Privatlivspolitik - STÆHR GROUP A/S

Data Controller

We are the data controller for the processing of personal data that we handle in relation to our customers and business partners. You can find our contact information below:

Henning Stæhr A/S
Grusbakken 14
2820 Gentofte
VAT no.: 43224913

If you have any questions regarding the processing of your personal data, you are welcome to contact us via the contact form on our website.

Processing Activities
As the data controller under the GDPR, we carry out the following processing activities:

Visits to Our Website
When you visit our website, we use cookies to ensure the site functions properly. You can read more in our [cookie policy].

Communication with Potential Customers
If you have any questions about our website or would like to learn more about our services, you can contact us via:

• Contact form
• Email
• Telephone

We process the personal data you provide so that we can engage in a dialogue with you, for example, to answer questions about our services. We only process the information you provide in this context, typically: name, email address, and telephone number.
Our legal basis for processing this personal data is Article 6(1)(f) of the GDPR.

We will delete our correspondence with you when it is clear whether you wish to use our services or not. If, in special cases, it becomes necessary to keep your personal data for a longer period, this may occur.

Customers
We need to communicate with our customers to ensure that our services are delivered correctly. This may involve processing information such as name, address, services provided, special agreements, payment details, and similar information.
Our legal basis for this processing is Article 6(1)(b) of the GDPR.
Once the service has been delivered and any outstanding matters are resolved, we will delete the personal data without undue delay.

Newsletter
We offer a newsletter which you can subscribe to voluntarily — and you may unsubscribe at any time.
The purpose of our newsletter is to send subscribers updates about new content on our website and information about our services.
We will only send you emails if you have given your explicit consent. Initially, you must provide your email address, after which you will receive a confirmation email to verify your subscription. This ensures that you have actively consented to receive our newsletter.

Our legal basis for processing your personal data (your email address) in connection with the newsletter is Article 6(1)(a) of the GDPR.
We will continue to process your data as long as you remain subscribed to the newsletter. If you unsubscribe, we will stop sending you newsletters. If we do not send you any newsletters for one year, your consent will lapse due to inactivity.

Upon unsubscription, we will retain your prior consent for two years after it was last used, in accordance with the Danish Consumer Ombudsman’s spam guidelines, section 11.3.

Accounting
We are legally required to keep all accounting records in accordance with the Danish Bookkeeping Act. This means that we store invoices and similar documents for bookkeeping purposes, which may include basic personal data such as name, address, and a description of the service provided.

Our legal basis for processing personal data for bookkeeping purposes is Article 6(1)(c) of the GDPR.
We retain this information for a minimum of five years after the end of the current financial year.

Job Applications
We gladly accept job applications to assess whether they match any current or future recruitment needs within our company.
If you submit a job application to us, our legal basis for processing your personal data is Article 6(1)(f) of the GDPR.

If you submit an unsolicited application, our HR team will assess whether your application is relevant and then delete your information if there is no match.

If you apply for an advertised position and are not hired, we will delete your application shortly after the right candidate has been selected.
If you are included in a recruitment process and/or hired for the position, we will provide you with separate information on how we process your personal data in that context.

Data Processors
No company can do everything alone, and neither can we. We therefore work with partners and suppliers, some of whom are data processors.

External suppliers may, for example, provide systems to help us organise our work, deliver services, consultancy, IT hosting, or marketing services. It is our responsibility to ensure that your personal data is processed properly. We therefore impose strict requirements on our partners, who must guarantee that your personal data is protected.

We enter into data processing agreements with any company (data processor) that handles personal data on our behalf to safeguard the security of your data.

Disclosure of Personal Data
We do not disclose your personal data to third parties.

Profiling and Automated Decision-Making
We do not use profiling or make automated decisions.

Transfers to Third Countries
We generally use data processors located within the EU/EEA, or who store data within the EU/EEA.
In some cases, this may not be possible. In such instances, we may use data processors outside the EU/EEA if they can provide your personal data with adequate protection.

Data Security
We keep the processing of personal data secure by implementing appropriate technical and organisational measures.
We have carried out risk assessments of our data processing activities and have implemented suitable safeguards to enhance data security.
One of our key measures is keeping our employees up to date on GDPR through ongoing awareness training, GDPR courses, and regular reviews of our GDPR procedures.

Data Subjects’ Rights
Under the GDPR, you have a range of rights in relation to our processing of your personal data.
If you wish to exercise any of these rights, please contact us so we can assist you.

Right of Access
You have the right to access the data we process about you, as well as certain additional information.

Right to Rectification
You have the right to have inaccurate personal data about you corrected.

Right to Erasure
In certain cases, you have the right to have your personal data deleted before our general deletion deadline.

Right to Restrict Processing
In certain cases, you have the right to restrict the processing of your personal data. If you have this right, we may only process the data — apart from storage — with your consent, or for the establishment, exercise, or defence of legal claims, or to protect a person or important public interests.

Right to Object
In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You can also object to the processing of your data for direct marketing purposes.

Right to Data Portability
In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have these data transferred from one controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency’s guidance on data subjects’ rights at www.datatilsynet.dk.

Withdrawal of Consent
Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.

Complaints to the Danish Data Protection Agency
You have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with how we process your personal data. You can find their contact details at www.datatilsynet.dk.

We generally encourage you to stay informed about the GDPR so you are aware of your rights and the applicable rules.