Privacy policy for COMAsystem.dk

1. Introduction

1.1. Personal data is any type of information that can be used to identify you as an individual. COMAsystem therefore encourages you to be careful about who you provide your personal data to and to be aware of the purposes for which your personal data is used when you provide it to others.

1.2. The collection and processing of other people’s personal data is regulated by both the EU General Data Protection Regulation and Danish national legislation. COMAsystem has taken the necessary measures to ensure that COMAsystem can comply with applicable legislation so that we can offer you the necessary assurance that we process your personal data securely.

1.3. In this privacy policy, we describe in more detail the circumstances under which we collect and process your personal data, what rights you have in relation to this and how we protect your personal data. Of course, you are always welcome to contact us if you have any questions about our processing of personal data.

2. Data controller

2.1. When you provide your personal data to COMAsystem, COMAsystem will be considered the data controller in relation to the processing of your personal data.
If you have any questions or comments about our collection and
processing of your personal data, or if you wish to exercise your rights in relation to your personal data, you are always welcome to contact COMAsystem. We will respond to your inquiry as soon as possible.

2.2. Our contact details are as follows:
COMAsystem ApS
Company registration no. 21 53 47 49
Rovsingsgade 68
DK-2100 Copenhagen Ø
Tel. (+45) 53 39 79 13
Email: [email protected]

3. Your rights

3.1. When COMAsystem receives and processes your personal data, you have certain rights. You have the right to contact us at any time to exercise one or more of your rights. You can contact us by regular mail, by email, by telephone or in person at our address stated herein. It is only necessary that you can properly identify yourself so that we can be certain that we are not processing your personal data based on a request from a third party.

3.2. We will endeavour to comply with your request without undue delay after your inquiry. If the complexity of your request results in a longer processing time, we will inform you as soon as possible about the measures we take based on your request and keep you updated on the processing of your request. However, we will in any case comply with your request as soon as possible after we receive it. The processing of your request to exercise
your rights is of course free of charge to you.

3.3. Our communication with you in connection with the processing of your request will always be in a concise and easily understandable manner and generally in the way you prefer, for example by using electronic communication (email).

3.4. When we process your personal data, you have, among other things, the following rights:

3.4.1. You have the right to obtain confirmation as to whether we process your personal data and the right to access a copy of the personal data we may process. You also have the right to receive information about the purposes of the processing of your personal data, the types of data we process, the types of data we process, the data processors or types of data processors to which we may disclose your personal data, and information about the period of time we expect to process your personal data. If we process personal data about you that we have collected from third parties, you are
further entitled to receive full information about the source of the data in question.

3.4.2. You are also entitled to have your personal data transmitted directly to another controller, if technically feasible.

3.4.3. If we transfer your personal data to a third country for processing, you also have the right to obtain information about the appropriate safeguards that the recipient of the data has provided regarding the protection of your personal data.

3.4.4. You also have the right to have your personal data rectified. This means that you will be able to request us to update and change your personal data if it is incorrect or incomplete.

3.4.5. You also have the right to ask us to delete your personal data so that it no longer appears in our systems or records. Our agreement with you may be conditional on us holding and having the right to process certain information about you.
Deleting your personal data may therefore mean that we can no longer offer you our services or products. However, it depends on the type of information you may request us to delete. In some cases, we may be subject to a legal obligation under applicable law to retain a copy of your personal data. In these cases, we will need to retain such a copy.

3.4.6. You are also entitled to request us to restrict the processing of your personal data, for example, to only certain of your personal data or only for certain purposes.

3.4.7. You are entitled at any time to lodge a complaint about our processing of your personal data with the Danish Data Protection Agency. The Danish Data Protection Agency has the following contact details:
Datatilsynet, Borgergade 28, 5th floor, DK-1300 Copenhagen K,
[email protected],
Tel. 33 19 32 00, fax 33 19 32 18.

3.5. If we have disclosed your personal data to a third party for processing, we will notify any such third party of your exercise of your rights, unless such notification proves to be disproportionately difficult.

