Privacy policy
1. Introduction
1.1 This Data Protection and Privacy Policy (the “Policy”) describes how MediaCatch ApS (“us”, ”we” or ”our”) collects and processes personal data relating to the purchase of services, membership, products or general use of our website.
1.2 The Policy is prepared and made available to comply with the General Data Protection Regulation (2016/679 of 27 April 2016) (the ”GDPR”) and the rules included herein on information to be provided to you.
2. Collecting personal data with cookies
2.1 By visiting and using our website(s), cookies are collected and used on the basis of consent. Information in these cookies include (hereinafter "Cookiedata"):
- browser type
- IP address
- location at login
2.2 Cookiedata is used improvement of the website(s) and the user experience, to deliver our products, services or goods, administration customer claims, to perform targeted marketing, administration of customer relationships in general (orders, purchase history, invoicing etc.), customer support .
2.3 Our use of cookies for the purpose of collecting personal data is being carried out in accordance with the Cookie Order (No. 1148 of 9 December 2011), section 3.
2.4 If you wish to limit or decline the cookies placed on your computer when visiting our website you can do so at any time by changing your browser settings. However, you should be aware that if you decline or reject cookies it will impact the functionality of the website which means that there are features on the website that you will not be able to see. Any browser allows you to delete cookies collectively or individually. How this is done depends on the used browser. Remember to delete the cookies in all browsers, if you use several different browsers.
2.5 We disclose and/or share Session Data with: HubSpot LLC for our CRM-system
2.6 Below you will see an overview of the duration of the cookies we use:
- Authentication cookies. Stored 1 year.
- Preference cookies. Stored 2 years.
- CRM sessions. Stored 30 minutes.
3. Types of personal data processed
3.1 We process personal data about you when this is necessary and in accordance with the applicable legislation. Depending on the specific circumstances, the processed personal data include the following types of personal data:
- name
- address
- telephone number
- username
- IP addresses
- Customer number
- purchasing history
- account status (customer points, payments etc.)
- invoicing and bookkeeping data and documentation
In addition hereto and depending on whether you work with one of our customers and how you use our offerings and services, we may process (i) copies of information on communication with you, (ii) engagement history regarding our communication with you and your engagement in events, campaigns, etc., (iii) your affiliation with a commercial account within our CRM system, (iv) your customer relationship status, (v) Net Promoter Score(s) and other feedback on use of our offerings and (vi) other CRM data relating to your organization's commercial relationship with us.
3.2 When it is relevant, personal data is collected directly from you or from external sources. Personal information from external sources is collected from publicly available registers under the Danish Business Authority and service providers with API's for public registers. The personal data collected via such external sources is limited to what is already publicly available.
3.3 If we need to collect more personal data than specified above, we will inform about this. Such information will be provided by updating this Policy.
4. Purposes for processing the personal data
4.1 The personal data we collect about you is processed for the following purposes:
- To deliver products or services to a user, customer or member.
- To answer enquiries or complaints from users, customers or members.
- To provide service messages and information to users, customers or members.
- To store personal data to comply with applicable legislation requirements such as bookkeeping acts.
- To send direct marketing to users, customers or members.
- To prevent fraudulent behavior or misuse of the IT System.
- To give support and service messages, including answering questions and complaints and send updates about our products and services.
- To prevent fraudulent behavior or misuse of our products, services and website, including the processing of personal data for the purpose of legal actions.
- To improve our products, services or website.
- To facilitate a sales process.
- To send newsletters on e-mail.
5. Legal basis for processing personal data
5.1 We only process your personal data when we have a legal basis to do so in accordance with the GDPR. Depending on the specific circumstances, the processing of personal data is done on the following legal basis:
- The processing is necessary for the performance of a contract to which the data subject is party, cf. the GDPR, article 6(1)(b), the first indent.
- The processing is necessary in order to take steps at the request of the data subject prior to entering into a contract, cf. the GDPR, article 6(1)(b), last indent.
- The processing is necessary for compliance with applicable legislation, cf. the GDPR, article 6(1)(c).
- The processing is necessary for the purposes of the legitimate interests where such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, cf. the GDPR, article 6(1)(f).
