PRIVACY POLICY
In accordance with the EU General Data Protection Regulation (GDPR), this privacy policy helps you understand how REDO-Neurosystems ApS (REDO) processes your personal data in different situations, including when you visit our website and communicate with us.
REDO is operating as the data controller for the processing of your personal data
- when you communicate with us;
- when you use our website;
- when you receive electronic marketing communication from us;
- when you participate in research projects, webinars, and other events; and
- as part of our day-to-day customer administration (CRM).
Purposes and legal basis for the processing
When you communicate with us
When you contact us (e.g. via email or the contact page on our website) as a customer, supplier or another third party, your communication may often contain personal data such as your name, contact details, association with a certain company or other personal data you may provide to us. We may also receive such personal data from a third party such as your employer. We process this personal data for the purpose of managing and answering your queries, and to communicate with you and/or the company you may represent. If you agree to provide us with testimonials regarding your former customer experiences, we will process (publish) your name and association with a company, and any other personal data contained in such testimonials, for the purpose of branding our company by publishing customer reviews.
The legal basis for this processing is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing general queries, providing customer support, and fulfilling any agreement we may have concluded with you or the company that you are representing. Furthermore, we are pursuing our legitimate interest in showcasing former customer reviews.
Use of our website (cookies)
When you visit our website, we use cookies to collect data about your visits, including e.g. your navigation on the website, the type of browser that you are using, your IP address etc. This data may contain personal data. We collect the data to maintain a secure and customer-friendly experience on our website, and to produce statistics of our users' behavior on the website. Additionally, the data may be used to target marketing based on the individual user's behavior on the website.
For necessary (technical) cookies, the legal basis for the processing is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interest in ensuring functionality and security of our website. For any other cookies, the legal basis for the processing is article 6(1)(a) of the GPPR, as we only use those cookies if you have provided your consent.
You can read more about our use of cookies in our Cookie policy.
Electronic marketing communication
If you have subscribed to a newsletter or another form of electronic marketing communication from us, we will register your name, email address and in some cases, your subject preferences. We are processing this personal data for the purpose of being able to send you relevant marketing communication regarding our services and events. The legal basis for the processing is the consent you have provided pursuant to section 10 of the Danish Marketing Practices Act.
Participation in research projects, webinars, and other events
If you participate in a research project, a webinar or another event hosted or otherwise procured by REDO, we will process your name and contact details for the purpose of registering your participation and communicating with you during and after the project/event. The legal basis for this processing is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in planning and executing the research, getting your feedback, and reporting results to you.
Some of our research projects may also include the processing of special categories of personal data, such as data concerning your health. If this is the case, we will obtain your consent for the processing prior to the research project, pursuant to article 9(2)(a) of the GDPR.
Customer administration (CRM)
If you represent one of our customers, we will register your personal data in our CRM system, including your name, contact details and information about your association with a certain company. We are processing this personal data as part of our day-to-day customer administration operations for the purpose of keeping in touch and maintaining the customer relationship.
The legal basis for the processing is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing day-to-day customer administrative tasks and communicating with our customers, as well as managing accounting and finance tasks pertaining to our company.
Categories of recipients of personal data
We will transfer your personal data to our data processors, including our IT system and database providers, marketing partners etc. We have entered into statutory data processing agreements with all of our data processors.
If your personal data is included in our accounting material, the data will be transferred to the relevant authorities, such as the Danish Tax Agency. Furthermore, any personal data pertaining to a specific case or dispute will be transferred to our external advisors.
Transfer of personal data
We will not transfer any personal data to countries outside the European Economic Area.
Data storage
We will only store your personal data as long as it is necessary to fulfill the purposes for which the personal data was collected, unless otherwise provided by law.
We have implemented the following general retention periods:
|
Purpose |
Retention periods |
|
(ii) When you communicate with us |
Personal data contained in our accounting material will be stored for at least 5 years from the end of the financial year to which the material pertains. Personal data pertaining to our general communication with you will be stored for a period of up to 3 years after your last query has been handled/concluded.
|
|
(i) Use of our website (cookies) |
Personal data contained in cookies will be deleted in accordance with the lifetime/period for each specific cookie. Read more about our cookies, including their lifetime in our Cookie policy.
|
|
(iii) Electronic marketing communication |
Personal data pertaining to electronic marketing communication will be stored for a period of up to 2 years after our latest communication was sent out unless you have withdrawn your consent (i.e. unsubscribed) before such time.
|
|
(iv) Participation in research projects, webinars, and other events |
The personal data will be deleted within few weeks after the relevant research project/event has ended, unless you acknowledge that we may contact you for potential new research projects or events in the future. In such case, your contact details will be stored for a period of up to 3 years after your acknowledgement.
|
|
(v) Customer administration (CRM) |
Personal data contained in the CRM system will be stored for a period of up to 5 years after the end of the financial year in which the customer relationship has ended.
|
The personal data will be deleted in accordance with the above-mentioned retention periods, unless we have a specific need to store the personal data for a longer period, e.g. in connection with a specific case or an agreement. For the purpose of this privacy policy, "deleted" also means anonymization of the personal data in which case the data can no longer be used to identify you.
Your Rights
Pursuant to the GDPR, you have several rights pertaining to the processing of your personal data. You can read more about those rights below.
|
Rights |
Description |
|
Right to withdraw your consent
|
Where you have given your consent for our processing of your personal data, you have the right to withdraw your consent at any time. If you withdraw your consent, the withdrawal will not affect the lawfulness of already carried out processing based on your consent.
|
|
Right of access
|
You have the right to obtain confirmation as to whether or not we collect or process personal data concerning you and, if this is the case, you have the right to request a copy of such personal data in digital format.
|
|
Right of rectification
|
You have the right to require that we correct any inaccurate personal data concerning you, and that we complete incomplete personal data.
|
|
Right of erasure
|
In certain circumstances, you have the right to request that we erase personal data concerning you; for example, if it is no longer necessary for the purposes for which it was originally collected.
|
|
Right to restrict processing
|
In certain circumstances, you have the right to request that we restrict the processing of the personal data we have collected about you, e.g. if you believe that the personal data is not accurate or lawfully processed.
|
|
Right to data portability
|
In certain circumstances, you have the right to receive the personal data you have provided us with in a structured, commonly used, machine readable format, and the right to have us transmit the data to another entity, where technically feasible.
|
|
Right to object to the processing
|
In certain circumstances, you have the right to request that we stop processing your personal data.
|
|
Right to object to the processing for direct marketing purposes
|
You have the right to request that we stop sending you marketing communications (please also see "Right to withdraw consent" above).
|
|
Right to complain to a supervisory authority
|
You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR. For more information, we refer to the Danish Data Protection Agency. |
Questions and concerns
If you have questions or concerns about our processing of your personal data, please contact us by email at contact@redoneurosystems.com.