This policy on the collection and processing of personal data describes how Boyum IT Solutions A/S and its affiliated subsidiaries (“we”, “us” “our” or “Boyum IT”) process personal data. Through the privacy policy, we fulfill our obligation to inform you as a data subject about our processing of your data in accordance with Articles 13 and 14 of EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data (“GDPR”).
You can see a list of our companies that may be involved in processing personal data by following this link: Boyum IT A/S
This privacy statement solely describes our processing of your data when we act as a data controller.
Boyum IT acts as a data controller for the processing of your data in the following situations:
(i) when you use our websites (cookies);
(ii) when you communicate with us;
(iii) when you receive our electronic newsletters etc. (marketing); and
(iv) in connection with our customer administration (CRM)
In some situations, Boyum IT acts as a data processor, e.g. when we deliver consultancy and support services on behalf of our partners.
Joint controllers
Boyum IT and our group companies act as joint controllers for the processing of personal data with regard to our joint customer administration operations (CRM).
When two or more companies under Boyum IT share data responsibility, you are entitled to know how responsibility is divided between the companies, who is the data controller, and who you should contact, etc.
You can find an overview of our other group companies in the section “Group Companies” below.
We may collect the following information depending on how you use our website:
1. Personal information:
Name, email address, phone number, and company details when you fill out contact forms or register for our services.
2. Technical information:
– IP address, browser type, operating system and geographical location (if enabled).
– Data about your use of the website, including which pages you visit and how long you stay on them.
3. Cookies and tracking data:
– We use cookies and similar technologies to improve your experience.
– See our cookie policy for more details: Use of cookies
We use your information for the following purposes:
1. To provide our services:
To process your inquiries and provide customer support.
2. To improve our website:
To analyze behavior to optimize user experience and functionality.
3. For marketing:
To send you relevant information about our products and services, if you have consented to it.
We process your personal data based on the following legal basis:
(i) Use of our websites (cookies)
Boyum IT is the data controller for processing. When you visit our websites, we use cookies to collect data about your visits, including e.g. your navigation on the websites, the type of browser you use, your IP address, etc. Those data may contain personal data. We collect the data in order to ensure a stable, secure, and customer-friendly experience on our websites, and to produce statistics of our users’ behavior on the websites.
The legal basis for our processing is:
– for necessary (technical) cookies – Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interest in ensuring functionality and security of our websites; and
– for other cookies – Article 6(1)(a) of the GPPR, as we only use those cookies if you have given your consent.
You can read more about our use of cookies here: Boyum IT Cookies
(ii) When you communicate with us
When you, as a customer, supplier or another third party, contact us (e.g. via email), your communication may often contain personal data, including your contact details, association with a certain company or other personal data you may provide us with. We may also receive such personal data from a third party, such as your employer. We process these personal data to manage and answer your queries, and to communicate with you and the company you may represent.
(iii) Consent as legal basis for publication of your information
If you agree to provide us with testimonials regarding your former customer experiences, we will process (publish) your name and association with a company, and any other personal data contained in such testimonials, to brand our company by publishing customer reviews.
The legal basis for the processing is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing general queries, providing customer support, and fulfilling any agreement we may have concluded with the company you are representing. Further, we are pursuing our legitimate interest in showcasing former customer reviews.
(iv) Electronic newsletters etc. (marketing)
If you have subscribed to our newsletter, we will register your name, email address, and the preferences you have given in connection with your subscription. We process your data to be able to send you relevant newsletters regarding our and our group companies’ services, etc. The legal basis for our processing is the consent you have given in accordance with article 6(1) of the GDPR, and section 10 of the Danish Marketing Practices Act.
(v) Customer administration (CRM)
Boyum IT and our group companies are acting as joint data controllers for the processing of personal data in connection with customer administration in the group’s joint CRM system.
If you represent one of our customers, we will register your data in the CRM system, including your name, contact details, and information about your association with a certain company. We process those personal data as part of our day-to-day customer administration, e.g. for the purpose of keeping in touch and maintaining the customer relationship.
If necessary, we can provide you with the necessary information about which company processes your personal information and for what purposes this information is processed.
The legal basis for our processing is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in solving day-to-day customer administrative tasks and communicating with our customers, as well as managing accounting and finance tasks within the group.
This policy on the collection and processing of personal data describes how Boyum IT Solutions A/S and its affiliated subsidiaries (“we”, “us” “our” or “Boyum IT”) process personal data. Through the privacy policy, we fulfill our obligation to inform you as a data subject about our processing of your data in accordance with Articles 13 and 14 of EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data (“GDPR”).
