1. Data Controller
The legal entity responsible for the processing of your personal data is:
Annette Andersen, firstname.lastname@example.org
4370 St. Merløse
+45 51 36 56 77
2. Description of the data processing
|Purpose||Categories of personal data||Sources||Processing basis||Recipients||Data storage|
|Delivery of our service: Personal data is used to contact you for the purpose of order processing that you have requested,
Marketing: Personal information is used for marketing purposes, including targeting our communication with you in relation to specific orders and sending you relevant marketing in the form of e.g. newsletters.
Optimizing the user experience on the website: Personal information is collected through your use of our website. We use this information to optimize the user experience on our website and the services we offer.
|We process the following categories of personal information about you:
General personal information:
Name, address, e-mail, telephone number,
Purchasing history, use of digital services
|We collect information from the following sources:
Directly from you
Activities on our website
|We process your personal information based on the following processing basis:
Article 6.1.a (consent)
Article 6.1.b contract to which you are a party
Article 9.2.f (necessary for legal claims to be established, asserted or defended)
Article 9.2.g (necessary in the interests of the public interest under EU law or the national law of the Member States)
Article 10, cf. section 8 of the Data Protection Act
|We may share your personal information with:
Suppliers and resellers, including IT providers, support, and financial institutions that we work with to assist our business
|We will store personal information for as long as is necessary for the purposes mentioned.
Up to 5 years for all financial documents
Up to 5 years for all order history
Your contact information as long as we have contact with you as a customer or supplier
3. Consequences of data processing if the above is violated by mistake
The affected persons are contacted immediately for information of the violation. Together with those affected, the further course is agreed.
4. Transfers to countries outside the EU / EEA.
There are no transfers.
5. Mandatory information.
The information below is mandatory if you are a customer of ours. If you do not provide this information, we will not be able to provide goods or services to you.
- TAX ID / VAT Number / CVR Number
- Company name
- Delivery address
- Billing address
- Contact person with e-mail and phone number
6. Your rights
You have the following rights:
- You have the right to request insight, correction or deletion of your personal information.
- You also have the right to oppose the processing of your personal data and have the processing of your personal data restricted.
- In particular, you have an unconditional right to object to the processing of your personal data for the purpose of direct marketing
- If the processing of your personal data is based on your consent, you have the right to revoke your consent at any time. Your revocation will not affect the legality of the processing carried out prior to your revocation of your consent.
- You have the right to receive the personal information that you have provided yourself in a structured, commonly used and machine-readable format (data portability).
- You can always file a complaint with a data protection authority,, e.g. The Danish Data Protection Agency
You can make use of your rights by: contacting Annette Andersen, email@example.com
There may be conditions or limitations to these rights. It is therefore not certain that you e.g. have the right to data portability in the specific case – this depends on the specific circumstances in connection with the processing activities.
General Data Protection Regulation (GDPR) – MAPPING XPLOR APS
1. What personal data do we have?
Customers: Company name; company address; attention name; and e-mail. Phone number; direct mobile number; credit information; Statistics.
Suppliers: Company name; company address; Company registration number; attention name; and email. Phone number as well as sometimes direct mobile number.
Partners: Company name; company address; Company registration number; attention name; e-mail and phone number.
- Social Security number
- Tax information
- Bank details
- Job application
- Employment agreements
- Staff files such as interviews, warnings, etc.
- Sick leave
- Possibly. health information in connection with the employment, subsidy schemes, aids, etc.
- Possibly. information in connection with accidents at work
- Possibly. individual working environment conditions / considerations
- Possibly. photos and videos
2. What sensitive personal data do we have?
Customers: Under normal circumstances, none. If, in connection with a special relationship with a customer, sensitive information should be included in an email, it will be deleted immediately.
Suppliers: Under normal circumstances, none. If, in connection with a special relationship with a supplier, sensitive information should be included in an e-mail, it will be deleted immediately.
Collaborators: Under normal circumstances, none. If, in connection with a special relationship with a business partner, sensitive information should be included in an e-mail, it will be deleted immediately.
Employees: We have on employees: social security number, statements in personnel files, documentation of illness, tax information, bank information, employment agreement, development interviews and possibly photos.
Information about employees is registered when reporting to the tax authorities, to virk.dk as well as to the municipality to the extent necessary.
Job applications are received by Annette Andersen. They are deleted immediately if they are not to be used. If we would like to keep a job application, we will write to the applicant with information that we would like to keep the application in question for up to 6 months with reasons, but that the applicant can of course ask to have it deleted.
Photos and, for example, video recordings are only used in a marketing context and only after approval by the employee or employees in question.
Video surveillance. Xplor only uses video surveillance in connection with burglar alarms.
3. For what purpose do we have this information?
Customers: In order to fulfill the contract and to have a dialogue about current and new tasks.
Customers have the opportunity to sign up for the newsletter. When registering, a standard declaration is used.
Suppliers: In order to fulfill the contract and to have a dialogue about current and new tasks.
Suppliers have the opportunity to sign up for newsletters. When registering, a standard declaration is used.
Partners: In order to fulfill the contract and to have a dialogue about current and new tasks.
Partners have the opportunity to sign up for newsletters. When registering, a standard declaration is used.
Employees: In order to meet legal requirements in relation to the tax authorities, the Annual Accounts Act, the Working Environment Act, etc. This is only statutory information and information of significance to the employment relationship.
4. Where is the information stored?
Customers: In the company’s email archive, possibly work files and in a customer database. Information is deleted when an employee of a customer is no longer working for that customer or there is no longer contact with the customer.