3.6. If we become aware of a change in your personal data processed by us, we will contact you to obtain your consent to update your personal data in accordance with the changes. We will only update your personal data with us if we have received your consent to do so, or if applicable law otherwise authorises or obliges us to make such an update. However, we will always inform you of any updates to your personal data held by us.

4. Your personal data

4.1. COMAsystem only collects and processes your personal data for explicitly stated purposes. These purposes will be communicated to you in an easily understandable, clear and unambiguous manner before you provide your personal data to us. The collected data will only be used for the stated purposes and we will only process the data necessary for the fulfilment of these purposes. Likewise, we will only process it for as long as necessary for the fulfilment of the purposes.

4.2. The overall purpose of our collection and processing of your
personal data will always be to enable and facilitate the delivery to you of the services or products that you may express a wish to receive from us. The more detailed purposes of our collection and processing of your personal data will more specifically be one or more of the following:

4.2.1. Delivery of Software as a Service (SaaS) COMAsystem contract management system for managing sales, supplier, service and employment contracts.
– COMAsystem online contract management via internet browsers
– COMAsystem for Microsoft Word plugin

4.2.2. Provision of software and consultancy services for the management of the EU General Data Protection Regulation in companies.

4.3. The information we may ask you to provide may, for example, be the following:

4.3.1. Name, address, telephone number, email address, company registration number.

4.4. We may process your personal data in one or more of the following ways:

4.4.1. Electronically in CRM system, Mail programs and file management.

4.4.2. Your personal data may be collected directly from you when you contact us regarding our services and products. Such inquiries may be made in writing (by regular mail), electronically (by email), digitally by your entry of details on our website, by telephone or in person at our address. The collection may also take place by receiving information from third parties that have been instructed by you to disclose your information to us.

4.5. You are of course under no obligation to provide us with your personal data. However, we may be required by applicable law to collect and process certain types of personal data from you. If you do not wish to provide us with such personal data, we will unfortunately not be able to offer our services or products to you in these specific cases. We hope you understand that this is solely to comply with applicable law. The types of personal data that we are required by applicable law to collect regarding our customers are the following:

4.5.1. Information such as name, address, company registration number for invoicing purposes.

5. Legal basis for processing your personal data

5.1. COMAsystem only processes your personal data if we have the necessary legal basis to do so. This may be, for example, because you have given your consent for us to process your personal data. It may also be because the processing is necessary to fulfil an agreement we have entered into with you or to take certain measures at your request prior to entering into the agreement. For example, we may also process your personal data if it is necessary to fulfil our obligations that we may have under applicable law.

5.2. If our processing of your personal data is based on your consent, we will ask you to provide explicit consent to the processing before we process your personal data. A given consent may be withdrawn at any time by notifying us, either in writing to the address (including electronic address) provided by us or orally by contacting us at the telephone number provided by us or by physical appearance at our address. However, a withdrawal of consent may mean that we will no longer be able to fulfil the purposes for which your personal data has been collected and therefore will not be able to offer you our continued services.

6. Collection of personal data when visiting our website

6.1. Once you have visited the COMAsystem website, the following information is collected about you:

6.1.1. The pages you have viewed and when; this is called your “electronic track”.

6.1.2. The specific data we collect is always stated in our Cookie Policy at:
https://www.comasystem.dk/cookie-politik/

6.2. COMAsystem collects statistical information about visitors to our website.
This information does not make it possible to recognise or identify individuals.

6.3. We use the information mentioned above to see how you find our website and how you navigate within our website.

6.4. The information mentioned above is only used in connection with the operation of our website and to compile statistics, which can be used, among other things, to improve the structure of our website.

7. Sensitive information

7.1. COMAsystem collects personal data.

7.2. Personal data will be considered sensitive personal data if it relates to:

7.2.1. racial or ethnic origin;

7.2.2. political, religious or philosophical beliefs;

7.2.3. trade union membership;

7.2.4. genetic or biometric data;

7.2.5. health data; or

7.2.6. sexual relations or sexual orientation.

