Cookie and personal data policy

1 RESPONSIBILITY //

1.1 The protection of your personal data has our highest priority, regardless of whether this information is about you, your transactions, your products or your services.

1.2 We process personal data and have therefore adopted this personal data policy, which tells you how we process your personal data.

2 COMPANY / DATA RESPONSIBLE //

2.1 Company and data controller are:

FindersKeepers Shop ApS
CVR no. 39394278
Krausesvej 3
2100 Copenhagen East
Denmark
(Hereinafter referred to as "FindersKeepers")

Tel: +45 5356 2165
Email: shop@finderskeepers.dk
Wwebshop: https://shop.dkfinderskeepers.dk/

This Personal Data Policy also applies to FindersKeepers ApS, CVR no. 34884838, and other companies in the FindersKeepers group. References to FindersKeepers and “we” in the Personal Data Policy must therefore be understood as a reference to FindersKeepers ApS and other companies in the FindersKeepers Group.

3 PERSONAL DATA //

3.1 It is important to us that your personal data is stored securely and confidentially. We have procedures for the collection, storage, deletion, updating and disclosure of personal data to prevent unauthorized access to your personal data and to comply with applicable law.

3.2 We ensure fair and transparent data processing. When we ask you to make your personal data available to us, we inform you of what data we process about you and for what purpose. You will receive information about this at the time of collection of your personal data.

3.3 The guidelines below describe the types of personal data we collect, how we process this data and who you can contact if you have any questions or comments about this Personal Data Policy.

4 CATEGORIES OF PERSONAL DATA //

4.1 We typically collect and process the following types of personal data about you:

  • Name and / or username
  • Address
  • Email
  • Date of birth
  • Geographical location
  • Traffic data on Internet usage
  • Preferences and interests
  • Transaction data
  • Purchase history
  • Payment details
  • IP number
  • Unique identification numbers on network devices
  • (hereinafter referred to as "Personal Data")

5 PURPOSE //

5.1 We collect and store your Personal Data for certain purposes or other lawful business purposes.

5.2 Your Personal Data is collected and used for:

  • Identification of you as a user on our website
  • Processing of your purchase and delivery of our service
  • Fulfilling your request for products or services
  • Improving our products and services
  • Other administration of your relationship with FindersKeepers
  • Optimization of our website
  • Customizing our communications and marketing for you
  • Customizing partners' communication and marketing for you
  • Other marketing activities
  • Statistics and adjustment of our performance
  • Implementation of an agreement or measures at your request.
  • Fulfillment of legal requirements and / or response to regulatory inquiries

6 RIGHTS OF THE REGISTERED //

6.1 The rights of the data subjects will only have independent significance in relation to FindersKeepers in cases where FindersKeepers is data responsible. If FindersKeepers is the data processor, the data subject's rights must be fulfilled through the data controller in question.

6.2 The right of access

6.2.1 The data subject has in accordance with the Data Protection Regulation (Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Regulation on data protection) (EU) 2016 / 679 (“GDPR”)) Article 15 the right to confirm whether FindersKeepers processes Personal Data about the person concerned and, if applicable, to access this Personal Data (a copy of the data subject of the data subject must be provided).

6.2.2 In addition, the data subject has the right to receive the following information:

  • the purposes of the treatment
  • the affected categories of Personal Data
  • the recipients or categories of recipients to whom Personal Data is or will be transferred, in particular recipients in third countries or international organizations;
  • if possible, the intended period during which Personal Data will be stored or, if this is not possible, the criteria used to determine this period;
  • the right to request the data controller to correct or delete personal data or to limit the processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority
  • any available information on where Personal Data originates, if not collected from the data subject
  • the existence of automatic decisions, including profiling, as referred to in Article 22 (1); 1 and 4, and as a minimum meaningful information about the logic therein as well as the significance and the expected consequences of such treatment for the data subject.

6.6.3 It is our assessment that this provision will only come into play to a limited extent in relation to our case processing, because our processing of Personal Data can to a large extent be linked to the legal basis regarding fulfillment of an agreement or determination of a legal claim, just as we - if the processing otherwise complies with the basic processing rules - will most often be able to demonstrate compelling legitimate reasons for processing Personal Data.

