Privacy Policy
1. INTRODUCTION
1.1. Personal information is any type of information that can be used to identify you as an individual. COMAsystem therefore encourages you to exercise caution with whom you disclose your personal information to and to know what purposes your personal information is used for when disclosing it to others.
1.2. The collection and processing of other people’s personal data is regulated by both the EU’s general regulation on data protection and Danish national legislation. COMAsystem has taken the necessary measures to ensure that COMAsystem complies with applicable law, so that we can offer you the necessary assurance that we process your personal data securely.
1.3. In this personal data policy, we describe the circumstances in which we collect and process your personal data, what rights you have in relation to it, and how we protect your personal data. You are of course also always welcome to contact us if you have any questions about our processing of personal data.
2. THE DATA CONTROLLER
2.1. When you transfer your personal information to COMAsystem, COMAsystem will be considered the data controller in relation to the processing of your personal data.
Should you have any questions or comments about our collection and
processing of your personal data, or if you wish to exercise your rights in relation to your personal data, you can always contact COMAsystem. We will respond to your inquiry as soon as possible.
2.2. Our contact information is as follows:
COMAsystem ApS
VAT nr. 21 53 47 49
Ringager 8
2605 Brøndby
Tlf. 53 39 79 13
E-mail : [email protected]
3. YOUR RIGHTS
3.1. When COMAsystem receives and processes your personal information, you have certain rights. You have the right to contact us at any time for the exercise of one or more of your rights. You can contact us by ordinary letter, by e-mail, by telephone or in person at our address stated herein. It is necessary that you can properly identify yourself so that we can be assured that we do not process your personal data on the basis of a request from a third party.
3.2. We will make sure to comply with your request without unnecessary delay after your inquiry. If the complexity of your request results in a longer processing time, we will inform you without undue delay of the measures we take on the basis of your request and keep you updated on the processing of your request. However, we will in any case comply with your request as soon as possible after our receipt thereof. The dispatch of your request to exercise
your rights are of course free for you.
3.3. Our communication with you in connection with the processing of your request will always take place in a concise and easy-to-understand way and as a starting point in the way you want, for example by using electronic communication (e-mail).
3.4. When we process your personal information, you have, among other things, the following rights:
3.4.1. You have the right to confirm whether we process your personal data and the right to access a copy of the personal data that we may process. You also have the right to receive information about the purposes of the processing of your personal data, the types of information we process, the data processors or types of data processors to which we may pass on your personal data, and information about the period we expect to process your personal data. in. If we process personal information about you that we have collected from third parties, you are
further entitled to receive all information on the source of that information.
3.4.2. You are also entitled to have your personal information transmitted directly to another data controller, if technically possible.
3.4.3. Should we transfer your personal data to a third country for the purpose of processing it, you also have the right to receive information about the necessary guarantees that the recipient of the data may have given regarding the protection of your personal data.
3.4.4. You also have the right to have your personal information corrected. This means that you will be able to ask us to update and change your personal information if it is incorrect or incomplete.
3.4.5. You also have the right to ask us to delete your personal information so that it no longer appears on our systems or directories. Our agreement with you may be conditional on us owning and having the right to process certain information about you.
Deleting your personal information may therefore mean that we can no longer offer you our services or products. However, it depends on the type of information that you may ask us to delete. In some cases, we may be subject to a legal obligation under applicable law to retain a copy of your personal information. In these cases, we will be required to keep such a copy.
3.4.6. You are also entitled to ask us to limit the processing of your personal data, for example to only concern certain of your personal data or for certain purposes only.
3.4.7. You are at all times entitled to submit a complaint about our processing of your personal data to the Danish Data Protection Agency. The Danish Data Protection Agency has the following contact information:
Datatilsynet, Borgergade 28, 5. sal, DK-1300 København K,
Tlf. 33 19 32 00, fax 33 19 32 18.
3.5. Should we disclose your personal information to third parties for the purpose of processing it, we will notify any such third party of your exercise of your rights, unless such notification proves to be disproportionately difficult.
3.6. Should we become aware of a change in your personal information that is being processed by us, we will contact you to obtain your consent for us to update your personal information in accordance with the changes. We only update your personal information with us if we have received your consent to it, or if applicable law otherwise allows or obliges us to make such an update. However, we will always inform you of all updates of your personal information with us.
