Privacy Policy - GlycoSpot SIRIUS Platform
This privacy policy (hereinafter as “Privacy policy“) regulate conditions for personal data processing by means of the web application Siriusplatform (hereinafter as “platform”).
The controller when processing your personal data is the company GlycoSpot ApS, with its registered address at Østmarken 9, 2860 Søborg, Denmark, registered at the CVR(VAT), registration number: 36487976 (hereinafter as “Controller“ or “we” in a respective grammatic form).
Information on the personal data processing which occurs outside the platform are subject to the respective internal regulations and if necessary, the Controller will provide you with it.
The Controller is hereby (via this Privacy policy) informing you why your personal data are processed, how they are processed, for how long they are processed, what your rights regarding the processing of your personal data are and other relevant information on the processing of your personal data.
The Controller processes your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter as “Regulation“), with Act No. 502 of 23 May 2018 on supplementary provisions to the regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the Data Protection Act) (hereinafter as “Act“) and other legislation in relation to personal data protection (hereinafter as “Personal data protection legislation“).
In matters related to personal data processing and protection, you may contact the Controller at the address Glycospot Aps, Østmarken 9, 2860 Søborg, Denmark or via e-mail at e-mail address info@glycospot.dk. The Controller did not designate the Data protection officer.
INFORMATION ON PROCESSING - CATEGORIES OF PERSONAL DATA, PURPOSES, LEGAL BASES FOR PROCESSING AND RETENTION PERIOD
The Controller processes only such personal data which are necessary for the processing operation (purpose of the processing), always in accordance with the principle of minimisation, only to the extent of ordinary personal data (the Controller does not process special categories of personal data via the platform). The Controller processes the personal data solely for the reasonable purposes, during limited period and by using the maximum possible level of security measures. You can find detailed information on the processing of your personal data via the platform in the below:
In case of a data subject – representatives of the customers (users of the platform), which are legal persons
Management of customer accounts in the platform (which are necessary for the performance of the contract – control of the delivered device and
measurement of its functions)
Art. 6 (1) letter f) of the Regulation – legitimate interest of the Controller which lays in
the need to fulfil contractual obligations arising from
contracts concluded with customers – legal entities
name, surname, address (street, city, ZIP code, country), telephone, e-mail address, username, password, ID of the
device, other data on the use of the device
During the duration of the contractual relationship with the customer (user of the device) or until the termination of the position of a natural person as a representative / employee of the customer (user of the device)
In case of a data subject – customers (users of the platform), which are natural persons
Management of customer accounts in the platform (which are necessary for the performance of the contract – control of the delivered device and measurement of its functions)
Art. 6 (1) letter b) of the Regulation – processing of personal data is carried out in accordance with concluded
contract
name, surname, address (street, city, ZIP code, country), telephone, e-mail address, username, password, ID of the
device, other data on the use of the device
During the duration of the contractual relationship with the customer (usage of the platform) and until the full settlement of legal and other claims arising from the
contractual relationship
In case of all data subjects
Keeping records on the interaction with the device of and evaluation of data on the use of equipment and products of the Controller in order to improve the quality of services provided and eliminate deficiencies of the devices via the data from the platform and keeping records on the interaction with the platform and its usage (without storing cookies in the devices of the users)
Art. 6 (1) letter f) of the Regulation – legitimate interest of the Controller which lays in the need to carry out:
– improvement of the functionality of the devices in the future,
– identification of the most frequently performed operations with devices in order to improve (simplify) their control,
– improvement of the user-friendly usage of the platform
Data on the usage of device:
– ID of the performed measurement
– absorbance (value of the performed measurement)
– ID of the used device (measurement tool)
– ID of the application
– location of the device (measurement tool)
– timestamp
Data on the usage of theapplications (gathered via the platform):
– interactions with the application
– timestamp
– type of the interaction with the application (page transitions, reference measurements)
– value of the interaction (measurement value, transition from-to)
2 years from the generation of the statistical data
Measuring website traffic and advertisement targeting (via analytical and retargeting cookies)
6 (1) letter a) of the Regulation – consent of the data subject
IP address and other data about activity of the visitor on the website and on preferences of the visitor of the website
Depending on the type of cookie used, maximum 2 years following the visit of the website and depending on the type of cookie used or until the withdrawal of the consent, depends on which of the conditions stated above occurs earlier
In relation to securing the personal data, the Controller has adopted respective security measures in order to secure the processing of your personal data on the platform (e. g. security certificate and authentication processes).
Source of the personal data
Since the platform is aimed at the B2B customers, in most cases the Controller obtains your personal as a contact person, representative, employee of other user on behalf of the customer of the Controller – legal entity from the legal entity, which enters into contractual relationship with the Controller (who buys the device from the Controller and activates the platform). In case that you as a natural person concluded a contract with the Controller, it obtains your personal data directly from you.
Obtained and processed personal data are necessary for the registration of representatives of our contractual partners on the platform and for enabling the functionality of the platform.