6.6.4 The provision of Article 21 of the GDPR presupposes that the data subject is explicitly informed of his right to object and that this must be done at the latest at the time of the first communication. Furthermore, the information in this regard must be clearly communicated and kept separate from the other information.

6.6.5 In addition to Article 21 of the GDPR, the data subject has the right under Article 22 not to be the subject of a decision based solely on automatic processing, including profiling, which has legal effect or similarly significantly affects the person concerned. .

6.6.6 This provision also contains a number of exceptions, in accordance with Article 22 (1). 2. Among other things, the court does not apply if the decision is necessary for the conclusion or fulfillment of a contract between the data subject and a data controller, if the processing is based on law, or if the processing is based on the data subject's express consent.

6.6.7 However, Article 22 of the GDPR generally presupposes that automated decisions are not based on specific categories of Personal Data, cf. Article 9 (1). 1, unless express consent has been given and appropriate measures have been put in place to protect the data subject's rights and freedoms as well as legitimate interests.

6.7 Right to data minimization

6.7.1 Pursuant to Article 18 of the GDPR, the data subject has the right to have the processing of Personal Data restricted if:

  • the accuracy of Personal Data is disputed by the data subject, but only in the period until the Data Controller has had the opportunity to determine whether Personal Data is correct;
  • the processing is illegal and the data subject opposes the deletion of Personal Data and instead requests that its use be restricted;
  • the data controller no longer needs personal data for the processing, but they are necessary for a legal claim to be established, asserted or defended;
  • the data subject has objected to the processing pursuant to Article 21 (1); 1, but only during the period while checking whether the data controller's legitimate interests take precedence over the data subject's legitimate interests.

6.7.2 The court thus constitutes an alternative (and minor) interference with the processing compared with the data subject's right to object under Articles 21 and 22, and the data subject's right to be forgotten ”under Article 17.

6.7.3 It follows from the provision's paragraph. 2, that if a processing has been restricted, such Personal Data, except for storage, may still be processed, inter alia, if the data subject gives consent to this, or if the processing is necessary for a legal claim to be determined, asserted or defended.

6.7.4 In our opinion, the provision will only have limited significance for our access to process Personal Data in our case processing.

7 TREATMENT RULES - GENERAL //

7.1 Treatment principles


7.1.1 We will process Personal Data legally, fairly and in a transparent manner in relation to the data subject.

7.1.2 Our processing of Personal Data is subject to a purpose limitation, which means that Personal Data must be collected for explicitly stated and legitimate purposes. They must not be further processed in a manner incompatible with those purposes,

7.1.3 We process Personal Data on the basis of a principle of data minimization, which means that it must be sufficient, relevant and limited to what is necessary in relation to the purposes for which it is processed,

7.1.4 Personal data must be processed on the basis of a principle of accuracy, which means that they must be correct and, if necessary, updated,

7.1.5 We process Personal Data on the basis of a principle of storage limitation, which means that Personal Data must be stored in such a way that it is not possible to identify the data subjects for a longer period of time than is necessary for the purposes for which the personal data in question are processed, and

7.1.6 Personal data must be processed on the basis of a principle of integrity and confidentiality, which means that they must be processed in a way that ensures adequate security of Personal Data, including they must be protected against unauthorized or illegal processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

7.2 Risk analysis


7.2.1 In connection with our case processing, we must implement appropriate technical and organizational measures to ensure a level of security that suits the risks that are specifically associated with our processing of Personal Data.

7.2.2 We have carried out a risk analysis, which is the basis for this Personal Data Policy.

7.3 Data Protection Impact Assessment (DPIA)

7.3.1 Article 35 of the GDPR contains a requirement that if a treatment - in particular through the use of new technologies and by virtue of its nature, scope, coherence and purpose - is likely to involve a high risk to the rights and freedoms of natural persons, the data controller prior to the processing carry out an analysis of the consequences of the intended processing activities for the protection of Personal Data.

7.3.2 The obligation to carry out an impact assessment only applies in special cases where a high risk of the rights and freedoms of natural persons can be identified.

