Persondatapolitik

Privacy Policy

Version: 1.0 (Deletion Policy v1; Breach Procedure v6)
Last updated: May 20, 2025

Confirma etrack A/S ("we", "us" or "our") is fully committed to protecting your individual rights and keeping your personal data secure. This Privacy Policy describes our collection, use, storage, sharing, deletion, and breach-handling practices for personal data.

1. Data Controller

The data controller for your personal data on our websites and services is:

• Company: Confirma etrack A/S
• Address: Langhøjvej 1, 8381 Tilst, Denmark
• VAT (CVR) Number: DK26940958

When we refer to "you" in this policy, we mean you as a customer, potential customer, your employer (if you are our customer’s employee), or any other relevant party.

2. Categories of Personal Data Collected

We collect and process your personal data directly from you or as generated by your use of our services. The categories include:

1. Identification Information: national ID number, name
2. Contact Information: postal address, phone number, email address
3. Financial Information: agreement type, assets and debts
4. Profile Information: nationality, demographics, marital status, occupation
5. Relationship Information: history of your relationship with Confirma etrack A/S
6. Special Categories: health-related data, criminal records (where applicable)

2.1 Data Provided Directly by You

• Account registration: name, email, phone
• Support inquiries: emails, chat messages

2.2 Data from Third Parties

• Name, email, postal address, browser data, and other relevant details obtained through integrations or data processors

3. Purposes of Processing & Legal Basis

We use your personal data:

• To perform contracts: account setup, invoicing, customer service, legal claims and debt collection
• To comply with legal obligations: bookkeeping, tax and regulatory reporting, insurance risk management
• For legitimate interests: marketing, product/customer analysis, system and business development, profiling for relevant offers and support
• With your consent: when you contact our support hotline or for direct marketing communications (you may withdraw consent at any time)

4. Data Retention & Deletion

We retain your data only as long as needed for the purposes collected or as required by law. Key retention periods under Danish law include:

All digital media are securely deleted, overwritten, or sanitized according to our procedures. Physical documents are shredded or otherwise destroyed to prevent unauthorized access.

If you request erasure or restriction, we will comply unless there is a statutory or contractual obligation to retain data (e.g., pending legal claims).

5. Sub-processors and Third-Party Sharing

We may share your personal data with:

• Authorities: tax, police, and supervisory bodies in Denmark as required by law
• Service providers: Unit IT A/S and other approved sub‑processors for development, hosting, maintenance, and support
• Insurance companies: only with your consent or as permitted by law

We do not transfer your data to third countries outside the EEA.

6. Data Breach Procedure

Version: 6.0
Effective date: May 20, 2025

In the event of a personal data breach, our internal Brudansvarlige (Breach Responsible), currently Thomas Drewes (CEO), will:

1. Detect & Contain: Follow our emergency response plan to stop and mitigate the breach.
2. Document: Record all relevant details of the incident in the ComplyCloud application.
3. Notify Supervisory Authority: If the breach poses a risk to individuals’ rights and freedoms, we will notify the Danish Data Protection Agency without undue delay, and no later than 72 hours after becoming aware. If full details are not available within 72 hours, we will provide them in phases.
4. Notify Affected Individuals: When the breach is likely to result in a high risk to their rights, we will inform affected persons promptly, describing:
• Nature of the breach
• Contact details of our Data Protection Officer or Brudansvarlige
• Likely consequences and measures taken or proposed to address the breach
  Notifications will be by direct means (email, SMS, or letter) unless exceptional circumstances justify alternative methods.
5. Evaluate & Improve: Conduct a root cause analysis and update policies to prevent recurrence.

7. Your Privacy Rights

As a data subject, you have the right to:

• Access: request a copy of your personal data
• Rectify: correct incomplete or inaccurate data
• Erase: request deletion when no overriding legal grounds exist
• Restrict processing: when you contest accuracy or legality of processing
• Object: to processing for direct marketing or profiling
• Data portability: receive your data in a machine-readable format and have it transmitted to another controller where technically feasible

Requests will be handled in accordance with GDPR timelines and may be subject to limits where statutory obligations require retention.

8. Cookies & Tracking

We use cookies and similar technologies to provide a secure online environment, personalize content, analyze site performance, and manage marketing. We do not identify individual visitors through cookies, except for etrack1 customers.

You may manage cookies via your browser settings; however, rejecting cookies may limit functionality on our site.

9. Policy Updates

We may update this Privacy Policy and our Cookie policies. Changes will be published here with a revised date. Significant changes will be communicated directly to affected users.

10. Contact Information

For questions or requests regarding this policy, please contact:

Thomas Drewes
CEO, Confirma etrack A/S

info@etrack1.com