Data Controller
We are the data controller for the processing of personal data relating to our customers and business partners. You can find our contact details below:
Innovea ApS
Lilliendalsvej 19
2700 Brønshøj
Denmark
CVR number: 45790339
If you have any questions regarding the processing of your personal data, you can contact us at: [email protected]
Processing Activities
As the data controller under the GDPR, we maintain an overview of our processing activities in our GDPR compliance system.
Website Visits
When you visit our website, we use cookies to ensure the website functions properly. You can read more about this in our Cookie Policy.
Communication with Potential Customers
If you have questions about our website or wish to learn more about our services, you may contact us via:
- Contact form
- Telephone
We will process your personal data so that we may engage in a dialogue with you, for example to answer questions regarding our services. We only process the information you provide during our communication.
We typically process the following general information:
Name, email address, phone number.
Our legal basis for processing these personal data is Article 6(1)(f) of the GDPR (legitimate interest).
We delete our communication with you once it is clear whether you wish to use our services or not.
In special cases, it may become necessary to store your data for a longer period; if so, we will assess this individually.
Customers
We need to communicate with our customers to ensure that services are delivered correctly. In this context, we may process information such as name, address, services provided, special agreements, payment details, and similar information.
Our legal basis for this processing is GDPR Article 6(1)(b) (necessary for the performance of a contract).
Once the service has been delivered and any outstanding matters resolved, we will delete the personal data shortly thereafter.
Newsletter
We offer a newsletter, which is voluntary to subscribe to — and you may unsubscribe at any time.
The purpose of the newsletter is to send subscribers emails with new information from our company, including website updates and announcements of our services.
We will only send emails to you if you have given us your active consent. First, you provide your email address, after which we send you a confirmation email to verify that you personally subscribed. This double opt-in process ensures valid consent.
Our legal basis for processing your personal data (email address) for newsletter purposes is GDPR Article 6(1)(a) (consent).
We will process your data as long as you remain subscribed. When you unsubscribe, we stop sending newsletters to you.
If we have not sent a newsletter to you within one year, your consent will lapse due to inactivity.
Upon unsubscribing, we retain documentation of your previous consent for 2 years from the last use, in accordance with the Danish Consumer Ombudsman’s Spam Guidelines, section 11.3.
Accounting
We are required to store accounting records in accordance with the Danish Bookkeeping Act. This means we store invoices and similar documents, which may contain personal data such as name, address, and description of services.
Our legal basis for this processing is GDPR Article 6(1)(c) (legal obligation).
We store these records for at least 5 years after the end of the current financial year.
Job Applications
We gladly receive job applications to assess whether they match a hiring need within our company.
If you send us a job application, our legal basis for processing your personal data is GDPR Article 6(1)(f) (legitimate interest).
Unsolicited applications:
Our HR department will immediately assess whether your application is relevant. If not, we will delete your information without undue delay.
Applications for posted job openings:
If you are not hired, we will delete your application shortly after the right candidate has been selected.
If you enter a recruitment process and/or are hired, we will provide you with separate information regarding how we process your personal data as part of that process.
Data Processors
Like most businesses, we use selected partners and service providers to support our operations. Some of these may act as data processors.
External providers may help deliver services such as work organization tools, IT hosting, website operation, communication, or marketing.
Examples of our data processors include:
- Elementor Hosting – website hosting
- Google – Analytics and related statistics services
- Typeform – handling online forms
- Cookiebot (Usercentrics A/S) – consent management
It is our responsibility to ensure your personal data is processed properly. Therefore, we place high demands on our partners, who must guarantee that your data are protected.
We enter into data processing agreements with any provider who processes personal data on our behalf.
Disclosure of Personal Data
We do not disclose your personal data to third parties unless required by law.
Profiling and Automated Decision-Making
We do not conduct profiling or automated decision-making.
Transfers to Third Countries
As a rule, we use data processors located within the EU/EEA, or who store data within the EU/EEA.
In certain situations, this is not possible. In such cases, we may use data processors outside the EU/EEA if they can ensure an adequate level of protection for your personal data, for example through Standard Contractual Clauses (SCCs) and supplementary safeguards.
Data Security
We maintain strong technical and organizational security measures to keep your personal data secure.
We perform risk assessments of our data processing activities and implement appropriate measures to enhance data protection, including GDPR awareness training.
One of our most important measures is ensuring that our employees stay up to date with GDPR requirements through ongoing training and internal reviews of our data protection procedures.
Your Right
You have several rights under the GDPR regarding our processing of your personal data.
If you wish to exercise your rights, please contact us and we will assist you.
Right of access
You have the right to access the data we process about you, as well as additional information.
Right to rectification
You have the right to have incorrect personal data corrected.
Right to erasure
In certain cases, you have the right to have your personal data deleted before our normal retention period expires.
Right to restriction of processing
In certain cases, you have the right to restrict the processing of your personal data. If you exercise this right, we may — aside from storage — only process your data with your consent, for legal claims, or to protect a person or important public interests.
Right to object
In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You may also object to processing for direct marketing.
Right to data portability
In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have those data transmitted to another controller.
You can read more about your rights on the Danish Data Protection Agency’s website:
www.datatilsynet.dk
Withdrawal of Consent
When our processing is based on your consent, you may withdraw this consent at any time. This does not affect the legality of processing carried out before the withdrawal.
Complaint to the Danish Data Protection Agency
You have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with how we process your personal data.
Contact details are available at: www.datatilsynet.dk