7.3.3 Impact assessments must be carried out in particular when:
(a) large-scale processing of sensitive information or personal data relating to criminal convictions and offenses; or
(b) systematic and comprehensive assessment of personal matters relating to natural persons, based on automatic treatment, including profiling, which is the basis for decisions which have legal effect on the natural person or have a significant effect on the natural person in a similar manner; or
c) systematic monitoring of a publicly accessible area on a large scale

7.3.4 It is our assessment that, in principle, we will rarely carry out treatments that meet one of the above criteria. It must therefore be assumed that the rules on impact assessment will have a relatively limited area of application in relation to our processing of Personal Data about customers.

7.3.5 If an impact assessment is carried out anyway, the result of the analysis will be taken into account when we have to take appropriate measures.

7.4 Data Protection Adviser (DPO)

7.4.1 The obligation to appoint a data protection adviser presupposes, according to Article 37 of the Data Protection Regulation, that the processing of Personal Data is included as our "core activity". This is the case for the cases where FindersKeepers acts as a data processor, but not in other situations where FindersKeepers acts as a data controller. This is because FindersKeepers, as data controller, primarily processes employee data or CRM data about FindersKeepers' customers.

7.4.2 The obligation to appoint a data protection adviser arises in particular when:
(a) processing activities are carried out which, by virtue of their nature, scope and / or purpose, require regular and systematic monitoring of data subjects on a large scale; or
(b) large - scale processing of specific categories of information (sensitive information); or
(c) large-scale processing of personal data relating to criminal convictions and offenses.

7.4.3 It is our assessment that FindersKeepers does not process personal data to an extent as described above. We have therefore chosen not to appoint a data protection adviser.

7.4.4 As a result of the principle of accountability, whether we act as data controller or data processor, we have appointed a person in our organization whose area of responsibility is to make the assessments and advice that will normally be provided by a data protection adviser.

7.5 Data controller

7.5.1 For Personal Data about FindersKeepers' customers, FindersKeepers will, as a general rule, work independently. FindersKeepers independently assesses whether there is a basis for collecting / processing Personal Data, which Personal Data is relevant and necessary, and how long Personal Data must be stored. In this situation, FindersKeepers will act as data controller.

7.6 Data Processor Agreement

7.6.1 If we are data controllers and have assessed that there is a data processor construction for the data processor, a data processor agreement must be drawn up.

7.6.2 The data processor agreement must be entered into between us (the data controller) and the other party (the data processor), and must live up to the data protection regulation's requirements for data processor agreements, cf. GDPR Article 28, subsection. 3. This means that a contract or other legal document must be drawn up that is binding on the data processor. It is also a requirement that the data processor agreement is in writing, including electronically.

7.6.3 The GDPR also sets out a number of specific requirements for the content of the data processor agreement. The agreement must i.a. contain information about the subject and duration of the processing, the nature and purpose of the processing, the type of Personal Data, the categories of data subjects and our obligations and rights as data controller as well as the duties that the data processor has in relation to performing the task. The requirements are specifically described in Article 28 (2). 3, letter ah, and GDPR.

7.6.4 If we act as a data processor for the customer, a written data processor agreement must be entered into with the customer.

7.7 Transfer of Personal Data to third countries

7.7.1 FindersKeepers' processing of Personal Data generally takes place within the EU.

7.7.2 If it is necessary to transfer Personal Data to a third country or international organization located outside the EU / EEA, we ensure before the transfer of Personal Data to the third country or international organization in question that the transfer takes place to a third country where the EU -The Commission has decided that the level of protection in the third country or international organization concerned is sufficient (ie to "secure" third countries / organizations) or that the transfer takes place on another basis that ensures that the transfer of Personal Data takes place in a , which constitutes a sufficient guarantee that Personal Data is protected, including any by applying the EU-US Privacy Shield Agreement or by applying the EU Commission's standard contractual clauses.

7.8 Data processors - overview

7.8.1 We use external companies to carry out the technical operation of FindersKeepers. These companies act as data processors in relation to the Personal Data for which we are data responsible.

7.8.2 You can find out more about which data processors we use to process Personal Data and where Personal Data is located in the list below.

