NAVToolbox Privacy Statement
Effective date: July 26, 2019
We want to thank you for entrusting us with your personal data and information.
Holding on to your private information is a serious responsibility, and we want to let you know how we are handling it.
The short version
When using NAVToolbox products, we only collect the information that you choose to give us, and we process it with your consent, or on another legal basis; we only require the minimum amount of personal information that is necessary to fulfill the purpose of your interaction with us; we don’t sell it to third parties; and we only use it as this Privacy Statement describes.
General information about data protection
Transparency in data processing
Regarding data that has been provided on the basis of consent
Consent before we process your personal data
Before we process data about you, we obtain consent for the specific purposes, unless they are obtained and processed based on other legitimate grounds. We can inform you about such grounds and about our legitimate interest in processing your personal data. Consent is voluntary and you can withdraw it at any time. See how you can withdraw your consent below.
Transfer of personal data does not take place without consent
Data on a withdrawal of consent
It is possible for you, as the data subject, to withdraw your consent at any time.
If you want to withdraw your consent, please see the process under “data subject’s rights”, when you withdraw your consent the controller will no longer process your data for the purpose. You must be aware that if you withdraw your consent, it may affect the way in which our website functions, or there may be services that we can no longer offer, for example newsletters.
The data subject’s rights
Information about the rights of the data subject As a data subject, you have the following rights, about which you also have been informed when you registered.
Your rights are:
- Right of access
- Right to rectification
- Right of erasure
- Right to object
- Right to limitation
- Right to data portability
- Right to withdraw consent
- Right to file a complaint to the supervisory authority
The controller shall inform the data subject, without undue delay, about how the company handles the exercising of data subject’s rights on the part of the data subject.
This is how to exercise your rights
Right of access
You have the right to be informed about which data we process about you, where it is from, and what we use it for, at any time. You can also be informed about how long we store your personal data and who receives data about you to the extent that we transfer data in Denmark and abroad.
If you, as a data subject, want to exercise your right of access in connection with the personal data for which consent has been given for a given purpose, as a data subject, you must do the following:
Send an e-mail to firstname.lastname@example.org with information that you want to exercise your right to access.
Right to rectification
As a data subject, you have the right to have data that we process about you be rectified.
If you, as a data subject, want to exercise your right to rectification in connection with the personal data for which consent has been given for a given purpose, you must do the following:
Send an e-mail to email@example.com with information that you want to exercise your right to rectification.
Right of erasure
In some cases, as the data subject, you have the right to have data that we process about you be erased. There are, however, cases where we have a legal obligation to store it.
We have procedures for erasing personal data that no longer serves a purpose, or which we are legally obligated to store and process.
We erase your personal data when it is no longer required with regard to the purpose that was the basis for our collection, processing and storage of your data.
If you think that the personal data that we process about you is not correct, you have the right to have it corrected or deleted.
If you, as a data subject, want to exercise your right to erasure in connection with the personal data provided in connection with a given purpose, you must do the following:
Send an e-mail to firstname.lastname@example.org with information that you want to exercise your right to erasure
Upon receipt of the data subject’s request for erasure, the controller assesses whether there are exceptions to erasure. In case the controller finds exceptions to erasure, the controller shall provide information about the grounds and legal basis for the exceptions, without undue delay. If there are no exceptions, the controller erases the data subject’s personal data that has been provided in connection with this Statement of Consent and notifies the data subject about this.
Right to object
As a data subject, you have the right to object to our processing of your personal data.
If you, as a data subject, want to exercise your right to object to processing of the personal data that was provided in connection with a given purpose, you must do the following:
Send an e-mail to email@example.com with information that you want to exercise your right to object.
The controller must then ensure that personal data will not be processed for the purpose for which it has been collected as long as there is a current objection to processing that has not been concluded.
If your objection is justified, the controller ensures that the processing of your personal data ceases until a decision is reached on the result of the objection.
Right to limitation of processing
As a data subject, you have the right to request limitations on our processing of your personal data.
If you, as a data subject, want to exercise your right to limitation of processing in connection with the personal data provided in connection with a given purpose, you must do the following:
Send an e-mail to firstname.lastname@example.org with information that you want to exercise your right to limitation.
The controller then ensures that personal data is no longer processed in the company or by any processors until the limitation terminates.
Right to data portability
As a data subject, you have the right to request data portability of your personal data to another provider of the same service.
If you, as a data subject, want to exercise your right to data portability for the personal data that has been provided for a given purpose, you must do the following:
Send an e-mail to email@example.com with information that you want to exercise your right to data portability.
