Scandi-Roc’s Personal Data Policy

Why do we have a personal data policy?

We process personal data, and have therefore adopted this policy regarding the processing and protection of personal data. SR is the Data Controller, and we ensure that your personal data is processed in accordance with the law. If customers want to contact us, our contact details can be found at www.scandi-rock.dk

We have fair and transparent data processing

The personal data that customers make available to us in connection with performing specified tasks will only be used for those purposes.

As a general rule, we do not obtain data about customers from third parties, e.g. suppliers or cooperative partners. If an exception arises, we will inform the customer in question about this within 10 days. We will also disclose the purpose of the collection and the legal basis that provides us with access to the collection of this personal data.

We use this kind of data about the customer

We will use the personal data that the customer provides to us so that we can perform the agreed task. 

We only process relevant personal data

We will only process customer data that is relevant and sufficient in relation to the purpose that forms the basis for the collection of said data. The purpose is to perform the tasks that have been agreed upon with the client.

The purpose determines, which type of personal data is relevant to us. The same applies to the scope of the personal data that we use. For example, we do not use data other than that required to use for a specific purpose, and we minimise the amount of data that the customer must disclose.

If we wish to use personal data for a purpose other than the original purpose, we will inform the customer of the new purpose and request the consent of the customer before we start processing data for the new intended purpose.

We only process necessary personal data

We will collect, process and store only the personal data that is needed to meet our intended purpose.

In order to protect customers against unauthorised access to customer data, we have internal business processes that ensure that only the employees, for whom it is relevant and necessary in relation to their work, are given access to the personal data of the customer.

We will verify and update personal data

We must ensure that we will verify that the personal data that we are processing about our customers is not incorrect, incomplete or misleading. We must also ensure that we will update personal data on an ongoing basis to the relevant extent.

As our services are dependent on data being accurate and updated, we request that you inform us of any relevant changes to your personal data.
To ensure data quality, we have adopted internal rules and established procedures for verifying and updating personal data.

We delete your personal data when it is no longer required

We delete our customer’s personal data when it is no longer required relative to the purpose that was the reason for collection.

We will not disclose personal data without customer consent

We will not disclose personal data to partners and/or other players, for example, to be used for their own marketing purposes, unless we have reached an agreement with the customer to do so in connection with the collection of the data or by obtaining consent from the customer after informing the customer of what the data will be used for.

At any time, the customer may request us to stop the disclosure of personal data, irrespective of whether it has been agreed upon or the customer has otherwise provided consent.

However, we will not obtain customer consent if we are legally required to disclose personal data (e.g. due to a requirement by relevant authorities).

Data storage

We use IT providers, who use Cloud solutions in the operation of our IT systems.

Customer data is stored in accordance with the terms and conditions of these providers.

Security

We have adopted internal rules on data security that contain instructions and actions that protect personal data against being destroyed, lost or modified, from unauthorised disclosure, and against unauthorised access or knowledge of said data.

We have established procedures for the allocation of access permissions to those of our employees, who process personal data.

We verify their permissions through logging and monitoring. In order to avoid data losses, we back up our data settings on an ongoing basis.

Our IT providers ensure that our IT equipment is updated and has the appropriate security measures installed, including firewall and virus protection.

In the event of a security breach that results in a high risk of personal identification of the customer, identity theft, financial loss, loss of reputation or other significant risk, we will notify the customer of the security breach as soon as possible.

Cookies, Purpose and Relevance

The customer can learn more on our website about our use of cookies and how the customer can delete or disable them. Find out more here.

The customer has the right to access their personal data

At any time, the customer is entitled to know what data we are processing, from where it originates and what we use it for. The customer may also be informed about how long we will store personal data, who receives data about the customer, and the extent to which we disclose their data within Denmark and abroad.

However, access may be limited with regard to the protection of other parties’ privacy and the protection of trade secrets and intellectual property.

The customer has the right to have inaccurate personal data corrected or deleted.

If the customer believes that the personal data that we process about the customer is inaccurate or incorrect, the customer may always contact us and have it corrected.

In some cases, we will have an obligation to delete your personal data. For example, this will apply if the customer withdraws their consent. If you believe that data is no longer necessary for the purpose for which it was obtained, you may request that it be deleted. Customers can also contact us if the customer believes that personal data is being processed in violation of the law or other legal obligations.

The customer has the right to object to our processing of personal data.

The customer has the right to object to our processing of personal data. If the objection of the customer is justified, we will stop the processing and delete the customer data unless we have a legal obligation to store it.

If the customer wishes to exercise the right to data portability

The customer has the right to receive the personal data that the customer has made available to us and the data that we have obtained about the customer from other players on the basis of the customer’s consent. If the customer wishes to exercise this right, the customer will receive personal data from us in a commonly used format.

General information about the exercise of customer rights

If the customer wishes to access data, have it corrected or deleted or make an objection to our processing of their data, the customer may exercise these rights by contacting us.

In such cases, we will investigate if it is possible and provide the customer with a response as quickly as possible and no later than one month after having received the request.