Data Controller
We are the data controller for the processing of personal data about our customers and partners. Our contact details are as follows:

Dan-iso A/S
Løgstørvej 146, Havbro
DK-9600 Aars
CVR no.: 16228095

While it is not required for our company to have an external DPO, you can contact us with any questions regarding your personal data at mail@dan-iso.dk.

Processing Activities
As the data controller under GDPR, we engage in the following processing activities:

Website Visits
When you visit our website, we use cookies to ensure its functionality. You can read more about this in our cookie policy.

Communication with Potential Customers
If you have questions about our site or wish to learn more about our services, you can contact us via: contact form, email, or phone. We will process your personal data to engage in a dialogue, such as answering questions about our services. We only process the information you provide us during our communication, typically including: name, email, phone number. The legal basis for processing these personal data is Article 6(1)(f) of the GDPR. We will delete our communication once it is clear whether you wish to use our services. In special cases, we may need to retain your personal data for a longer period.

Customers
We need to communicate with our customers to ensure proper service delivery. This may involve processing information such as name, address, services, special agreements, payment details, and similar. The legal basis for processing this data is Article 6(1)(b) of the GDPR. Once the service is delivered and any outstanding matters are resolved, we will delete the personal data immediately.

Newsletter
We offer a voluntary newsletter subscription. The purpose is to send updates about new content on our website and our services. We will only send emails if you have given your explicit consent. This requires you to provide your email address, which we will use to send a confirmation email. This ensures that you have actively subscribed to the newsletter. The legal basis for processing your personal data (i.e., email address) for the newsletter is Article 6(1)(a) of the GDPR. We will process your personal data as long as you are subscribed. If you unsubscribe, we will stop sending you the newsletter. If we haven’t sent you a newsletter in 1 year, your consent will expire due to inactivity. Upon unsubscribing, we will retain your previous consent for 2 years for legal reasons in accordance with the Consumer Ombudsman’s spam guidelines, section 11.3.

Bookkeeping
We are required to retain all accounting documents under the bookkeeping law. This includes invoices and similar documents which may contain personal data such as name, address, and service description. The legal basis for processing personal data for bookkeeping is Article 6(1) of the GDPR. We store this information for a minimum of 5 years after the end of the financial year.

Job Applications
We welcome job applications to assess if they match our employment needs. If you send us a job application, the legal basis for processing your personal data is Article 6(1)(f) of the GDPR. Unsolicited applications will be reviewed by HR, and your data will be deleted if there is no match. Applications for advertised positions will be discarded if you are not hired, immediately after the right candidate is found. If you enter a recruitment process and/or are hired, we will provide separate information on how we handle your personal data in this context.

Data Processors
We have partners and suppliers, some of whom may act as data processors. External providers might offer systems for organizing our work, services, consulting, IT hosting, or marketing. We ensure that your personal data is handled properly by setting high standards for our partners, who must guarantee the protection of your data. We enter into agreements with data processors who handle personal data on our behalf to enhance data security.

Disclosure of Personal Data
We do not disclose your personal data to third parties. We do not perform profiling or automated decisions.

Transfers to Third Countries
We primarily use data processors in the EU/EEA or those storing data within the EU/EEA. In some cases, data processors outside the EU/EEA may be used if they provide adequate protection for your personal data.

Data Security
We ensure the security of personal data processing by implementing appropriate technical and organizational measures. We conduct risk assessments of our data processing activities and implement measures to enhance data security. One of our key measures is to keep our employees updated on GDPR through ongoing training, GDPR courses, and reviewing GDPR procedures.

Rights of Data Subjects
Under data protection regulations, you have several rights regarding our processing of your data. If you wish to exercise your rights, please contact us so we can assist you.

Right to Access
You have the right to access the personal data we process about you, along with additional information.

Right to Rectification
You have the right to have inaccurate data about yourself corrected.

Right to Erasure
In certain cases, you have the right to have your data erased before our general deletion period.

Right to Restriction of Processing
You have the right to request restriction of processing in certain cases. If you have this right, we may only process the data – excluding storage – with your consent, to establish, exercise or defend legal claims, or to protect a person or important public interests.

Right to Object
You have the right to object to our otherwise lawful processing of your personal data, including processing for direct marketing.

Right to Data Portability
In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have this data transferred from one data controller to another without hindrance. You can read more about your rights in the Danish Data Protection Agency’s guidance on data subjects’ rights at www.datatilsynet.dk/english.

Withdrawal of Consent
When our processing of your personal data is based on your consent, you have the right to withdraw your consent.

Complaint to the Danish Data Protection Agency
You have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with how we process your personal data. You can find the contact details for the Danish Data Protection Agency at www.datatilsynet.dk/english. We generally encourage you to stay informed about GDPR regulations.