DATA PROTECTION POLICY
The purpose of this data protection policy is to explain when and which personal data we collect, why and how we process personal data collected, and to what extent we disclose them to third parties.
We therefore recommend that you read the policy carefully.
1. The Data Controller, and how to contact us
PB Cartrading ApS, CVR no. 26420547, Albuen 2 A, 6000 Kolding, Denmark (hereinafter “we” or “us”) is the Data Controller for the personal data we process on you.
Should you have any questions concerning the policy, or how we process your personal data, you are welcome to contact us at email@example.com.
2. How and why we process your personal data
To be able to supply our services in the form of buying/selling vehicles on behalf of you or your company (including use of our online portal Cartrack© Datenbank), we may process the following data on you:
- Email and phone number
If you are a private person, it may be necessary to obtain other personal data in accordance with the law. These can include:
- Bank details
- Registration certificate and number
- A copy of your driving licence
- A copy of your passport
When we provide our services to you or your company, we process your personal data because it is needed to fulfil our undertakings, or to fulfil a legal obligation incumbent on us as the Data Controller. The legal basis for processing personal data of this nature is governed by Article 6 (1), paragraphs b) and c) of the Danish Data Protection Act.
If you are a private person, and it is necessary to process your personal data, we will only do so because it is necessary to fulfil a legal obligation in accordance with Section 11 (2), no. 1 of the Data Protection Act.
We store your personal data for a period of either 3 or 5 years in accordance with the obsolescence rules in the Bookkeeping Act, unless we are obliged to do so for a longer period, in accordance with other legislation.
If you subscribe to our newsletter, you give your consent to us collecting and processing your name and email address. The legal basis for processing your personal data is Article 5, (1) paragraph a of the Data Protection Act.
We store your personal data for the period you subscribe to our newsletter. When you unsubscribe from the newsletter, we reserve the right to retain proof of your consent.
If you send us an enquiry, we will process the data on you collected from your enquiry in addition to your contact details.
If we process special categories of personal data on you which require your prior consent, e.g. in connection with your enquiry, we will process your personal data on the basis of your consent. The legal basis processing personal data is governed by Article 9 (2) paragraph a) of the Danish Data Protection Act.
We retain your personal data as long as we have a reasonable purpose for processing it with regard to being able to respond to and document your enquiry.
3. Who we disclose your personal data to
We only disclose your personal data when necessary to provide our services to you, or if we are under a legal obligation to do so as Data Controller.
When it is necessary to disclose your data, we always apply a high standard for processing personal data, and we make every effort to ensure that anyone to whom we disclose them to fulfil all aspects of data protection legislation.
When you buy a vehicle, we disclose your personal data to SKAT or other Danish authorities. We also disclose them to our supplier or business associates. When we are responsible for delivery, we disclose your personal data to an independent haulier contracted to undertake delivery for us.
To be able to provide you with the best possible service, we currently pass on your personal data to our data processors in the form of external IT consultants, cloud-based software suppliers and IT operations partner.
4. Security measures
We prioritise the security of personal data very highly, and therefore focus strongly on the processing of your personal data always complying with data protection legislation.
For maximum protection of your personal data, we regularly review the level of risk of our data processing affecting you and your rights.
We are particularly aware of protecting your personal data against discrimination or ID theft, financial loss, loss of reputation and data confidentiality.
We have adopted internal rules on information security that include instructions and precautions designed to protect your personal data against erasure, loss/editing, unauthorised publication and accidental access.
We have procedures in place for allocation of access rights for our personnel who process your personal data, and we check their actual access through logins and inspections.
To avoid data loss, we regularly take backups of our data set and use encryption when necessary.
Finally, our personnel are qualified and regularly receive refresher training in processing of personal data.
In the event of a security breach that implies a higher risk to your rights, we will inform you accordingly as quickly as the circumstances permit.
5. Your rights
When we process your personal data, you have the following rights:
- You can ask for insight into and a copy of the personal data we process on you at any time.
- You can update or revise the contact details you have given us at any time.
- You can object to our processing of your personal data, or request that we wholly or partially erase any personal data we store on you, or that we should only process your personal data to a limited extent. We will then specifically evaluate whether we are obliged to comply with your request.
- You can request that we transfer your personal data to you or to another Data Controller in a structured, standard, machine-readable format.
- You have the right to not be the object of a decision based solely on automatic processing.
Read more on your rights on the Danish Data Protection Agency’s website at: www.datatilsynet.dk.
If you want to exercise the aforementioned rights, or have any questions concerning how we process your personal data, please contact us at firstname.lastname@example.org.
6. How you can withdraw your consent
If the way we process your personal data is based on your consent, you can withdraw it at any time.
If you decide to do so, it will not affect the legality of our processing of your personal data based on the consent you have previously given and up to the time at which we receive your retraction, nor any processing we have done of your personal data on any other basis than your consent. If you withdraw your consent, it will therefore only have effect as from the date on which we receive your withdrawal notification.
If you want to withdraw your consent, please contact us at email@example.com.
7. Complaining to the Data Protection Agency
You have the right to complain to the Data Protection Agency if you are dissatisfied with the way we process your personal data, or if you disagree with a decision on the same made by us.
Contact details and a guide to complaining can be found on the Danish Data Protection Agency’s website at: www.datatilsynet.dk.
If you are considering complaining to the Data Protection Agency, we hope that you will contact us first, so that we discuss the matter, and hopefully find a solution.
8. Provisos concerning other websites
We can link to other websites via our own.
If you follow such links, please be aware that you will be entering websites over which we have no influence, and that cannot be covered by our data protection policy.
We recommend that you always read the data protection policy for any website you may link to.
9. Proviso for amendments to our data protection policy
We reserve the right to revise our data protection policy. The most recent version will always be available on our website.
We will notify you of all major amendments to the policy, including those affecting reasons why we process your personal data, or changes in relation to your rights.
The most recent version in effect of our data protection policy is 1.0.
We recommend that you regularly check and refresh your awareness of our data protection policy.