The Personal Data Policy is applicable to the Inside Systems website (www.InsideSystems.com), web services, EDI, online applications and services and marketing activities that refer or have links to the Personal Data Policy (referred to jointly as our "Services").
This Personal Data Policy is applicable to all our Services, but we may also prepare specific supplements providing further information on our processing of personal data for one or more Services. These supplements are applicable to your use of the Services that they cover.
The Personal Data Policy is applicable regardless of whether you use a computer, a mobile phone, a tablet or another device to access our Services.
It is important for you to read the Personal Data Policy carefully so that you know how we use your personal data.
1. Data controller
2. The data we collect, and why
Account and profile creation
Users can create accounts or profiles in several of our Services. In connection with these Services, we will ask you to submit certain data about yourself so that we can create the account or profile (e.g. your name, address and email address and whether you represent a company, as well as data about your job and the company you represent).
It is necessary to process your data so that we can create an account and profile at your request, register you or your device for a Service and provide the Service or a function that you request. The General Data Protection Regulation, art. 6, para. 1 (b) and (f) provides the legal basis for this processing operation.
Some of our Services allow you to communicate with other people. These communications are transferred via our systems and stored on them solely so that we can offer you this communication option. We do not access such data.
Purchasing products and services
If you order a product or service from us, we will ask you to submit data about yourself. If you represent a company, we will ask you for your company name, CBR number, name, company contact details (telephone and email), shipping address(es) and billing address(es) and credit card details. If you are a private individual, we will ask you for your, contact details (telephone and email), shipping address(es) and billing address(es) and credit card details.
This processing of data is necessary so that we can provide the products or services that you have ordered and so that we can fulfil our agreement with one another. We may also process data relating to your purchases in order to meet legal requirements in respect of bookkeeping and accounting, for example. The General Data Protection Regulation, art. 6, para. 1 (b) and (c) provides the legal basis.
Competition entries and participation in customer surveys
You may be offered the opportunity to enter competitions and participate in customer surveys. In connection with these competitions and surveys, we will ask you for certain data about yourself, such as your name, address and email address and whether you represent a company, as well as data about your job and the company you represent. We also process the responses to surveys that you submit. Participation in surveys is voluntary.
Processing is necessary so that we can safeguard our legitimate interests as regards offering competitions and prize draws to our customers and users for promotional and other purposes, and so that we can assess and analyse our market, customers, products and services with a view to improving and optimizing our business. The General Data Protection Regulation, art. 6, para. 1 (f) provides the legal basis.
When you sign up for our newsletter, we collect data about your email address for that purpose and so that we can safeguard our interests in being able to provide newsletters to you. The General Data Protection Regulation, art. 6, para. 1 (f) provides the legal basis for this processing operation.
Data on your use of the Services
We process the data collected in order to optimize the user experience and the function of the Services; in order to understand how our Services are being used so that we can improve them and develop new products and services, in order to offer maintenance services for your device, and in order to deliver customized content and provide recommendations based on your previous activities on our Services.
This processing of data is necessary so that we can safeguard our interests in improving our Services and products, and so that we can show you relevant content and advertising. The General Data Protection Regulation, art. 6, para. 1, letter f provides the legal basis for this processing operation.
Data from other sources
We may receive data about you from publicly and commercially available sources (which is permitted in accordance with the law), which we may combine with other data we receive from or about you.
We may also receive data about you when you choose to use online price portals. Before using such services, you should read the service's information on how they process your personal data.
The data that you submit and that we collect relating to you may be used to provide you with data about campaigns, special offers, competitions, service notifications and other data about our products and services (direct marketing) that we think may be of interest to you.
We will only send direct marketing by email or other electronic mail in accordance with applicable legislation. This means, for example, that we may send direct marketing material to you by email with your prior consent (registration) or, in some cases, on the basis of the existing customer relationship.
Your consent is normally obtained when you check a specific consent field when using our Services, or when you fill in a form, but we may also obtain your consent in other situations, e.g. verbally via your personal account manager.
When you receive direct marketing from us by email, you will always have the opportunity to refuse to receive such communications in the future.
You can also notify us at any time (ideally by sending an email to info@InsideSystems.com) that you no longer wish to receive direct marketing from us.
Our legitimate interest in being able to market our Services and products to you – ref. the General Data Protection Regulation. art. 6, para. 1 (f) – provides the legal basis for the processing of your direct marketing data. E-marketing will always be based on your consent.
Voluntary responses and freedom of choice
Providing data for the stated purposes is voluntary but failing to give us this data may affect your options for using certain Services or making purchases from us.
We give you a series of options in regard to how we use your data. You can decide whether you want to receive advertising from us by following the instructions on unsubscribing that are included in the communication you receive from us.
3. Who do we disclose your data to?
We may disclose your data to the following units:
Your data may be disclosed to Inside Systems’ affiliated companies.
Suppliers and service providers
We may also disclose your data to companies that provide services to or on behalf of us, such as companies that help us with billing or submission of emails and marketing on our behalf, or that host our data. These companies are data processors and process data for which we are the data controller, at our instruction. These data processors must not use the data for any purpose other than the fulfilment of their contract with us, and they are subject to confidentiality in this regard. We have concluded written data processing contracts with all data processors who process personal data on behalf of ourselves.
