Personal Data Policy
We take protection of your personal data seriously
Social Zoo ApS have adopted this personal data policy, which applies to all employees in connection with the processing of personal data.
The personal data policy contains a description of how we process personal data about our employees, customers, partners, suppliers and other parties, about whom we process personal data as part of our work or for the fulfilment of other purposes. Below only the term ‘customers’ is used, irrespective of the fact that this policy also applies to the above other parties about whom the company processes personal data.
To protect your personal data as well as possible, we continually assess how high the risk is that our data processing will negatively affect your fundamental rights. We are particularly aware of the risk that you are exposed to discrimination or ID theft or suffer a financial loss, loss of reputation or data confidentiality.
We are data controllers
When we process personal data about our customers, partners, suppliers and others (typically employees or contact persons) as part of the operation of our business, we are to be considered data controllers. We are also data controllers when we process personal data about our employees. Below we have stated the typical situations on the basis of our relation to you.
Processing of personal data about you if you are an employee with our customers, suppliers or partners
When we process personal data about you or for you – including contact details of the employees, etc. of our customers, suppliers and partners – we do so to enter into or perform an agreement with our customers. There will also be situations where, for the group’s own purposes, we must process personal data about other parties with relations to the customer or the job.
We assess whether a basis exists for collecting and processing personal data; which data are necessary and relevant; and for how long the personal data must be stored.
When we are data controllers in relation to your personal data, it means that we must ensure protection of the rights you enjoy under personal data legislation (see the section “Your rights”).
Processing of personal data about employees
We are data controllers of the personal data we collect and process about our employees – present, potential and former employees – and we must ensure protection of the rights enjoyed by our employees under personal data legislation. Social Zoo ApS have prepared a separate policy for the processing of personal data about job applicants, which you find here.
You are always welcome to contact Social Zoo ApS if you have questions about our processing of your personal data.
Social Zoo ApS have appointed Hannah Løffler Schmidt as our Personal data contact. You can Reach Hannah by email: [email protected].
When we ask you to make your personal data available to us, we inform you about which data about you we process and for which purpose. You receive the information at the time when we collect your personal data.
If we collect data about you from others, e.g. a supplier, authority or partner, we inform you about it within 30 days of having collected your personal data – but usually sooner. We also inform you about the purpose of the collection and the legal basis entitling us to collect your personal data.
PROCESSING OF PERSONAL DATA
We use several types of personal data
We use the personal data that are necessary and relevant for the performance of the specific jobs for our customers.
The data we use may – depending on the nature of the task – include:
General personal data
General personal data include information about a person’s name, contact details and position. The nature of the data we collect depends on the nature of the purpose.
Personal identification numbers
Personal identification numbers are processed only for employees in the group, and we do not need your personal identification number in connection with a job application; see further details in the group’s policy for the processing of personal data for recruitment purposes, which you find here.
We do not process sensitive personal data about the employees of our customers, suppliers or partners.
We collect and store your personal data for specific purposes
We collect and store personal data for specific purposes in connection with the performance of jobs for our customers or as part of our own business purposes.
The background for our processing of personal data is to perform a job or enter into and perform an agreement with our customer.
We only process relevant and necessary personal data
We only process personal data about you that are relevant and adequate for the purposes defined above. Hence, we do not use personal data other than those needed for a specific purpose.
Otherwise, we only process the personal data that are necessary for the fulfilment of our identified purposes.
The type of personal data that is necessary to collect and store for the operation of our business may have been laid down by law. The type and scope of the personal data we process may also be necessary to perform a contract or other legal obligation resting on us according to the law.
With a view to ensuring that we only process relevant and necessary personal data for each of our determined purposes, we ensure that we only collect the necessary amount of data. We also ensure through internal guidelines that the scope of processing is not unnecessarily large and that the storage period is not too long.
To protect you against unauthorised persons getting access to your personal data, we use IT solutions and have adopted guidelines that ensure that personal data are only accessible for relevant employees.
We check and update your personal data
We check that the personal data we process about you are not inaccurate or misleading. We also ensure to update your personal data on an ongoing basis.
As our service depends on your personal data being correct and updated, we ask you to inform us about relevant changes in your personal data. You can contact your nearest Social Zoo ApS office, or use the contact details of our personal data officer stated above, to notify us of changes in your personal data.
