Skip to the main content.

PRivacy policy

Privacy policy on langebaek.com

At Langebæk, we respect the right to privacy of our customers, employees, and business partners, and we acknowledge the need to implement sufficient security measures for the processing of personal data.

 

1. INTRODUCTION

1.1 The management of Langebæk owns and approves this policy.

1.2 At Langebæk, we respect the right to privacy of our customers, employees, and business partners, and we acknowledge the need to implement sufficient security measures for the processing of personal data.

1.3 Privacy legislation regulates all matters related to companies’ use of information about physical persons, including customers, employees, and suppliers, and protects these persons against unauthorised storage and processing of their data.

1.4 This policy describes Langebæk’s overall strategic goals for the processing and protection of personal data. The policy also includes guidelines for reporting lacking compliance with this policy to management. Violating this policy could have consequences for your employment.

 

2. PURPOSE AND FIELD OF APPLICATION

2.1 It is Langebæk’s goal to secure and protect personal data. Among other things, Langebæk will do this by:

(i) ensuring that all processing of personal data takes place in compliance with the principles regarding legal processing of personal data,

(Ii) adhering to the instructions and the practice regularly being published by relevant players, including the Danish Data Protection Agency, and

(iii) ensuring that employees receive relevant training in the processing of personal data.

2.2 Langebæk processes personal data about customers, suppliers, and employees at the company, among others. The purpose of this policy is to ensure that Langebæk ensures the security of personal data and always complies with current legislation to protect all personal data that the company has in its possession.

 

3. DEFINITIONS

3.1 Langebæk uses definitions of concepts related to personal data that are used in current legislation.

3.2 Personal data is defined as any type of information about an identified or identifiable physical person. An identifiable physical person is a physical person who can be directly or indirectly identified, particularly through an identifier or one or more elements that (when seen as a whole) are specific to a physical person’s physical, physiological, genetic, psychological, financial, cultural, or social identity.

3.3 Sensitive personal data is defined as personal data regarding race or ethnical origin, political, religious, or philosophical persuasion, or union affiliation as well as the processing of genetic data, biometric data to precisely identify a physical person, information about health or information about a physical person’s sexual relations or sexual orientation.

3.4 The term registered ‘persons’ refers to the physical persons to which the personal data being processed by the company are related.

3.5 A data controller is a physical or legal person, a public authority, an institution, or another agency that determines alone or with others for which purposes and with which aids it is permitted to process personal data. Langebæk is the data controller regarding the processing of personal data and determines for which purposes and with which aids it is permitted to process the relevant personal data. Typically, this will be the case in connection with the processing of employee data as part of staff management, among other things. The data controller is responsible for the processing of personal data living up to the rules of the data privacy legislation and can therefore at worst be liable to pay fines.

3.6 A data processor is a physical or legal person, a public authority, an institution, or another agency that processes personal data on behalf of the data controller.

3.7 A third country is a country that is not a member of the European Union (EU) or an EEA country. An unsafe third country is a third country where the European Commission has not decided as to whether the third country has a sufficient protection level.

3.8 When this policy refers to “data protection”, it means all the technical as well as organisational security precautions that aim to protect the confidentiality, availability, and reliability of personal data.

 

4. PRINCIPLES FOR PROCESSING OF PERSONAL DATA

4.1 All employees of Langebæk must adhere to the principles for processing personal data. Among other things, this means that personal data must be processed legally, fairly, and transparently, and the personal data may only be collected for explicitly stated and legitimate purposes.

4.2 Correspondingly, the processing of personal data may only take place if this is relevant and limited to what is necessary regarding the purposes for which the data is being processed. There must be procedures that – in addition to contributing to the personal data being correct and up to date – ensure that personal data is stored in a way that makes it impossible to identify the registered persons for any longer than what is necessary for the purposes for which the personal data in question has been collected and processed.

4.3 Furthermore, there must be procedures that make sure that personal data is processed in a way that ensures sufficient security for the personal data in question, including protection against unauthorised or illegal processing and against accidental loss, destruction, or damage, with the use of appropriate technical or organisational precautions.

 

5. FOUNDATION FOR PROCESSING INCLUDING CONSENT

5.1 All processing of personal data at Langebæk must be carried out based on a legal foundation for processing. Therefore, it should always be taken into account which legal foundation for processing applies to the processing.

5.2 Consent is one of the foundations for processing that can be used when Langebæk processes personal data regarding physical persons.

5.3 When Langebæk obtains consent for the processing of personal data, it is important to ensure that the consent has been given voluntarily, specifically and on an informed basis, and constitutes an explicit declaration of the fact that the physical person consents to the processing of personal data regarding the person in question.