7.8.3 The data processor acts solely on instructions from us.

7.8.4 We use the following data processors:

Data processor Localization Agreement type
SurveyMonkey [USA, Brazil and EU] Data Processor Agreement
MailChimp USA Data Processor Agreement using EU-US Privacy Shield
Mby.hm (Henning Mølbæk) Denmark Data Processor Agreement
WPengine USA Data Processor Agreement
Google (Google docs, Gmail, etc.) USA Google Data Processing Terms
E-conomics Denmark / EU Data Processor Agreement
Diner Denmark Data Processor Agreement
Big buddy Denmark Data Processor Agreement
Danløn Denmark Data Processor Agreement
Dropbox USA Data Processor Agreement

7.8.5 The Data Processor has taken the necessary technical and organizational security measures against the personal or illegal destruction, loss or deterioration of Personal Data and against the fact that they come to the knowledge of unauthorized persons, are misused or otherwise processed in violation of the Personal Data Processing Act. At your request - and against payment of the data processor's hourly rates for such work - the data processor provides you with sufficient Personal Data to enable the data processor to demonstrate that the said technical and organizational security measures have been taken.

7.9 Transfer to social networks

7.10 Personal data can be passed on to social networks and consent is obtained to the extent necessary. FindersKeepers distinguishes between portrait images and situation images.

7.11 Other disclosure

7.12 If we receive an inquiry from the police (or other similar public authority) or the judiciary about the disclosure of Personal Data, we will make the disclosure of your Personal Data in accordance with applicable law.

7.13 Profiling

7.14 We do not use your Personal Data for profiling.

7.15 General technical measures

7.15.1 The Danish Data Protection Agency's IT security texts, cf. below, form the basis for the considerations and assessments we have made in accordance with the Data Protection Ordinance.

7.15.2 Access to Personal Data is limited to persons who have a material need for access to Personal Data. There must be as few people as possible, however with due regard for the operation - there must be a sufficient number of employees to ensure the operation of the tasks in question in the event of illness, holidays, staff turnover, etc. Data will only be accessed on a "need to know" basis .

7.15.3 Employees who handle Personal Data are instructed and trained in what they may do with Personal Data and how to protect Personal Data.

7.15.4 Personal data on paper - e.g. in files and binders - keep locked up when not in use.

7.15.5 When documents (papers, index cards, etc.) with Personal Data are thrown out, shredding or other measures are used that prevent unauthorized persons from gaining access to Personal Data.

7.15.6 Passwords are used to access PCs and other electronic equipment with Personal Data. Only the persons who are to have access are given a code and then only to the systems that the person in question needs to use. People who have a password must not leave the code to others or leave it for others to see. Assigned codes must be checked at least once every six months.

7.15.7 It is registered if unsuccessful attempts are made to gain access to IT systems with Personal Data. If a specified number of consecutive rejected access attempts is registered, further attempts must be blocked. The registration is made in G-suite.

7.15.8 FindersKeepers has appointed a responsible person who can monitor such futile access attempts. Taking into account the technological development, software has been procured that can clarify who has tried to gain access to Personal Data.

7.15.9 PCs connected to the Internet have an updated firewall and virus check installed.

7.15.10 When connecting to wifi, to which there is free access, we ensure appropriate security measures, taking into account the current technological development stage in the IT field.

7.15.11 If sensitive Personal Data or Social Security Number is sent by e-mail via the Internet, such e-mails must be encrypted. If you send Personal Data to us by e-mail, you must be aware that sending to us is not secure if your e-mails are not encrypted.

7.15.12 In connection with the repair and service of computer equipment that contains Personal Data, and when data media are to be sold or discarded, we take the necessary measures so that information cannot come to the knowledge of unauthorized persons.

7.15.13 In the situations where a computer is handed in for repair and where Personal data is on the computer, we establish several codes for different sections of data. For example, a repairer will not need to be able to access Personal Data that may be on the computer. Such a multi-code scheme will be able to help but not eliminate the risk of misuse of Personal Data. In addition, it should also be ensured by agreement and inspection that repairers do not illegally access Personal Data. It can e.g. be using privacy statements.

7.15.14 When using an external data processor to handle Personal Data, a written data processor agreement is signed between us and the data processor. This applies, for example, when using an external document archive or if cloud systems are used in connection with the processing of Personal Data - including communication with the customer. In the same way, a written agreement is always entered into between us and our customer if we act as a data processor. The data processor agreements are also available electronically.

