1.1 This Personal Data Policy applies to all personal data you provide to us and/or which we collect about you when you use our products or visit our web site vitec.kindly.dk
3. Data that we collect from you
3.1 When you access, connect to, sign up for, participate in, create an account, make individual purchases in or otherwise use our Services, we may collect personal data about you. The personal data we collect depends on the circumstances and the Services you use, but may consist of the following:
3.2 Personal data that you actively provide to us
· Name and e-mail address
· Date of birth and personal ID (CPR) number
· Payment details
· User identification, including login username, password, secret questions and answers
· Information you provide in response to a request from us when you report a problem with our Services
· If you contact us, the address you contact us from
· User information that you choose to provide for statistical purposes (ratings, reviews, survey responses, etc.)
· Any other data provided at the time you register to use our Services, connect to our Services or request additional services from us
· Cookies that uniquely identify your browser
3.3 User-generated personal data
· Details of the kinds of programs you are using, including how much of a program you have used
· Data on behaviour, including usage patterns and navigation
· Details of your visits to our Services, including but not limited to data traffic and other communication data, and the products and services that you are able to access
· Your purchase preferences, for example whether you respond to ads or promotions
· Computer and software information, such as your unique ID, IP address, operating systems, browser type, connection speed and ISP
4. Why we collect your data
(A) On the basis of our contractual relationship:
· To provide our Services to you, including meeting your requests, improving your experience of our Services and managing our contractual relationship with you
· To ensure that content from our Services is transferred to you and your device in the most efficient way
· To personalise your experience of our Services based on your usage and behaviour in the context of content delivery
· To handle payments for your account and to provide you with order and invoice data
· To keep track of your purchases to ensure we can provide you with the content you are entitled to
· To send push notifications to your devices
· To communicate with you about your subscription, your account or purchases of our Services
· To inform you of changes to our Services
· To provide offers, news, information, products or services that you request from us
B) For legitimate purposes:
· To analyse the data at aggregate level to improve our products and services
· To use the IP address, device IDs, or other information necessary to block the malicious use of our Services, with the aim of protecting our Services or otherwise enforcing or applying our Terms and Conditions
· To improve our Services, identify breaches and keep your data secure using log files
· Log files with details of the time and date and duration of visits
· Data about events on your device, such as a crashes, system activities, hardware settings, browser type, browser language, date and time
· IP address
· We may collect device-specific data (e.g. your hardware model, operating system version, browser)
· To provide data during a merger and acquisition process, for business and strategic management purposes
· For analysis and statistical purposes
· To establish, exercise or defend legal claims
C) For marketing purposes:
· To send you newsletters, with your consent, which may also include offers, news or information related to our Services and/or other products. Please note that you can unsubscribe from the newsletter at any time by changing your account preferences in your account page.
4.2 We may also process your personal data if we need to do so in order to comply with a
legal obligation or a decision of an authority.
5. Sharing your personal data
5.1 We may use third-party providers to perform services on our behalf, for example providing infrastructure and IT services (including but not limited to data storage), processing credit and debit card transactions, improving data quality, processing customer requests and performing other kinds of statistical analysis. In performing these services, third-party providers may have access to your personal data, but are authorised to process it solely on our behalf and in accordance with our instructions.
6. How we protect your data
6.1 Protecting your personal data is important to us. All personal data you provide to us is stored on secure servers and we have strict procedures to protect against loss, misuse, unauthorised access, alteration, disclosure or destruction of your personal data. Any payment transactions will be encrypted with industry standard technology and be subject to PCI security standards.
6.2 While we work hard to protect your personal data, we cannot guarantee that our security measures will prevent every unauthorised attempt to access, use or disclose personal data. However, we maintain security and incident plans, including plans to deal with possible data security breaches, to respond quickly in the event of a physical or technical incident, and to limit any negative effects of an incident if this kind.
7. How you can access your data
7.1 We understand that you may sometimes need more information from us about your personal data and how it is processed, or that you may want to update or correct the personal data you have provided to us. That is why your rights include the following:
· Right to access your personal data: you have the right to find out whether we process personal data about you and, if so, to access the personal data and other information.
· Right to have personal data corrected: if you notice that personal data we process about you is inaccurate, you have the right to have it corrected.
· Right to have personal data erased (right to be forgotten): under certain circumstances, for example if your personal data has been processed unlawfully or you have withdrawn your consent (if the processing of your personal data is based on consent), you have the right to request that your personal data is erased.
· Right to restrict processing: under certain circumstances, for example if you dispute the accuracy of your personal data or if you have challenged our legitimate purpose in processing your personal data, you have the right to request that we restrict the processing of your personal data until a solution has been found.
· Right to object against processing: under certain circumstances, for example if you dispute our legitimate interest in processing your personal data, you have the right to object, on grounds relating to your particular situation, against such processing.
· Right to data portability: if your personal data is processed automatically on the basis of your consent or in the performance of our contractual relationship, you have the right to request that we provide you with your personal data in a machine-readable format which can be sent to another controller.
· Right to file a complaint with a supervisory authority: you have the right to file a complaint to your supervisory authority about how we process your personal data.
o Complaints should be submitted to the Danish Data Protection Agency, cf. Section 39 (1) of the Danish Data Protection Act (Databeskyttelsesloven).
7.2 If our processing of your personal data is based on your consent, you have the right to withdraw such consent at any time (however this will not affect processing based on your consent prior to the withdrawal) by contacting us.
7.3 Please contact us using the contact details below to make a request concerning your rights. We will make every effort, where commercially reasonable, to respond to your request within 30 days of receipt. If we cannot meet your request within 30 days, we will notify you of this with the reason for the delay, and when we expect to be able to meet your request.
9. Contact details
9.2 We are subject to and bound by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on data protection (‘GDPR’), and Act No. X of 17 May 2018 on additional provisions for GDPR (‘Data Protection Act’).
10. Last updated
10.1 Last updated 17 May 2018