The new General Data Protection Regulation is effective from the 25th of May 2018, all over of the European Nation.
For us in SARSTEDT ApS it is important, that you feel safe, about the way we handle your personal information.
In the Privacy Protection Policy you can read about the personal information that we keep, how we use it, for how long we keep them.
Latest update: May 2018.
We take the protection of your data seriously
We process personal data, which is why we have adopted this Privacy Protection Policy informing you how we process your data.
To maximise the protection of your personal data, we continuously assess the risk of our data processing adversely affecting your basic rights. We are particularly aware of the risk of you being subjected to discrimination or identity theft, or suffering financial loss, loss of reputation or data confidentiality.
In cases where the decisions we need to make depend on our ability to process sensitive personal data, biometric information or information about criminal matters relating to you, we carry out an analysis of the consequences of the data processing on the protection of your privacy. The impact analysis is carried out before we begin to process your personal data.
SARSTEDT ApS is the data collector, and we ensure that your personal data are processed pursuant to legislation.
SARSTEDT ApS, Brogesvej 18, DK-7441 Bording
CVR/VAT: 34593531 Tel. no.: (+45) 8686 5762
We ensure fair, transparent data processing
When we ask you to make your personal data available to us, we inform you of which data about you that we are processing and the purpose of doing this. You will be informed about this at the time when your personal data are collected.
If we obtain data about you from other sources, such as a supplier, authority or business partner, we will inform you of this no later than ten (10) days after we have obtained your personal data. In addition, we will inform you of why we obtained the data and of the legal basis that enables us to obtain your personal data.
We use this type of data about you
We use this data about you to improve our services and ensure the quality of our products and services and the quality of our contacts with you.
We use the following data:
Ordinary personal data
In some instances, we need to compare your data with data received from other parties, such as social media. If the comparison could reveal your identity or any personal or sensitive information, we obtain your consent for the processing.
Before we compile data, if necessary, we assess whether there is a risk of the processing adversely impacting the protection of your privacy. If this is the case, we notify you of the processing and its purpose and ask for your consent to continue the processing.
You may object to this type of data processing and you have the right to restrict the processing, if, in your opinion, the data about you that we are compiling are inaccurate.
We collect and store your personal data for specific purposes
We collect and store your data for specific purposes or other statutory commercial purposes.
We do this whenever we need:
We only process relevant personal data
We only process data about you that is relevant and adequate for the purposes defined above. The purpose is decisive for determining the type of data about you that is relevant to us. The same is true of the scope of the personal data we use. For instance, we do not use more data than we need for the specific purpose.
Before we process your personal data, we investigate whether it is possible for us to minimise the amount of data about you. We also look into whether we could anonymise or pseudonymise some of the types of data we are processing about you. We can do this if it will not adversely affect our obligations or the service we are providing to you.
We only process necessary personal data
We only collect, process and store personal data that are required to meet our specified purposes. Also, in some instances the type of data we need to collect and store for our business operations is laid down by law. The type and scope of the personal data we process can also be required in order to satisfy a contract or other legal obligation.
We want to be certain that we are only processing the personal data required for each of our specific purposes. Therefore, instructions are embedded in our IT systems to collect only the volume of data that is necessary. Our IT systems are also configured to automatically ensure that the scope of the processing is not unduly vast and that the storage time is not too long.
To prevent unauthorised parties from gaining access to your personal data, we also use solutions which automatically ensure that data are only accessible to relevant staff members. Protection against an unlimited number of persons being able to access data is also embedded in our systems.
We verify and update your personal data
We verify that the personal data we are processing about you are not incorrect or misleading. We also make sure to update your personal data on an ongoing basis.
As our service depends on your data being correct and up to date, we kindly ask you to notify us of any relevant changes to your data. You can use the contact details above to notify us of your changes.
To ensure the quality of your data, we have adopted internal rules and established procedures for monitoring and updating your personal data.
We delete your personal data when they are no longer necessary
We delete your personal data when they are no longer necessary for the purpose on which our collection, processing and storing of your data is based.