7.15.15 We have internal rules on information security. We have adopted internal rules on information security, which contain instructions and measures that protect Personal Data against being destroyed, lost or altered, against unauthorized publication, and against unauthorized access or knowledge by unauthorized persons. FindersKeepers will ensure that the collected Personal Data, including Personal Data, is treated with care and protected in accordance with applicable security standards. We have strict security procedures for the collection, storage and transfer of Personal Data to prevent unauthorized access and to comply with applicable law.

7.15.16 We have taken the necessary technical and organizational security measures to protect your Personal Data from accidental or unlawful destruction, loss or alteration and against unauthorized disclosure, misuse or other action in violation of applicable law.

7.15.17 We use industry standards such as firewalls and authentication protection to protect your Personal Data.

7.15.18 All data transferred between customer (browser and web app) and server (s) is encrypted according to the HTTPS protocol.

7.15.19 Files that are manually selected for password protection within our service are encrypted and can under no circumstances be accessed by us.

7.16 Backup

7.16.1 FindersKeepers backs up all databases. The backup is stored on an external data center.

7.16.2 The following types of backup can be taken:
a) backup rolling. With this method, all file and data updates are backed up daily and a backup of all the new data is created. This creates a history of changes so that the possibility of recovering lost data is increased.
b) backup clone. This backup strategy creates a perfect copy of every device on the network
c) backup offsite. This backup protects against data loss if the backup is stored on site. All data and files are backed up and backups are stored offsite.

7.16.3 All backup data and files can be overwritten at intervals of 30 days. It is not technically possible to delete individual files on a backup before such overwriting takes place. This means that if you have requested FindersKeepers to delete your Personal Data, such Personal Data will be deleted in a live environment, cf. below, but will remain on backup until the specific backup after 30 days has been overwritten.

7.17 Duty to provide information

7.18 Each customer receives a link to our Personal Data Policy and which can then simply be referred to.

7.19 Deletion - when

7.19.1 After termination of the business relationship with a customer or supplier, we basically delete Personal Data from the relevant customer or supplier relationship as soon as it is no longer necessary to store the Personal Data in question.

7.19.2 However, a number of other considerations as well as special rules imply that Personal Data should not always or may not be deleted until a certain period of time has elapsed.

7.19.3 It must therefore be specifically considered how long Personal Data is stored before it is deleted.

7.19.4 The accounting rules imply that Personal Data attached to a payment must be stored for 5 years + current calendar year after the end of the financial year.

7.19.5 The consideration that we can take care of your interests in the event of a possible liability may mean that information is stored for 3 years after the termination of the business relationship with the customer or supplier.

7.19.6 Master data for the customer should - to ensure logical synergy for the accounting treatment as well - be stored for 5 years from the end of the customer relationship.

7.19.7 Contact information - CRM must be continuously deleted and updated. Emails that may be relevant to the determination of a legal claim must be stored for 5 years and then deleted, unless legal claims have been raised against, or are thought to have been raised by, FindersKeepers.

7.20 Deletion - how

7.20.1 It appears from IT security text ST3 from the Danish Data Protection Agency regarding deletion of Personal Data that deletion of Personal Data in practice means that Personal Data is irrevocably removed from all storage media on which it has been stored, and that Personal Data can in no way be recovered. In this connection, you must be aware of all storage media - including removable media in the form of laptops, USB keys, etc., as well as back-up.

7.20.2 To facilitate the deletion procedure, all physical material must be scanned for the electronic case, and then shredded or returned to the customer.

7.20.3 In addition, all correspondence, etc. from G-mail is transferred to the electronic case and deleted in its entirety from G-mail, just like all statements / presentations etc. on various portable media and local drives must be transferred to the electronic case and otherwise deleted.

7.20.4 In this way, the entire case can be deleted in its entirety in due course (after the end of the storage period).

7.20.5 Personal data can alternatively be completely anonymised with the effect that they can no longer be attributed to a specific person. In that case, the regulation on Personal Data does not apply at all, and complete anonymisation is therefore an alternative to deletion. However, it is important to keep in mind that anonymisation - as an alternative to deletion - presupposes that you delete all traces that could lead to the person to whom the information relates. It is usually a very difficult exercise.

