Privacy Policy
Imbox Protection A/S
Business reg. no. 32941060
- Who are we?
Imbox Protection A/S, business reg. no. 32941060, Gåseagervej 4, 8250 Egå, Denmark (”Imbox”, ”er” or ”us”) is the data controller responsible for the processing of your personal data as described in this privacy policy.
If you have any questions regarding this privacy policy or our processing of your personal data in general, you may contact us at support@imboxprotection.com
- We process your personal data
We process personal data for various purposes, which you can read more about in this privacy policy.
We only disclose your personal data when necessary to comply with the purposes for which the personal data was collected, or if it is necessary to comply with our legal obligations.
- Business partner and customer contact persons
As part of the company’s day-to-day business operations, we process the following categories of personal data regarding business partner and customer contact persons or if you contact us through our website or by email for business opportunity purposes. The processing activities are related to sales, handling of ongoing customer relationships, service, support, events, etc.
- Ordinary personal data, including name, contact information, employer, position and other CRM-related personal data in accordance with art. 6(1)(f) of the GDPR.
To the extent necessary, we disclose your personal data to business partners, suppliers, etc., including subcontractors, freight companies, accountants and attorneys.
We process the above-mentioned personal data for as long as the business or customer relationship or opportunity exists or until the relevant contact person is no longer employed by our business partner, customer, etc. Personal data registered in connection with sales, delivery, invoicing, etc., are stored for five (5) years after the end of the relevant financial year.
- Users of our website
We process your personal data if you give your consent to cookies. The purpose of the processing is to manage and develop our website and market our products and services to you. Depending on which cookie you consent to when you enter our website, we may process the following categories of personal data about you:
- Ordinary personal data, including IP address, which pages you visit on our website in accordance with art. 6(1)(a) of the GDPR.
If you consent to third-party cookies, we share information about your visit to our website with these third parties for statistical purposes, to improve our website, measure our marketing efficiency and to target marketing.
Learn more about cookies in our [cookie policy].
The retention period for our processing of your personal data depends on which cookie categories you consent to.
- Interaction on social media
We process your personal data if you follow Imbox, correspond with Imbox or like Imbox posts on social media, e.g. on Facebook or LinkedIn. The processing activities are for statistical and marketing purposes and include the following categories of personal data:
- Ordinary personal data, including your IP address and social media profile information, in accordance with art. 6(1)(a) and (f) of the GDPR.
In connection with these processing activities, we are joint data controllers with the social media providers in accordance with art. 26 of the GDPR.
- Applicants
We process your personal data if you apply for a job at Imbox. The purpose of the processing is to be able to access your application material for relevant or future vacancies. Depending on the personal data you provide in your application material, we process the following categories of personal data about you:
- Ordinary personal data that we receive in connection with your application, including name, contact information, employment history, education, competencies, photo etc., in accordance with art. 6(1)(b) and art. 6(1)(f) of the GDPR.
- Ordinary personal data that we may collect from public online media, including Facebook, LinkedIn etc., in accordance with art. 6(1)(b) and art. 6(1)(f) of the GDPR.
- Ordinary personal data that we may collect from your references or public authorities based on your consent in accordance with art. 6(1)(a) of the GDPR and section 8(2)(1) in the Danish Data Protection Act.
- Ordinary personal data that we may collect in connection with personality tests or similar tests based on your consent in accordance with art. 6(1)(a) of the GDPR.
Depending on the type of data you have provided in your application material, we may also process sensitive or confidential personal data, including the Danish civil registration number. If we process such personal data about you because you have provided such information in your application material without being asked to do so, we regard your submission of the application material as your consent to the processing of this information in connection with the recruitment process in accordance with art. 9(2)(a) of the GDPR and section 11(2)(2) in the Danish Data Protection Act.
If necessary, we may disclose your personal data to recruitment partners and test providers, operations and software suppliers and other data processors.
If your application leads to employment with us, we will generally store your personal data in accordance with our privacy policy for employees, after which the data is stored for up to five (5) years after termination of the employment.
If your application does not lead to employment with us, we will normally store your personal data until the recruitment process is complete, after which your personal data will be deleted.
We may request your consent to store your application for 12 months for the purpose of future vacancies. If so, we will request your consent in accordance with art. 6(1)(a) of the GDPR.
If you have submitted an unsolicited job application, we will store it until we have assessed the application and whether it is appropriate to store it with a view to possible subsequent employment. If we find that we have a purpose for storing your application, we will request your consent to store your application for 12 months, depending on the position you are applying for, in accordance with art. 6(1)(a) of the GDPR. Otherwise, we will delete your application when we have made the above assessment.
Under specific circumstances, we may store your personal data for a longer period of time in order to be able to defend ourselves against any potential legal claims in accordance with art. 6(1)(c) of the GDPR.
- Withdrawal Of consent
If we process your personal data based on your consent, you may withdraw your consent at any time by contacting us as outlined above under clause 1.
If you withdraw your consent, it will not affect the legality of our processing of your personal data until the time you withdraw the consent.
- transfer of personal data to third countries
To the extent necessary to comply with the purposes of the processing of your personal data, we may transfer personal data to international organisations or companies established in countries outside the EU/EEA. We only perform such transfers if we have a sufficient legal basis for this, including, e.g.:
- If the European Commission has assessed that the security in the relevant third country is adequate in accordance with the nature of art. 45 of the GDPR;
- If other appropriate safeguards can be provided, including, e.g. the conclusion of the EU Commission’s standard contracts in accordance with the nature of art. 46 of the GDPR; or
- If one or more of the exceptions in art. 49 of the GDPR apply.
- SECURITY MEASURES
Your personal data security is a high priority to us, and our focus is therefore on processing your personal data in compliance with applicable data protection law.
To best protect your personal data, we continuously assess the risks that may be associated with our processing of your personal data. We pay particular attention to protecting your personal data against discrimination, identity theft, financial loss, loss of reputation and confidentiality.
In the event of a data breach that involves a high risk to your rights, we will notify you of the breach as soon as possible under the given circumstances.
- Your rights
When we process your personal data, you have several rights in accordance with the GDPR. If you request to make use of your rights, you can contact us as described above under clause 1.
- Right of access. You are entitled to access and receive copies of the personal data we process about you.
- Right of rectification. If we process incorrect personal data about you, you are, to the same extent, entitled to rectification of any such incorrect personal data.
- In specific cases, you have the right to have the personal data we process about you deleted.
- Restriction of processing. In specific cases, you have the right to request that our processing of your personal data shall be limited to storage.
- Objection. In specific cases, you are entitled to object to our processing of your personal data.
- Data portability. In specific cases, you are entitled to receive your personal data in a structured, commonly used, and machine-readable format and to have such personal data readily transferred from one data controller to another.
- Avenues of complaint
You have the right to file a complaint to your local data protection authority or to the Danish Data Protection Agency if you are dissatisfied with the way in which we process your personal data. However, we hope that you will reach out to us first to find a solution.
The Danish Data Protection Agency’s contact information and information on how to file a complaint can be found at www.datatilsynet.dk.