Policy for Process and Protection of Personal Data
This policy shall help ensure and document that BTX Group protects all personal data according to obligations relating to the General Data Protection Regulation. The policy also informs about the process and use of the collected personal data.
1. Records of process of personal data
BTX Group will deal with personal data about:
We have made records of the treatment of personal data, which give an overview of the processes, for which BTX Group is responsible.
The personal data is a precondition for BTX Group being able to enter into contracts of employment and customer and supplier contracts.
2. Purpose and legitimacy of the processes
Personal data is treated and registered in connection with:
- Personnel administration, including recruitment, employment, retirement and payment of salary
- Master data of customers as well as marketing, orders and sale
- Master data of suppliers as well as requests and purchase
We will use personal data only for the purposes listed above, and we will only collect data that are necessary to fulfil the purpose.
3. Registration and deletion
BTX Group has adopted the following general guidelines for registration and deletion of personal data:
- Personal data is kept in binders.
- Personal data is kept in it systems and on server drives.
- Personal data is kept only as long as needed for the purpose of the process.
Personal data of employees is deleted five years after the employment has ended, and personal information about applicants is deleted after six months.
4. Data security
We have adopted the following security measures in order to protect personal data:
- Access to the personal data, whether physically or through it systems with controlled access, is restricted to the employees who require this as part of their work.
- All computers have password, and employees may never share their passwords with anybody else.
- Computers must have firewall and antivirus programme installed, which are updated regularly.
- Personal information is deleted completely safely in connection with phase-out and repair of it equipment.
- USB keys, external hard discs etc. with personal data must be kept in locked drawers or cupboards.
- Binders are kept in locked offices or in locked cupboards.
- When personal information in binders is deleted, the documents are destructed.
- Personal data, which needs to be sent by email to external addressees, must be sent as secure email.
- All employees must be instructed in the process and protection of personal data.
Personal data about employees may be transferred to public authorities like e.g. tax authorities and pension funds.
6. Data Processors
BTX Group will only use data processors, who can guarantee that they will implement suitable technical and organisational measures to fulfil the requirements of the General Data Protection Regulation.
BTX Group handles the rights of data subjects, including the right to insight, withdrawal of consent, amendment and deletion, and informs the data subjects about BTX Group’s treatment of personal data. Data subjects have a right to file a complaint with The Danish Data Protection Agency.
8. Breach of personal data security
In case of breach of the personal data security, BTX Group will report the breach to The Danish Data Protection Agency as soon as possible and within 72 hours. The CFO is responsible for this. In the report the breach is described, which groups of people are affected, what consequences the breach may have for these people, and how BTX Group has remedied or will remedy the breach. If the breach implies a high risk to the data subjects, we will notify them. BTX Group provides documentation of all breaches of the personal data security.
Policy for Process and Protection of Personal Data Collected on Websites
In the following, we explain how BTX Group uses the personal data of which you leave footprints and/or that you provide when you visit our websites and use the various services on the websites.
1. Collection of personal data
You will always be informed before we collect personal data about you. The personal data we collect may include, for instance, your name, your email address, your home address and similar identification data.
2. The use of personal data
Personal data is collected and will be used in connection with:
- Sign-ups for newsletters
- Management of customer club/loyalty club
- Management of user accounts/profiles
- Participation in competitions and/or other events
- Send-outs of other marketing material, including invitations to events
- Other marketing initiatives
Please note that the use referred to above will take place only with your prior explicit consent, unless legislation allows us to contact you without your prior consent.
We will delete your data when we no longer need to process them to fulfil one or more of the purposes mentioned above. Your data may be processed and kept for a longer period in anonymised form.
Registration for receipt of newsletters will be disclosed to third party: HeyLoyalty, who delivers services on behalf of BTX Group. No data will be disclosed from there.
You can set your browser to refuse all cookies, disable existing cookies or warn you before accepting a cookie. For further information about how to avoid cookies please click the following link: http://minecookies.org/
We have implemented security measures to ensure that our internal procedures meet our high security policy standards. Accordingly, we strive to protect the quality and integrity of your personal data.
5. Access to your personal data
You are at any time entitled to be informed of the personal data about you that we process, but with certain legislative exceptions. You also have the right to object to the collection and further processing of your personal data. In addition, you have the right to have your personal data rectified, erased or blocked.
6. Links to other websites
Our websites may contain links to other websites or to integrated sites. We are not responsible for the con- tents of the websites of other companies (third-party websites) or for the practices of such companies regarding the collection of personal data. When you visit third-party websites, you should read the owners’ policies on the protection of personal data and other relevant policies.
7. Amendment of data, etc.
If you want us to update, amend or delete the personal data that we have recorded about you, wish to get access to the data being processed about you, if you no longer wish to receive information from us, or if you have any questions concerning the above guidelines, you may contact us at ou may write to us at the following address:
BTX Group A/S
14th March 2018