The controller then ensures that personal data is provided to the data subject in an ordinary, machinereadable format.
Right to withdraw consent
You have the right to withdraw consent at any time.
If you, as the data subject, want to exercise your right to withdraw a Statement of Consent, you must do as follows:
Send an e-mail to firstname.lastname@example.org with information that you want to exercise your right to withdraw your consent as well as the purpose for which the consent concerns.
If your withdrawal concerns newsletters you can withdraw your consent directly from the newsletter
Right to file a complaint to the supervisory authority
If the data subject wants to exercise his or her right to file a complaint to the supervisory authority.
The data subject may file a complaint to the supervisory authority by contacting the supervisory authority. In Denmark, the supervisory authority is the Danish Data Protection Agency. It is possible to file a complaint on the Danish Data Protection Agency’s website.
The controller’s obligation to provide information If you, as the data subject, have exercised your rights to any rectification or erasure of personal data, or limitation of processing that has been carried out pursuant to Article 16, Article 17(1) and Article 18, the controller must inform all recipients to which personal data has been transferred, so that the required actions are carried out by the parties to ensure the rights of the data subject.
What do we use your data for? (processing of personal data)
We store and process this data about you
We collect and store your personal data for specific purposes
- Name (contact name)
- Company e-mail address
- Phone number which you have provided (may be private)
- Private address if your company address is as your private address
- Information that are provided in e-mails send to us. Eg. CV, applications, personal information
- Traffic data on use of the Internet
We only process relevant personal data about you
- We collect and store your data in connection with specific purposes or other legitimate interests and purposes.
- As part of a communication via phone or e-mail – our legitimate basis for processing is GDPR article 6.1.f)
- In connection with newsletters – our legitimate basis for processing is GDPR article 6.1.a) Consent
- To fulfil a contract – our legitimate basis for processing is GDPR article 6.1.b) contract
We only process personal data about you that is relevant and sufficient with regard to the purposes for which they were collected. Which data is sufficient and relevant depends on the purpose. When providing your data, you will be informed about why we collect the data in question. We only collect, process and
store personal data that is required with regard to fulfilling the purposes for which it is collected. There may be legal obligations that apply to the controller, and which are the reason why we collect, process and store personal data. You can always request access, cf. the process above.
When possible, we update personal data on an ongoing basis.
We check that the personal data we process about you are not incorrect or misleading. We also ensure that your personal data is updated on an ongoing basis.
A number of our services depend on the data being correct and up to date. We therefore ask you to inform us about any incorrect information or changes to your personal data.
Processing security – organisational and technical
What organisational measures have been taken to secure data that has been provided.
We protect your personal data and have internal rules and processes regarding data security
We have adopted instructions and measures that protect your personal data against being destroyed, lost or changed, against unauthorised disclosure and against unauthorised persons gaining access to or knowledge about it.
Technical security measures
Security on the website
The website uses Secure Socket Layer (SSL), which is an encryption protocol and means that it is only the sender and the receiver who can read the data that is sent between them. You can, therefore, enter your data securely on our website.
Security in the receiving systems
When we receive your data, it is stored securely. We use [system], which provides the following technical guarantees for technical security.
We use Microsoft Office365 which supply the necessary technical measures, e-mails can be accessed via Outlook clients from laptops and phones
Employees do only have access to own Email account.
We use back-up systems to be able to restore data in case of lose.
We have both on premise and cloud back up. When we use backup systems, we ensure that data are kept encrypted, and cannot be accessed by other than administrators.
All data are stored in secured databases with pw protection, encryption.
In order to secure you data in the best possible way, we have set up the following processes in connection with the people who may have contact with your data.
Only people who work according to direct instructions from the controllers can gain access to data in the systems. This is ensured by internal checks and processes, as well as required training.
Transfer to third countries
We transfer data to third countries in connection with the following processing’s:
Newsletters: We use MailChimp which is located in USA, the MailChimp has signed the EU US privacy shield
What is a cookie?
A cookie is a small file with data information. A cookie cannot destroy anything in your computer.
They are often used to provide a better user experience and to collect data regarding use of a website.
If we save cookies on your equipment as part of a service, you will be informed about the use and purpose of collecting data via cookies.
We obtain your consent
Before we save cookies on your equipment, we ask for your consent. Cookies required for securing functionality and settings may, however, be used.
How can I avoid or delete cookies?
You can delete cookies at any time in the browser, but you must be aware that there may be functions on the website that subsequently will not work optimally.
The Danish Data Protection Agency has the following guidelines about how to avoid cookies: