Privacy policy

 

BROEN-LAB A/S (SE no. 36454423) is the data controller and is thereby responsible for the data we collect about you. We ensure that your personal data is processed in accordance with current and applicable legislation.

We take your data protection seriously and have therefore adopted this privacy policy to inform you how we process and handle your data.

Contact Information

If you wish to contact us regarding our processing of personal data, you can reach us via:

Address: Drejervænget 2, 5610 Assens, Denmark Email: hr@BROEN-LAB.com

Processing of Personal Data

Personal data is any kind of information that can, in some way, be attributed to you. We only collect, process, and store the personal data necessary to fulfil our purposes. In some cases, legal requirements dictate the types of data we must collect and store in connection with our business practices. The type and extent of the personal data we process may also depend on the need to fulfil a contract or comply with other legal obligations.

Keeping Data Accurate and Up to Date

As our services depend on accurate and up-to-date data, we request that you notify us of any relevant changes to your personal data. You can use the contact information provided above to inform us of any updates, and we will ensure your data is revised accordingly. If we identify incorrect data, we will update it and notify you of the changes.

Website Visitors

When you visit our website, we process information about you to ensure the optimal operation of the site.

We process the following information about you:

  • IP addresses
  • Cookies

We process your personal data for the following purposes:

  • To display social media features.
  • To ensure the website operates efficiently.

We process this data based on the following legal grounds:

  • Your consent provided via the cookie banner (GDPR Article 6(1)(a))
  • Our legitimate interest in administering our website (GDPR Article 6(1)(f))

What is a Cookie?

A cookie is a small data file stored on your computer, tablet, or mobile phone. A cookie is not a programme and cannot contain harmful software or viruses. Cookies may be necessary for the website to function. Additionally, cookies help us gain insights into your visit, enabling us to continuously optimise and tailor the site to your needs and preferences. As part of our service, we use cookies to display content that is as relevant as possible to you.

Potential Clients

To engage with you as a potential client, it is necessary to collect the following data about you:

  • Name, work phone number, and work email address

We collect personal data about potential clients for the following purposes:

  • Potential cooperation or purchase transactions in the future
  • Administration of our relationship with you

We collect this data based on the following legal grounds:

  • Our legitimate interest in fostering communication and potential cooperation, ensuring that processing your personal data does not infringe on your rights (GDPR Article 6(1)(f)).

Data Retention:

We retain this data for the period specified by legislation and delete it when it is no longer relevant. Typically, data regarding potential clients is deleted after 2 years from the last contact or upon request.

Clients

To work with you as a client, it is necessary to collect the following personal data about you:

  • Name, work phone number, work email address, and signature

We collect personal data about clients for the following purposes:

  • Processing your purchases and delivering our services
  • Administering our relationship with you

We collect this data based on the following legal grounds:

  • Processing is necessary to fulfil the agreement between both parties (GDPR Article 6(1)(b)).

Data Retention:

We retain data for the period specified by legislation and delete it when it is no longer relevant. Typically, data regarding clients is deleted at the end of the agreement.

  • In accordance with AB 92 regulations, we store information for up to 7 years, including the current year (AB 92 § 10, Section 4).

Suppliers and Partners

To engage with you as a supplier or partner, it is necessary to collect the following personal data about you:

  • Name, work phone number, and work email address

We collect personal data about suppliers and partners for the following purposes:

  • Managing purchases or services
  • Administering our relationship with you

We collect this data based on the following legal grounds:

  • Processing is necessary to fulfil the agreement between both parties (GDPR Article 6(1)(b)).

Data Retention:

We retain this data for the period specified by legislation and delete it when it is no longer relevant. Typically, data regarding suppliers and partners is deleted at the end of the agreement.

  • In accordance with AB 92 regulations, we store information for up to 7 years, including the current year (AB 92 § 10, Section 4).

Newsletter

When you sign up for our newsletter, we process the following information about you:

  • Email address

Purpose:

To deliver a newsletter tailored to your interests, ensuring the content is relevant to you.

We process this data based on the following legal grounds:

  • Your consent to receive our newsletter (GDPR Article 6(1)(a)).

Data Retention:

Your personal data is deleted when you withdraw your consent. However, documentation of your consent is retained for 2 years after the last marketing email is sent, as the statute of limitations under marketing legislation is 2 years.

You are free to withdraw your consent at any time by contacting us using the details provided above.

