This Privacy Policy was last updated on 2nd of January, 2024

KMD A/S Privacy Policy

This Privacy Policy describes how KMD A/S ("we" or "us") processes your personal data following the introduction of the EU Data Protection Regulation (and references to articles below refer to the EU Data Protection Regulation). The Privacy Policy applies to the information that you provide to us and/or that we collect about you as part of a customer relationship, supplier relationship or other collaborative relationship, as a user of our services or through your browsing of our website, etc. In the Privacy Policy you can read about how we handle your information and how long we keep information about you, etc.

Personal data may also be covered by another privacy policy of ours that we disclose in connection with a specific service, website or processing operation. Such Personal Data is not covered by this Privacy Policy (unless otherwise stated in that other privacy policy).

Our Privacy Policy is divided under the following headings:

1. Contact details for the controller and data protection officer
2. Description of the processing of personal data
2 A. Customer, supplier, business partner or person related to them (e.g. employee or consultant)
2 B. User of kmd.dk and/or recipient of marketing, newsletters, etc.
2 C. Events
2 D. Social Media
3. Cookies
4. KMD-developed apps
5. Your rights
6. Security
7. Complaint to the Data Protection Authority
8. Updating this policy

1. Contact details for the controller and data protection officer

KMD A/S is the data controller for the processing of your personal data. Here you can see our contact information:

KMD A/S
Lautrupparken 40, DK-2750 Ballerup
CVR no.: DK26911745
Telephone: + 45 4460 1000
Email: info@kmd.dk

Our Data Protection Officer can be contacted here:

Email: privacy@kmd.dk
By letter: KMD A/S, Lautrupparken 40, 2750 Ballerup, att. "Data Protection Advisor"

2. Description of the processing of personal data

In order to provide clear and transparent information about how we process your personal data, we have divided our Privacy Policy into different sections. Depending on whether you are a customer, supplier, business partner or related person (e.g. employee or consultant), whether you use our website kmd.net, receive marketing from us, register and participate in our events and/or visit our profiles on Social Media, different parts of the policy apply to you.

2 A. Customer, supplier, business partner or person related to them (e.g. employee or consultant):

Purpose of processing:

We collect and process information about customers, suppliers and business partners and persons associated with them, e.g. employees or consultants, in order to communicate and cooperate in concluding/complying with/fulfilling agreements with you or the company or organization with which you are associated (e.g. as an employee or consultant) and to comply with requests from you.

Categories of personal data we process:

We process general personal data such as name, position, contact information including for example the name of the company or organization you work for, address, e-mail and telephone number, user name, response to customer satisfaction surveys, information about you related to the solution of common tasks, including for example your tasks in project plans, your input at meetings in meeting minutes, etc. The information may also include your CV when KMD and the company or organization you work for submit a bid as a prime/subcontractor or as a consortium to a customer in a bidding process.

Sources:

We collect personal data from the following sources:

  • Directly from you or the company or organization you are affiliated with (e.g. as an employee or consultant).

Lawfulness of processing:

We process your personal data based on the following processing bases:

  • When it is necessary to protect a legitimate interest of ours (Article 6 (1) (f)). We have a legitimate interest in being able to contact you, communicate and cooperate with you on entering into/complying with/fulfilling agreements with you or the company or organization you are affiliated with (e.g. as an employee or consultant) and follow up with customer satisfaction surveys, as well as comply with requests from you. This includes a legitimate interest in keeping records of our collaboration for billing purposes and to resolve any disputes, etc. In certain cases, we have a legitimate interest in being able to provide CV employee information about you to a customer when KMD is bidding as a prime/subcontractor or as a consortium to a customer in a bidding process with the company or organization for which you work. In certain cases, we also have a legitimate interest in sharing information about employees of customers and suppliers in connection with customary reporting to our parent company, NEC Corporation.
  • Where it is necessary for the performance of a contract with you or to enable us to deal with enquiries and the like prior to your entering into any contract with us (Article 6 (1) (b))
  • Where processing is necessary for compliance with a legal obligation to which we are subject (Article 6 (1) (c)). In certain cases, we are legally obliged to retain material containing your personal data. For example, this may be for the purposes of documenting transaction trails and under the rules of accounting law.

