PERSONAL DATA PROTECTION POLICY
Processing of personal data regarding users, customers, consumers, suppliers and collaborators
This policy is a part of Fynbo Foods’ documentation showing that we are following applicable personal data protection legislation regarding our users, customers (B2B), consumers, suppliers and collaborators.
At any time, collection and processing of personal data, including sensitive personal data, will be made in compliance with the applicable personal data protection legislation, and Fynbo Foods will only process personal data on a legal basis. Further, Fynbo Foods is aware that we are only entitled to process the necessary personal data in order to obtain the specific purpose. Likewise, personal data may only be disclosed to a third party if there is a specific and legal basis.
Fynbo Foods’ processing of personal data complies with applicable regulations at any time, including security regulations arising from the personal data protection legislation. On regularly basis, Fynbo Foods reviews the registered personal data and deletes data which is no longer relevant. The same applies to personal data which a user, customer, consumer, supplier or collaborator requires to be deleted, and which Fynbo Foods no longer has a legal basis for processing.
According to the personal data protection legislation, Fynbo Foods is regarded as data controller regarding the personal data which you as a user, customer, consumer, supplier or collaborator provide to us.
Fynbo Foods A/S
Sigenvej 9, DK-9760 Vraa
CVR no.: 26612608
Contact person: Legal Counsel and HR Manager Maria Bukdahl Rukjær
Telephone: 0045 9899 6800
Processing of personal data
As a part of our daily work at Fynbo Foods, we process personal data regarding the users of our web pages and customers, consumers, suppliers and collaborators. Fynbo Foods is aware to process all personal data in a confidential and secure way.
In this policy you can read more about our guidelines on how we process personal data.
Have you applied for a job, an apprenticeship or an internship (both unsolicited and specific positions), you find our specific guidelines for processing of personal data during recruitment at this web-site under the menu Jobs.
Generally, we process your personal data in order to respond to your query, or to meet the agreement we have made with you or the company you are employed with. The basis of our processing may also be a balance of interests according to the GDPR (“databeskyttelses-forordningen”). Further, we also process personal data in order to comply with a legal obligation, including the GDPR , the Danish Personal Data Protection Act (“databeskyttelsesloven”) and the Danish Accounting Act (“bogføringsloven”). In general, we do not process any sensitive personal data regarding users, customers, consumers, suppliers and collaborators. In case processing of sensitive personal data should take place, the processing will typically be based on a consent from the person in question.
Receipt of queries
When you contact us per email, through our webpage or social media, we process any personal data included in your query (e.g. a consumer query regarding a product, a query regarding sponsorship, etc.). For instance, if you contact us on Facebook, we will – via Facebook – receive personal data about you, hereunder your name and a picture. The personal data we receive in such case will depend on your private settings on Facebook. Likewise, if you contact us via our contact form, we will process the personal data, including your name, email address, telephone number, postal code and city, together with the content of your query.
When you contact us by phone, we will register your name and the purpose of your call, if relevant. Such registration is made so we can follow-up on your query and have some documentation for your query. Consequently, please note that we in some cases register certain information in our system even the information is given by you by phone.
We recommend that you do not send us any sensitive or confidential personal data (e.g. national registration number and health information) via social media, our webpages or an unsecured/unencrypted mail. If you need to provide us with such personal data, we recommend that you give us a call and inform us orally.
Handling of data regarding visitors
If you visit Fynbo Foods as a guest, external craftsman or the like, and you in such case have access to our production area, we will register the date, name, company and your signature at our visitor list. This registration is made due to our general security and applicable regulations regarding food safety. Due to food safety and durability of the products, we store your data for 3 years.
If you are handed an entrance chip to be used in connection with the access control, we register data about your whereabouts (date and time for your entrance). The data will be deleted after 6 months. Other data about you such as hygiene course, access rules, etc. will be deleted 3 years after the temination of our cooperation.
In certain parts of the production area (production line 6 and jar warehouse/de-palletizing), we use video surveillance in order to monitor our production facilities due to operational considerations. Even though, it is not the intention, it may happen that employees, guests, external craftsmen or the like are included in the records. The relevant production areas are properly marked with signs/labels showing that video surveillance takes place. The records are stored for up to 30 days, and only our workshop employees (and possibly the management) have access (by using log in) to the stored records. However, a situation may occur where troubleshooting, technical assistance, etc. necessitate that the records are shown to a relevant sub-supplier. To the extent possible, the records shown to sub-suppliers will not include recognizable persons. On ongoing basis, any need for data processing agreements with sub-suppliers will be evaluated.