7.20.6 After deletion / anonymisation, we will carry out a proper cross-check in the form of searches by name, e-mail address, etc. concerning the customer or the case to ensure that nothing comes out.

8 DETAILED TREATMENT RULES //

8.1 Treatment authority

8.1.1 Our legal basis for processing Personal Data lies first and foremost in the relationship with the customer and being able to administer agreements entered into. In these areas, within this mandate, we will in principle have the authority to process the necessary information. It follows in particular from Article 6 (1) of the Data Protection Regulation. 1, letter ac and letter f, as well as of Article 9, para. 2, letters a and f.

8.1.2 These provisions deal with access to the processing of Personal Data, (i) if there is consent, (ii) if the processing is necessary to fulfill a contract, (iii) if the processing is necessary to comply with a legal obligation, (iv ) necessary to fulfill essential interests that go beyond the interests of the data subject; or (v) necessary to establish, assert or defend a legal claim.

8.1.3 With regard to social security numbers, we may process information on social security numbers, (i) when required by law, (ii) if there is a consent, or (iii) if necessary for the purpose of determining a legal claim, cf. § 11 of the Data Protection Act, cf. § 7.

8.1.4 It is our assessment that the processing of Personal Data we carry out in relation to a customer will to a large extent be authorized in the stated provisions

8.2 IP addresses and browser settings

8.2.1 In connection with each visit to FindersKeeper's website, your computer's used IP address and browser settings are registered. Your IP address is the address of the computer you use to visit FindersKeepers. Browser settings are, for example, the browser type you use, browser language, time zone, etc. The IP address and browser settings are registered to ensure that FindersKeepers can always find its way back to the computer used in the event of any abuse or illegalities in connection with the visit to or use of FindersKeepers website. The IP address is also used to determine your approximate location (at city level).

8.3 Newsletter

8.3.1 If you subscribe to FindersKeepers' newsletters, your personal information will be registered directly with MailChimp. If you no longer wish to receive newsletters from FindersKeepers, you can unsubscribe by using the unsubscribe link contained in the email or by contacting FindersKeepers at info@finderskeepers.dk.

8.3.2 Anonymisation

8.3.3 FindersKeepers uses anonymisation of data from customers for statistical and research purposes, as well as to be able to improve systems, processes and products. This means that results cannot be traced back to identifying specific individuals.

8.3.4 FindersKeepers thus anonymises that the possibility of identifying individuals in a data set is removed. Irrevocable anonymisation is thus carried out, so that personal data is made anonymous in such a way that the data subject can no longer be identified.

8.3.5 Eg. name, address or social security number replaced by a code, a serial number, etc., which can no longer be traced back to the original individual personal data. Codes are assigned at random and cannot be returned using lists, keys, etc. that show the connection between the serial number and the actual identification information. This also means that personal data that is available in the form of a picture, the person's voice, fingerprints or genetic characteristics are deleted in connection with the anonymisation.