There may be instances in which we disclose your data to other parties:
• To comply with the law or in accordance with statutory requirements
• To check or enforce compliance with the policies applicable to our Services, and
• To protect the rights, ownership or security of Inside Systems or any of our respective affiliated companies, business partners or customers
• As part of an organisational restructuring or a merger or transfer in the event of a sale.
You must be aware that personal data that you enter comment sections or similar places on our Services or other publicly available spaces (e.g. LinkedIn and Facebook), will be available and visible to others. You should exercise common sense in respect of all personal data that you choose to enter these services and environments.
4. Data transfer to third countries
We only transfer personal data to data processors outside the EU and EEA if appropriate guarantees have specifically been provided to ensure enough level of protection has been established, including in the form of the EU Commission's model contracts relating to data transfers.
We transfer data to Google Analytics (Google LLC) and Facebook Inc., both of which are established in the US. The necessary guarantees for the transfer of data to the US are assured through these companies' certification pursuant to the EU-U.S. Privacy Shield, ref. the General Data Protection Regulation, art. 45.
• A copy of Google LLC's certification can be viewed here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
• A copy of Facebook Inc.'s certification can be viewed here: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
• A copy of Microsoft Corp.’s certification can be viewed here: https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK
5. How do we protect your data?
We have implemented appropriate physical, organizational and technical measures to protect the data we collect in connection with the Services. However, please note that even though we implement reasonable measures to protect your data, no website, Internet transfer, computer system or wireless connection is entirely secure.
6. Deletion of personal data
We only retain data relating to you for as long as necessary, for the purpose for which it was collected, or as required in accordance with a contract or applicable legislation.
Data collected from your registration to our newsletter will be deleted when your consent to receive the newsletter is withdrawn. However, data may be retained for longer if we have a legitimate need to store it, e.g. if this is necessary for the establishment, exercise or defence of legal requirements, or if storage is necessary to allow us to meet legal requirements.
Data collected in connection with purchases you have made using our Services will initially be deleted 3 years after the end of the calendar year in which your purchase was undertaken. However, data may be retained for longer if we have a legitimate need to store it, e.g. requirements relating to the storage of accounting data, if this is necessary for the establishment, exercise or defence of legal requirements, or if storage is necessary to allow us to meet legal requirements. Accounting data will be retained for 5 years to the end of a financial year to meet the requirements of the Danish Bookkeeping Act.
Data collected when you create your account and profile will be deleted when you close your profile.
7. Third party links and products in our Services
Our Services may include links to third party websites and services that are beyond our control. We accept no liability for the security or confidentiality of the data collected by websites or other services. You should exercise caution and review data on the processing of personal data by the third-party websites and services that you use.
We may make certain products or services available to you that have been developed by third parties. Inside Systems accepts no liability for such third-party product or services.
8. Third party suppliers of content, advertising or functionality in our Services
Some of the content, advertising and functionality in our Services may be supplied by third parties that are not affiliated to us. For example:
• Some third parties may deliver advertising or keep track of which advertising users are viewing, how frequently they see these advertisements and how users respond to them.
• We make it possible for you to share certain data on the Services with other individuals via social networking services such as Facebook and LinkedIn.
9. Your rights
As a data controller, we must inform you of your rights to create transparency concerning the processing of your data. If you wish to exercise one or more of your rights, you can contact us using the contact details provided below.
Right of access
You are entitled, at any time, to ask us to provide information on what data we hold on you, the reason why this data is being held, what categories of personal data and recipients of data are applicable, and information on where the data originates from. You have the right to receive a copy of the personal data that we process about you.
Right to rectification
You have the right to request that we rectify any incorrect personal data relating to you. If you find out that the data that we hold on you contain errors, you are invited to contact us in writing so that this data can be corrected.
Right to erasure
In some cases, you have the right to have all or some of your personal data deleted by us, e.g. if you withdraw your consent and we have no further legal basis to continue processing the data. We are not obliged to delete your personal data insofar as the continued processing of your data is necessary, e.g. to enable us to meet our legal obligations or so that we can establish, exercise or defend legal requirements.
Right to the restriction of processing
In some cases, you have the right to have the processing of your personal data restricted (suspended) so that it only involves storage, e.g. if you think that the data we process about you is not correct.
Right to data portability
In some cases, you have the right to have personal data that you yourself have provided to us submitted in a structured, generally used and machine-readable format and you have the right to transfer this data to a different data controller.
Right to object
You are entitled at any time to object to our processing of your personal data regarding direct marketing, including the profiling undertaken so that we can target our direct marketing.
You are also entitled at any time to object, for reasons relating to your personal situation, to the processing of your personal data that we undertake based on our legitimate interests.
Right to withdraw consent
You are entitled at any time to withdraw any consent you have given us for specific processing of personal data.
Right to complain
You are entitled at any time to submit a complaint to the Danish Data Protection Agency, Borgergade 28, 5, DK-1300 Copenhagen K, Denmark concerning our processing of your personal data. Complaints may be submitted by email to firstname.lastname@example.org or by contacting +45 33 19 32 00.
If you have any specific questions, this is our contact address:
Inside Systems A/S
DK-9220 Aalborg, Denmark
Telephone: +45 72 18 33 60
CVR: 30 70 17 39