7.2.7. We consider Civil Registration data as sensitive data

7.3. If it is necessary for our services to you to receive and process sensitive personal data about you, we will only receive and process such data after obtaining your explicit consent or in accordance with one of the other reasons expressly authorised by applicable law for processing such personal data. However, we will always endeavour to obtain your consent to our processing of sensitive personal data as soon as possible after receiving it.
Your possible consent to our processing of your sensitive personal data will always relate to one or more specific purposes, of which you will be explicitly informed.

8. Use of data processors

8.1. COMAsystem may disclose your personal data to third parties in order to fulfil agreements entered into with you. Likewise, some of your personal data may be disclosed to third parties as a result of hosting and maintenance of our website and IT systems.

8.2. COMAsystem only uses data processors who can provide adequate guarantees on the implementation of measures to ensure the security of the personal data in question and the protection of your rights, and their processing of your personal data on our behalf will only take place in accordance with a written data processing agreement between COMAsystem and the data processor in question. Our data processors will be subject to appropriate confidentiality obligations and will only process your personal data on clear and documented instructions from us.

8.3. COMAsystem is in continuous dialogue with our data processors to ensure an appropriate and adequate level of security in relation to the processing of your personal data, including with a view to preventing accidental and unlawful destruction and loss of your personal data as well as alteration of or unauthorised access to your personal data.

9. Transfer to third countries

9.1 COMAsystem may use data processors in other countries for the processing of your personal data and thereby transfer your personal data to such data processors. If the third country in question is not recognised by the European Commission as a so-called safe third country, a transfer of your personal data to the third country in question will generally only take place after obtaining your explicit consent to the transfer to the data processor in question, or if the transfer is necessary for the fulfilment of COMAsystem’s contractual obligations towards you or for the implementation of
measures taken at your request prior to the conclusion of the agreement with you.

9.2 The transfer of your personal data to third countries will only take place if the recipient of the data in question provides the necessary guarantees for the protection of your personal data. You are entitled to contact us at any time to receive a copy of such guarantees.

9.1. The countries to which COMAsystem transfers your personal data are the following:

9.2. USA (Cloudflare)

10. Security measures

10.1. Both COMAsystem and COMAsystem’s data processors have implemented appropriate technical and organisational measures to protect your personal data, and COMAsystem stores your personal data in a safe and secure manner. These technical and organisational measures include, but are not limited to, the following:

10.1.1. ensuring the availability of processing systems;

10.1.2. ensuring the resilience and integrity of processing systems;

10.1.3. ensuring the ability to restore access to the data after physical or technical incidents;

10.1.4. ensuring strong encryption of relevant data received by COMAsystem during transmission and, in some cases, storage;

10.1.5. performing ongoing risk analysis, including when updating to new technology or changing work routines and security set-ups;

10.1.6. performing an annual standard IT audit and an audit based on ISAE 3000 and 3402 or other auditing of an appropriate nature.

10.2. COMAsystem has also established relevant procedures for regular testing and evaluation of the effectiveness of the above measures.

10.3. COMAsystem has also established internal procedures to ensure that only those COMAsystem employees with a need to know your personal data in connection with the fulfilment of the purposes for which the data was collected have access to the data in question. We impose the same demands on our data processors in relation to their own employees. In addition, we have taken steps to ensure that persons with access to your personal data only process it in accordance with our instructions.

10.4. Your personal data will not be stored for longer than is necessary for the fulfilment of the purposes for which the personal data in question has been collected.

11. Possible personal data security breaches

11.1. If, despite the technical and organisational measures that we have put in place together with our data processors to ensure the protection of your personal data, a breach of security of your data should nevertheless occur, we will notify you without undue delay if the security breach in question may result in a real risk to your rights. We will provide you with all relevant information about the security breach in question, its consequences for your data and the measures we are taking to address the security breach in question and to minimise its possible adverse effects.

12. Ongoing maintenance of your protection

12.1. At COMAsystem, we believe that we must be able to continuously adapt our privacy policy and technical and organisational measures to ensure the protection of your personal data. We will therefore regularly review and, if necessary, update this privacy policy.

12.2. This version of the privacy policy was updated on 28. November 2019.