Suppliers: In the company’s email archive, possibly. work files and in a vendor database. Information is deleted when an employee of a supplier is no longer working for that supplier or there is no longer contact with the supplier.
Partners: In the company’s email archive, possibly. work files and in a contact database. Information is deleted when an employee of a business partner is no longer working for that business partner or there is no longer contact with the business partner.
Employees: All sensitive information is available either on a closed drive only with access from the Executive Board, Annette Andersen or in a paper folder in a locked cabinet. Information is deleted in accordance with deadlines in current legislation – for example, the Danish Financial Statements Act.
Should a situation arise with an accident at work, where the investigation and closing of the case drags on, this information is moved to a special folder and stored until the case is closed.
5. Who has access to this information?
Customers: Employees at Xplor ApS
Suppliers: Employees at Xplor ApS
Partners: Employees at Xplor ApS with relevance to the use of this information.
Employees: Only the management and only for administrative or statutory reasons.
In addition, information is sent via statutory reports to the tax authorities and to Virk.dk.
6. Where does this information come from?
Customers: Have submitted them themselves for practical reasons.
Suppliers: Have submitted them themselves for practical reasons.
Accounting data from the Internet.
Partners: Have submitted them themselves for practical reasons.
Employees: Have submitted tem themselves. We may receive information about health conditions from an authority in connection with illness, accidents and, for example, special subsidies or other employment conditions. Some conditions will be received from the municipality via VITAS.
Information in the form of disciplinary reactions related to the employment is given orally to the employee in question and is handed out in writing in copy to the employee.
7. To whom do we pass this information on and how?
Customers: Information is not passed on. They are for internal use only between employees of the company.
Suppliers: Information is not passed on. They are for internal use only between employees of the company.
Partners: Information is not passed on. They are for internal use only between employees of the company.
(Data processors will also have access)
Employees: The following information is passed on by management:
- Tax returns
- Reporting to virk.dk, for example maternity leave, illness with sickness benefit coverage
- Salary information for auditor for use in salary payment
- Information on salary payment to the employee’s bank connection
- Registration in the company’s Accounting System of salary data
- The municipality in connection with salary reimbursement and reporting of sick leave, etc.
8. Do we have or use information without objective or legal purpose?
Have we informed that we have this information and use it as described and have we obtained consent?
9. Have we informed that we have this information and use it as described and have we obtained consent?
Employees: Special statement of consent
Have we informed that you can ascertain what information we have and what we use them for, and that you can get corrected / deleted?
10. Have we informed that you can ascertain what information we have and what we use them for, and that you can get corrected / deleted?
Employees: Special statement of consent
11. Who is the contact person and responsible for the above?
Customers: Annette Andersen
Suppliers: Annette Andersen
Collaborators: Annette Andersen
Employees: Annette Andersen
12. When do we delete information? And why?
Customers: When the person is no longer with the customer, or the customer relationship ends.
Suppliers: When the person is no longer with the supplier or the supplier relationship ends.
Partners: When the person is no longer with the collaborator, or the collaborative relationship ends.
Employees: Normally in accordance with the rules of the Danish Financial Statements Act – ie: Information is stored for 5 years.
In the case of information relevant to, for example, an accident at work that has not been closed by the authorities or a disciplinary case that has not been closed, this special information is stored until the case is finally closed.
13. Do we systematically update personal information and pass on the updates if necessary and relevant?
Customers: This can only be considered if a person at the customer moves, gets a new telephone number, or changes name – ie purely practical contact data. These are being updated.
Suppliers: This can only be considered if a person at the supplier moves, gets a new telephone number, or changes name – ie purely practical contact data. These are being updated.
Partners: This can only be considered if a person at the partner moves, gets a new telephone number, or changes name – ie purely practical contact data. These are being updated.
Employees: Yes, if the employee notifies of changes, these will be updated immediately.
14. Do we allow a customer to have their data transferred to another company?
15. Is it possible to object to our collection, storage and use of personal information?
Yes, just let Annette Andersen know at firstname.lastname@example.org. We point out that certain contractual conditions cannot be fulfilled if we are not allowed to process personal data.
16. Do we have a procedure that describes all of the above?
17. Do we have data protection procedures?
Yes, we have an agreement with respectively:
- Our accountant
- Our Supplier of our finance and accounting system
- Our supplier of IT
- Agreement regarding IT security
18. Do we have emergency procedures in case of a data breach?
Yes. In the event of a data breach, we always do the following:
- We identify the breach and the extent so that we know exactly what data it is about and what has happened to it.
- We close all access to data until we have identified and implemented a solution.
- We give immediate notice to those persons whose data has been breached.
- At the same time, we ask the people involved for information about what they want us to do in relation to their data.
- We make sure that we handle the relevant data as agreed with the people involved, or let them know if something is not possible.
- We identify and initiate relevant corrective actions to prevent recurrences.
Yes – see below
Vi vil vi gerne tilbyde en overskuelig og brugervenlig hjemmeside med informationer. For at det kan lade sig gøre, indsamler vi ved hjælp af cookies oplysninger om, hvordan du og andre besøgende bruger hjemmesiden.
What are cookies?
A cookie is a small text file stored in your browser to recognize your computer on subsequent visits. Cookies can contain text and numbers, including dates. There is no sensitive personal information stored in our cookies and they may not contain viruses.
Some cookies remain on your computer after you close the browser, while others are deleted after 30 minutes or when the browser closes.
You can delete cookies
In the settings of your browser you can delete cookies. At https://www.allaboutcookies.org/manage-cookies/ you can read more about cookies and get instructions on how to delete cookies on different browsers.
Last update: 02-05-2022