Beneficiaries:

We may share your personal data with:

  • the customers, suppliers and business partners who assist us (possibly as data processors) or with whom we cooperate, for the purpose of concluding/complying with/fulfilling agreements with you or the company/organization with which you are associated (e.g. as an employee or consultant) and conducting customer satisfaction surveys. This means that we may share your information with, for example, our IT service providers and consulting partners. Sharing of employee CV information may also occur with customers when KMD and the company or organization you work for are bidding as a prime/subcontractor or as a consortium to a customer in a bid process.
  • our auditors, lawyers, external advisors
  • affiliated companies to us to the extent permitted by law. You can find an overview of our group companies here. For example, KMD may share information about employees of customers and suppliers in connection with customary reporting to our parent company, NEC Corporation.

Transfer to countries outside the EU/EEA:

Several of our customers, suppliers and partners who assist us and service providers of various IT tools, including IT collaboration tools, are established outside the EU/EEA. We may therefore share your personal data with recipients in countries outside the EU/EEA (third countries). However, this assumes that:

  • the third country/company in question has been assessed by the EU Commission as generally ensuring, either through legislation or other measures, an adequate level of protection of personal data
  • standard data protection clauses adopted by the European Commission have been concluded between us and the recipient of your personal data
  • that the beneficiary has subscribed to an approved code of conduct or certification scheme; or
  • the beneficiary has an approved set of Binding Corporate Rules

The transfer of personal data to our parent company, NEC Corporation, in Japan is based on the EU Commission's decision to consider Japan a safe third country.

You may at any time obtain information or, where appropriate, a copy of the necessary safeguards on which the transfer of personal data to recipients outside the EU/EEA is based by writing to us in accordance with point 1.

Storage:

We will keep information about you for as long as we need to:

  • pursue the objectives set out above
  • document:
    • cooperation
    • our right to the processing of personal data and
    • our compliance with rules on the processing of personal data and other legislation, such as accounting legislation (which requires us to keep accounting records for up to one year from the end of the financial year to which the records relate),

      in respect of limitation of criminal and civil liability and other legal claims, where applicable. If it is not relevant, we will delete the data beforehand.

Voluntarily:

When we collect personal data from you, it is voluntary for you to provide the information to us. If you do not provide us with the personal data, the consequence may be that we cannot fulfil the purposes above, including

  • we cannot enter into a customer/supplier or other working relationship with you, including being able to communicate and have ongoing contact with you or the company you are affiliated with (e.g. as an employee or consultant),
  • we cannot comply with your requests; and
  • we are unable to provide you with user access to our services, benefits and systems.

2 B. User of kmd.net and/or recipient of marketing

Objective:

We collect and process personal data, including your IP address, for marketing and statistical purposes. This may be, for example, to target our communications with you based on your areas of work and interest and to send you relevant marketing, information and inspiration in the form of, among other things, gated content and follow-up to your inquiry to us via contact form.

We collect and process information about your behavior on our website to analyze the use of our website, optimize the user experience and target our communications to you, including by online marketing on Social Media. We collect the information on the basis of cookies in accordance with our Cookie-Policy and if you have consented to the use of non-essential cookies. As a general rule, information collected about your behavior on our website on the basis of cookies will not be attributed to you as an individual. However, if via our website you have requested or agreed that you will receive, gated content and follow-up email from KMD's Sales Team or follow-up to your enquiry to us via contact form or similar, we will link this personal data to your behavior on our website in order to target our communications and marketing, including for example what we present on our website and advertising on other websites.

We also collect and process information about your behavior on our website without the use of cookies to generate aggregate, anonymous statistics that we use to understand and improve the user experience on our website. This happens because we collect information about your behavior on our website together with your IP address, which we anonymize (by shortening and encryption), after which the information can no longer be attributed to you as a person.

Furthermore, we use information about your name, work email, company and position to respond to your request via contact form or regarding gated content e.g. a white paper in order to target our follow-up to be relevant to you.

Categories of information:

We collect general information such as name, position, profession/field of work, place of employment, contact details, professional areas of interest, IP addresses, and your behavior on our website.

