withdrawal.
2.9 We do not pass on your personal data without your consent
If we pass on your personal data to partners and players, e.g. for marketing purposes, we obtain your consent beforehand and inform you of what your personal data will be used for. You can object to this form of passing on at any time and you can also request that enquiries for marketing purposes are not sent to you in the Civil Registration register (the so-called Robinson list).
We do not obtain your consent if we are legally obliged to pass on your personal data, e.g. as part of statutory reporting to an authority.
3.1 We protect your personal data
We take care of your personal data in order to avoid it being unintentionally lost or changed, against unauthorised publishing and against unauthorised access to or knowledge of it.
We use data processors in the EU who store and process personal information on behalf of RepHero in accordance with this Data Policy and the applicable legislation.
In the event of breach of security, which results in a high risk for you, e.g. discrimination, ID theft or fraud, financial loss, loss of reputation or other significant inconvenience, we will notify you of the security breach as soon as possible.
4.1 Cookies, purpose and relevance
5 YOUR RIGHTS
5.1 You have the right to access your personal data
You have the right at all times to be notified of which personal data we process, where it originates from and what we use it for. You can also be informed of how long we store your personal data and who receives your personal data, to the extent we pass on personal data in Denmark and abroad.
However, the access may be limited in consideration of the protection of other people’s privacy, business secrets and intellectual property rights.
You can use your rights by directing enquiry to us. You can find our contact information under point 1.3.
5.2 You have the right to have your personal data corrected or deleted
If the personal data we process is inaccurate, you have the right to have it corrected. You must direct enquiry to us and disclose the inaccuracies and how they can be corrected.
In some cases we will be obliged to delete your personal data. For example, this could apply if you withdraw your consent. If you believe that your personal data is no longer necessary in relation to the purpose for which we have obtained it, you can request to have it deleted. You can also contact us if you believe that your personal data is being processed in conflict with legislation or other legal obligations.
When you contact us with a request to have your personal data corrected or deleted, we check whether the conditions are met and, in such case, implement the changes or deletion as soon as possible.
5.3 You have the right to object to our processing of your personal data.
You have the right to object to our processing of your personal data. You can also object to our passing on of your personal data for marketing purposes. You can use the contact information at the top of this document to send an objection. If your objection is warranted, we ensure that we stop the processing of your personal data.
If you want to complain about our processing of your personal information, including that we have not met your request according to section 5.1-5.3, you also have the option to contact Datatilsynet via [email protected] or +45 33 19 32 00.