Carletti A/S (CVR: 89563518) is the data controller for the information we collect about you, and we ensure that your personal data is processed in accordance with the law.

We take your data protection seriously, and we have therefore adopted this privacy policy, which tells you how we process your personal data.

 

Contact

If you wish to contact us regarding our processing of your personal data, you can do so at:

Carletti A/S

Grenåvej 641

8541 Skødstrup

ecommerce@carletti.dk and/or +45 87490200

 

Processing of personal data

Personal data is all kinds of information that to one extent or another can be attributed to you. If you do not want us to process this information, it may be problematic to maintain and comply with any agreements and legal obligations.

 

As data controller, we have taken appropriate technical and organisational measures to prevent your data from being accidentally or illegally deleted, published, lost, impaired, disclosed to unauthorised persons, misused, or otherwise processed in violation of the law. We ensure that the processing can only take place when all data protection principles are met, cf. Article 5 of the General Data Protection Regulation.

 

When we are a data processor, we process personal data in accordance with the instructions and guidelines set out in the data processing agreement entered with the data controller.

 

Below you can see on what basis we process your data, for what purpose and for how long we store it.

 

The purpose and legal basis for the processing of your personal data

We process your personal data as part of the administration of your relationship with us, as a customer, supplier, course participant or business partner. Here, the processing of your personal data takes place based on our legitimate interest, cf. Article 6(1)(f) of the General Data Protection Regulation, which consists of communicating with you and registering you in our systems for use in future collaborations. This is necessary for our future operations and to establish a possible collaboration.

 

We also process your personal data as part of the processing of your purchase and delivery of our service as well as the evaluation of our performance. Here, the processing of your personal data takes place based on compliance with our contractual obligations, cf. Article 6(1)(b) of the General Data Protection Regulation, in accordance with the agreement we have entered with you as a customer, supplier, course participant or business partner.

 

Processing of personal data about you as an applicant

The purpose of collecting personal data about you in the recruitment process is to assess whether you are a qualified candidate for a vacant position with us.

 

Personal data that emerges in the recruitment process is the information that appears in your application, CV and other enclosed documents that are registered. It is not necessary for you to write a CPR number.

 

Your application and attachments will be shared internally with relevant staff in the recruitment process but will not be shared with people outside the company.

 

If you are called for a job interview, we will note information and information for use in the further recruitment process.

 

We process your data based on our legitimate interest, cf. Article 6(1)(f) of the General Data Protection Regulation, which is to assess your qualifications and competencies in relation to the advertised position.

 

The application and attachments can be stored for up to 6 months after the recruitment process has been completed, after which your information will be deleted. The purpose of storage after the recruitment process has been completed is to safeguard interests in the event of any objections of discrimination, discrimination, etc. during the recruitment process.

If we wish to save your application with appendices for possible future employment, this is done based on your consent, cf. Article 6(1)(a) of the General Data Protection Regulation. Your consent is voluntary, and you can withdraw it at any time by contacting us using the contact details above.

 

Unsolicited applications

In the case of unsolicited applications, we process your data based on our legitimate interest, cf. Article 6(1)(f) of the General Data Protection Regulation, which consists of assessing your qualifications and competencies in relation to possible future employment.

 

In the case of unsolicited applications, your application and attachments will be stored for a maximum of 6 months after receipt, after which it will be deleted. If we wish to store your application for a longer period of time than this, this is done based on a specific consent from you. Your consent is voluntary, and you can withdraw it at any time by contacting us using the contact details above.

 

Joint data responsibility (When using social media)

We use the following social media; Facebook and LinkedIn, which are categorized as joint data controllers. Joint data controller means that both parties are responsible for the purpose and processing of personal data.

 

Deletion and storage of personal data

We store the information for the time allowed by law, and we delete it when it is no longer needed. The period depends on the nature of the information and the reason for the storage.

For the following processing activities, we have the following deletion deadlines:

·         Information about you, which is included as part of accounting material, cf. section 3 of the Bookkeeping Act, will be stored for 5 years + the current year after the entry in question is considered to have been booked, cf. section 10 of the Bookkeeping Act.

·         Information about you that we process based on a contract, cf. Article 6(1)(b) of the General Data Protection Regulation, will be processed for as long as our contractual obligations remain.

·         Information about you as a course participant will be stored for 6 months after the course has been held.

 

Disclosure of personal data

In connection with the processing of your personal data, it may be necessary to disclose these to external parties. This includes suppliers of IT solutions for use in communication with you, accounting of entries arising from our ongoing supplier/customer agreement relationship and for the purpose of sending out our newsletter. In relevant cases, your personal data will be disclosed to SKAT, our bank, or our accountant.

 

As a rule, we only disclose your personal data to data recipients within the EU, who are subject to appropriate security measures. In some cases, we use data processors/suppliers in unsafe third countries. When the legislation of third countries does not offer the same security as within the Union, we have stricter obligations in the protection of your data. In this context, we ensure that there is a legal basis for the transfer in the form of SCCs (Standard Contractual Clauses), cf. Article 46(2)(c) of the General Data Protection Regulation, and that the data is processed under adequate security measures.

 

Other information about processing

Data minimization

We only process the data that is necessary to fulfil our stated purposes. In addition, we may be required by law to collect and store a variety of other information about you. We only retain personal data for as long as is necessary or required by law. Personal data is deleted or anonymised when it is no longer necessary for us to process it.

We keep data up to date.

As our service is dependent on your personal data being correct and up to date, we ask you to inform us of any relevant changes to your personal data. You can use the contact details above to notify us of your changes, and we will make sure to update your personal data. If we become aware that your personal data is incorrect, we will update the information and notify you of this.

 

Your rights

You can contact the contact information at the top of the page by contacting the following information:

·         gain access to your personal data.

·         have your registered personal data corrected.

·         have personal data about yourself deleted.

·         obtain your personal data (data portability) for the purpose of data portability to transfer to another data controller.

·         object to the processing.

·         restrict the processing of your personal data.

 

When you contact us with a request to make use of the above rights, we will respond to you within one month. If we cannot accommodate your request, you will be provided with a reason for it.

To exercise your rights, or if you have any questions about the above, you can contact us. Our contact information can be found at the top of the page.

If you are subsequently dissatisfied with the way we process your information, you have the right to file a complaint with the Danish Data Protection Agency.

 

Changes to the privacy policy

We reserve the right to change this privacy policy in the event of significant changes in legislation or as a result of changes in our processing activities.