Privacy policy

Data Controller

We are the data controller for the processing of personal data that we process about our customers and partners. You can find our contact information below.

Windspace A/S
Nørgaardsvej 1
2800 Kongens Lyngby
Denmark

VAT no.: 29915180

It is not a requirement for our company to have an external DPO, but if you have any questions about the processing of your personal data, you can contact us via compliance@windspace.dk.

Processing activities

As the data controller under GDPR, we have the following processing activities.

Website visits

When you visit our website, we use cookies to ensure the website works properly.

Communication with potential customers

When you have questions about our site or want to learn more about our services, you can contact us via:

  • Email
  • Phone

Through this, we will process your personal information so that we can enter into a dialogue with you, such as answering questions about our services. We only process the information you provide to us in connection with our communication.

We typically process the following common information: name, email, phone number.

Our legal basis for processing this personal data is Article 6(1)(f) of the GDPR.

We will delete our communication with you once it becomes clear whether or not you want our services.

If there is a special need to store your personal information for a longer period, this may be the case.

Customers

We need to communicate with our customers to ensure that the service is delivered correctly. Through this, we may process information about name, address, services, special agreements, payment information, and similar.

The legal basis for processing this personal data is Article 6(1)(b) of the GDPR.

Once the service is delivered and any outstanding issues are resolved, we will delete the personal data immediately.

Accounting

We must keep all accounting documents in accordance with the Bookkeeping Act. This means that we keep invoices and similar documents for accounting purposes. This may include common personal information such as name, address, service description.

Our legal basis for processing personal data for accounting purposes is Article 6(1)(c) of the GDPR.

We keep this information for a minimum of 5 years after the current accounting year has ended.

Job applications

We are happy to receive job applications with a view to assessing whether they match a staffing need in our company.

If you send your job application to us, our legal basis for processing your personal information is Article 6(1)(f) of the General Data Protection Regulation.

If you have sent an unsolicited application, our HR department will immediately assess whether your application is relevant, and then delete your information if there is no match.

If you have applied for an advertised job, we will dispose of your application in the event that you are not hired, and immediately after the right candidate is found for the job.

If you are part of a recruitment process and/or hired for the job, we will provide you with separate information on how we process your personal information in this context.

Data processors

Few can do everything on their own, and the same goes for us. Therefore, we have partners and vendors, some of whom may be data processors.

External vendors may, for example, provide systems to organize our work, services, advice, IT hosting or marketing.

[List your data processors by company name + purpose of processing, if applicable]

It is our responsibility to ensure that your personal information is handled properly. Therefore, we have high standards for our partners, and our partners must guarantee that your personal information is protected.

We therefore enter into agreements with companies (data processors) who handle personal information on our behalf to enhance the security of your personal information.

Disclosure of personal information

We do not disclose your personal information to third parties.

Profiling and automated decisions

We do not perform profiling or automated decision-making.

Transfers to third countries

As a starting point, we use data processors in the EU/EEA, or who store data in the EU/EEA.

In some cases, this is not possible, and data processors outside the EU/EEA may be used if they can provide your personal information with adequate protection.

Processing security

We keep the processing of personal information secure by implementing appropriate technical and organizational measures.

We have carried out risk assessments of our processing of personal information and have subsequently implemented appropriate technical and organizational measures to increase processing security.

One of our most important measures is to keep our employees updated on GDPR through ongoing awareness training, GDPR courses, and by reviewing our GDPR procedures with employees.

Rights of the data subject

Under the General Data Protection Regulation, you have a number of rights with respect to our processing of information about you.

If you wish to exercise your rights, please contact us so that we can assist you.

Right of access (access right)

You have the right to be informed of the information we process about you and a number of other details.

Right to rectification (correction)

You have the right to have inaccurate information about yourself corrected.

Right to erasure

In certain cases, you have the right to have information about you deleted before the time of our normal general deletion occurs.

Right to restriction of processing

In certain cases, you have the right to have the processing of your personal information restricted. If you have the right to have processing restricted, we may in the future only process the information - apart from storage - with your consent, or for the establishment, exercise or defense of legal claims, or for the protection of a person or important public interests.

Right to object

In certain cases, you have the right to object to our processing of your personal information. In particular, you have the right to object to our processing of your personal information for direct marketing purposes.

Right to transmit information (data portability)

In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transfer this personal data from one data controller to another without hindrance.

You can read more about your rights in the Data Protection Agency's guide to the rights of data subjects, which you can find at www.datatilsynet.dk.

Withdrawal of consent

When our processing of your personal data is based on your consent, you have the right to withdraw your consent.

Complaint to the Data Protection Agency

You have the right to lodge a complaint with the Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find the Data Protection Agency's contact information at www.datatilsynet.dk.

We generally encourage you to learn more about the GDPR so that you are up-to-date on the regulations.