PRIVACY AND COOKIE POLICY

Version 2 - Mai 2018

This privacy policy describes how Triscan a/s (“Triscan”) processes personal data in the following instances:

i)   when you visit our websites, e.g. when surfing the website, filling in a form, responding to surveys or taking part in a survey or in other way interact with our homepage;

ii)  when we process data for marketing purposes, including when someone subscribes to our newsletter, other news service or competition:

Data types and purposes
We process the following data types about you depending on, which category you belong to, cf. above:

Website visitor

  • IP address and Mac address (depending on, which device you use)
  • Visitor history and visitor behaviour, e.g. the pages clicked on, the length of time a page is viewed, etc.
  • Queries sent via the website, etc., and responses received by e-mail, etc.
  • If you have submitted information using a form: Name, e-mail address, country of residence, the company or organisation in which you are employed or in any other way represent.

Marketing

  • Name, telephone number, e-mail address, postal address, job title, area of interest,
  • Company or organisation in which you are employed or in any other way represent
  • Information about consent granted for marketing purposes
  • Tracking the processing of electronic marketing received, e.g. whether the message was opened, how long the message was viewed, which part of the message and which links were clicked on, etc.

We process information for these purposes (depending on the category, see above):

  • To improve our website enabling us to serve you and present our services in the best possible ways
  • To follow up on queries and correspondence by e-mail, telephone and online forms
  • To improve our level of service and optimise our marketing initiatives
  • To send direct marketing via e-mail, etc., as described in the consent form
  • The profiling enables us to deliver punctual and relevant communication based on submitted information, visitor history, visitor behaviour at the website and tracking data from e-mails, etc. The information is used for segmentation, lead classification and preparing target personas.
  • Compliance with applicable legislation and Triscan’s other legitimate interests (e.g. the EU’s General Data Protection Regulation, Privacy Directive and the Danish Marketing Practices Act),
    • Documentation of compliance with legislation
    • Initiation and maintenance of technical and organisational security measures
    • Investigation of suspicion or knowledge of security breaches and reporting to persons registered and the authorities
    • Processing queries and complaints from persons registered and others
    • Dealing with inspections and queries from supervisory authorities
    • Managing disputes with persons registered and third parties
    • Statistical analysis

Automatic individual decisions
Your data is currently not being used for automated individualised decision-making, but we are developing the option of using this data going forward.

Sources
Personal data is collected directly from you, which includes any queries made by you or the company you are representing by telephone, e-mail, at trade fairs, etc. Data is also received via the website, such as through cookies, e-mail inserts and other tracking mechanisms.

Legal basis for collecting and processing personal data
The legal basis for the processing of data for the above purposes is as follows:

  • Consent for direct marketing via e-mail, cf. the Danish Marketing Practices Act
  • Consent to collecting and using cookies at the website and the use of other tracking mechanisms in e-mails, cf. ePrivacy Directive
  • The provision on the balancing of interests in Article 6(1)(f), as it is in Triscan’s legitimate interests to provide you and the company you represent a focused service and to be able to protect IT systems and data about the company
  • Our legal obligations as a data service provider, e.g. in terms of IT security
  • Should a dispute arise between a third party (e.g. your employer) and us, the legal basis determines how we can determine, defend and plead our legal claim.

Withdrawal of consent
If the processing is based on consent, you have the right to withdraw your consent, but this will not affect the processing or handover of data done prior to the withdrawal of the consent.

Transfer of personal data, to data processing entities and Google Inc. in the US.
We transfer your personal data to our hosting providers, external consultants and providers of IT services. This includes service providers outside EU/EEA. For example, we use Campaign Monitor in connection with our newsletter. 

In addition, it will be possible for external consultants and providers of IT services to access personal data to be able to provide IT assistance and other IT-related services. This includes service providers outside EU/EEA.

Google Analytics
We use Google Analytics (Google Inc., USA) as a data processing entity to process data on the website.

We handover data about IP addresses and Mac addresses, other identification data about devices (depending on the device used) and the use of the website to Google Inc., USA, for the purpose of statistical analysis.

You are hereby informed that US is a country that is not identified as having implemented sufficient data-protection legislation in relation to EU data protection standards in countries outside the EU/EEA. However, Google Inc. is self-certified pursuant to the EU–US Privacy Shield scheme, and thus, Google Inc. meets the requirement of requisite sufficiency in a country outside the EU/EEA.

Storage period
We keep your personal data on file in our CRM system during the period in which we are in contact with you and the company you represent. It is possible that we will keep them longer if this is required to manage documentation, contractual performance or legal requirements.

Data concerning documentation of consent for receiving promotional material sent by e-mail (direct marketing only) is kept for three years after being sent (due to the rules on limitation of action). Unless other data are included in the same communication that justify a longer processing period for other purposes, e.g. a legal requirement.

In conformity with legal requirements, we process this data for as long it is necessary to manage third-party interests or our interests.

The legal basis for the processing of personal data for statistical purposes is Article 5 of the EU’s General Data Protection Regulation.

Contractual obligation or legal requirement
When we collect data from you directly, it is usually for marketing purposes and you are not under any obligation to give information to Triscan. The consequence of not providing this information is, that we do not send marketing by e-mail to you or adapt the marketing to your needs or the needs of your company.

Your rights
You have certain rights, under the restrictions stipulated in the data protection legislation, including the right of insight into personal data, the right to edit incorrect information, the right to have information deleted, the right to restrict the information, the right to data portability, the right to object to the processing of personal data. You also have the right to file a complaint with a competent authority, including the Danish Data Protection Agency.

Changes
We may change our Privacy and Cookies Policy from time to time. The updated Privacy and Cookies Policy applies to your continued use of the website and our use of personal data. We kindly ask you to review our Privacy and Cookies Policy on a regular basis.

Contact
If you have any questions about the processing of your personal data or the exercising of your rights, please contact Thomas Fuglsang Andersen, at tfa@triscan.dk

Triscan a/s, Engmarken 11, DK-8220 Brabrand