Quinoa Quality ApS, Teglværksvej 10, 4420 Regstrup – CVR. No.: 40610588
Peter Slaatorn, e-mail: firstname.lastname@example.org, telephone: +4520987611
Processing of personal data
We process personal data, made accessible to us by you or a third party.
We process your personal data, in order to be able to fulfil our contractual obligations.
We would not be able to do this without your personal data.
Personal data typically includes:
• Name, address, telephone number, e-mail
Deadlines for deletion/storage
We make every effort to delete (or anonymise) personal data, as soon as it becomes irrelevant. However, we always store data for min. five years, due to the Act on Accounting.
Your rights pursuant to the General Data Protection Regulation
You have the following rights, when we process your personal data:
• The right to information on how we process your personal data (duty of disclosure).
• The right to access your personal data.
• The right to correct incorrect personal data.
• The right to deletion of your personal data.
• The right to object to any use of your personal data for direct marketing purposes.
• The right to object to automatic, individual acts, including profiling.
• The right to transfer your personal data (data portability).
All rights above are handled manually when contacting our data controller
We are entitled to reject requests that are unreasonably repetitive, require excessive technical measures (for instance development of a new system or changing existing practices significantly), affect protection of personal data of others, or are extremely unpractical (for instance requests about data, existing as backup copies).
If we are able to correct information, we will do this free of charge, unless it requires excessive efforts. We try to maintain our services in a manner that protects data from faulty or harmful destruction. Upon deletion of your personal data from our services, it may be impossible for us to immediately delete associated copies from our archive servers and we may not be able to remove the data from our back up copy systems.
You are at any time entitled to lodge a complaint to the Danish Data Protection Agency (https://www.datatilsynet.dk/borger/klage-til-datatilsynet/)
We do not transfer personal data to companies, organisations or individuals, unless:
• With your consent
We transfer personal data to companies, organisations or individuals, if we have your consent. We require an active act of consent for transfer of all personal data.
• For external data processing
• For legal reasons
We transfer personal data to external companies, organisations or individuals, if we in good faith believe that access, use, storage or publication of the data is required in order to:
o fulfil our contract with you.
o comply with applicable laws, regulations proceedings or legal orders from public authorities.
o enforce applicable service conditions, including investigation of possible non-compliance.
o register, prevent or in any other way protect against cases of fraud, as well as security or technical problems.
o indemnify the company from damage, public rights, property or security, which the law may require or allow.
We are entitled to share impersonal data with the public and our partners.
We do our utmost to protect the company against unauthorised access, change, publication or destruction of stored personal data.
We have implemented the following general, organisational and technical measures:
• Anti-virus on all IT systems, processing personal data.
• Backup of all IT systems, processing personal data.
• Use of acknowledged IT systems for processing, typical for the industry.
• Limited personal data access. Access is only possible if required.
• Data processing agreements with suppliers, processing personal data on behalf of the company.
• Confidentiality agreements with staff, required to process personal data.
• Guide for secure processing of personal data and information archives for staff with access to information systems.
• Implementation of risk assessment and documentation of all systems above, processing personal data, in order to ensure a verified foundation for the security level for processing personal data within the company.
Compliance and cooperation with data protection authorities