Privacy Policy
Data protection and confidentiality are important to KIRKBI A/S (“we”, “us”, or “our”). This Privacy Policy sets out clear guidelines on KIRKBI’s processing of your personal data when you visit our website, www.kirkbi.com, or in other ways interact with KIRKBI.
1) Data controller and contact information
KIRKBI A/S is data controller for the processing of your personal data:
KIRKBI A/S
Koldingvej 2
DK-7190 Billund
Business reg. (CVR) no.: 18591235
Contact information
If you have any questions about our processing of your information, you are always welcome to contact KIRKBI at Tel.: +45 7533 8833 and E-mail: info@KIRKBI.com
2) Purpose, legal basis, and types of personal data
Below we have listed for which purposes we may process your personal data when you interact with KIRKBI.
a. To reply to your inquiries
If you contact us via our website, email or in another way, we will use your personal data to be able to act on your inquiries etc. We typically process the following personal data about you, including contact details such as name, email, phone number, address, company, position, and the nature/purpose of your inquiry as well as the material you have sent.
We use art. 6(1)(f) in the GDPR (the rule on balancing of legitimate interests) as our legal basis. Our legitimate interest is to be able to respond to your inquiries, communicate with you etc.
We collect the personal data directly from you and will only keep it for as long as necessary to be able to answer your inquiry and for e.g. documentation, which depends on the specific request.
b. Use of our website
When you use our website, cookies are used to collect personal data about your behaviour. You may read more about this and locate a link to the privacy policies of such third-party providers in the cookie overview, which may be accessed through our cookie policy Cookie Policy (kirkbi.com).
We process your personal data in connection with your use of our website as described above and as further described in our cookie overview, which may be accessed through our cookie policy Cookie Policy (kirkbi.com), based on art. 6(1)(a) in the GDPR (consent). However, we may also use art. 6(1)(f) in the GDPR (the rule on the balancing of legitimate interests) in respect of cookies necessary for the website’s functionalities. Our legitimate interest is to provide you with the best possible experience on the Website.
You may read more about the use of cookies in our Cookie Policy (kirkbi.com). You may withdraw or change your consent by rejecting cookies in the cookie overview (bottom section of the policy) or by blocking and deleting cookies in your web browser.
c. CCTV surveillance
CCTV surveillance is used to control access to the locations, for crime prevention as well as secure the safety of our employees and guests. The recordings may also be used to clarify and document a course of events.
The recordings will only be reviewed in case of suspicion of criminal acts or in case of internal/external audits.
We base the processing of your personal data on the Danish CCTV Act as well as the provision on legitimate interest stipulated in article 6 (1)(f) of the GDPR as it is necessary to register the personal data to ensure a sufficient degree of safety for our employees and guests in relation to unauthorized access, suspicious behaviour, protection of assets and to prevent and pursue crime. We use articles 8(3) of the Danish data protection law as a legal basis if the surveillance reveals criminal acts.
We process the following categories of personal data about you:
- CCTV recordings of traffic on KIRKBI’s locations
The processed personal data originate from the CCTV recordings at KIRKBI’s locations.
We transfer the personal data to suppliers of different services (data processors) who process the personal data on behalf of KIRKBI and in accordance with our instructions. We use data processors for the supply of IT systems, software, support, or consultancy services.
Recordings from CCTV surveillance made for the purpose of preventing crime may be disclosed to the police in case of criminal acts, or if the disclosure is required by law. We may, furthermore, disclose the recordings to lawyers and other advisors as well as to public authorities in case it is required by law. If it is necessary to disclose the recordings for other purposes than the above-mentioned, we will ask for your consent to such a disclosure if you are in the recordings.
The CCTV recordings made for the purpose of preventing crime will be deleted or anonymized no later than 30 days after the recording, unless it is necessary to keep the recordings for the purpose of handling a specific case such as solving a criminal offence. If so, we will keep the recordings as long as it is necessary for the processing of the specific event.
Recordings from CCTV surveillance made for other purposes will be deleted when we no longer have a purpose for keeping the information.
d. Meetings and Events
If you attend a meeting or an event in KIRKBI, we will use your personal data to be able to act on your registration and communicate with you before, during and after the meeting/event in question. For the purpose we will typically only process the following personal data about you: name, position, email, phone number, company, and the subject of the meeting/event.
We use art. 6(1)(f) in the GDPR as our legal basis (the rule on balancing of legitimate interests), when you register for a meeting or an event, as our legal basis. Our legitimate interest is to administer events and meetings etc.
We generally obtain the personal data, that is collected, directly from you, but we can also receive the information from other parties, such as your employer or a third-party vendor, handling the registration on your behalf.
We will keep your personal data for the period necessary to complete the event/meeting in question and for the evaluation of such event/meetings, and possibly longer if further processing is necessary e.g., if a partnership or contract is entered.
e. Cookies
We use cookies on our website. You can read more about the use of cookies in our Cookie Policy which you can find here.
f. Vacancies
If you apply for a vacant position and engage with our HR department you will receive a specific privacy policy covering the interaction via our HR platform.
g. Whistleblower Line
You will be able to find the privacy policy for our Whistleblower Line here https://kirkbi.integrityline.com as well as further information regarding the solution, and when to use it.
h. Vendors
We may process personal data when we enter contracts, have contractual dialogues, ad-hoc supplies, or dialogues about ad-hoc supplies. We typically process name, title, email address, correspondence, phone number, information about powers to bind, and information listed in auto signatures.
We process the personal data to manage our supplier contracts, purchase goods, explore new supplier relationships, and keep track of potential and future business partners.
