References in this policy, therefore, refer to articles in the EU's GDPR (General Data Protection Regulation). The Privacy Policy applies to data you provide to us and/or data that we collect about you as part of our customer, supplier, or other business services as a user of our website, etc. In the Privacy Policy, you can read about how we process your personal data, how long we can store it when we delete it, etc.m.

Personal data may also be covered by other privacy policies with us. We will inform you of this in connection with a specific service, website, or process. In this case, personal data is not covered by this Privacy Policy (unless specified in the other Privacy Policy in question).

In order to enable accurate and clear information about how we process your personal data, we have divided our Privacy Policy into two parts. If you are included in the category of customers, suppliers, business partners or other persons related to these (such as employees and consultants), section 1.1 applies to you; if you are a user of our website Dwarf.dk and/or recipient of marketing materials, newsletters, etc., section 1.2 applies.

1.1 Clients, suppliers, business partners, or other persons related to them (such as employees or consultants)

The basis for processing data:

We collect and process data about customers, suppliers, business partners, or other persons related to these (such as employees and consultants), to enable communication and cooperation about whether cooperation agreements or other agreements have been completed adequately for you or the company you are affiliated with (as an employee or consultant), as well as to be able to comply with your requests.

Types of data we process:

We process personal data such as name, title, and contact details – including company name, address, email, phone number, username, etc.

Sources:

We collect personal data directly from you or the company/organisation with which you are affiliated (as an employee or consultant).

The basis for processing:

We process your personal data on the following processing basis:

When your data is necessary for us to pursue a legitimate interest (Article 6(1)(f)). We have a legitimate interest in being able to contact you and enable communication and cooperation about whether cooperation agreements or other agreements have been carried out adequately for you or the company you are affiliated with (as an employee or consultant) as well as to be able to comply with your requests. This includes a legitimate interest in storing documentation of our cooperation with the intent to invoice and resolve any disputes.

When your data is necessary as part of a collaboration between us, or in order for us to handle requests or the like before you engage with us (Article 6(1)(b)).

When processing your data is necessary for us to comply with our legal obligations (Article 6(1)(c)). In some cases, we are legally obliged to store material that includes your personal data. This could be with the intent to document audit trails or other material in accordance with the provisions of the Bookkeeping Act.

Recipients:

If necessary, we may share your personal data with:

• Customers, suppliers, business partners, or other persons who assist us in the processing of data (e.g. as sub-processors) or with whom we cooperate to ensure communication and cooperation in whether cooperation agreements or other agreements have been carried out adequately for you or the company you are affiliated with (as an employee or consultant). This means that we can share your data with, for example, our software service providers and consulting business consultants.
• Our auditors, lawyers, and external consultants

Transfers to non-EU/EEA countries:

Some of our suppliers and software suppliers for various IT services, including collaboration tools, are located outside the EU/EEA. As a result, we sometimes share your personal data with recipients in countries outside the EU/EEA (third countries). However, this is done on the condition that:

• The relevant third country/company in the third country has been assessed by the EUROPEAN Commission as being a country/company that generally ensures a satisfactory level of protection of personal data, either through legislation or other methods.
• Standard provisions are secured between us and the relevant recipient of your personal data, cf. data protection legislation set by the EU Commission.
• The relevant beneficiary has accepted a code of conduct, a certification scheme or,
• The relevant recipient has binding company rules on safety in the field of health and safety at work.
• Transfers and processing of personal data to their company/country.  You can at any time request information about or a copy of which security measures form the basis for transfers of personal data to recipients outside the EU/EEA by writing to us.

Storage:

We store data about you for as long as we are able to:

• Pursue the machining bases specified in the above section
• Document

In relation to minimising criminal and civil liability and other legal claims, if applicable. If none of these requirements are relevant, we will delete your personal data.

