Introduction
When you visit our website, we record data about you that we use to adapt and improve content and increase the value of the advertising shown on our website. If you do not wish us to record data, you should erase cookies (see guidelines) and stop using our website. In the following, we explain precisely which data we record, why we record them and which third parties have access to them.
Cookies
Our website uses cookies. A cookie is a text file that is saved on your computer, mobile phone or other device. The cookie enables us to recognise your device, recall your settings, collect statistical data and focus advertising. Cookies do not contain harmful codes, such as viruses.
You can clear or block cookies at any time. See guidelines: http://minecookies.org/cookiehandtering
If you clear or block cookies, the advertising displayed to you may be less relevant for you and appear more frequently. You may also risk that the website works less efficiently and that you do not have access to some of the content.
The website contains third party cookies that may include:
Third party cookies frequently used in digital advertising
Personal data
General
Personal data includes all types of data that, to some extent, ascribe to you. When you use our website, we record and process certain types of personal data. For example, when you access website content, subscribe to our newsletter, enter a competition, take part in a survey, register as a user or subscriber, use other services or make a purchase via the website.
As a rule, we record and process the following types of data: A unique ID and technical information regarding your computer, tablet or mobile phone, IP address, geographical location and which pages you click on (show an interest in). If you explicitly give us your consent to do so or enter the data yourself, we may also process the following types of data: Name, phone number, e-mail address, postal address and payment details. We usually record and process these types of data when you create a login or make a purchase.
Data security
We have taken technical and organisational measures to prevent the accidental or unlawful destruction of your data, and its publication, loss, or impairment, or unauthorised disclosure, misuse or other use in contravention of legal requirements.
Objectives
The data are used to identify you as the user and show you the advertisements that are most likely to be relevant for you, to record your purchases and payments, and to supply the services you have requested, e.g. to send you a newsletter. We also use the data to optimise our services and website content.
Storage period
The data are stored for as long as we are obliged to do so in pursuance of the legislation. We erase personal data when they are no longer needed. The storage period depends on the nature of the data in question and the reason for storage. It is not possible to give a general period for data erasure.
Disclosure
If we have recorded data about how you use our website, the ads you receive and click on (if any), your geographical location, gender and age group, etc., the data may be divulged to one or more third parties. There is a list of the third parties in question in the Cookies section (above). We use the data to personalise advertising.
We also use several data subprocessors to store and process data. The data subprocessors process data on our behalf and may not use the data for their own purposes.
Personal data, e.g. name and e-mail address, etc., are disclosed only with your consent. We avail ourselves of the services solely of data processors within the EU or in countries that provide adequate data protection.
Access and complaints
You have a right to know which personal data we process concerning you. You also have a right to object to data processing. You can withdraw your consent to data processing. If the data processed concerning you is incorrect, you have a right to have them rectified or erased. To rectify or erase personal data, please contact info@e-reactor.dk. If you wish to complain about how we process data concerning you, you may also contact Datatilsynet (The Danish Data Protection Authority).
Publisher
This website is owned and published by:
e-reactor aps
Niels Andersens Vej 7b
DK-2900 Hellerup
Phone: +45 70 230 140
e-mail: info@e-reactor.dk
Data processing contract:
1. PURPOSE AND DESCRIPTION OF DATA PROCESSING
1.1 The data processing contract is drawn up for the purposes of controlling and regulating the data processor’s processing of personal data on behalf of the data controller.
1.2 The contract is regulated by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (known as the GDPR) and the Danish Data Protection Act.
1.3 The data processor processes various types of personal data concerning the data controller and the data controller’s customers.
1.4 The purpose of data processing is to ensure that the data processor can perform online development tasks related to a website or online shop on the data controller’s behalf.
1.5 The data controller is free to determine which data the data processor is to receive. The data controller is responsible for the transfer of the data, for which reason e-reactor aps is a data processor, see Article 3 (5) of the Danish Personal Data Act and Article 4 (8) of the GDPR. The data controller is responsible for the personal data that the data controller instructs the data processor to process. The data controller is responsible for ensuring that the data processor is legally permitted to process the personal data that the data controller instructs the data processor to process, including that processing is necessary and objective in relation to the performance of the data controller’s duties.
1.6 The data are stored for the duration of the contract period and for 12 months after its expiry.
2. THE DATA PROCESSOR’S OBLIGATIONS
2.1 The data processor may only process personal data provided by the data controller for the purpose stipulated in item 1.4.
2.2 The data processor shall process personal data in accordance with the best practices of data processing and in compliance with the regulations and instructions applicable at any given time.