We use art. 6(1)(f) in the GDPR as our legal basis (the rule on balancing of legitimate interests) as it is necessary to record the personal data to be able to contact our current and future suppliers. We also use art. 6(1)(b) in the GDPR as our legal basis for processing your personal data in connection with the signing of new contracts or management of existing contracts.
We generally obtain your personal data directly from you or from your colleagues in the legal entity which you represent or are employed.
Your personal data will be deleted when it is no longer relevant for the purpose for which it was obtained. E.g., if the negotiations do not result in a contract, 72 months after the end of the contract, or at the end of a period of limitations.
i. Investments
If you contact KIRKBI in relation to investments or funding from KIRKBI, we may process personal data about you to assess your request or business proposition. We typically process the following personal data about you as part of handling such requests: name, email, phone number and information regarding the proposition/investment, and possible information regarding shareholders and employees.
The personal data we process is provided by you, but we may also collect information from publicly available sources such as the Danish Business Register or similar outside Denmark or we may collect information from publicly accessible sources e.g., a company website.
We process your personal data on the basis of art. 6(1)(f) (the rule on the balancing of legitimate interests). Our legitimate interest is to be able to assess your idea/proposal and manage the possible award of funding or investing according to the proposition. If KIRKBI invests or enters a partnership with you, we will furthermore process your personal data on the basis of art. 6(1)(c) of the GDPR (legal obligation), such as filing declarations to relevant authorities and complying with bookkeeping obligations as well as on the basis of art. 6(1)(b) of the GDPR (contract).
We will keep your personal data for the period necessary to complete the assessment of your proposition in question and for relevant documentation and monitoring pending the outcome of the proposition.
3) Recipients
We may share your personal data with independent data controllers if we are legally required to do so, or if it is necessary to fulfil the purpose in question. These recipient categories are:
- The tax authorities
- Auditors
- Banks
- Other public authorities
- Travel agencies e.g. hotels, airlines etc.
- KIRKBI entities or affiliated entities
Your personal data may also be disclosed to our data processors. Such disclosure is subject to data processing agreements, and the data processor may not use the data for other purposes than to perform the processing for us. These data processor categories are:
- IT suppliers
- Consultants
- Security providers
- Other suppliers of services that KIRKBI use depending on the processing activity
4) Processing of personal data outside the EU/EEA
KIRKBI transfers, stores, and processes your information (including your personal data and content) both inside and outside of Denmark. We operate globally and may transfer your personal data to third parties in locations around the world for the purposes described in this Privacy Policy. Wherever your personal data is transferred, stored, or processed by us or by companies carrying out such services on our behalf, we will take reasonable steps to safeguard the privacy of your personal data.
In general, we store our data within the EU/EEA. However personal data may be transferred to or accessed from countries outside the EU/EEA.
If your personal data is transferred to countries outside the EU/EEA, such transfer will take place on the following legal basis:
a. Binding Corporate Rules
b. The country has been approved by the European Commission as having an adequate level of security
c. If the country has not been approved by the European Commission as having an adequate level of security, we will transfer the data by use of "Model Contracts for the Transfer of Personal Data to Third Countries", as published by the Commission of the European Union, or any other contractual agreement approved by the competent authorities.
5) Sources of personal data
We generally process personal data that is collected directly from you or from the device you are using. In some cases, we may also process data about you that we receive from other sources, such as Social media channels, publicly available data, recruitment agencies or third-party vendors.
6) Retention of personal data
We will retain your personal data for the period necessary to fulfil the purposes listed above.
Data may be processed and stored for a longer period in anonymized form or may be retained for a longer period if we are legally required to do so.
7) Your right to withdraw your consent
You may at any time withdraw any consent that we have obtained from you. You can withdraw your consent by contacting us using the contact information stated above in Section 1. If you withdraw your consent, such withdrawal does not take effect until the date of withdrawal. It does, therefore, not affect the legality of our data processing up to the time when you withdraw your consent. You can revoke your consent via email: info@KIRKBI.com
8) Your rights
According to the General Data Protection Regulation and the Danish Data Protection Act, you have certain rights.
- You have the right to request access to and rectification or erasure of your personal data.
- You also have the right to object to the processing of your personal data and have the processing of your personal data restricted.
- You have an unconditional right to object to the processing of your personal data for direct marketing purposes.
- You have the right to receive the personal data that is being processed in a structured, commonly used, and machine-readable format (data portability).
Please note that there may be conditions or limitations on these rights. It is therefore not certain that you e.g., have the right of data portability in the specific case - this depends on the specific circumstances of the processing activity.
You can exercise your rights by contacting us at info@kirkbi.com. If you contact us at info@kirkbi.com we will have to verify your identity for security purposes.
9) Changes to this Privacy Policy
From time to time, we may change this Privacy Policy to accommodate new technologies, industry practices, regulatory requirements or for other purposes. The updated and current Privacy Policy can be viewed here: www.kirkbi.com
10) Links to other websites etc.
Our website may contain links to other websites or to integrated sites. We are not responsible for the contents of the websites of other companies or for the practices of such companies regarding the collection of personal data. When you visit other websites, you should read the owners' policies on the protection of personal data and other relevant policies.
11) Questions and complaints
If you have any questions for this Privacy Policy, or if you wish to complain about our processing of your personal data, please contact us using the contact information provided in Clause 1.
You may also complain to:
The Danish Data Protection Agency
Carl Jacobsens Vej 35
DK-2500 Valby
Tel.: +45 33 19 32 00
Email: dt@datatilsynet.dk
Version
This policy has last been updated/revised in December 2021