Volunteerism:

When we collect personal data from you, it is on a voluntary basis. If you do not agree to provide us with the necessary personal data, the consequence is that we cannot meet the basis outlined in the above section, including:

• We cannot enter into a customer/supplier relationship or other cooperation with you, inclusive communication, or regular contact with you or the company you are affiliated with (as an employee or consultant).
• That we cannot live up to your requests and,
• That we cannot give you access to our services and systems.

1.2 Users of dwarf.dk and/or recipients of marketing material, newsletters, etc.

The basis for processing data:

We collect and process personal data with marketing insights. This could be to target our communication to you based on your work or interests and send you relevant marketing, information, and inspiration in the form of e.g. newsletters, invitations to events, white-papers, and information about new solutions/services, etc.

Dwarf reserves the right to collect data about your IP address and HTTP request information. An IP address is a unique number assigned to network devices, such as computers that communicate with each other over the Internet. A HTTP request happens whenever your browser requests information from our server, and in this request, there is information about your device, browser, and language. Dwarf uses your and others' IP addresses and request headers to target communication, marketing, comply with privacy framework, and to collect statistical information.

We collect and process data about your behaviour on our website to analyse the use of the site, optimise the user experience, and segment our communication to you. We collect data using cookies in accordance with our Cookie Policy. Cookies are small data files that are stored on the user's device that allow the device to be recognised. In general, data collected about your behaviour on our website cannot identify you as an individual. However, if you have requested or agreed to receive marketing, newsletters, invitations to events, white-papers, or the like through our website, we may link personal data to your conduct on our website in order to target our communications and marketing, including the content we present on our website, to you. If you do not agree to cookies, we will collect statistical information about your visit without setting a cookie. This data is completely anonymised and encrypted to both us and any third-party platforms.

If you have given us your consent, we will use your name, email, and professional interest data to send you marketing emails in the form of e.g. newsletters and invitations to events. If you have also provided your title and company (voluntarily), we will use this data to target newsletter content and invitations to events that match your selected areas of interest. We segment by selecting content that we find most relevant to you based on your title (job function) and industry, as well as the size of your company.

Types of data we process:

We collect personal data such as your name, position/title/job, company, contact details, professional interests, and in some cases IP addresses and behaviour on our website.

Sources:

We collect data from you via cookies when you give your consent on our website.

The basis for processing data:

We process your personal data on the following processing basis:

• Where necessary in order for us to pursue a legitimate interest (Article 6(1)(f)). We have a legitimate interest in processing your data for marketing purposes. Our legitimate interest lies in knowing your professional interests and preferences, which enables us to target our communications and offers to you, as well as to offer products and services that match your needs and desires.
• Once you have given your consent to receive emails from us, you will receive newsletters and invitations to events (Article 6(1)(a)). You can withdraw your consent to this at any time by using the "unsubscribe" link in the aforementioned emails or on our website. Your withdrawal of consent does not affect the legality of the news or invitation emails sent before this withdrawal. If you have consented to the use of third-party cookies that allow you to derive personal data about yourself (see our Cookie Policy), then sharing this data with third parties is based on your consent.
• When necessary to enter into a collaboration with you or to comply with your requests or the like before you enter into a collaboration with us (Article 6(1)(b)).

Recipients:

We share or present your personal data to the following recipients:

• Data processors who assist us in sending newsletters, marketing/advertising segmentation, statistical collection, as well as,
• Third parties: if you have consented to the use of third-party cookies that allow you to derive personal data related to you (see our Cookie Policy), then the collection and sharing of data relevant to third parties will be done in accordance with our Cookie Policy. Dwarf uses Google for statistics and marketing base services. Learn more about the basis for Google's processing of personal data, as well as your ability to adjust your privacy settings, in Google's privacy policy.

Transfers to non-EU/EEA countries:

If you have consented to the use of third-party cookies, which make it possible to derive personal data relating to you (see our Cookie Policy), then sharing this data around you to third parties will be based on this consent. In such cases, depending on your privacy settings on these services, third parties (such as Google), based on cookies obtained through services on our website, may collect and store your data (e.g. IP address and cookie data) in servers outside the EU/EEA. Google is certified under the Privacy Shield scheme.