RECIPIENTS OF PERSONAL DATA
Your personal data may be in some cases provided to public authorities, which are entitled to process your personal data,
e.g. to courts, law enforcement authorities or other inspection authorities.
The Controller provides your personal data also to its processors, i.e., external subjects which process your personal data on behalf of the Controller. Processors process personal data based on the agreement with the Controller, in which they committed to adopt adequate technical and organisational measures in order to secure the processing of your personal data. The Controller currently uses as a processor (i) companies providing IT and website management services (including hosting of the platform). The company has concluded data processing agreements with all processors and keeps a transparent list of all our processors.
Your personal data may be in some cases transferred to the providers of the analytical and other types of used cookies located in the USA (Google, LLC and other companies whose cookies are used), if you grant the Controller your consent with their usage. You can find more information on the usage of the cookies on the platform on the website of the Controller www.glycospot.dk (when you enter the website, in the bottom of the website).
When processing your personal data, we use only processors who have taken appropriate technical and security measures to comply with the requirements of the personal data protection legislation for the safe processing of your personal data.
Transfer to third countries and international organisations
A transfer of your personal data may occur only in following situations:
- in some cases, when using our online apps, there may be a transfer of your personal data to third countries, depending on the country, where our business partner, on whose behalf you act, is located (when you act in the position of intermediary), the transfer is secured in accordance with art. Art. 45 of the Regulation (i) by a decision on adequacy or (ii) the necessity of the transfer for the performance of a contract concluded with or for the benefit of the data subject,
- when using analytical or marketing cookies in the platform, a transfer of your personal data to the USA, to company Google, LLC and other companies whose cookies are based on your consent used. You can find more information on the usage of the cookies on the platform on the website of the Controller www.glycospot.dk (when you enter the website, in the bottom of the website).
Does the controller use profiling and automated decision-making?
The Controller does not process your personal data by profiling or any form of automated individual decision-making, by which evaluation of your personal aspects would take place.
what are our rights in relation to personal data processing?
As the data subject, your rights regarding the processing of your personal data are as follows:
You have the right to obtain a copy of the personal data which we hold about you, as well as the information on how we use your personal data. In most cases, your personal data will be provided to you by electronic means of communication, unless otherwise requested by you.
We take reasonable measures in order to ensure that the data which we hold about you are accurate, complete and up-to-date. In case the personal data we hold are inaccurate, incomplete or outdated, we will modify, update or complete such personal data on basis of your request.
Under certain circumstances, you have the right to ask us to erase your personal data, for example, if the personal data we have obtained about you, are no longer necessary to fulfil the original purpose of processing or if you withdraw your consent to the personal data processing. We assess exercising your right to erasure (right to be forgotten) on the basis of individual circumstances of each particular case of processing.
However, your right has to be assessed in the light of all relevant circumstances. For example, there may be certain circumstances or cases arising for us from applicable legislation when your personal data cannot be erased. In such case, we will not be able to accept your request.
You have also the right to ask us not to process your personal data. If you believe that the personal data we process about you are not accurate, that the processing is unlawful and you request the restriction of their processing, that we no longer need your personal data, but they are required by you as the Data subject for the exercise of legal claims or if you believe that we as the controller are not entitled to further process your personal data, we will not further process your personal data on the basis of your request.
Under certain circumstances, you have right to transmit the personal data to another subject according to your choice. However, the right to portability applies only to personal data that we process under the contract to which you are one of the parties or on the basis of the consent which you have granted us.
If you believe that we breach Personal data protection legislation when processing your personal data or that we have not handled your request in accordance with such legislation, you can lodge a complaint with the supervisory authority which is Datatilsynet – Danish Data Protection Agency, Borgergade 28,5, DK – 1300 Copenhagen K, Denmark, webpage: www.datatilsynet.dk, telephone number: +45 33 19 32 00; E-mail: dt@datatilsynet.dk
You have the right to object to processing of your personal data, for example if we process your personal data based on the legitimate interest or to processing in which profiling occurs. If you object to such personal data processing, we will not further process your personal data unless we demonstrate compelling legitimate grounds for such processing.
If we process your personal data on the basis of your consent, you have the right to withdraw such consent for further processing of your personal data. You may withdraw your consent at any time in writing, by e-mail or orally (in person).
You may exercise your rights stated in the table above
- in writing, by sending request to the address GlycoSpot Aps, Østmarken 9, 2860 Søborg, Denmark or
- via e-mail address info@glycospot.dk.
Response to exercising your rights is provided free-of-charge. Under certain circumstances, in case of repeated, unreasonable or disproportionate request to exercise your rights, we are entitled to charge a reasonable fee. We will provide you with the response within one month since you exercise your rights. In certain case, we are entitled to extend the period for providing the response, i.e., in case of high number and complexity of the requests by the Data
subject, maximum by 2 months. We will always inform you about extending the period.
Validity
This Privacy policy is valid and effective as of 2 June 2021. As it is possible that an update of the information on personal data processing contained in this Privacy policy may be necessary in the future, the Controller is entitled to update this Privacy policy at any time. However, in such case, the Controller will inform you about it in an adequate manner in advance.