Privacy and Data Protection Policy
Introduction
CITYLIGHT DANMARK (“CITYLIGHT DANMARK”) is subject to national privacy and data protection laws, which includes EU’s General Data Protection Regulation, which protects the integrity and confidentiality of a person’s personal data. Personal data means any information, directly or indirectly, relating to an identified or identifiable natural person (data subject). This Policy is primarily aimed at our customers and visitors to our platforms.
We are committed to protecting the privacy and data protection rights of everyone’s personal data we process, so it is important that we explain and give you an overview of how CITYLIGHT DANMARK collects and process personal data. We will only process personal data for appropriate purposes and in accordance with applicable data protection regulations. In addition to this Policy, CITYLIGHT DANMARK has privacy policies for CITYLIGHT DANMARK Smart (available in the application) and for its employees (available in the personnel handbook). For information about how we use cookies, please see our Cookie Policy.
CITYLIGHT DANMARK is the controller in terms of the personal data we process as part of our customer relationship and of the personal data generated from those using our website. Executive overview of CITYLIGHT DANMARK’s processing of personal data .CITYLIGHT DANMARK commits to always process personal data lawfully and fairly, and which is only collected for specified, explicit and legitimate purposes as required by law. Therefore, we will only process personal data when such processing is necessary to manage our business operations, contractual obligations or other legitimate business interests we may have, and to comply with legal obligations or, in some cases, after having received consent from the data subject.
CITYLIGHT DANMARK will ensure that the personal data is adequate, relevant and limited to what is necessary for the purpose and that the personal data is retained only for the period required to serve the purpose. We strive to keep the personal data accurate and up to date, and ensure that inaccurate data is erased or rectified. CITYLIGHT DANMARK will ensure that the personal data is processed in a manner that ensures appropriate security with respect to integrity and confidentiality of the personal data.
Third party service providers In a number of areas, CITYLIGHT DANMARK may use third party service providers that process personal data on behalf of CITYLIGHT DANMARK. In such circumstances, CITYLIGHT DANMARK has implemented adequate safeguards in accordance with applicable law to regulate the service providers’ processing of personal data on our behalf, such as the conclusion of a Data Processing Agreement.
CITYLIGHT DANMARK does not disclose personal information to other companies outside of our group, neither in Norway nor abroad. However, this does not limit any statutory disclosure of personal data to public authorities. Geographical storage and processing CITYLIGHT DANMARK stores and processes personal data on servers located in the EU/EEA. CITYLIGHT DANMARK may on occasion use third party service providers located outside the EEA (third countries). In such circumstances, the transfer of personal data to third countries will rely on Standard Contractual Clauses or other lawful basis for the transfer of personal data. CITYLIGHT DANMARK’s processing of personal data.
CRM system (administration of customers and potential customers)
CITYLIGHT DANMARK processes personal data to facilitate the administration of customers and potential customers, such as their name, telephone number, email address, postal address, employer if the data subject represents a company (contact person), agreement and/or order and purchase order.
The purpose of this processing activity is to manage customer relationships, including keeping track of current, past and potential customer relationships. Our legal basis for processing is either to fulfil an agreement with you as a customer (existing customer relationship), or our legitimate interest in contacting potential customers. The data is stored in our CRM register and deleted five years after the last activity.
Sales, invoicing and payments
When you or your company orders a product from CITYLIGHT DANMARK, we process certain types of personal data, such as your name, telephone number, email address, address, employer if you represent a company (contact person), as well as the time and content of the order. The processing also covers the invoice we send you and the payment we receive from you, as well as any refunds. The orders are processed in our CRM system and the invoices in our invoicing system.
The purpose of this processing activity is to provide services and products to you as a customer and our legal basis is the customer agreement. CITYLIGHT DANMARK is required by law to store invoice information for 10 years after the end of the financial year.
Newsletter
Customers and other interested parties can sign up to receive CITYLIGHT DANMARK’s newsletter. If you receive our newsletter, you will regularly receive an email with tips, news and other information about our products and services. On these occasions, CITYLIGHT DANMARK processes personal data, such as your name, email address, IP address if you clicked on the information link, and your company name (employer) and job title if you are acting as a contact person for a company.
The purpose of sending out newsletters is to market our products and services to existing and potential customers. For existing customers (contact persons for companies), the legal basis is CITYLIGHT DANMARK’s legitimate interest, whilst for others, the legal basis is consent. All recipients of the newsletter are free to unsubscribe from the newsletter by clicking “unsubscribe”. CITYLIGHT DANMARK processes the data for as long as you choose to receive newsletters.
Social media
CITYLIGHT DANMARK has a company account with various social media (Facebook, LinkedIn and Instagram), which is freely available to other users of the services. CITYLIGHT DANMARK has access to the public profile data of its followers, which is individuals enter when creating a profile on the relevant social media. This also includes comments users make regarding CITYLIGHT DANMARK’s posts.
CITYLIGHT DANMARK’s purpose for using social media is to assess interest in the updates shared on CITYLIGHT DANMARK’s corporate page with a view to optimising the content to match the recipients’ interest. Our legal basis for processing personal data on social media platforms is our legitimate interest to be visible and accessible to our customers and others on social media platforms. CITYLIGHT DANMARK may process the public profile data of its followers for as long as the user follows or refers to our company account with, for example likes, comments or messages. If you are interested in knowing how social networks process your personal data, please refer to read the privacy policies available via your social network profile(s).
Your rights
When CITYLIGHT DANMARK processes personal data about you, you are conferred data privacy rights, which we explain below. There may be exceptions to these rights. If you wish to enforce your rights, or have questions related to your rights, please contact the responsible person named below (see contact information). We are obliged to answer your enquiry without undue delay and within one month at the latest.
- Right to Information : The right to information means that you can contact us and request information about how we process personal data about you.
- Right to Access : The right of access means that you are entitled to receive a copy of the data that we have stored about you.
- Right to Rectification : The right to rectification means that you are entitled to have incorrect or incomplete personal data about yourself corrected or updated.
- Right to Erasure (‘right to be forgotten’) : The right to erasure means that you have the right to have data about yourself deleted, if the personal data is no longer necessary for the purpose for which it is processed, if you withdraw your consent or if you protest against the legality of the processing.
- Right to Restriction of Processing : The right to restriction of processing means that you are entitled to restrict the processing, if you dispute the accuracy of the personal data, the processing is illegal, or the personal data is no longer necessary for the purpose for which it was obtained.
- Right to object : The right to object against the processing of personal data means that you can oppose processing based on CITYLIGHT DANMARK's legitimate interest, if there are justified reasons for this
- Right to Withdraw Consent : If you have given us your consent to process personal data, you can withdraw this consent at any times.
Complaints
We hope you will inform us if you believe we are not complying with data protection legislation. You have the right to lodge a complaint to local Data Protection Authority, if you consider that we have breached data protection legislation. You may always contact us directly if you have any questions.
Contact information
CITYLIGHT DANMARK as is the controller in terms of the personal data we process. The company’s CEO has ultimate responsibility for the company’s compliance with the data protection regulations.
You can also contact CITYLIGHT DANMARK by:
Phone : +45 26805580
Email : lars@city-light.dk
Post : Kong christians alle 51, 9000 Aalborg, Denmark