2.3 The data processor shall ensure that access to personal data is restricted to employees, who require access to the data in order to perform their duties. The employees shall be subject to a duty of confidentiality.
2.4. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the data processor shall, where relevant, implement appropriate technical and organisational measures. These measures shall ensure a level of security appropriate to the risks and they shall be implemented in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject.
2.5 The data processor shall immediately notify the controller if the data processor is aware that an instruction infringes personal data security or confidentiality. At the data controller’s request, the data processor shall assist the data controller with regard to clarification of an infringement of personal data security, including in connection with notification of a personal data breach to the Danish Data Protection Agency and/or the data subject.
2.6 At the data controller’s request, the data processor shall provide adequate information to allow the data controller to ascertain that the requirements stipulated in the GDPR and Danish Data Protection Act are met.
2.7 At reasonable notice, the data controller or a third party mandated by the data controller may have access to those of the data processor’s systems involved in processing, to which the data processing contract refers. The data controller is entitled to require access only those parts of the systems that contain the data controller’s data, and access may be granted only if the data controller or a third party mandated by the data controller is physically present at one of the data processor’s offices with at least one of the data processor’s employees in attendance. The data controller covers the costs of such an audit.
3. THE USE OF DATA SUBPROCESSOR(S) AND DATA TRANSFER
3.1 On entering cooperation with the data processor, the data controller consents to the data processor’s use of data subprocessors.
3.2 The data controller’s consent is conditional upon the data subprocessor’s compliance with the data protection obligations and contractual terms established in the present contract, including that the data subprocessor shall implement appropriate technical and organisational measures to ensure that data processing meets the requirements of the GDPR and Danish Data Protection Act.
3.3. If the data processor assigns to data subprocessors the processing of personal data for which the data controller is responsible, the data processor shall enter a written data (sub)processing contract with the data subprocessor.
3.4. The data subprocessing contract shall oblige the data subprocessor to comply with the same data protection obligations as those with which the data processor is obliged to comply, including that the data subprocessor guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject.
3.5 The data controller is entitled at any time to require the data processor to produce documentation for the existence and contents of a data subprocessor contract for the data subprocessors engaged by the data processor in connection with the fulfilment of the data processor’s obligations vis-à-vis the data controller.
3.6 Communication between the data controller and data subprocessor shall always take place via the data processor.
3.7 If the data subprocessor fails to meet its contractual obligations, the data processor remains fully responsible for performance of the subprocessor’s obligations.
4. CONFIDENTIALITY
4.1 Any information submitted or received in connection with this contract is regarded as confidential.
4.2 Confidential information shall be processed in strict confidence. The information shall not be used by or transmitted to a third party, unless its use or transmission is necessary in order to comply with this contract or required by dint of the GDPR and/or Danish legislation.
4.3 On expiry of this contract, the data processor shall erase all information and other material received in connection with the cooperation between the data controller and the data processor.
5. BREACH OF CONTRACT
5.1 In the event of a material breach of contract on the part of the data processor or data controller, the non-breaching party is entitled to cancel the contract. However, cancellation may take place no earlier than 20 working days from the non-breaching party’s sending written notification of the breach to the breaching party with a requirement to remedy the breach within a deadline of not less than five working days.
5.2 If remedial action is taken within the stated deadline, see item 5.1, the contract may not be cancelled.
5.3 In accordance with the ordinary tenets of Danish law, the data processor is liable for losses, although not for indirect losses or consequential damage, except if such loss or damage was intentional or due to gross negligence.
6. COMMENCEMENT AND EXPIRY
6.1 The data processing contract commences on 25 May 2018.
6.2 Under the terms of the data processing contract, the data processor is obliged to observe contractual obligations for as long as the data processor processes personal data on behalf of the data controller.
6.3 The data processing contract is voided when collaboration between the data controller and data processor is terminated or when the data processor no longer processes personal data on the data controller’s behalf.
7. APPLICABLE LAW AND LEGAL VENUE
7.1 The data processing contract is regulated by Danish law.
7.2 Any claim or dispute that originates from or is otherwise connected with this data processing contract shall be settled at the local court in Helsingør, Denmark.
LOCATIONS, INCLUDING STATEMENT OF COUNTRY OF PROCESSING
Niels Andersens Vej 7b
2900 Hellerup, Denmark
Str. Grigore Ionescu, Nr.100, Bl. 34,
Sc. A, Ap.49, Sector 2
Bucharest, Romania
Industriestr. 25
91710 Gunzenhausen, Germany