To ensure the quality of your personal data, we have adopted internal rules and established procedures for checking and updating your personal data.
We erase your personal data when they are no longer necessary
We erase your personal data when they are no longer needed for the purpose for which we collected, processed and stored the personal data in question.
Personal data collected in connection with the performance of specific jobs will be stored for an adequate period of time after the end of the job. This will usually be a period of no longer than 5 years. If data about you in a specific context are kept for a longer period, you will be notified to this effect in connection with the collection of the data.
Personal data about our employees are stored for a period of five years after the end of the employment relationship. The storage period has been determined on the basis of the statute of limitations with the longest deadline for claims arising from the employment relationship and its termination, and which Social Zoo ApS are obliged to observe.
We always have a legal basis for processing your personal data
When we process your personal data, we ensure that we always have a legal basis for processing your data.
Most often, we process your data to be able to enter into and perform an agreement with our customers and on the basis of our legitimate interest in processing your personal data.
If we want to use your personal data for a purpose other than the original one, we inform you about the new purpose and – if necessary – we ask for your consent before we start processing data. If we have another legal basis for the new processing, we notify you accordingly.
We do not disclose your personal data without a legal basis
We always ensure that a legal basis exists before we disclose your personal data to a third party.
We do not obtain your consent if we are legally obliged to disclose your personal data.
We protect your personal data and have internal rules about data security
We have adopted internal rules about data security, which contain instructions and measures that protect your personal data against destruction, loss or alteration, against unauthorised disclosure and against unauthorised access to or knowledge of them.
We have established procedures for the allocation of access rights to those of our employees who process any personal data that contain information about personal interests and information that is otherwise considered confidential. We check the actual access through supervision. To avoid data loss, we continually back up our data.
In case of a security breach that results in a high risk of discrimination, ID theft, financial loss, loss of reputation or other significant inconvenience for you, we will notify you about the security breach as soon as possible and in accordance with the provisions laid down in law.
If your personal data are processed by an external partner/subsupplier, e.g. in connection with a cloud solution, we ensure that a data processing agreement has been made, and that the partner in question has adequate security procedures in place and that compliance with such procedures is audited on an ongoing basis, e.g. by the use of IT suppliers who maintain relevant certification about IT and data security.
You have the right of access to your personal data
You have the right at any time to be informed of which personal data we process about you, from where they originate and for which purpose we use them. You can also obtain information about for how long we store your personal data and about who receives personal data about you, to the extent that we disclose your personal data.
If you submit a request, we can inform you about the personal data we process about you. Access may, however, be limited for the protection of other people’s privacy, business secrets and intellectual property rights.
You can make use of your rights by contacting our personal data contact, Hannah Løffler Schmidt.
You have the right to have inaccurate personal data corrected or erased
If you think that the personal data we process about you are incorrect, you have the right to have them corrected. You must contact us and inform us of the nature of the inaccuracies and how they can be corrected.
In some cases, we will be obliged to erase your personal data. This applies, for example, if you withdraw your consent, and we have no other legal basis for the processing of your personal data. If you think that your personal data are no longer necessary in relation to the purpose for which we collected them, you can ask us to have them erased. You can also contact us if you find that your personal data are processed in contravention of the law or in breach of other legal obligations.
When you contact us with a request to have your personal data corrected or erased, we examine whether the conditions have been met, and if that is the case, we implement corrections or erasure as soon as possible.
You have the right to object to our processing of your personal data
You have the right to object to our processing of your personal data. You may also object to our disclosure of your data for marketing purposes. You can use the contact details above to send an objection. If your objection is justified, we will cease the processing of your personal data.
You have the right to receive your own data in electronic form (right to data portability)
You have the right – in electronic form – to receive the personal data which you have provided to us and the data we have collected about you from other players on the basis of your consent. If we process personal data about you as part of a contract in which you are a contracting party, you can also receive your data.
If you want to exercise your right to data portability, you will receive your personal data from us in a commonly used format by e-mail.
If you want access to your data, have them corrected or erased, or to object to our data processing, we examine whether it is possible and reply to your request as soon as possible and no later than one month after having received your request.
You can complain about wrongful processing of your personal data
If you think that your personal data are being wrongfully processed, you should first discuss this with your contact at Social Zoo ApS.
If you think that your personal data are not processed correctly, you can complain to the Danish data protection authority (www.datatilsynet.dk) .