Handling of customer and supplier data
As our sale is based on B2B, our customers are companies. We have registered the relevant contact persons and correspondence in our system. The basis of this processing of personal data is mainly that we need to administrate the agreement we have entered with the customer. The same applies to suppliers and other collaborators. The data will be deleted on ongoing basis when data is no longer relevant.
Handling of data in connection with project work
If you contact us in order to obtain a cooperation on an education project, exam project, masters, etc., we will assess your query as soon as possible. If a cooperation is not possible, we will delete your query and data right after we have informed you about our refusal, unless you give consent to longer storage. If a cooperation is established, we will register the contact persons in our system in order to administrate the cooperation agreement. It is a condition for our cooperation that we enter into a confidentiality and cooperation agreement. Personal data will be deleted no later than 1 year after the expiry of the cooperation, unless there is basis for a longer storage, e.g. duty of confidentiality.
Time of storage and delete procedure
The personal data protection legislation does not include any specific rules on how long we are entitled to store personal data or when it should be deleted. These things are up to the data controller to determine in each specific case, see above under each section. In our determination hereof, we put emphasis on whether further storage serves a legitimate purpose, whether further storage is necessary, or whether we by law are obliged to store certain personal data and documents. E.g. we are obliged to store accountant material for 5 years according to the Danish Accounting Act.
Secure processing of personal data
Fynbo Foods process your personal data with confidentiality, and we have implemented a number of technical and organizational security measures with the purpose of protecting your personal data against accidental and unlawful destruction, loss or alteration, and against unauthorized disclosure, misuse or any other processing in conflict with the personal data protection legislation.
Fynbo Foods collaborates with different data processors which may have access to your personal data. E.g. we use data processors in connection with operational and IT security tasks (including hosting of web page, administrator, etc.) as such tasks are being handled externally. Data processors have access to your data so they can deliver technical and system-related services to us, deliver operational support and perform error tests within guidelines made by Fynbo Foods. Storing of or establishment of access to personal data from each data processer is subject to several rules. Consequently, we have entered into data processing agreements with all data processors which among other things shall ensure an appropriate level of security and no unauthorized access.
Disclosure of personal data
In some cases, it may be necessary for us to disclose your data to other actors. E.g. disclosure of data to the bank, insurance, attorneys, accountants, etc.
We only disclose your personal data if we have a legal basis to do so. For instance, the legal basis may be your consent, a legal obligation, or a necessity in order to establish, exercise or defend a legal claim.
Under the legislation of GDPR and the Danish Data Protection Act, you have a number of rights. Please contact us if you wish to invoke your rights (see contact details above).
Right of assess: You have the right to assess the personal data about you that we process.
Right to rectification: You have the right to have incorrect data about you rectified.
Right to erasure: In exceptional instances you have the right to have data about you erased prior to our general deletion erasure process.
Right to restriction: In certain instances, you have the right to have the processing of your data restricted. If you have the right to have the processing restricted, we may in future only perform data processing - apart from storage - with your consent, or in order to establish, assert or defend a legal claim, or in order to protect a person or a wider public interest.
Right to objection: In certain instances, you have the right to object to our processing of your personal data.
Right to transmit data: In certain instances, you have the right to receive your personal data in a structured, commonly used and machine-readable format, and to have this personal data transferred from one data controller to another without hindrance.
Withdrawal of consent: If you have given consent to us in relation to processing of personal data, you are entitled to withdraw your consent at any time via email@example.com. After a withdrawal, we will stop processing the personal data covered by the consent, unless we have another legal basis of processing the data.
You can read more about your rights in the Danish Data Protection Agency's guidelines regarding the rights of those registered at www.datatilsynet.dk.
Complaining to the Danish Data Protection Agency
You can submit a complaint to the Danish Data Protection Agency about our processing of your personal data. You will find the Danish Data Protection Agency's contact details on its web-page www.datatilsynet.dk.
If you have any questions, you are welcome to contact us at firstname.lastname@example.org - you find further contact details above under "Data controller".
07.11.19. Version 3