Privacy Policy
Data controller
We are the data controller for the processing of the personal data we process about our customers and business partners. You can find our contact information below.
Wirksom ApS
Marksellet 38, Randers 8920
CVR no: 44254573
It is not a requirement that our company has an external DPO, but if you have any questions regarding the processing of your personal data, you can contact us via casper@wirksom.dk
Processing activities
As a data controller according to GDPR, we have the following processing activities.
Communication with potential customers
When you have questions about our site or want to learn more about our services, you can contact us via:
- Email us
- Telephone (phone)
Through this, we will process your personal data so that we can enter a dialog with you, e.g. answer questions about our services. We only process the information you provide us with in connection with our communication.
We will typically process the following general information: name, email, phone number.
Our legal basis for processing this personal data is Article 6(1)(f) of the General Data Protection Regulation.
We will delete our communication with you when it is clear whether you want our services or not.
Should there be a need to store your personal data for a longer period in a particular case, this may be the case.
Customers
We need to communicate with our customers to ensure that the service is delivered correctly. Through this, we may process information about name, address, services, special agreements, payment information and the like.
The legal basis for processing this personal data is Article 6(1)(b) of the General Data Protection Regulation.
Once the service has been delivered and any outstanding issues have been resolved, we will delete the personal data immediately afterwards.
Bookkeeping
We must save all accounting documents in accordance with the Danish Bookkeeping Act. This means that we store invoices and similar documents for accounting purposes. This may include general personal data such as name, address and service description.
Our legal basis for processing personal data for accounting purposes is Article 6(1)(1) of the General Data Protection Regulation.
We store this information for a minimum of 5 years after the current financial year has ended.
Job applications
We welcome job applications to assess whether they match an employment need in our company.
If you send your job application to us, our legal basis for processing your personal data is Article 6(1)(f) of the General Data Protection Regulation.
If you have sent an unsolicited application, HR will immediately assess whether your application is relevant and then delete your data again if there is no match.
If you have applied for an advertised job, we will dispose of your application if you are not hired and immediately after the right candidate has been found for the job.
If you are part of a recruitment process and/or are hired for the job, we will provide you with separate information about how we process your personal data in this context.
Data processors
Few can do everything themselves, and the same goes for us. We therefore have business partners and use suppliers, some of whom may be data processors.
External suppliers may, for example, provide systems to organize our work, services, consultancy, IT hosting or marketing.
- [If applicable, list your data processors with company name + purpose of processing]
Digital Ocean:
Internal server
OpenAI OpCo, LLC:
OpenAI's training data to train own systems.
Pinecone:
Use of vectordatabase.
Twilio:
Out- and ingoing e-mails.
It is our responsibility to ensure that your personal data is processed properly. Therefore, we place high demands on our business partners, and our partners must guarantee that your personal data is protected.
We therefore enter into agreements with companies (data processors) that handle personal data on our behalf to increase the security of your personal data.
Disclosure of personal data
We do not disclose your personal data to third parties.
Profiling and automated decisions
We do not engage in profiling or automated decision-making.
Third-country transfers
We generally use data processors in the EU/EEA or who store data in the EU/EEA.
In some cases this is not possible, in which case data processors outside the EU/EEA may be used if they can provide your personal data with adequate protection.
Security of processing
We keep the processing of personal data secure by implementing appropriate technical and organizational measures.
We have made risk assessments of our processing of personal data and have subsequently implemented appropriate technical and organizational measures to increase the security of processing.
One of our most important measures is to keep our employees updated on GDPR through ongoing awareness training, GDPR courses, and by reviewing our GDPR procedures.
The rights of data subjects
Under the GDPR, you have several rights in relation to our processing of your data.
If you want to exercise your rights, please contact us so we can help you with this.
Right to see data (right of access)
You have the right to access the data we process about you, as well as a range of additional information.
Right to rectification (rectification)
You have the right to have incorrect information about yourself corrected.
Right to erasure
In special cases, you have the right to have information about you erased before the time of our regular general erasure occurs.
Right to restriction of processing
In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to restrict processing, we may in future only process the data - except for storage - with your consent, or for the establishment, exercise or defense of legal claims, or to protect a person or important public interests.
Right to object
In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You may also object to the processing of your data for direct marketing purposes.
Right to transmit data (data portability)
In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have this personal data transmitted from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency's guide on the rights of data subjects, which you can find at www.datatilsynet.dk.
Withdrawal of consent
When our processing of your personal data is based on your consent, you have the right to withdraw your consent.
Complaint to the Danish Data Protection Agency
You have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find the Danish Data Protection Agency's contact information at www.datatilsynet.dk.
In general, we encourage you to read more about GDPR so that you are updated on the rules.