5.4 If a person has given his/her consent to Langebæk processing data regarding this person, the registered person can always withdraw his/her consent. It is important to Langebæk that it is always respected when a registered person chooses to withdraw his/her consent to processing.

5.5 If a registered person withdraws his/her consent to an express purpose, this means that there cannot be any subsequent processing of personal data regarding the registered person for this purpose.

 

6. THE RIGHTS OF REGISTERED PERSONS

6.1 It is important to Langebæk that all registered persons are informed of their rights regarding the processing of personal data.

6.2 Furthermore, it is an important focus for Langebæk to ensure compliance with the rights of all registered persons. All employees who work with the processing of personal data at Langebæk must therefore be informed of the extent of the registered persons’ rights and how they are supposed to handle requests from the registered persons. This is described in specific guidelines.

6.3 All registered persons have the right of access to the processing of their data if they request this. As a rule, the registered persons have the right to be informed of the purpose for which the personal data is being processed, the categories of personal data that are being processed about them, and who will receive the personal data. However, there may be exceptions, which means that there may be limitations to this right in specific situations.

 

7. USE OF DATA PROCESSORS

7.1 Langebæk uses several subcontractors, and sometimes, personal data is transferred to our subcontractors as part of their delivery of services to Langebæk. If the subcontractors process personal data on behalf of Langebæk, this must always take place following Langebæk’s instructions, as these subcontractors thus function as data processors. When we let subcontractors process personal data as data processors, this will not take place until a written processor agreement has been entered into following current legislation and the procedures determined for this at Langebæk. In this way, we can ensure a high level of protection of personal data that matches the requirements in these guidelines.

7.2 Prior investigation of a new data processor entails a risk assessment that takes the risks associated with the processing into account, specifically in connection with accidental or illegal destruction, loss, change, or unauthorised disclosure of or access to personal data.

 

8. TRANSFER TO THIRD COUNTRIES

8.1 Special rules apply if personal data is to be processed in an unsafe third country. If Langebæk uses a data processor in an unsafe third country or needs to disclose personal data to a recipient in an unsafe third country, it must therefore always be ensured that the necessary transfer basis exists before the transfer takes place.

8.2 It is important for Langebæk to ensure that the recipient of the personal data provides the necessary guarantees as to how personal data for which Langebæk is the data controller is processed when transfer to a recipient in an unsafe third country takes place.

 

9. RISK ASSESSMENT AND SECURITY

9.1 Management is responsible for an overall risk assessment of threats related to the personal data area for Langebæk being carried out.

9.2 In connection with this risk assessment, Langebæk must assess which risks regarding the rights of registered persons – including freedom rights – are associated with the processing of personal data and must assess the probability of occurrence of the risk and the seriousness of the risk. The risk is assessed based on the nature, extent, context, and purpose of the processing and is evaluated based on objective criteria, after which it is determined whether the processing of personal data involves a low risk or a high risk.

9.3 When assessing the risk, the risks associated with the processing of personal data should be taken into account, such as accidental or illegal destruction, loss, change, or unauthorised disclosure of – or access to – personal data that has been transferred, stored or otherwise processed, and which can lead to physical, material or non-material damage.

9.4 The overall risk assessment should result in a statement of specific steps that can be implemented at Langebæk to ensure a sufficient security level for data protection. The specific steps can have the purpose of avoiding the risk in question occurring as well as reducing the consequences of the risk occurring.

9.5 The overall risk assessment must be updated at least once a year and include all significant areas of personal data protection, including specifically:

  • System capabilities
  • Data governance
  • Critical processes for processing of personal data
  • Policies and procedures
  • Management of data processor agreements
  • Management of statements of consent and basis for contracts
  • Management of data privacy breach
  • Knowledge of the personal data area of the organisation

9.6 This risk assessment should function as the basis of reassessment of the effort in the personal data area.

 

10. FURTHER SPECIFIC GUIDELINES AND PROCEDURES

10.1 Apart from this policy, Langebæk has drawn up specific guidelines and procedures for processing personal data, including but not limited to the following:

(i) Instructions for employees

(ii) Erasure policy

(iii) Compliance with duties of disclosure in the HR area

(iv) Record of personal data processing activities

(v) Procedures for handling of requests for access and compliance with other rights

(vi) Procedures for the handling of security breaches

(vii) Technical security measures, including guidelines for the way employees use IT

 

11. COMPLIANCE WITH POLICY AND CONTACT PERSONS

11.1 This policy is to ensure that Langebæk establishes clear guidelines as stated in section 10.1 regarding the processing and protection of personal data, and the purpose of the use of personal data must be clearly defined in all processing situations.