Storage:

We store data about you for as long as we are able to:

• Pursue the treatment bases specified in the above section
• Document

In relation to minimising criminal and civil liability and other legal claims, if applicable. If none of these requirements are relevant, we will delete your personal data.  For example, we will store data relating to your consent and any withdrawal of your consent to receive emails with newsletters and invitations for up to two years after the last email sent with this content.

Volunteerism:

When we collect personal data from you, it is voluntary. If you do not agree to provide us with your personal data, the consequence is that we cannot meet the foundations outlined in the above section, including that we cannot target our communications based on your areas of interest, or send you relevant marketing materials and content such as newsletters and invitations to events.

Regarding the use of cookies, please see our Cookie Policy. If cookies involve the registration of personally identifiable data, this will appear in our Cookie Policy and/or this Privacy Policy.

Under the General Data Protection Regulation, you have certain rights cf. our processing of your personal data

If you wish to exercise your rights, please contact us. See our contact details in section 7.

We will comply with your request as soon as possible in accordance with current legislation. If for any reason we cannot comply with your request, we will contact you about it.

Right of access:

You have the right to see data that we process about you, including the basis for the processing.

Right of reply (correction):

You have the right to require correction of your data if it is incorrect.

Right to delete:

In some cases, you have the right to require your data to be deleted before the time limit for the time we would normally delete it.

Right to restriction of treatment:

In some cases, you have the right to demand limitation of the processing of your personal data. If you require processing to be limited, we may then only process (store except) those of your personal data for which we have consent or for the purpose of establishing, exercising, or defending legal claims or to protect individuals or important public interests.

Right of objection:

In some cases, you have the right to object to our otherwise lawful processing of your personal data. For reasons relating to your particular case, you may ask us not to process your personal data in cases where the processing is based on Article 6(1) (e) (performing a task in the public interest or falling within the scope of public authority) or Article 6(1) (f) (legitimate interest), including profiling based on these provisions. This privacy policy specifies the extent to which we process your data for this type of purpose. Upon objection, we may not process your personal data unless we have a convincing legitimate basis for processing your data that overrides your interests, rights, and freedoms, or whose processing is necessary for the establishment, exercise, or defense of legal claims.

Withdrawal of consent:

If the processing of your personal data is based on your consent, you are entitled to withdraw this consent at any time. Your withdrawal of consent does not affect the legality of the processing of personal data that took place before this withdrawal.

If you have consented to receive newsletters and invitations to events via emails, you may withdraw your consent at any time by using the "unsubscribe" link in the email.

Data portability:

In some cases, you have the right to receive your personal data (only data relating to you, submitted by you) in a structured, easy-to-read format, and to have such personal data transferred to another processing provider (data portability).

generally:

Conditions or restrictions may apply to the exercise of the above rights. This means that you do not necessarily have the right to data portability in your specific case – this is dependent on the specific circumstances of the relevant processing activity.

Dwarf processes all data, including your personal data, in accordance with our security policy, processes, and controls. This means that your personal data is protected from destruction, loss, modification, unauthorized sharing, as well as unauthorized access or knowledge of such data.

We must respect the basic principles of the protection of personal data and data protection. We therefore periodically review this Privacy Policy to keep it up to date and to make sure that it complies with applicable principles and laws. The Privacy Policy can be changed without notice.

Significant changes to the Privacy Policy will be published on our website with an updated version of the Privacy Policy. Any change to the Privacy Policy will in the future be published on the website and may trigger the sending of email notification.

You have the right to submit a complaint to The Danish Data Protection Agency if you are not satisfied with the way we process your personal data:

The Danish Data Protection Agency
Borgergade 28, 5th Floor
1300 København K
Phone: +45 33 19 32 00
Email: [email protected]

Dwarf is the Data Processor of your personal data. Our contact details are as follows:

Dwarf A/S
Bernhard Bangs Allé 25, 1.
2000 Frederiksberg
CVR-no.: DK25121198
Phone: +45 38 16 00 00
Email: [email protected]