Privacy notice
Thank you for visiting the website www.gpv-group.com (“website”) owned and published by GPV Group A/S, Lysholt Allé 11, DK-7100 Vejle, Denmark, company registration no. 66945715.
This privacy notice describes how your personal data will be processed when you use the website by GPV Group A/S (“GPV DK”), who is the data controller for the processing activities regarding the website according to the General Data Protection Regulation (“GDPR”).
This privacy notice further describes how your personal data will be processed in case you communicate with one of the companies within GPV group in EU/EEA listed below. In these cases, the GPV company, which you communicate with, will be the data controller for your personal data according to the GDPR and any national applicable data protection regulation:
- GPV Group A/S
- GPV International A/S
- GPV Austria GmbH
- GPV Austria Cable GmbH
- GPV DACH AG
- GPV Switzerland SA
- GPV DACH (Nordic) AG
- GPV Switzerland (Nordic) AG
- GPV DACH (Asia) AG
- GPV Germany GmbH
- GPV Slovakia s.r.o
- GPV Estonia AS
- GPV Finland Oy
- GPV Finland (Oulu) Oy
- GPV Slovakia (Nova) s. r. o.
- GPV Sweden AB
(collectively referred to as ”we”, ”us”, ”our”)
If you have any questions about or comments to this privacy notice, you are welcome to contact us by using the following contact details:
GPV Group A/S
Lysholt Allé 11
DK-7100 Vejle
Denmark
Email: gdpr@gpv-group.com
1
Types of personal data processed, processing purposes as well as legal basis and storage period for the personal data processed
1.1
Website visits
When you visit the website, GPV DK will collect and process personal data about you for the purpose of generating statistics to improve the website and optimize your browsing experience, including:
a. IP address
b. Approximate location at the city or zip-code level.
c. Information about your device and browser as well as your search behaviour and use of the website
These personal data is collected via cookies if you have consented to the use of cookies. In this case, the legal basis for processing your personal data is your consent, cf. GDPR article 6(1)(a). You can read more about our use of cookies on the website in our cookie notice, including in respect of cookie expiry dates. GPV DK delete personal data collected via cookies once the cookies expire.
1.2
Newsletter
If you consent to receive our News & Magazine, we will collect and process personal data about you for the purpose of sending you direct marketing, including:
a. Full name
b. Email address
These personal data is processed in accordance with your consent, cf. GDPR article 6(1)(a). You can withdraw your consent at any time by using the contact details provided at the top of this privacy notice. If you withdraw your consent, this will not affect the lawfulness of any prior processing.
The personal data will be deleted when you withdraw your consent or after a period of 12 months where we have not had any communication with you. However, documentation for your consent will be stored for a period of up to five years after the consent has been withdrawn or has expired, and the legal basis for such processing is our legitimate interest in being able to document a prior consent, cf. GDPR article 6(1)(f), where it is deemed to override your interest in not having the data processed.
1.3
Correspondence with you
If you contact us or communicate with us , we will process the personal data that you provide to us for the purpose of replying to your query. The personal data may in addition to the subject matter of your query include:
a. Full name
b. Contact details
c. Title and working place
The processing is based on our legitimate interest in being able to reply to your query, cf. GDPR article 6(1)(f), where it is deemed to override your interest in not having the personal data processed.
The personal data will be deleted when there is no longer any reason to believe that further correspondence will be necessary, however, no later than 5 years from the latest correspondence, unless the communication is used to establish, exercise, and defend our legal rights.
1.4
Customer and supplier agreements
If the company that you work for is a customer or supplier of GPV, we will collect and process the following personal data for the purpose of entering into and fulfilling the relevant agreement (e.g. to provide or receive the agreed services):
a. Full name
b. Contact details
c. Title and workplace
d. Username and password (in case you have registered an account on our customer portal(s)).
The data controller is the GPV company, which is the contracting party in the relevant agreement.
The processing of personal data is necessary for entering into and performance of a contract, and thus, the legal basis for our processing is the concerned agreement, cf. GDPR article 6(1)(b).