- If we have asked for a consent for the processing of specific personal data, the legal basis for such personal data is a consent, cf. article 6(1)(a) of the GDPR, as the consent can always be withdrawn by contacting us via the contact details provided at the end of this Policy, and, if the consent is withdrawn, the personal data processed on the basis of consent is deleted, unless it can or must be processed, for example, in order to comply with legal obligations.
5.2 If we send you direct marketing, including by email, we will ask for your prior consent in accordance with the applicable rules such as marketing acts.
6. Disclosure and transfer of personal data
6.1 We only pass on personal data to others when the law allows it or requires it, including when relevant and asked to do so by you or a data controller when applicable.
6.2 We transfer personal data to the following recipients from the EU/EEA:
- Data processors
- Suppliers
- Collaborators
6.3 From time to time we use external companies as suppliers to assist us in delivering our services. The external suppliers will not receive or process personal data unless the applicable law allows for such transfer and processing. Where the external parties are data processors, the processing is always performed on the basis of a data processor agreement in accordance with the requirements hereto under GDPR. Where the external parties are data controllers, the processing of personal data will be performed based on said external parties’ own data privacy policy and legal basis which the external parties are obligated to inform about unless the applicable legislation allows otherwise.
6.4 We transfer personal data to countries or international organisations outside the EU/ EEA. Personal data is transferred to the following countries not subject to an article 45 adequacy decision: USA.
Such transfers are based on the standard contractual clauses about data protection made or approved by the EU Commission and possibly approved by a national data protection agency, ensuring a sufficient level of protection.
6.5 If you have any questions about our use of data processors, cooperation with other data controllers, including subsidiary companies, or transferring of data to third countries, please contact us for more information or documentation of our legal basis for said transfers.
7. Erasure and retention of personal data
7.1 We ensure that the personal data is deleted when it is no longer relevant for the processing purposes as described above. We also retain personal data to the extent that it is an obligation from applicable law, as is the case with for example accounting and bookkeeping materials and records. If you have any questions about our retention of personal data, please contact the email mentioned in the last section of this Policy.
8. Data subject rights
8.1 As a data subject under GDPR, you have a number of rights.
8.1.1 You have the right to request access to the personal data we process about you, the purposes we process the personal data, and whether we disclose or transfer your personal data to others.
8.1.2 You have the right to have incorrect information rectified.
8.1.3 You have the right to have certain personal data deleted.
8.1.4 You may have the right to restriction of our processing of your personal data.
8.1.5 You may have the right to object to our processing of your personal data based on reasons and circumstances that pertain to your situation. Objection can also be to the processing of personal data for the purpose of direct marketing.
8.1.6 You have the right not to be subject to a decision based solely on automated means, without human interference unless the decision is necessary for your employment, the decision has a legal basis, or is based on your explicit consent.
8.1.7 If the processing of your personal data is based on your consent, you are entitled to withdraw such consent at any time. Withdrawal of your consent will not affect the lawfulness of the processing carried out prior to your revocation of consent.
8.1.8 You are entitled to receive personal data which you have provided to us in a structured, commonly used, and machine-readable format (data portability).
8.1.9 You can always lodge a complaint with the data protection agency.
8.2 Your rights may be subject to conditions or restrictions. Accordingly, there is no certainty that you will be entitled to for example data portability in the specific situation; it will depend on the circumstances of the processing.
8.3 More information about data subject rights can be found in the guidelines of the national data protection authorities.
8.4 Please use you the contact details below if you want to use your rights.
8.5 We try to meet your wishes about our processing of personal data, but you can always file a complaint to the data protection authorities.
9. Changes to this Policy
9.1 We reserve the right to update and amend this Policy. If we do, we correct the date and the version at the bottom of this Policy. In case of significant changes, we will provide notification in the form of a visible notice, for example on our website or by direct message.
10. Contact
10.1 You may contact us at the below specified email if you:
- disagree with our processing or consider our processing of your personal data infringes on the law,
- have questions or comments to this Policy, or
- want to invoke one or more of your rights as a data subject described in this Policy.
If you have questions or comments to this Policy or if you would like to invoke one or more data subject rights, please contact us at [email protected].