Here you will find a more detailed explanation:

(a) "log data": when you visit our websites, a so-called log data record (so-called server log files) is temporarily stored on our web server. This consists of:

  • the page from which the page was requested (the so-called referrer URL)
  • the name and URL of the requested page
  • the date and time of the request
  • a description of the type, language and version of the web browser used
  • the IP address of the requesting computer
  • the amount of data transferred
  • the operating system
  • the message whether the request was successful (access status/ttp status code)
  • the GMT time zone difference

(b) "contact form data": when contact forms are used, the data sent through them are processed: name, e-mail address, telephone number and time of transmission.

We would like to point out that we evaluate your user behavior when we send emails with gated content. Emails contain links with tracking i.e. we can see that you open the email and gated content. We associate the above data with your email address and an individual ID.

(c) "behavior on our website": When you visit our website, selected data relating to your behavior is processed. This consists of:

  • Page views (which pages you have visited)
  • Page searches (which pages you have searched for on our website)
  • External referral (which source, e.g. Google, you access our website from)
  • Selected elements you interact with (e.g. how long you are on our pages and what you click on)

We connect the above data about your behavior on our website with your IP address, which we anonymize (by shortening and encryption), after which the information can no longer be attributed to you as a person.

If you have consented to the use of non-necessary cookies, however, we connect the above data about your behavior on our website with your e-mail address and an individual ID.

Sources:

We collect information from you in connection with contact forms, gated content and via cookies that you accept on our website.

Lawfulness of processing:

We process your personal data based on the following processing bases:

  • When it is necessary to safeguard a legitimate interest for us (Article 6, paragraph 1 (f)). We have a legitimate interest in processing your information for marketing purposes, including e.g. to be able to tell you about KMD A/S and the IT products/services we can offer your company by telephone or in any meetings with you. Our legitimate interest thus consists in knowing your professional interests and preferences so that we can better adapt our communication and offers to your company and ultimately offer products and services that meet your company's needs and wishes. We also have a legitimate interest in processing information about your behavior on our website to generate aggregate, anonymous statistics in order for us to understand and improve the user experience on our website.
  • Where you have consented to our use of non-essential cookies (Article 6 (1) (a)). You can read more about our use of cookies in our Cookie Policy. You can withdraw your consent to the use of non-essential cookies at any time by using the button in the bottom left corner and adjusting your cookie settings there.
  • Where you have consented to us complying with your request via the contact form or via gated content and follow-up emails from the KMD Sales Team, our follow-up will be targeted to be relevant to you (Article 6 (1) (a)). You may withdraw your consent to receive marketing communications by email at any time by using the unsubscribe link in the email communications or by writing to us at marketing@kmd.dk. Your withdrawal of consent will not affect the legality of the marketing emails sent by us prior to your withdrawal of consent.
  • Where it is necessary for the performance of a contract with you or for us to deal with enquiries and the like prior to your entering into any contract with us (Article 6 (1) (b)).

Receiver:

We disclose or transfer information about you to the following recipients:

  • data processors who assist us with marketing/advertising targeting and for static purposes. We have data processing agreements with the data processors (Article 28), under which the data processors are obliged to comply with data protection rules.

    • and

  • third parties: if you have consented to the use of third-party cookies that allow personal information about you to be inferred, as set out in our Cookie-Policy, then the collection/disclosure of information to those third parties will be in accordance with our Cookie-Policy.

Transfer to countries outside the EU/EEA:

If you have consented to the use of third-party cookies that allow personal information about you to be inferred, as set out in our Cookie Policy, then information about you may be disclosed to the third party on that basis.

Several of the providers that use cookies are established outside the EU/EEA. We may therefore share your personal data with recipients in countries outside the EU/EEA (third countries). However, this assumes that:

  • the third country/company in question has been assessed by the EU Commission as generally ensuring, either through legislation or other measures, an adequate level of protection of personal data
  • standard data protection clauses adopted by the European Commission have been concluded between us and the recipient of your personal data
  • that the beneficiary has subscribed to an approved code of conduct or certification scheme; or
  • the beneficiary has an approved set of Binding Corporate Rules

You can obtain information or a copy of the necessary guarantees on which the transfer of personal data to recipients outside the EU/EEA is based at any time by writing to us.

Most providers that use cookies process data on a global level. Therefore, if you are located in the EU, please be aware that when you use Social Media, personal data may also be processed outside the EU by those Social Media.