9 TREATMENT OVERVIEW //

9.1 Processing overview for information about customers, suppliers, etc .:

Data controller Company name, CVR no. and contact information
(address, website, telephone number
and email)
FindersKeepers Shop ApS
CVR no. 39394278
Krausesvej 3 2100 Copenhagen Ø
Denmark
T: +45 5356 2165
E: shop@finderskeepers.dk
W: https://shop.dkfinderskeepers.dk/
Purpose (s) Purpose of the treatment or treatments
(an overall, logically coherent purpose of a processing or a series of processing, which is hereby stated as one purpose out of all the overall purposes of the data controller)
Personal data is collected and used for:
• Identification of you as a user of our website
• Processing of your purchase and delivery of our service
Fulfillment of your request for products or services
• Improving our products and services
• Other administration of your relationship with FindersKeepers
• Optimization of our website
• Customizing our communication and marketing for you
• Customization of partners' communication and marketing to you
• Other marketing activities
• Statistics and adjustment of our performance
• Implementation of an agreement or measures at your request
• Compliance with legal requirements and / or answering inquiries from authorities
The categories of data subjects and the categories of Personal Data Category of registered persons (eg applicants, current or former employees) Information on the following categories of registered persons is processed:
• Name and / or username
• Address
• Email
• Date of birth
• Geographical location
• Traffic data on Internet usage
• Preferences and interests
• Transaction data
• Purchase history
• Payment details
• IP number
• Unique identification numbers on network devices
The recipients of Personal Data Categories of recipients to whom information is or will be disclosed, including recipients in third countries and international organizations
(eg other authorities, companies, citizen /
customers, etc.)
1. Data processors and possibly other suppliers
2. Public authorities (eg SKAT)
Banks
4. Credit bureaus
Reminder portal (debt collection company)
6. Intrum (debt collection company)
Third countries and international organizations Information on the transfer of Personal Data to third countries or international organizations FindersKeepers transfers Personal Data to Third Countries, including the United States, in connection with the use of the following providers:
• SurveyMonkey
• MailChimp
• WPengine
• Google
FindersKeepers has entered into data processor agreements with the suppliers concerned using the EU-US Privacy Shield and / or the EU Commission's standard contractual provisions on data protection.
Deletion Time of deletion
information
(the expected deadlines for
deletion of the various
categories of information)
The accounting rules imply that Personal Data attached to a payment must be stored for 5 years + current calendar year after the end of the financial year.
The consideration that we can safeguard its interests in the event of a possible liability may mean that information is stored for 3 years after the termination of the business relationship with the customer or supplier.

Master data for the customer should - to ensure logical synergy for the accounting treatment as well - be stored for 5 years from the end of the customer relationship.

Contact information - CRM must be continuously deleted and updated. Emails that may be relevant to the determination of a legal claim must be stored for 5 years and then deleted, unless legal claims have been raised against, or are thought to have been raised by, FindersKeepers.
Technical and organizational security measures Description of technical and organizational security measures
(if possible, give
a general description of the
technical and organizational
security measures,
see Article 32 1)
PCs connected to the Internet have an updated firewall and virus check installed.

We use industry standards such as firewalls and authentication protection to protect Personal Data.

Passwords are used to access PCs and other electronic equipment with Personal Data. People who have a password must not leave the code to others or leave it for others to see. Assigned codes must be checked at least once every six months.

In the situations where a computer is handed in for repair and where Personal data is on the computer, we establish several codes for different sections of data.

Personal data on paper - e.g. in files and binders - keep locked up when not in use.

Access to Personal Data is limited to persons who have a material need for access to Personal Data.

10 COOKIES //

10.1 We collect information about you in various ways in connection with the operation of FindersKeepers. We collect information about you on the Website and through your use of FindersKeepers in two ways: Through so-called 'cookies' and through registration and use of FindersKeepers.

10.2 If you do not want information to be collected, you should delete your cookies and refrain from further use of the website

10.3 You can get more information on our website about our use of cookies, and about how you can delete or reject them. If you want to revoke your consent, see the instructions under our cookie policy.

10.4 What is a cookie and similar technologies? Cookies are small information devices that FindersKeepers places on your computer's hard drive, on your tablet, or on your smartphone. Cookies contain information that FindersKeepers uses to streamline communication between you and your web browser. The cookie does not identify you as an individual user, but identifies your computer.

10.5 There are two types of cookies - temporary cookies and permanent cookies. Temporary cookies are information devices that are deleted when you close your web browser. Permanent cookies are information devices that are stored on your computer until they are deleted. Permanent cookies delete themselves after a certain period, but are renewed every time you visit FindersKeepers. FindersKeepers uses both temporary and permanent cookies.

10.6 We use similar technologies that store and read information in the browser or device and that utilize local devices and local storage, such as HTML 5 cookies, Flash and other methods. These technologies can work across your browsers. In some cases, the use of these technologies can not be controlled by the browser, but requires special tools. We use these technologies to store information that is used to ensure the quality of our services and to detect irregularities in the use of FindersKeepers.

10.6.1 When you visit FindersKeepers for the first time, you automatically receive a cookie. A cookie is a small text file that is stored in your web browser and which registers you as a unique user. This cookie identifies our web server when you visit FindersKeepers and registers its use.

10.6.2 A cookie may contain text, numbers or eg a date, but there is no personal information contained in a cookie. It is not a program and cannot contain viruses.