11.2 To ensure support and implementation of this policy, Langebæk has appointed a unit responsible for ensuring that the guidelines are complied with in the individual company:
HR, IT, and Finance.

11.3 If questions occur regarding the content of or compliance with the guidelines, the unit shall be obligated to inform management of this.

11.4 Furthermore, lacking compliance with specific guidelines and policies may result in sanctions towards the individual employees.

 

12. REPORTING

12.1 Management must be informed if the guidelines in this policy are not complied with and if matters occur regarding this policy that is of significance to Langebæk’s risk profile in the personal data area.

12.2 The board of directors must be informed at the ordinary directors’ meeting if the guidelines of this policy are not complied with and if matters occur regarding this policy that is of significance to the board’s overall assessment of Langebæk’s risk profile in the personal data area.

 

13. UPDATING

13.1 Management is obligated to revise this policy when it is found relevant and at least once a year.

PERSONAL DATA ABOUT CUSTOMERS

1. INTRODUCTORY REMARKS

1.1 Purpose

1.1.1 Langebæk will continuously be processing various personal data about you electronically/automatically. Therefore, we are obligated to inform you of the data about you that we collect, register, transfer, or otherwise process.

1.1.2 When you use the Company’s website or otherwise contact or interact with us, the Company will as the data controller process various personal data about you.

1.1.3 The purpose of the processing of your data is generally the administration of your customer relationship, including delivery of agreed services, obligations, etc.

1.1.4 Therefore, in this privacy policy, you can read how we process data about you when we establish you as a customer, when you contact us, and when we receive data about you from a third party. It applies to all the personal data mentioned below and it is processed following the guidelines and framework stipulated by data protection legislation.

1.1.5 Our website does not use cookies or similar technologies to collect and process data about our visitors’ use of our website and services.

1.1.6 You are always welcome to contact us at sales@sjoelund.dk if you have any questions about our processing of personal data. See section 8 below as well in which we describe your rights and have provided further contact information.

 

2. PROCESSING OF PERSONAL DATA IN RELATION TO CUSTOMERS ETC.

2.1 Representative of a company

2.1.1 When you enter into a contract with us or are an existing customer, business partner, supplier, etc. of the Company, we will create a case regarding you and the company you represent in our IT system. Here, we register various personal data, generally provided by you.

2.1.2 Among other things, we register identification data, including your name, position, latest employer, contact role, and department, as well as your contact information, including work telephone numbers, work e-mail addresses, activity history, or other personal data that you provide.

2.1.3 The legal basis for processing your data is our legitimate interest in being able to honour the contract that we have entered with the company that you represent, including being able to contact you and deliver the products/services agreed upon. Furthermore, we can use your contact information when we need to invoice the company that you represent. The legal basis is the data protection legislation, cf. the General Data Protection Regulation (Regulation (EU) 2016/679 of 27 April 2016), article 6:1(f).

2.1.4 We may combine the data in the system with data about other customers, business partners, suppliers, website visitors, etc. to produce various types of statistics and statements, among other things.

2.1.5 The legal basis is the Danish Data Protection Act, S 6(1), cf. the General Data Protection Regulation, article 6:1(f). Our legitimate interest is the potential optimisation of our current services or the development of new services which the processing is attempting to achieve.

 

3. PROCESSING OF PERSONAL DATA IN ANOTHER CONTEXT

3.1 Enquiries

3.1.1 When you contact us, your enquiry may sometimes contain personal data, such as contact information, your association with a specific company, or other personal data that you provide. We process this information to be able to deal with and respond to your enquiry, among other things.

3.1.2 The legal basis is the Danish Data Protection Act, S 6(1), cf. the General Data Protection Regulation, article 6:1(f). Our legitimate interest is our administration of and reply to your enquiry.

3.2 If you contact us as a private person as part of an existing customer relationship with us, the legal basis may instead be compliance with the agreement we have entered into, cf. the Danish Data Protection Act, S 6(1), cf. the General Data Protection Regulation, article 6:1(b).

3.2.1 If, in your enquiry, you show an interest in one of our products, or if you contact us on behalf of a company, we may also register you and the information you give us in our IT system as a potential lead or as a representative of a company to be able to contact you with information about and special offers for our products. Then, you will be registered as a contact person for the company you represent.

3.2.2 The legal basis is the Danish Data Protection Act, S 6(1), cf. the General Data Protection Regulation, article 6:1(f). Our legitimate interests are (i) the potential sale of our products that we may achieve by using the data later to contact you about our products, and/or (ii) our interest in being able to contact you as a contact person of the company you represent.