If your personal data is transferred to countries outside the EU, the social media provider provides appropriate safeguards, for example by entering into standard contractual clauses issued by the European Commission or by complying with approved Binding Corporate Rules, to ensure that the transfer of data takes place with the same level of data protection equivalent to the GDPR.

For the transfer of personal data to the United States to Social Media, which have certified themselves under the EU-U.S. Data Privacy Framework with the American Department of Commerce, the basis for the transfer of personal data from the EU to the United States may be based on the European Commission's decision that this ensures an adequate level of protection.

You can find further information on the transfer of personal data to countries outside the EU in the respective privacy policies of the cookie provider in question (see above).

Storage:

We will keep information about you for as long as we need to:

  • pursue the objectives set out above
  • document:
    • our right to the processing of personal data and
    • our compliance with personal data processing rules and other legislation, such as marketing laws,

in respect of limitation of criminal and civil liability and other legal claims, where applicable. If it is not relevant, we will delete the data beforehand.

For example, we will retain information regarding your consent and any withdrawal of consent to receive gated content emails and follow-up emails from KMD's Sales Team for up to 2 years after the last email is sent.

Voluntarily:

When we collect personal data from you, it is voluntary for you to provide the information to us. If you do not provide us with the personal data, the consequence will be that we cannot fulfil the purposes above, including that we cannot target our communications based on your areas of interest and focus or send you email marketing in the form of gated content.

2C. Events

Objective:

We process personal data about you when you register for or participate in an event with us in order for you to participate in the event. Events in this context cover events, courses, webinars and the like organized by KMD. In some cases, we may also process personal data about you in the form of images and/or videos in order to market us on the Social Media (as described in section 2.D Social Media below) on which we are located, on our website or in a newsletter when you attend an event.

Categories of information:

We process the following personal data about you: name, position, the company or organization you work for, as well as address, e-mail address and telephone number. We may also process your payment details.

It is necessary for us to record the above personal data about you in order to register you for our event.

We may also process personal data about you in the form of images and/or videos taken from the event in which you participate, either as a participant or presenter.

Sources:

We collect personal data from the following sources:

  • Personal data is collected directly from you or the company/organization you are affiliated with (as an employee or consultant).

Lawfulness of processing:

We process your personal data based on the following processing bases:

  • where necessary for our legitimate interest (Article 6 (1) (f)). We have a legitimate interest in being able to conduct the event, including being able to contact and communicate with you about the event, enter into/comply with/fulfil an agreement with you or the company/organization where you are affiliated (as an employee or consultant) about your participation in the event. For example, we use information about you to send confirmation of your registration, to contact you about practical information about the event you are attending, and subsequently to evaluate the event and send you any materials from the event. In this context, we have a legitimate interest in retaining documentation of the agreement to participate in the event for the purposes of invoicing and resolving any disputes, etc.
  • where it is necessary for the performance of a contract with you or for us to take steps prior to entering into a contract with you (Article 6 (1) (b)).
  • when it is necessary for us to comply with a legal obligation (Article 6 (1) (c)). In certain cases, we are legally obliged to retain material containing your personal data. For example, this may be for the purposes of documenting transaction trails, and similar under the rules of accounting law.

For those attending an event:

  • If we take situational and/or close-up photos and/or videos during our events where you can be identified and subsequently upload them on Social Media, our website, and/or in a newsletter, we will obtain your prior consent to do so (Article 6 (1) (a)), unless we consider that we can take and upload the image and/or video in accordance with our legitimate interest in communicating about the event (Article 6(1) (f)), for example where the images and/or videos are of an atmospheric nature where you are difficult to identify and we consider that you would not reasonably be likely to feel exposed, exploited or wronged. Where we base the processing of data about you on your consent, you may withdraw your consent at any time by writing to KMD by email to marketing@kmd.dk. Please note that if others may have shared KMD's postings with your picture/video from KMD's profiles on Social Media, such sharing will not be deleted.
  • If we upload images of children, we always ensure that consent has been obtained from the parents or guardians of the children (Article 6 (1) (a)). Consent can be withdrawn at any time by writing to KMD via email to marketing@kmd.dk. Please note that if others have shared KMD's postings with images of children from KMD's profiles on Social Media, such sharing will not be deleted.