4. YOUR PERSONAL INFORMATION
4.1. COMAsystem only collects and processes your personal information the following purposes. These purposes are disclosed to you in an easy-to-understand, clear and unambiguous manner before you disclose your personal information to us. The information collected will only be used for the stated purposes and we only process the information necessary for the fulfillment of these purposes. Likewise, we treat them only for as long as is necessary for the fulfillment of the purposes.
4.2. The overall purpose of our collection and processing of your
personal information will always be to enable and facilitate the delivery of the services or products that you may express a desire to receive from us. More specifically, the purposes of our collection and processing of your personal information may be one or more of the following purposes:
4.2.1. Delivery of Software as a Service (SaaS) COMAsystem contract management system for handling sales, supplier, service and personnel contracts.
– COMAsystem online contract management via internet browsers
– COMA system for Microsoft Word plugin
4.2.2. Provision of software and consulting services for the handling of EU Personal Data Regulation in companies.
4.3. For example, the information we may ask you for may be the following:
4.3.1. Name, address, telephone number, e-mail address, VAT.
4.4. We may process your personal information in one or more of the following ways:
4.4.1. Electronically in CRM systems, Mail programs and file management.
4.4.2. The collection of your personal information may take place by providing information directly from you by contacting us regarding our services and products. Such inquiries may be submitted in writing (by ordinary letter), electronically (via e-mail), digitally upon your entry on our website, by telephone or in person at our address. The collection may also take place by receiving information from third parties that you may have instructed in passing on your information to us.
4.5. You are of course not obliged to hand over your personal information to us. However, we may be subject to requirements in applicable law regarding the collection and processing of certain types of personal data with you. If you do not wish to transfer such personal information to us, we will unfortunately not be able to offer our services or products to you in these specific cases. We hope you understand that this is for the sole purpose of complying with applicable law. The types of personal information that we are required to collect regarding our customers is by applicable as follows:
4.5.1. Information such as name, address, VAT-number in relation to invoicing.
5. LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
5.1. COMAsystem only processes your personal information if we have the necessary authority to do so. This may be because, you have given your consent for us to process your personal data. It may also be that the processing is necessary to fulfill an agreement we have entered into with you, or to take certain measures at your request before we enter into the agreement. For example, we will also be able to process your personal data should it be necessary to fulfill our obligations that we may have under applicable law.
5.2. If our processing of your personal data is based on your consent, we will ask you to give an explicit consent to the processing before we process your personal data. A given consent can be withdrawn at any time by notification to us, either in writing to the address specified by us (including electronic address) or orally by contacting the telephone number specified by us or in person at our address. However, a withdrawal of consent may mean that we will no longer be able to fulfill the purposes for which your personal information has been collected, and will therefore not be able to offer you our continued services.
6. COLLECTION OF PERSONAL INFORMATION BY VISITING OUR WEBSITE
6.1. Once you have visited the COMAsystem website, the following information about you is collected:
6.1.1. Which pages you have looked at and when, which is called your “electronic track”.
6.1.2. The specific data we collect is always stated in our Cookie Policy at:
https://www.comasystem.dk/cookie-politik/
6.2. COMAsystem collects statistical information about visitors to our website.
This information does not make it possible to recognize or identify individuals.
6.3. We use the information mentioned above to see how you find our website and how you navigate inside our website.
6.4. The mentioned information is only used in connection with the operation of our website and for the compilation of statistics, which i.a. can be used to improve the structure of our website.
7. SENSITIVE INFORMATION
7.1. COMAsystem collects personal information.
7.2. Personal data will be considered sensitive personal data if it relates to:
7.2.1. Race or ethnic origin,
7.2.2. political, religious or philosophical beliefs,
7.2.3. trade union affiliation,
7.2.4. genetic or biometric data,
7.2.5. health information, or
7.2.6. sexual relations or sexual orientation.
7.2.7. We consider CPR information to be sensitive information
7.3. Should it be necessary for our services to receive and process sensitive personal data about you, we will only receive and process such data after obtaining your express consent or in accordance with one of the other reasons expressly permitted in applicable law to process the type of personal information. However, we will always make sure to obtain your consent to our processing as soon as possible after receiving sensitive personal data.