If you have given your consent hereto, GPV will also process your personal data to contact you regarding future business between GPV and the company that you work for, cf. GDPR article 6(1)(a).
We will keep your personal data for the duration of the relationship between GPV and the company you work for, and thereafter if there is a legitimate purpose for keeping your personal data, including where GPV is obliged under applicable law, or if the concerned personal data is used to establish, exercise, and defend our legal rights.
1.5
Legal rights
We may also process your personal data in order to establish, exercise or defend our legal rights in connection with a dispute, a complaint or an investigation initiated by a public authority.
In such case, the legal basis for our processing is our legitimate interest in being able to establish, exercise or defend our legal rights, cf. GDPR article 6(1)(f), where it is deemed to override your interest in not having the personal data processed.
The personal data will be deleted (if there is no other legal basis for retaining the data) when, following a specific assessment, it is deemed that the data is no longer considered necessary for the purposes of the dispute, complaint or investigation.
2
Transfer of personal data to third parties
2.1
Your personal data may be transferred to the following third parties:
a. Group companies.
b. Service providers and suppliers assisting in our business activities, including for example hosting providers and suppliers of IT services
c. External advisers.
d. Other third parties involved in a merger or acquisition involving all or part of our business or its assets.
2.2
If a third party processes your personal data outside the EU/EEA, this will take place based on the EU Commission’s Standard Contractual Clauses (“SCCs”) and a risk assessment. You may request a copy of the SCCs regulating the transfer of personal data by contacting us via the contact details stated above.
3
Your rights
3.1
In certain circumstances, you have the following rights under the data protection law:
a. Right to access:
You are entitled to request information about or access to your personal data. However, there are exceptions, and you will not always be entitled to receive all the information that we process.
b. Right to rectification:
You are entitled to obtain rectification of incorrect personal data concerning you. You are also entitled to have incomplete personal data completed.
c. Right to erasure:
In certain instances, you are entitled to request the erasure of personal data concerning you.
d. Right to restriction of processing:
In certain instances, you are entitled to obtain restriction of the processing of your personal data.
e. Right to data portability:
You have the right to receive a copy of your personal data in a structured, commonly used and machine-readable format. If technically feasible, you have the right to request that your personal data be transmitted directly to another company or person acting as data controller.
f. Right to object:
You are entitled to object to the processing of your personal data. This means that you can stop or prevent the processing of your personal data. However, this applies only in certain cases, and we are not compelled to stop the processing of your personal data if there are legitimate grounds for continuing such processing.
3.2
How to exercise your rights :
If you wish to exercise the above rights, you are welcome to contact the GDPR team at GPV on gdpr@gpv-group.com.
In order for us to process your request appropriately and in due time, we kindly ask you to specify and describe your request in detail, including by providing the relevant identification, so we are able to identify you. We will on the basis of your request process your personal data to the extent possible and required in order to comply with our legal obligations, cf. art. 6(1)(b) of the GDPR and to protect our legal rights, cf. art. 9(2)(f) of the GDPR.
Your request will be handled at our costs, unless the request assess is considered abused or non-justified use.
The right to complain:
You also have the right to complain if you disagree with or disapprove our processing of your personal data. If you wish to complain about our processing of your personal data, you should contact the national data supervisory authority within the country, where you are located, which are:
- In Austria: Österreichische Datenschutzbehörde (www.dsb.gv.at)
- In Denmark: Datatilsynet (www.datatilsynet.dk)
- In Estonia: Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) (www.aki.ee)
- In Finland: Office of the Data Protection Ombudsman (www. tietosuoja.fi)
- In Germany: Der Bundesbeauftragte für den Datenschutz und die In-formationsfreiheit (www.bfdi.bund.de)
- In Slovakia: Úrad na ochranu osobných údajov (www.dataprotection.gov.sk)
- In Sweden: Datainspektionen (www. imy.se/en/)
- In Switzerland: Eidgenössischen Datenschutz- und Öffentlichkeitsbeauftragten (EDÖB) (Startseite (admin.ch)