For you as a presenter:

  • If we publish an agenda for the event, which includes your name, title and/or the subject of your presentation - e.g. on Social Media, our website, and/or in a newsletter - this will be done pursuant to KMD's legitimate interest in communicating, inviting and hosting the event (Article 6(1)(f)).
  • If we take situational and/or close-up photos and/or videos during our events where you can be identified and subsequently upload them on Social Media, our website, and/or in a newsletter, we will obtain your prior consent to do so (Article 6 (1) (a)), unless we consider that we can take and upload the image and/or video in accordance with our legitimate interest in communicating about the event (Article 6 (1) (f)), for example where the images and/or videos are of an atmospheric nature where you are difficult to recognize and we consider that you would not reasonably be likely to feel exposed, exploited or wronged. Where we base the processing of data about you on your consent, you may withdraw your consent at any time by writing to KMD by email to marketing@kmd.dk. Please note that if others may have shared KMD's postings with your picture/video from KMD's profiles on Social Media, such sharing will not be deleted.

Receiver:

We disclose or transfer information about you to the following recipients:

  • Third parties who assist us in organizing events. Here we may pass your name to transport companies if you need transport to the event and your name and email to the accommodation if the event is overnight.

Transfer to countries outside the EU/EEA:

As a general rule, KMD does not transfer your personal data to countries outside the EU/EEA in connection with events. In some cases, however, we use personal data about you in the form of images and/or videos to promote us on our Social Media profiles.

We may therefore share your personal data with recipients in countries outside the EU/EEA (third countries). However, this assumes that:

  • the third country/company in question has been assessed by the EU Commission as generally ensuring, either through legislation or other measures, an adequate level of protection of personal data
  • standard data protection clauses adopted by the European Commission have been concluded between us and the recipient of your personal data
  • that the beneficiary has subscribed to an approved code of conduct or certification scheme; or
  • the beneficiary has an approved set of Binding Corporate Rules

You can obtain information or a copy of the necessary guarantees on which the transfer of personal data to recipients outside the EU/EEA is based at any time by writing to us.

Most Social Media process data on a global basis. If you are located in the EU, you should therefore be aware that when you use the Social Media, personal data may also be processed outside the EU by the Social Media concerned.

If your personal data is transferred to countries outside the EU, the Social Media provider provides appropriate safeguards, for example by entering into standard contractual clauses issued by the European Commission or by complying with approved Binding Corporate Rules, to ensure that the transfer of data takes place with the same level of data protection equivalent to the GDPR.

For the transfer of personal data to the United States to Social Media, which have certified themselves under the EU-U.S. Data Privacy Framework with the American Department of Commerce, the basis for the transfer of personal data from the EU to the United States may be based on the European Commission's decision that this ensures an adequate level of protection.

You can find further information on the transfer of personal data to countries outside the EU in the respective privacy policies of the social media concerned.

You may withdraw your consent at any time by writing to KMD via email to marketing@kmd.dk.

Storage:

We will keep information about you for as long as we need to:

  • pursue the objectives set out above
  • document:
    • our right to the processing of personal data and
    • our compliance with personal data processing rules and other legislation, such as Danish marketing laws

      in respect of limitation of criminal and civil liability and other legal claims, where applicable. If it is not relevant, we will delete the data beforehand.

Specifically, the following deletion deadlines apply:

  • Personal data related to the invoicing of paid events is kept for five (5) years + current calendar year after the end of the financial year.

2 D. Social media

Purpose of treatment:

We may process your data on social media sites where we have pages managed by us. We are on the following platforms:

  • LinkedIn
  • Facebook
  • Instagram
  • Twitter
  • YouTube

hereinafter collectively referred to as "Social Media". We use information collected through our Social Media pages to inform about and market KMD and our products and services. In addition, we use the information for statistical purposes.

If you participate in an event hosted by KMD, KMD may upload images and/or videos featuring you to our Social Media pages. You can read about our processing of such information about you in section 2.C Events, above.

Categories of data we process:

The information collected through our Social Media pages is made available to us in aggregated statistics to a very limited extent. As this is aggregated information, it is not possible for us to identify individuals.

We can obtain aggregate information on visitors' gender, age group, country, city and language, as well as types of jobs, seniority, types of companies and number of employees in the company that the visitor is employed.