Your possible consent to our processing of your sensitive personal data will always relate to one or more specific purposes to which you will be expressly made aware.
8. USE OF DATA PROCESSORS
8.1. COMAsystem will be able to pass on your personal information on to third parties in order to fulfill agreements entered into with you. Som of your personal information will likewise not, in principle, be sensitive to being passed on to third parties as a result of hosting and maintaining of our website and IT systems.
8.2. COMAsystem only uses data processors who can provide the necessary guarantees for the implementation of measures that will ensure the security of the personal data in question and the protection of your rights, and their processing of your personal data on our behalf only will take place in accordance with a written data processor agreement between COMAsystem and the data processor in question. Our data processors will be subject to appropriate confidentiality obligations and will only process your personal information in accordance with clear and documented instructions from us.
8.3. COMAsystem is in constant dialogue with our data processors to ensure an appropriate and adequate level of security in relation to the processing of your personal data, furthermore preventing accidental and illegal destruction and loss of your personal data as well as alteration or unauthorized access to your personal data.
9. TRANSFER TO THIRD COUNTRIES
9.1 COMAsystem will be able to use data processors in other countries for the processing of your personal data and thus transfer your personal data to such data processors. If the third country in question is not approved by the EU Commission as a so-called secure third country, a transfer of your personal data to that third country will in principle only take place after obtaining your express consent to the transfer to the data processor in question, or if transfer is necessary. for the fulfillment of COMAsystem’s contractual obligations to you or for the purpose of implementing
measures taken at your request prior to the conclusion of the agreement with you.
9.2 The transfer of your personal data to third countries will only take place if the recipient of the data in question provides the necessary guarantees for the protection of your personal data. You are at any time entitled to contact us to receive a copy of such warranties.
9.1. The countries to which COMAsystem transfers your personal information are as follows:
9.4. USA (Google Analytics, Cloudflare, Office 365)
10. SAFETY PRECAUTIONS
10.1. Both COMAsystem and COMAsystem’s data processors have put appropriate technical and organizational measures in place to protect your personal information, and COMAsystem stores your personal information in a safe and secure manner. These technical and organizational measures include the following:
10.1.1. Ensuring the availability of treatment systems
10.1.2. Ensuring the robustness and integrity of treatment systems
10.1.3. Ensuring the ability to restore access to the information after physical or technical events
10.1.4. Securing strong encryption of relevant data received by COMAsystem in connection with. transmission and in some cases storage.
10.1.5. Performing ongoing risk analyzes, including updating to new technology or changes in work routines and safety setup.
10.1.6. Conducting an annual standard IT audit and audit based on ISAE 3000 and 3402 or other auditing of an appropriate nature.
10.2. COMAsystem has also put in place appropriate procedures for regular testing and evaluation of the effectiveness of the above measures.
10.3. COMAsystem has also established internal procedures to ensure that only those employees of COMAsystem who have a need to know about your personal information in connection with the fulfillment of the purposes for which the information was collected have access to that information. We make the same demands on our data processors in relation to their own employees. In addition, we have taken steps to ensure that people with access to your personal information only process it in accordance with instructions from us.
10.4. Your personal data will not be stored for longer than is necessary to fulfill the purposes for which the personal data in question has been collected.
11. POSSIBLE BREACH OF PERSONAL DATA SECURITY
11.1. If a breach of the security of your data may occur, despite the technical and organizational measures we have put in place with our data processors to ensure the protection of your personal data, we will notify you without undue delay should the breach in question entail a real risk to your rights. We will provide you with all relevant information about the security breach in question, its consequences for your information and the measures we take to deal with that security breach and to limit its potential damaging effects.
12. CONTINUOUS MAINTENANCE OF YOUR PROTECTION
12.1. At COMAsystem, we believe that we must be able to continuously adapt our personal data policy and technical and organizational measures, to ensure the protection of your personal data. We will therefore regularly review and, if necessary, update this personal data policy.
12.2. This edition of the Personal Data Policy has been updated on 28 Nov. 2019.