You can see a list of our companies that may be involved in processing personal data by following this link: Boyum IT A/S
| Purpose | Share with other data controllers |
|---|---|
| (i) Use of our websites (cookies) | Personal data contained in cookies can be shared with third party cookie providers, provided that you have given your consent to use of cookies on our websites. |
| (ii) When you communicate with us | Personal data contained in our accounting material (e.g. invoices) will be shared with public authorities, such as the Danish tax authorities. |
| (iii) Electronic newsletters etc. (marketing) | None. |
| (iv) Customer administration (CRM) | The personal data will/can be shared with our group companies (which are acting as joint data controllers for the processing of personal data in the group’s CRM system). |
Further, your data will be shared with our data processors. We have entered into data processing agreements with all our data processors.
Your data will be transferred to recipients that are located in the following countries outside the EU/EEA:
– USA. The transfers are based on EU Standard Contractual Clauses
– China. The transfers are based on EU Standard Contractual Clauses
– Switzerland. The transfers are based on the Commission decision on the adequate protection of personal data provided in Switzerland
It must also be added that our transfer of personal data to third countries outside the EU is in accordance with the adequacy decisions from the EU Commission, according to which the EU Commission assesses whether a third country can have an adequate level of protection of personal data (GDPR Article 45)
If you would like further information regarding our transfers of personal data outside the EU/EEA, including a copy of the relevant safeguards etc., you may contact us using the contact details in the section “Questions and concerns” below.
We will only store your data as long as it is necessary to fulfill the purposes for which the personal data was collected, unless otherwise provided by law.
We have implemented the following general retention periods:
| Purpose | Retention periods |
|---|---|
| (i) Use of our websites (cookies) | Personal data contained in cookies will be deleted in accordance with the lifetime/period for each specific cookie. Read more about our cookies, including their lifetime in our cookie Policy: Cookies |
| (ii) When you communicate with us | Personal data contained in our accounting material will be stored for at least 5 years from the end of the financial year to which the material pertains, in accordance with e.g. chapter 5 of the Danish Bookkeeping Act. Personal data pertaining to our general communication with you will be deleted 12 months after your last query has been handled/concluded. |
| (iii) Electronic newsletters etc. (marketing) | Personal data about our distribution of electronic newsletters, etc. will be deleted 2 years after our latest newsletter has been distributed, unless you have withdrawn your consent (i.e. unsubscribed) before such time. |
| (iv) Customer administration (CRM) | Customer personal data contained in the CRM system will be deleted 2 years after the end of the financial year, in which the customer relationship has ended. |
The personal data will be deleted in accordance with the above-mentioned retention periods, unless we have a specific need to store the personal data for a longer period, e.g. in connection with a specific case or an agreement.
Following the GDPR, you have a number of rights when we process your data, including:
Right to Withdraw Consent
Where you have given your consent for our processing of your personal data, you have the right to withdraw your consent at any time. If you withdraw your consent, the withdrawal will not affect the lawfulness of already carried out processing based on your consent.
Right of Access
You have the right to obtain confirmation as to whether we collect or process personal data concerning you and, if this is the case, you have the right to request a copy of such personal data in digital format.
Right of Rectification
You have the right to require that we correct any inaccurate personal data concerning you, and that we complete incomplete personal data.
Right of Erasure
In certain circumstances, you have the right to require that we erase personal data concerning you; for example, if it is no longer necessary for the purposes for which it was originally collected.
Right to Restrict Processing
In certain circumstances, you have the right to request that we restrict the processing of the personal data we have collected about you, e.g. if you believe that the personal data is not accurate or lawfully processed.
Right to Data Portability
In certain circumstances, you have the right to receive the personal data you have provided us with in a structured, commonly used, machine readable format, and the right to have us transmit the data to another entity, where technically feasible.
Right to Object to the Processing
In certain circumstances, you have the right to request that we stop processing your data.
Right to Object to the Processing for Direct Marketing Purposes
You have the right to require that we stop sending you marketing communications (please also see “Right to withdraw consent” above).
Right to Complain to a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your data infringes the GDPR. For more information we refer to the Danish Data Protection Agency. You can also read more about your rights in the Danish Data Protection Agency’s Guidelines on data subjects’ rights which is available here: (It is available in Danish & English)
We use appropriate technical and organizational measures to protect your data against unauthorized access, loss or misuse.
This Privacy Policy may be updated periodically to reflect changes in the law and guidance issued.
If you have any questions or concerns, or if you wish to exercise your rights as described above, please contact us at dataprivacy@boyum-it.com or by mail at:
Boyum IT Solutions A/S
Sintrupvej 71b
DK-8220 Brabrand
Assess list of Boyum Group Companies