Below you can see what aggregated information we get from which Social Media:

  • LinkedIn Analytics: number of followers, country of followers, job type, seniority, type of company, company size,
  • Facebook Insights: number of followers, age of followers, gender, country, city and language,
  • Instagram Insights: number of followers,
  • Twitter Analytics: number of followers,
  • YouTube: number of followers, country of followers, age, gender, operating system and type of device.

In addition, we use marketing and advertising via Google, Facebook, LinkedIn and Twitter, where we address targeted advertisements to a target group based on the target group's search history, clicks, who the target group likes and who the target group follows on that Social Media.

Comments posted by users on our Social Media pages do not constitute a collection of personal data by us and we are not data controllers of such information. Messages written on our profiles are public and can be viewed by anyone. However, we may have a legal obligation to process the contact information of a user who posts comments on our Social Media pages and contact the person who posted them. This may happen if, for example, the person complains or writes something else that obliges us to contact the person.

Sources:

When you visit our pages on Social Media, that medium often places cookies on the device you are using to access. This may be your computer, tablet or phone, for example. The Social Media in question therefore processes information about you when you visit our page on the Social Media managed by us. It is irrelevant whether you have a profile on the Social Media or not. You can find LinkedIn's cookie policy here, Facebook's here, Instagram's here, Twitter's here and YouTube's here.

The Social Media and KMD A/S are joint data controllers for the processing of personal data that takes place on our pages on the Social Media. This means that Social Media must share and determine responsibility with us for complying with data protection rules. Personal data processed about you when you visit our pages on the Social Media is collected and processed by the Social Media, including, inter alia, to provide the Insight function and other statistical functions (i.e. functions that, for example, enable us to receive aggregated statistics from the Social Media about visits to our page in order for us to determine the target audiences for our advertisements on our page on the Social Media).

It is the Social Media that collect, process and have access to the personal data about you, and if you wish to exercise your rights or if you believe that the data is being processed in breach of the rules, you can contact the Social Media concerned.

Read more in LinkedIn's privacy policy here, Facebook's here, Instagram's here, Twitter's here and YouTube's here

Read more about the Facebook Insight feature here: https://www.facebook.com/legal/terms/information_about_page_insights_data

Read more about the terms of KMD's and Facebook's joint data responsibility for the Insight feature here: https://www.facebook.com/legal/terms/page_controller_addendum

Please note that despite sharing joint responsibility with the social media, KMD has no influence over the data processing activities carried out by the social media. The options open to us depend essentially on the respective provider's corporate policy.

If we receive a request from you regarding the exercise of your rights in relation to the processing of insight data by, for example, Facebook, LinkedIn, Instagram, Twitter and YouTube, we are obliged to forward all relevant information to the social media concerned so that the social media can respond to your request in a timely manner.

Lawfulness of processing:

We process your personal data based on the following processing bases:

  • We process aggregated statistics (including based on your data) received from the Social Media as necessary for our legitimate interest (Article 6(1)(f)). Our legitimate interest consists partly in 1) receiving an overview of visitor statistics and enabling us to improve the use of our site on Social Media and 2) creating increased publicity for our products and services through targeted advertising on Social Media.

Receiver:

We disclose or transfer information about you to the following recipients:

Marketing agencies and other service providers who (as data processors) assist us with marketing/advertising targeting.

Transfer to countries outside the EU/EEA:

As a general rule, KMD does not transfer your personal data to countries outside the EU/EEA.

However, several of our customers, suppliers and partners who assist us and service providers of various IT tools, including IT collaboration tools, are established outside the EU/EEA. We may therefore share your personal data with recipients in countries outside the EU/EEA (third countries). However, this assumes that:

  • the third country/company in question has been assessed by the EU Commission as generally ensuring, either through legislation or other measures, an adequate level of protection of personal data
  • standard data protection clauses adopted by the European Commission have been concluded between us and the recipient of your personal data
  • that the beneficiary has subscribed to an approved code of conduct or certification scheme; or
  • the beneficiary has an approved set of Binding Corporate Rules

You can obtain information or a copy of the necessary guarantees on which the transfer of personal data to recipients outside the EU/EEA is based at any time by writing to us.

Most social media process data on a global basis. If you are located in the EU, you should therefore be aware that when you use social media, personal data may also be processed outside the EU by those social media.