3.2.3 We may also use your enquiry, and thus the personal data it contains, as part of the optimisation of our current services or for the development of new services, for example by producing statistics of enquiries received or by carrying out anonymisation of enquiries received to be able to use them later.

3.2.4 The legal basis is the Danish Data Protection Act, S 6(1), cf. the General Data Protection Regulation, article 6:1(f). Our legitimate interest is the potential optimisation of our current services or the development of new services which the processing is attempting to achieve.

3.4 Cookies

3.4.1 Our website does not use cookies or similar technologies to collect and process data about our visitors’ use of our website and services.

 

4. DATA RECEIVED FROM A THIRD PARTY

4.1.1 Sometimes, we may receive personal data about you from third parties, such as your employer or your colleagues. This can for example be your contact information and information about your association with your employer. Sometimes, we may register the data we receive from a third party about you in our IT system or somewhere else as a potential lead or as a representative of a company to be able to contact you with information about and special offers for our services as well as to contact you regarding our continuous customer relationship with the company you represent.

4.1.2 Our legal basis for processing data as described in section.

4.1.1 is the pursuit of our legitimate interests. Our legitimate interests are (i) the potential sale of our products and/or services, as well as (ii) our interest in being able to contact you, possibly in your capacity as a contact person for the company that you represent. The legal basis is the Danish Data Protection Act, S 6(1), cf. the General Data Protection Regulation, article 6:1(f).

4.1.3 We may also use data received from third parties, and thus the personal data it contains, as part of the optimisation of our current services or for the development of new services, for example by producing statistics of enquiries received or by carrying out anonymisation of enquiries received to be able to use them later.

4.1.4 Our legal basis for processing data as described in section.

4.1.3 is the pursuit of our legitimate interest. Our legitimate interest is the potential optimisation of our current services or the development of new services which the processing attempts to achieve. The legal basis is the Danish Data Protection Act, S 6(1), cf. the General Data Protection Regulation, article 6:1(f).

 

5. RECIPIENTS AND DISCLOSURE ETC.

5.1 Recipients

5.1.1 Some information is stored with our data processors in connection with the operation and IT security tasks (such as backup, hosting of website, etc.) we outsource. Storage of data with external business partners (our data processors) is subject to the rules of the General Data Protection Regulation and the Danish Data Protection Act, and data processor agreements have been entered with the data processors, ensuring that your data is not disclosed to unauthorised persons.

5.1.2 Generally, we do not transfer personal data covered by this policy to a third party without your consent, unless we are obligated to do this following the law, or unless this is necessary to pursue the objectives described above. In that connection, our legal basis for this transfer is the same as described above in connection with our processing.

5.1.3 Your data may in specific cases be disclosed to our external attorneys to handle a specific task. This could for example be if the Company needs legal assistance in a case where you are involved and where the relevant personal data is therefore needed by our attorney.

 

6. STORAGE RESTRICTION

6.1 Erasure policy

6.1.1 At the Company, we have adopted a policy that describes how and when we erase personal data. If you would like to find out more about our erasure deadlines, you are always welcome to contact us in accordance with section 8.

6.2 Request for erasure

6.2.1 When you contact us with the request that your data be edited or erased, we will investigate whether the conditions are met, and if that is the case, we will edit or erase the data as quickly as possible.

 

7. YOUR RIGHTS

7.1 Following data protection legislation, you have some rights in connection with our processing of your data.

7.2 In that connection, you have the right to:

  • request access to the data we process about you (following the General Data Protection Regulation, article 15),

  • request that we rectify the personal data we process about you (following the General Data Protection Regulation, article 16),

  • request that we erase the personal data we process about you (following the General Data Protection Regulation, article 17),

  • request that we restrict our processing of your data (following the General Data Protection Regulation, article 18),

  • request data portability to the extent that this is relevant (following the General Data Protection Regulation, article 20), as well as object to our processing of your data (following the General Data Protection Regulation, article 21).

8. CONTACT INFORMATION

8.1 If you have questions about the above information or your rights following the data protection legislation, you can contact the company at: info@langebaek.com.

You can read more about the data protection legislation and your rights on the website belonging to the Danish Data Protection Agency, www.datatilsynet.dk. The Danish Data Protection Agency is the authority that can ultimately decide whether your data is being processed legally – for example in connection with a complaint case.

The Danish Data Protection Agency has the following contact information: Datatilsynet, Borgergade 28, 5., DK-1300 Copenhagen K, telephone +45 3319 3200, dt@datatilsynet.dk.

See also https://www.datatilsynet.dk/english/contact-us