our Privacy Policy

Data Controller

We are the data controller for the processing of personal data that we process about our customers and business partners. You can find our contact information below.

Tiffin ApS

Bådehavnsgade 42P, 2450 Copenhagen SW

CVR no.: 43587226

It is not a requirement that our company has an external DPO, but if you have questions about the processing of your personal data, you can contact us at tiffin@tiffin.dk.

Processing activities

As a data controller according to the GDPR, we have the following processing activities.

Visits to the website

When you visit our website, we use cookies to ensure the functionality of the website, which you can read more about in our [cookie policy].

Communication with potential customers

When you have questions about our site, or want to learn more about our services, you can contact us via:

  • tiffin@tiffin.dk

  • +45 53 52 40 45

 

Through this, we will process your personal data so we can engage in a dialogue with you such as answering questions about our services. We only process the information that you provide us in connection with our communication.

We will typically process the following personal information: name, email, phone number.

Our legal basis for processing this personal data is Article 6(1)(f) of the General Data Protection Regulation.

We will delete our communication with you when it becomes clear whether you want our services or not.

If there is a special case where there is a need to store your personal data for a longer period, this may be the case.

Customers

We need to communicate with our customers to ensure that the service is delivered correctly. Through this, we can process information such as name, address, services, special agreements, payment information, and the like. 

The legal basis for processing this personal data is Article 6(1)(b) of the General Data Protection Regulation.

When the service is delivered and any outstanding issues are completed, we will immediately delete the personal information.

Bookkeeping

We are required to keep all accounting documents in accordance with the Bookkeeping Act. This means that we keep invoices and similar documents for accounting purposes. This may include personal information such as name, address, service description. 

Our legal basis for processing personal data for accounting purposes is Article 6(1)(c) general.

We will keep this information for a minimum of 5 years after the current accounting year is completed. 

Job applications

We gladly accept job applications in order to assess whether they match our need for employment in our company. 

If you send your job application to us, our legal basis for processing your personal data is Article 6(1)(f) of the General Data Protection Regulation. 

If you have sent an unsolicited application, HR will immediately assess whether your application is relevant, and then delete your information if there is no match. 

If you have applied for a posted job, we will dispose of your application in case you are not hired, and immediately after the right candidate is found for the job.

If you are involved in a recruitment process and/or are hired for the job, we will provide you with separate information on how we process your personal data in this context. 

Data Processors

Few can do everything themselves, and the same applies to us. We therefore have business partners and use suppliers, some of whom may be data processors.

External suppliers can, for example, provide systems to organize our work, services, consulting, IT hosting, or marketing.

It is our responsibility to ensure that your personal data is processed properly. Therefore, we set high demands for our business partners, and our partners must guarantee that your personal data is protected.

Therefore, we enter into agreements with companies (data processors) that handle personal data on our behalf to enhance the security of your personal data.

Disclosure of personal data 

We do not disclose your personal data to third parties.

Profiling and automated decisions

We do not carry out profiling or automated decisions. 

Transfers to third countries

As a starting point, we use data processors in the EU/EEA, or who store data in the EU/EEA. 

In some cases, this is not possible, and in these cases, we may use data processors outside the EU/EEA, if they can provide your personal data with adequate protection.

Data security

We keep the processing of personal data secure by implementing appropriate technical and organizational measures. 

We have conducted risk assessments of our processing of personal data, and have then implemented appropriate technical and organizational measures to increase data security.

One of our most important measures is to keep our employees updated about GDPR through ongoing awareness training, GDPR courses, and by reviewing our GDPR procedures with the employees.  

The rights of data subjects

Under the General Data Protection Regulation, you have a number of rights regarding our processing of information about you.

If you want to exercise your rights, you should contact us so we can assist you with this.

Right of access (right to see information)

You have the right to access the information that we process about you, as well as a range of additional information.

Right to rectification (correction)

You have the right to have incorrect information about yourself corrected.

Right to erasure

In special cases, you have the right to have information about you deleted before the time for our general deletion occurs.

Right to restriction of processing

In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we may only process the information – other than storage – with your consent, or for the purpose of establishing, enforcing or defending legal claims, or to protect a person or important public interests.

Right to object

In certain cases, you have the right to object to our otherwise legal processing of your personal data. You can also object to the processing of your information for direct marketing.

Right to data portability

In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have this personal data transferred from one data controller to another without hindrance.

You can read more about your rights in the Danish Data Protection Agency's guidance on the rights of data subjects, which you can find at www.datatilsynet.dk.

Withdrawal of consent

When our processing of your personal data is based on your consent, you have the right to withdraw your consent.