Personal Data Policy
1.1 This policy describes how DRY & COOL collects and processes the personal details which you submit to us, or which we collect about you via the DRY & COOL website www.dryandcool.co.uk
2. CONTACT DETAILS FOR THE DATA CONTROLLER
2.1 DRY & COOL is the data controller for the personal data we collect
2.2 DRY & COOL shares, with Facebook, the data control for the personal details collected using Facebook’s analysis tool “Facebook Page Insights” when you visit our Facebook page. You can read more about this in subsection 3.4.
2.3 If you have any questions or comments about this personal data policy, or wish to exercise one, or more, of your rights described in section 6, you can contact DRY & COOL Havremarken 4, Hal A3 3650 Oelstykke, Denmark. Telephone number: + 45 31 31 31 44 or firstname.lastname@example.org
3. WHAT PERSONAL DATA DO WE COLLECT, FOR WHAT PURPOSE, AND THE LEGAL BASIS FOR PROCESSING THIS DATA
3.1.1 The purpose is:
18.104.22.168 to gather statistics, which we can analyse, regarding how our customers use and navigate our website, in order to optimise the user experience and functionality of the website,
22.214.171.124 to recommend products on our website, which we think you could be interested in, and
126.96.36.199 to market our products to you, including via Facebook and Google, as well as
188.8.131.52 increase the security of our website.
3.1.2 The legal basis for this data processing is the EU General Data Protection Regulation article 6, section 1, subsection f.
3.2 When you purchase a product or communicate with us on our website, we collect the details you submit to us, for example your name, address, email address, telephone number, payment method, details about the time of purchase, which products you purchase and/or return, requests regarding delivery, as well as information about the IP address through which the order is made.
3.2.1 The purpose is:
184.108.40.206 to be able to register you as a customer and deliver any product(s) you order, to uphold our agreement with you overall, and
220.127.116.11 to be able to manage your rights to returns and comments/complaints,
18.104.22.168 to prevent fraud, and
22.214.171.124 to comply with legal requirements including accounting and financial management.
3.2.2 The legal basis for this data processing is the EU General Data Protection Regulation article 6, section 1, subsection b (points 126.96.36.199-2.), subsection c (point 188.8.131.52) and subsection f (point 184.108.40.206).
3.3 Upon subscribing to our newsletter, we collect details about your name, email address, and IP address. We also collect details about when you subscribed to the newsletter, when you unsubscribed, as well as details about where and when you open the newsletter.
3.3.1 The purpose is
220.127.116.11 to be able to deliver newsletters to you,
18.104.22.168 to gather statistics for the purpose of improving the newsletters, and for the marketing of our services, as well as
22.214.171.124 to be able to document your consent to receiving the newsletter.
3.3.2 The legal basis for this data processing is the EU General Data Protection Regulation article 6, section 1, subsection f.
3.4 When you visit our Facebook page, please note that we use the Facebook analysis tool ”Facebook Page Insights” to gather statistics about visitors, and to gather insight on visitor behaviour on our Facebook page, including the number of “likes”, who “likes”, the number of page views and interaction with the page, withdrawal of “likes”, and the reach of posts, etc.
In this context, we and Facebook gather details as joint data controllers. When you visit our Facebook page, you will gain access to information about this data processing. More information is available here. Facebook has entered into an agreement with us about joint data control. The agreement can be read here.
4. LEGITIMATE INTERESTS PURSUED AS A RESULT OF DATA PROCESSING
As mentioned above, our processing of your personal data is partially based on the balancing of interests rule in article 6, section 1, subsection f of the General Data Protection Regulation. We have come to a balance regarding our legitimate interest in conduction marketing, improving our website, security, preventing fraud, and your interests, to ensure that your interests or fundamental rights or freedoms do not exceed our interests.
5. RECIPIENTS OF PERSONAL DATA
5.1 Details about your name, address, email address, telephone number, as well as order number and specific delivery requests are passed on to PostNord, or another carrier that is responsible for delivering the purchased item(s) to you.
5.2 Personal data can be disclosed to public authorities if we are required by law to do so, or to the police in the case of suspicion of criminal action, or as part of an investigation of specific criminal offences. Details about a purchase, including the name of the buyer, and the location to which the product(s) was delivered, can be disclosed to the card issuer, if the card holder notifies them that the card has been misused in connection with the specific purchase.