Shared Data Responsibility (When Using Social Media)

When you like and/or follow us on LinkedIn or YouTube, we process the following information about you:

  • Your name, likes, and comments
  • The content of any messages you send to us

Purpose:

To keep interested followers updated on new developments, guides, and other relevant information.

We process this data based on the following legal grounds:

  • Our legitimate interest in marketing and improving our website and products (GDPR Article 6(1)(f)).

LinkedIn:

We share joint data responsibility with LinkedIn for the information collected when you visit our page. This means we and LinkedIn jointly determine and allocate responsibility for complying with the law regarding the processing of your personal data.

You can find our joint data controller agreement here: https://legal.linkedin.com/pages-joint-controller-addendum

If you do not have a LinkedIn profile, data is collected about your device, location/geodata, and behaviour both on and off LinkedIn, e.g., visits to websites. If you have a LinkedIn profile, data provided during profile creation, such as reactions, comments, and shares, is also collected.

We only receive information you actively send to us, such as your enquiries, likes, or comments. Additionally, we receive anonymous statistical information about users via LinkedIn Page Analytics.

To delete your data on LinkedIn, you must delete your profile. Deleting your profile also removes posts, pictures, and associated data. For questions about LinkedIn Page Analytics, please contact LinkedIn directly.

YouTube (Google LLC):

Google’s privacy policy is available here: https://policies.google.com/privacy

You can adjust your privacy settings on YouTube here: https://www.youtube.com/howyoutubeworks/user-settings/privacy/

CCTV Surveillance

We use CCTV surveillance in certain areas, and it is possible that we may record video footage of you. Signage is displayed in areas where CCTV is in operation.

Purpose:

To ensure physical security in the workplace and prevent criminal activity.

We process this data based on the following legal grounds:

  • Our legitimate interest in preventing crime and ensuring physical safety (GDPR Article 6(1)(f)).

Data Retention:

CCTV recordings are retained for 30 days unless specific circumstances necessitate longer retention.

Job Applicants

If you apply for a position with us, we process the information in your application, CV, and any accompanying documents. It is not necessary to include your personal identification number (CPR).

Purpose:

To evaluate whether you are a qualified candidate for the position.

We process your personal data based on the following legal grounds:

  • Our legitimate interest in assessing your qualifications and suitability for the role (GDPR Article 6(1)(f)).
  • When obtaining references from previous employers, we process the information based on our legitimate interest in verifying your suitability for the position (GDPR Article 6(1)(f)).

If sensitive personal data is submitted, it is processed based on the following legal grounds:

  • Our legitimate interest in evaluating potential collaboration or defending against claims related to the recruitment process (GDPR Article 9(2)(f)).

Data Retention:

Applications and supporting documents are retained for up to 6 months after the recruitment process is completed, after which they are deleted. The purpose of retaining data after the recruitment process is to protect against claims of discrimination or other issues during recruitment.

Unsolicited applications are deleted immediately unless we request your consent to retain them for potential future positions (GDPR Article 6(1)(a)).

Other Information About Processing

Security:

We have implemented technical and organisational measures to prevent accidental or unlawful deletion, release, loss, impairment, unauthorised disclosure, or other misuse of your data. The data controller ensures that processing only occurs in compliance with GDPR principles (Article 5).

  • All data transmissions are encrypted, backups are in place, and access to personal data is regulated through user IDs and personal passwords.

Passing on Data:

We use third-party providers for storage and processing, including IT solutions. These providers process data on our behalf and may not use it for their own purposes. Data may also be shared with banks, debt collection agencies, cargo firms, lawyers, accountants, and bookkeepers when relevant.

We prioritise providers within the EU and third countries approved by the European Commission for adequate data protection (GDPR Article 45). Where no adequacy decision exists, transfers are based on GDPR Chapter V provisions, such as EU Commission’s Standard Contractual Clauses (Article 46(2)(c)).

Your Rights

  • Right to Access: You have the right to be informed about the data we process, its source, and its purpose. You may also be informed about the retention period and any data transfers within Denmark or abroad.
  • Right to Rectification: If your data is incorrect, you have the right to have it corrected. Be as specific as possible to help us process your request.
  • Right to Deletion: You can request deletion of your data if it is no longer necessary or if consent is withdrawn.
  • Right to Object: You can object to processing based on legitimate interest, including marketing purposes.
  • Right to Data Portability: You can request your data be transferred to another data controller or processor.

You can exercise your rights by contacting us using the details provided at the top of this policy.