10.6.3 We use cookies to be able to customize and create content and services that match your interests and wishes. We also use cookies to keep demographic and user-related statistics, and thus determine who visits FindersKeepers. We only record anonymous information such as IP numbers, number of bytes sent and received, Internet host, time, browser type, version, and language, etc.

10.7 What types of cookies do we use and for what purposes?

10.7.1 We use cookies for:

  • Statistics, ie measuring the traffic on www.FindersKeepers.dk, including the number of visits to www.FindersKeepers.dk, which domains the visitor comes from, which pages they see on www.FindersKeepers.dk, and which overall geographical area the user is in sig i.
  • Improve functionality, ie. to improve the functionality and optimize your FindersKeepers experience and help you remember your username and password so you do not have to log in again when you return to FindersKeepers.
  • Integrate with social media, ie. to allow you to integrate with social media, such as Facebook.
  • Quality assurance, ie. to ensure the quality of our services and prevent abuse and irregularities in the use of our services.
  • Targeted marketing, ie. to show specific marketing on FindersKeepers that we think you will find interesting.

10.8 Access by third parties

10.8.1 FindersKeepers provides access for its third party suppliers to gain insight into the content of the cookies set by FindersKeepers. However, this Information may only be used on behalf of FindersKeepers and may not be used for the third party's own purposes.

10.9 Third Party Cookies

10.9.1 Our Website uses cookies from the following third parties:

10.9.2 Google Analytics: for statistical purposes. You can reject cookies from Google Analytics by clicking here: http://tools.google.com/dlpage/gaoptout

10.10 How to reject the use of cookies

10.10.1 Most browsers allow you to delete cookies from your hard drive, block all cookies or receive a warning before saving a cookie. However, you should be aware that in that case, there may be services and features that you can not use because they require cookies to remember choices you make. We hope you will allow the cookies we set as they help us improve FindersKeepers.

10.11 How to delete cookies

10.11.1 You always have the option to delete cookies stored on your computer.

Instructions for deleting cookies in Microsoft Internet Explorer
Instructions for deleting cookies in the Mozilla Firefox browser
Instructions for deleting cookies on Google Chrome browser
Instructions for deleting cookies on Opera browser
Instructions for deleting flash cookies - applies to all browsers

10.12 Google Analytics

10.12.1 FindersKeepers uses FindersKeepers Google Analytics to analyze how users use FindersKeepers. The information that the cookie collects about your use (traffic data, including your IP address) is sent to and stored on Google's servers in the United States. Google uses the information to evaluate your use of FindersKeepers, compile reports on the activity of FindersKeepers and provide other services related to the activity of FindersKeepers and the use of the Internet. Google may also disclose the information to third parties if required by law or if third parties process the information on Google's behalf.

10.12.2 Google Analytics sets two types of cookies: (a) A persistent cookie that shows whether the user is recurring, where the user comes from, which search engine has been used, keywords, etc., and (b) session cookies that are used to show, when and for how long a user is on the site. Session cookies expire after each session, that is, when you close your tab or browser. Google does not link your IP address with any other information held by Google.

10.13 Most browsers allow you to delete cookies from Google Analytics. Read more about Google Analytics' use of cookies.

10.13.1 By using FindersKeepers, you consent to us using cookies as described. If you no longer wish to consent to the use of cookies, you must deselect cookies by changing the settings in your browser.

10.2 Cookie settings
Cookie settings

11 CHANGE IN PERSONAL DATA POLICY //

11.1 FindersKeepers may change this personal data policy with effect for the future at any time and without notice. In the event of such changes, FindersKeepers' users FindersKeepers.dk will be informed. FindersKeepers' new personal data policy will then apply to your use of FindersKeepers.

12 INQUIRIES //

If you have any questions about this personal data policy, our processing of personal data, rectification or your relationship with us in general, you are welcome to contact us at the following e-mail address: info@finderskeepers.dk

13 DATATILSYNET //

13.1 You have the opportunity to complain to the Danish Data Protection Agency about FindersKeepers' collection and processing of your personal information:

The Data Inspectorate
Borgergade 28, 5.
1300 Copenhagen K

Phone 3319 3200
Mail: dt@datatilsynet.dk
www.datatilsynet.dk