If your personal data is transferred to countries outside the EU, the social media provider provides appropriate safeguards, for example by entering into standard contractual clauses issued by the European Commission or by complying with approved Binding Corporate Rules, to ensure that the transfer of data takes place with the same level of data protection equivalent to the GDPR.

For the transfer of personal data to the United States to Social Media, which have certified themselves under the EU-U.S. Data Privacy Framework with the American Department of Commerce, the basis for the transfer of personal data from the EU to the United States may be based on the European Commission's decision that this ensures an adequate level of protection.

You can find further information on the transfer of personal data to countries outside the EU in the respective privacy policies of the social media concerned (see above).

Storage:

We will keep information about you for as long as we need to:

  • pursue the objectives set out above
  • document:
    • our right to the processing of personal data and
    • our compliance with personal data processing rules and other legislation, such as Danish marketing laws,
    in respect of limitation of criminal and civil liability and other legal claims, where applicable. If it is not relevant, we will delete the data beforehand.

We have no control over how long data held by social media sites is stored for their own purposes. For details, please refer directly to the operators of the social media (see references to their privacy policies above).

3. Cookies

On the use of cookies, please see our Cookie Policy. If cookies involve the collection of personally identifiable information, this will be disclosed in our Cookie Policy and/or this Privacy Policy.

4. KMD-developed apps

For personal data collected via KMD-developed apps, please see Processing of personal data in KMD apps.

5. Your rights

You have a number of rights under the GDPR in relation to our processing of data about you.

If you want to exercise your rights, please contact us. See our contact details in section 1.

We will comply with your request as soon as possible in accordance with applicable law. If - for any reason - we are unable to comply with your request, we will contact you.

Right to see information (right of access):

You have the right to access the data we process about you, including the purposes of the processing, as well as a range of additional information.

Right of rectification (correction):

You have the right to have inaccurate information about yourself corrected.

Right to erasure:

In exceptional cases, you have the right to have information about you deleted before the time of our general deletion occurs.

Right to restriction of processing:

In certain cases, you have the right to restrict the processing of your personal data. If you have the right to restrict processing, we may only process the data in the future - apart from storage - with your consent, or for the establishment, exercise or defence of legal claims, or to protect an individual or important public interests.

Right to object:

In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You may - for reasons relating to your particular situation - ask us not to process your personal data in cases where the processing is based on Article 6 (1) (e) (task carried out in the public interest or in the exercise of official authority) or Article 6 (1) (f) (legitimate interest), including profiling based on these provisions. The extent to which we process your data for such purposes is set out in this Privacy Policy. We may then no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defense of legal claims.

You can also object to the processing of your data for direct marketing and marketing profiling purposes. We may then no longer process the personal data for this purpose.

Withdrawal of consent:

If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you withdraw your consent, it will not affect the lawfulness of the processing carried out before you withdrew your consent.

If you have consented to receive gated content and follow-up emails from the KMD Sales Team via email, you may withdraw your consent at any time by using the unsubscribe link in the email broadcasts or by writing to us at marketing@kmd.dk.

Data portability:

In certain cases, you have the right to receive your personal data (only data concerning yourself that you have provided to us) in a structured, commonly used and machine-readable format and to have this personal data transferred to another controller (data portability).

General:

There may be conditions or restrictions attached to the use of the above rights. It is therefore not certain that you have the right to data portability in the specific case, for example - this depends on the specific circumstances of the processing activity in question.

6. Security

At KMD, we have an information security management system. We process all data, including your personal data, in accordance with the security policies, processes and controls contained in our ISO27001 certified information security management systems. This means that your personal data is protected against destruction, loss or alteration, against unauthorized disclosure, and against unauthorized access or knowledge.

7. Complaint to the Data Protection Authority

You have the right to lodge a complaint with the Data Protection Authority if you are unhappy with the way we process your personal data:

Danish Data Protection Agency, Carl Jacobsens Vej 35, DK-2500 Valby, tel. +45 3319 3200, email: dt@datatilsynet.dk.

8. Updating of this Policy

We are committed to fundamental principles of privacy and data protection. We therefore regularly review this Privacy Policy to keep it up to date and in compliance with applicable principles and legislation. The Privacy Policy is subject to change without notice.

Material changes to the Privacy Policy will be posted on our website together with an updated version of the Privacy Policy.

Any changes we may make to the Privacy Policy in the future will be posted on this page and may be notified to you by email.