We obtain your consent before we process your data
We obtain your consent before we process your personal data for the purposes described above, unless we have a legal basis on which to obtain them. We inform you of such a basis and of our legitimate interest in processing your personal data.
Your consent is voluntary, and you may withdraw it at any time by contacting us. Please use the contact details above if you would like additional information.
If we want to use your personal data for a purpose other than the original, we will inform you of the new purpose and request your consent before we commence the data processing. If we have a different legal basis for the new processing, we will inform you of this.
We do not disclose your personal data without your consent
If we disclose your personal data to business partners and players for purposes such as marketing, we will obtain your consent and inform you about what your data will be used for. You may object to this type of disclosure at any time, and you can also decline to receive inquiries for marketing purposes in the CPR (civil ID) registry.
We do not obtain your consent if we are legally obliged to disclose your personal data, e.g. as part of submitting a report to an authority.
We obtain your consent before we disclose your personal data to business partners in third countries. If we disclose your personal data to partners in third countries, we ensure that their level of personal data protection meets the requirements we have set out in this policy pursuant to current legislation. We stipulate requirements for, among other things, data processing, data security and for fulfilling the rights you have in terms of, for instance, objecting to profiling and submitting a complaint to the Data Protection Agency.
We protect your personal data and have internal data security rules
We have adopted internal rules governing data security which contain instructions and measures to protect your personal data against being destroyed, lost or modified, to prevent unauthorised publication and to prevent unauthorised parties gaining access to or knowledge of them.
We have established procedures for assigning access rights to the specific employees tasked with processing sensitive personal data and data which identifies personal interests and habits. We monitor the actual access of these employees through logging and supervision. To avoid lost data, we take continuous back-ups of our data sets. We also protect the confidentiality and authenticity of your data by means of encryption.
In cases of security breaches which subject you to a high risk of discrimination, identity theft, financial loss, loss of reputation or other material inconvenience, we will notify you of the security breach as quickly as possible.
Cookies, purpose and relevance
If we put a cookie in your device, you will be informed that we are using it and of the purpose of collecting data via cookies.
We obtain your consent
Before we put a cookie on your device, we ask for your consent. But the cookies we use to ensure functionality and settings can be used without your consent.
You have the right to access your personal data
You have the right at any time to be informed of which data we are processing about you, where they come from and what we are using them for. You can also be informed of how long we will store your personal data, who receives data about you and the extent to which we disclose data in Denmark and abroad.
We can also inform you of the data we process about you, if you request this. Your access can be restricted out of consideration for other persons’ privacy protection, industrial secrets and intellectual property rights.
You can exercise your rights by contacting us. You will find our contact details at the top.
You have to the right to rectify or delete inaccurate personal data.
If you believe that the personal data we are processing about you are inaccurate, you have the right to have them rectified. You must contact us and specify the inaccuracy and how it should be rectified.
In some cases, we will be under an obligation to delete your personal data. This is true, for instance, if you withdraw your consent. If you think that your data are no longer necessary in relation to the purpose for which we retrieved them, you can ask us to delete them. You can also contact us if you think that your personal data are being processed in contravention of legislation or other legal obligations.
When you contact us with a request to have your personal data rectified or deleted, we investigate whether the conditions are met and, if they are, we implement the changes or deletion as soon as possible.
You have the right to object to our processing of your personal data.
You have the right to object to our processing of your personal data. You may also object to our forwarding of your data for marketing purposes. You can use the contact details at the top to submit an objection. If your objection is justified, we make sure to stop processing your personal data.
You have the right to receive the personal data you have made available to us and to the data we have obtained about you from other parties based on your consent. If we process your data as part of a contract, to which you are a party, you can also have your data sent to you. You also have the right to transfer these personal data to a different service provider.
If you wish to exercise your data portability right, you will receive your personal data from us in a commonly used format.
If you wish to have access to your data or have them rectified or deleted or if you wish to file an objection concerning our data processing, we will investigate whether this is possible, and we will reply to your inquiry as soon as possible and no later than one month after receiving your inquiry.
You may complain to the Danish Datatilsynet – www.datatilsynet.dk – if