Boyum IT respects your privacy and we take the protection of your personal data very seriously.
This Privacy statement is designed, in accordance with the EU General Data Protection Regulation (the "GDPR"), to help you understand how Boyum IT Solutions A/S ("Boyum IT", "we", "us", "our") processes your personal data when you visit our websites and in various other situations.
(i) Boyum IT acts as a data controller for the processing of your personal data in the following situations: when you use our websites (cookies);
(ii) when you communicate with us;
(iii) when you receive our electronic newsletters etc. (marketing); and
(iv) in connection with our customer administration (CRM)
In some situations, Boyum IT acts as a data processor, e.g. when we deliver consultancy and support services on behalf of our partners. This privacy statement solely describes our processing of your personal data when we act as a data controller.
Boyum IT and our group companies act as joint controllers for the processing of personal data with regard to our joint customer administration operations (CRM). You can find an overview of our other group companies in the section "Group Companies" below.
Purposes and Legal Basis for Our Processing
(i) Use of our websites (cookies)
The legal basis for our processing are
- for necessary (technical) cookies: Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interest in ensuring functionality and security of our websites; and
- for other cookies: Article 6(1)(a) of the GPPR, as we only use those cookies if you have given your consent.
(ii) When you communicate with us
When you, as a customer, supplier or another third party, contacts us (e.g. via email), your communication may often contain personal data, including your contact details, association with a certain company or other personal data you may provide us with. We may also receive such personal data from a third party, such as your employer. We process those personal data for the purpose of managing and answering your queries, and to communicate with you and the company you may represent. If you agree to provide us with testimonials regarding your former customer experiences, we will process (publish) your name and association with a company, and any other personal data contained in such testimonials, for the purpose of branding our company by publishing customer reviews.
The legal basis for the processing is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing general queries, providing customer support, and fulfilling any agreement we may have concluded with the company you are representing. Further, we are pursuing our legitimate interest in showcasing former customer reviews.
(iii) Electronic newsletters etc. (marketing)
If you have subscribed to our newsletter, we will register your name, email address and the preferences you have given in connection with your subscription. We process those personal data for the purpose of being able to send you relevant newsletters regarding our and our group companies' services etc. The legal basis for our processing is the consent you have given in accordance with section 10 of the Danish Marketing Practices Act.
(iv) Customer administration (CRM)
Boyum IT and our group companies are acting as joint data controllers for the processing of personal data in connection with customer administration in the group's joint CRM system.
If you represent one of our customers, we will register your personal data in the CRM system, including your name, contact details and information about your association with a certain company. We process those personal data as part of our day-to-day customer administration, e.g. for the purpose of keeping in touch and maintaining the customer relationship.
The legal basis for our processing is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in solving day-to-day customer administrative tasks and communicating with our customers, as well as managing accounting and finance tasks within the group.
Recipients of Personal Data
|Purpose||Transfers to other data controllers|
|(ii) When you communicate with us||Personal data contained in our accounting material (e.g. invoices) will be transferred to public authorities, such as the Danish tax authorities.|
|(iii) Electronic newsletters etc. (marketing)||None.|
|(iv) Customer administration (CRM)||The personal data will be transferred to our group companies (which are acting as joint data controllers for the processing of personal data in the group's CRM system).|
Further, your personal data will be transferred to our data processors. We have entered into data processing agreements with all our data processors.
Transfers of Personal Data
Your personal data will be transferred to recipients which are located in the following countries outside the EU/EEA:
- USA. The transfers are based on EU Standard Contractual Clauses
- China. The transfers are based on EU Standard Contractual Clauses
- Switzerland. The transfers are based on the Commission decision on the adequate protection of personal data provided in Switzerland
If you would like further information regarding our transfers of personal data outside the EU/EEA, including a copy of the relevant safeguards etc., you may contact us using the contact details in the section "Questions and concerns" below.
Storage of Your Personal Data
We will only store your personal data as long as it is necessary to fulfill the purposes for which the personal data was collected, unless otherwise provided by law.
We have implemented the following general retention periods:
|(ii) When you communicate with us||Personal data contained in our accounting material will be stored for at least 5 years from the end of the financial year to which the material pertains, in accordance with e.g. chapter 5 of the Danish Bookkeeping Act. |
Personal data pertaining to our general communication with you will be deleted 12 months after your last query has been handled/concluded.
|(iii) Electronic newsletters etc. (marketing)||Personal data pertaining to our distribution of electronic newsletters etc. will be deleted 2 years after our latest newsletter has been distributed, unless you have withdrawn your consent (i.e. unsubscribed) before such time.|
|(iv) Customer administration (CRM)||Customer personal data contained in the CRM system will be deleted 2 years after the end of the financial year in which the customer relationship has ended.|
The personal data will be deleted in accordance with the above-mentioned retention periods, unless we have a specific need to store the personal data for a longer period, e.g. in connection with a specific case or an agreement.
In accordance with the GDPR, you have a number of rights when we process your personal data. You can read more about those rights in this section.
Right to Withdraw Consent
Where you have given your consent for our processing of your personal data, you have the right to withdraw your consent at any time. If you withdraw your consent, the withdrawal will not affect the lawfulness of already carried out processing based on your consent.
Right of Access
You have the right to obtain confirmation as to whether or not we collect or process personal data concerning you and, if this is the case, you have the right to request a copy of such personal data in digital format.
Right of Rectification
You have the right to require that we correct any inaccurate personal data concerning you, and that we complete incomplete personal data.
Right of Erasure
In certain circumstances, you have the right to request that we erase personal data concerning you; for example, if it is no longer necessary for the purposes for which it was originally collected.
Right to Restrict Processing
In certain circumstances, you have the right to request that we restrict the processing of the personal data we have collected about you, e.g. if you believe that the personal data is not accurate or lawfully processed.
Right to Data Portability
In certain circumstances, you have the right to receive the personal data you have provided us with in a structured, commonly used, machine readable format, and the right to have us transmit the data to another entity, where technically feasible.
Right to Object to the Processing
In certain circumstances, you have the right to request that we stop processing your personal data.
Right to Object to the Processing for Direct Marketing Purposes
You have the right to request that we stop sending you marketing communications (please also see "Right to withdraw consent" above).
Right to Complain to a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR. For more information we refer to the Danish Data Protection Agency. You can also read more about your rights in the Danish Data Protection Agency's Guidelines on data subjects' rights which is available here (in Danish).
Questions and concerns
If you have any questions or concerns, or if you wish to exercise your rights as described above, please contact us at dataprivacy@ or by mail at: boyum-it.com
Boyum IT Solutions A/S
Brabrand, May 1th, 2018