Personal data policy
1.1 This policy on the processing of personal data ("Personal Data Policy") describes how Nordal online store ("Nordal Onlinestore", "us", "our", "we") collects and processes information about you.
1.2 The personal data policy applies to personal data that you submit to us or that we collect via Nordal Olinestore's website, www.nordal.dk ("Website").
1.3 Nordal Onlinestore is the data controller for your personal data. All inquiries to Nordal Onlinestore can be made via the contact information listed under section 7.
2. What personal data do we collect, for what purposes and the legal basis for the processing
2.1 When you visit the Website, we automatically collect information about you and your use of the Website, e.g. what type of browser you use, what search terms you use on the Website, your IP address, including your network location, and information about your computer.
2.1.1 The purpose is to optimize the user experience and the function of the Website, as well as carry out targeted marketing, including retargeting, i.a. via Facebook and Google. This processing of information is necessary so that we can safeguard our interests in improving the Website and showing you relevant offers.
2.1.2 The legal basis for the processing is the EU Personal Data Regulation, art. 6, subsection 1, letter f.
2.2 When you buy a product or communicate with us on the Website, we collect the information you provide yourself, e.g. name, address, e-mail address, phone number, payment method, information about which products you buy and possibly have returned, delivery requests, and information about the IP address from which the order was made.
2.2.1 The purpose is that we can deliver the products you have ordered and otherwise fulfill our agreement with you, including to be able to manage your rights to return and advertise. We can also process information about your purchases to comply with legal requirements, including for bookkeeping and accounting. When making a purchase, the IP address is collected for the purpose and to safeguard our interest in being able to prevent fraud.
2.2.2 The legal basis for the processing is the EU Personal Data Regulation, art. 6, subsection 1, letters b, c and f.
2.3 When you sign up for our newsletter, we collect information about your name, e-mail address and possibly mobile number.
2.3.1 The purpose is to safeguard our interest in being able to deliver newsletters to you.
2.3.2 The legal basis for the processing is the EU Personal Data Regulation, art. 6, subsection 1, letter f.
3. Recipients of personal data
3.1 Information about your name, address, e-mail, telephone number and order number and specific delivery wishes will be passed on to GLS or a carrier responsible for the delivery of the purchased goods to you. When purchasing non-stock items, the mentioned information can be passed on to the manufacturer, who will then take care of the delivery.
3.2 Information may be entrusted to external business partners who process the information on our behalf. We use external partners for, among other things, technical operation and improvements to the Website, sending out newsletters and targeted marketing. These companies are data processors and under our instructions and process data for which we are the data controller. The data processors must not use the information for any purpose other than fulfilling the agreement with us, and are subject to confidentiality regarding this. We have entered into written data processing agreements with all data processors who process personal data on our behalf.
3.3 Two of these data processors, Google Analytics v/Google LLC. And Facebook Inc. is established in the United States. The necessary guarantees for the transfer of information to the USA are secured through the data processor's certification under the EU-US Privacy Shield, cf. EU Personal Data Regulation art. 45.
3.3.1 copy of Google LLC's certification can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
3.3.2 copy of Facebook Inc.'s certification can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
4. Your rights
4.1 In order to create transparency around the processing of your information, we, as data controller, must inform you of your rights.
4.2 The right of inspection
4.2.1 You are entitled at any time to request information from us about, among other things, which information we have registered about you, what purpose the registration serves, which categories of personal data and recipients of information may be may be, as well as information about where the information originates.
4.2.2 You have the right to receive a copy of the personal data that we process about you. If you want a copy of your personal data, you must send a written request to firstname.lastname@example.org You may be asked to document that you are who you say you are.
4.3 The right to rectification
4.3.1 You have the right to have incorrect personal data about yourself corrected by us. If you become aware that there are errors in the information we have registered about you, you are encouraged to contact us in writing so that the information can be corrected.
4.4 The right to deletion
4.4.1 In certain cases, you have the right to have all or some of your personal data deleted by us, e.g. if you revoke your consent and we have no other legal basis for continuing the processing. To the extent that continued processing of your information is necessary, e.g. for us to comply with our legal obligations, or for legal claims to be established, asserted or defended, we are not obliged to delete your personal data.
4.5 The right to limit processing to storage
4.5.1 In certain cases, you have the right to have the processing of your personal data restricted to storage only, for example if you believe that the information we process about you is incorrect.
4.6 The right to data portability
4.6.1 In certain cases, you have the right to have personal data that you yourself have given us delivered in a structured, commonly used and machine-readable format and you have the right to transfer this data to another data controller.
4.7 The right to object
4.7.1 You have the right at any time to object to our processing of your personal data for the purpose of direct marketing, including the profiling carried out in order to target our direct marketing.
4.7.2 You also have the right at any time, for reasons relating to your personal situation, to object to the processing of your personal data that we carry out on the basis of our legitimate interests, cf. pt. 2.1 and 2.3.
4.8 The right to withdraw consent
4.8.1 You have the right at any time to revoke a consent you have given us for a given processing of personal data. If you wish to revoke your consent, please contact us at email@example.com. Subscription to newsletters can also be unsubscribed at any time via a link at the bottom of the newsletter.
4.9 The right to complain
4.9.1 You have the right at any time to lodge a complaint with the Data Protection Authority, Borgergade 28, 5, 1300 København K about our processing of your personal data. Complaints can be lodged, among other things, by email firstname.lastname@example.org or telephone +45 33 19 32 00.
5. Deletion of Personal Data
5.1 Information collected about your use of the Website cf. pt. 2.1. deleted at the latest when you have not used the Website for 1 year.
5.2 Information collected in connection with your registration for our newsletter is deleted when your consent to the newsletter is withdrawn, unless we have another basis for processing the information.
5.3 Information collected in connection with purchases you have made on the Website cf. pt. 2.2 will basically be deleted 3 years after the end of the calendar year in which you made your purchase. However, information can be stored for a longer period of time if we have a legitimate need for longer storage, e.g. if it is necessary for legal claims to be established, asserted or defended, or if storage is necessary for us to fulfill legal requirements. Accounting material is stored for 5 years until the end of a financial year in order to meet the requirements of the Accounting Act.
6.1 We have implemented appropriate technical and organizational security measures against personal data being accidentally or illegally destroyed, lost, changed or degraded, as well as against it coming to the knowledge of unauthorized persons or being misused.
6.2 Only employees who have a real need to access your personal data in order to perform their work have access to it.
7. Contact information
7.1 Nordal.dk is the data controller for the personal data collected via the website.
7.2 If you have questions or comments about this Personal Data Policy or wish to make use of one or more of your rights described in section 4, you can contact:
Nordal Online Store
Tel. no.: 22680020
8.1 This personal data policy was updated on 01.06.2019