Data may be entrusted with external cooperating partners processing the data on our behalf. We utilise external cooperating partners for, amongst other things, hosting, technical operation, improvement of the website, as well as targeted marketing, including retargeting, and your evaluation of our business and products. These businesses are data processors which operate per our instruction, and process data that is under our control and responsibility. Our webshop and payment system operate through DanDomain A/S, which functions as our data processor.
5.3 The data processors may not utilise details for purposes other than those agreed to with us and are subject to the confidentiality of these details.
5.4 Two of these data processors, Google Analytics with Google LLC. and Facebook Inc., are based in the USA. The necessary guarantees for the transfer of data to the USA are secured through the data processor certification under EU-U.S. Privacy Shield, cf. the EU Personal Data Regulation article 45.
5.4.1 A copy of Google LLC's certification can be found here.
5.4.2 A copy of Facebook Inc.'s certification can be found here.
6. YOUR RIGHTS
6.1 With a view towards openness regarding the usage of your details, we, as data controllers, wish to inform you of your rights. You can contact us if you wish to exercise your rights. You can find our contact details under section 2.
6.2 The right to access
6.2.1 You have the right to access regarding, among other things, what details we have registered about you, the purpose served by registering these details, what categories of personal details and what recipients of these details there may be, as well as information about where these details originated. You also have the right to receive a copy of these details.
6.3 The Right of Correction
6.3.1 You have the right to have incorrect details about you corrected.
6.4 The Right to Deletion
6.4.1 In certain cases you have the right to have all, or some, of your personal data deleted by us, for example if you revoke your consent and we do not have another legal basis for retaining your details. We are not obligated to delete your personal data in the event that an ongoing retention of your details is necessary, for example in order that we can comply with our legal obligations, or so that legal claims can be established, enforced, or defended.
6.5 The Right to Limit Data Processing to Storage
6.5.1 You have the right, under certain circumstances, to limit the processing of your personal data to consist only of storage. In such a case we may only retain your data with your consent, or for the purpose of establishing, enforcing, or defending a legal claim.
6.6 The Right to Data Portability
6.6.1 You have the right, under certain circumstances, to receive a copy of your personal data, which you have previously provided us, in a structured, commonly used, and machine-readable format, and the right to transfer this data to another data controller.
6.7 The Right to Object
6.7.1 You have the right to object at any time to our usage of your personal data, with a view towards direct marketing, including the profiling necessary to be able to target our direct marketing. Furthermore, you have the right, for reasons regarding your personal situation, to object at any time to our processing of your personal data, which is conducted on the basis of our legitimate interests, as mentioned in sections 3 and 4.
6.8 The Right to Revoke Consent
6.8.1 You have the right to revoke, at any time, your consent to a given processing of your personal data.
6.9 The Right to Complain
6.9.1 You have the right to file a complaint, at any time, to the Data Protection Agency if you are dissatisfied with our processing of your personal data. A complaint form and contact details can be found at www.datatilsynet.dk.
7. THE DELETION OF PERSONAL DATA
7.1 Data collected regarding your use of dryandcool.se cf. section 3.1. is deleted no later than 3 years after your most recent use of the website.
7.2 Data collected in connection with your subscription to our newsletter cf. Section 3.3. is deleted upon your revocation of consent to receiving the newsletter unless we have another basis for retaining this data. We can, however, retain documentation for your consent for 2 years subsequent to the last time we have sent you electronic marketing.
7.3 Data collected in connection with purchases you have made on dryandcool.dk cf. section 3.2 will, in general, be deleted 2 years after the end of the calendar year in which you made your purchase. This data may be retained for a longer period if we have a legitimate need to retain the data for a longer period, for example if it is necessary so that legal claims can be established, enforced, or defended, or if a longer period of retention is necessary to comply with our legal obligations. Accounting records are kept for 5 years to the end of the fiscal year in order to comply with the requirements of the relevant laws.
8.1 We have taken reasonable technical and organisational security measures in order to prevent the accidental or illegal deletion, loss, modification, or deterioration of personal data, as well as to prevent this data from coming into unauthorised possession or being misused.
8.2 Only those employees with an actual need for access to personal data in the course of their work have access to this data.
9. CHANGES TO THE PERSONAL DATA POLICY
9.1 You will be notified of any changes to the Personal Data Policy the next time you visit our website if they should occur.
10.1 This is version 1 of DRY & COOL’s Personal Data Policy as of 12th May, 2020