Data Controller
We are the data controller for the processing of personal data that we handle concerning our customers and partners. You can find our contact information below.
Marlic A/S
Mejerigaden 12
3730 Nexø
Denmark
VAT-no.: DK28147104
Our company is not required to have an external DPO, but if you have any questions regarding the processing of your personal data, you can contact us via info@marlic.dk.
Processing Activities
As the data controller in accordance with GDPR, we conduct the following processing activities.
Website Visits
When you visit our website, we use cookies to ensure its functionality, which you can read more about in our cookie policy.
Communication with Potential Customers
If you have questions about our site or want to learn more about our services, you can contact us via:
- Contact form
- Email
- Telephone
Through these means, we will process your personal data to engage in a dialogue with you, for example, to respond to questions about our services. We only process the information you provide us during our communication. Typically, we will process the following general information: name, email, and phone number. Our legal basis for processing this personal data is GDPR Article 6, Section 1(f). We delete our communication with you once it is clear whether you wish to use our services or not. In special cases, we may retain your personal data for a longer period if necessary.
Customers
We need to communicate with our customers to ensure that services are delivered correctly. This may involve processing information such as name, address, services, special agreements, payment information, and similar. The legal basis for processing this personal data is GDPR Article 6, Section 1(b). Once the service has been delivered and any outstanding issues have been resolved, we will delete the personal data shortly thereafter.
Newsletter
We offer a newsletter that you can voluntarily subscribe to, and you can unsubscribe at any time. The purpose of the newsletter is to send subscribers emails with new information from the company, which may include new website content, announcements of our services, etc. We will only send you emails if you have given your active consent. This initially requires you to provide your name and email address, to which we will then send a confirmation email to ensure that you have indeed subscribed to the newsletter, i.e., given active consent. Our legal basis for processing your personal data (i.e., your email address) in connection with the newsletter is GDPR Article 6, Section 1(a). We will process your personal data as long as you are subscribed to the newsletter. When you unsubscribe, we will stop sending it to you. If we haven't sent you a newsletter in one year, your consent will expire due to our inactivity. Upon unsubscribing, we will retain your previous consent for two years after its last use, due to statute of limitations in accordance with the Consumer Ombudsman's spam guidelines, section 11.3.
Accounting
We are required to keep all accounting records in accordance with the Danish Bookkeeping Act. This means that we retain invoices and similar records for accounting purposes. These may include general personal data such as name, address, and service description. Our legal basis for processing personal data for accounting purposes is GDPR Article 6, Section 1(c). We retain this information for at least five years after the current fiscal year ends.
Job Applications
We gladly accept job applications for the purpose of assessing whether they match a hiring need in our company. If you send us a job application, our legal basis for processing your personal data is GDPR Article 6, Section 1(f). If you submit an unsolicited application, HR will immediately assess its relevance and then delete your data if there is no match. If you have applied for an advertised position, we will dispose of your application if you are not hired, shortly after the right candidate has been found. If you are part of a recruitment process and/or are hired for the job, we will provide you with separate information about how we process your personal data in this context.
Data Processors
Not everything can be done in-house, and the same goes for us. Therefore, we have partners and use suppliers, some of whom may be data processors. External suppliers can, for example, provide systems to organize our work, services, consulting, IT hosting, or marketing—see some of our data processors below:
- Dandomain (Hosting and webshop system)
- Mailchimp (Newsletter)
- Uniconta (Accounting and invoicing system)
- Nexø Revision (Bookkeeping and auditing)
It is our responsibility to ensure that your personal data is handled properly. Therefore, we set high standards for our partners, and our partners must guarantee that your personal data is protected. We enter into agreements with companies (data processors) that handle personal data on our behalf to enhance the security of your personal data.
Disclosure of Personal Data
We do not disclose your personal data to third parties.
Profiling and Automated Decisions
We do not perform profiling or automated decisions.
Transfers to Third Countries
As a general rule, we use data processors within the EU/EEA, or who store data within the EU/EEA. In some cases, this is not possible, and in such cases, data processors outside the EU/EEA may be used if they can provide your personal data with adequate protection.
Data Security
We maintain the security of personal data processing by implementing appropriate technical and organizational measures. We have conducted risk assessments of our processing of personal data and subsequently implemented appropriate technical and organizational measures to enhance processing security. One of our most important measures is to keep our employees updated on GDPR through ongoing awareness training, GDPR courses, and by reviewing our GDPR procedures with staff.
Data Subjects' Rights
Under the GDPR, you have several rights regarding our processing of your personal data. If you wish to exercise your rights, you must contact us so we can assist you.
- Right of access: You have the right to access the data we process about you, as well as additional information.
- Right to rectification: You have the right to have incorrect data about yourself corrected.
- Right to erasure: In certain cases, you have the right to have data about yourself erased before the time of our general deletion practices.
- Right to restriction of processing: In certain cases, you have the right to have the processing of your personal data restricted. If you are entitled to restrict processing, we may only process the data in the future—with the exception of storage—with your consent, or for the establishment, exercise, or defense of legal claims, or to protect a person or important public interests.
- Right to object: In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You can also object to the processing of your data for direct marketing purposes.
- Right to data portability: In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, as well as to have these personal data transferred from one controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency’s guidelines on data subjects’ rights, which you can find at www.datatilsynet.dk.
Withdrawal of Consent
When our processing of your personal data is based on your consent, you have the right to withdraw your consent.
Complaint to the Data Protection Agency
You have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find the Data Protection Agency’s contact information at www.datatilsynet.dk. We generally encourage you to learn more about GDPR to stay updated on the regulations.
