Persondatapolitik

    Privacy Policy

    Version: 1.0 (Deletion Policy v1; Breach Procedure v6)
    Last updated: May 20, 2025

    Confirma etrack A/S ("we", "us" or "our") is fully committed to protecting your individual rights and keeping your personal data secure. This Privacy Policy describes our collection, use, storage, sharing, deletion, and breach-handling practices for personal data.


    1. Data Controller

    The data controller for your personal data on our websites and services is:

    • Company: Confirma etrack A/S
    • Address: Langhøjvej 1, 8381 Tilst, Denmark
    • VAT (CVR) Number: DK26940958

    When we refer to "you" in this policy, we mean you as a customer, potential customer, your employer (if you are our customer’s employee), or any other relevant party.


    2. Categories of Personal Data Collected

    We collect and process your personal data directly from you or as generated by your use of our services. The categories include:

    1. Identification Information: national ID number, name
    2. Contact Information: postal address, phone number, email address
    3. Financial Information: agreement type, assets and debts
    4. Profile Information: nationality, demographics, marital status, occupation
    5. Relationship Information: history of your relationship with Confirma etrack A/S
    6. Special Categories: health-related data, criminal records (where applicable)

    2.1 Data Provided Directly by You

    • Account registration: name, email, phone
    • Support inquiries: emails, chat messages

    2.2 Data from Third Parties

    • Name, email, postal address, browser data, and other relevant details obtained through integrations or data processors

    3. Purposes of Processing & Legal Basis

    We use your personal data:

    • To perform contracts: account setup, invoicing, customer service, legal claims and debt collection
    • To comply with legal obligations: bookkeeping, tax and regulatory reporting, insurance risk management
    • For legitimate interests: marketing, product/customer analysis, system and business development, profiling for relevant offers and support
    • With your consent: when you contact our support hotline or for direct marketing communications (you may withdraw consent at any time)

    4. Data Retention & Deletion

    We retain your data only as long as needed for the purposes collected or as required by law. Key retention periods under Danish law include:

    Data Type

    Retention Period

    Bookkeeping records

    Up to 10 years after calendar year-end

    Payment services documentation

    5 years

    Insurance-related records

    Up to 11 years

    Unaccepted offers

    6 months after offer expiration

    Contract performance details

    5 years after end of the customer relationship

    Employee contracts and HR files

    5 years after employment ends

    Health and occupational injury records

    Up to 5 years post-collection; may be longer if necessary for legal claims

    Vacation and payroll records

    5 years after relevant fiscal year

    Tax returns and salary documentation

    5 years after fiscal year

    CRM and professional relations

    3 years after relationship ends (or 3 years after each case conclusion per client request)

    Employee email accounts (non-critical e-mails)

    1 year after employment ends (subject to archiving exceptions for business-critical information)

    Marketing consents

    Until withdrawal of consent

    All digital media are securely deleted, overwritten, or sanitized according to our procedures. Physical documents are shredded or otherwise destroyed to prevent unauthorized access.

    If you request erasure or restriction, we will comply unless there is a statutory or contractual obligation to retain data (e.g., pending legal claims).


    5. Sub-processors and Third-Party Sharing

    We may share your personal data with:

    • Authorities: tax, police, and supervisory bodies in Denmark as required by law
    • Service providers: Unit IT A/S and other approved sub‑processors for development, hosting, maintenance, and support
    • Insurance companies: only with your consent or as permitted by law

    We do not transfer your data to third countries outside the EEA.


    6. Data Breach Procedure

    Version: 6.0
    Effective date: May 20, 2025

    In the event of a personal data breach, our internal Brudansvarlige (Breach Responsible), currently Thomas Drewes (CEO), will:

    1. Detect & Contain: Follow our emergency response plan to stop and mitigate the breach.
    2. Document: Record all relevant details of the incident in the ComplyCloud application.
    3. Notify Supervisory Authority: If the breach poses a risk to individuals’ rights and freedoms, we will notify the Danish Data Protection Agency without undue delay, and no later than 72 hours after becoming aware. If full details are not available within 72 hours, we will provide them in phases.
    4. Notify Affected Individuals: When the breach is likely to result in a high risk to their rights, we will inform affected persons promptly, describing:
      • Nature of the breach
      • Contact details of our Data Protection Officer or Brudansvarlige
      • Likely consequences and measures taken or proposed to address the breach
        Notifications will be by direct means (email, SMS, or letter) unless exceptional circumstances justify alternative methods.
    5. Evaluate & Improve: Conduct a root cause analysis and update policies to prevent recurrence.

    7. Your Privacy Rights

    As a data subject, you have the right to:

    • Access: request a copy of your personal data
    • Rectify: correct incomplete or inaccurate data
    • Erase: request deletion when no overriding legal grounds exist
    • Restrict processing: when you contest accuracy or legality of processing
    • Object: to processing for direct marketing or profiling
    • Data portability: receive your data in a machine-readable format and have it transmitted to another controller where technically feasible

    Requests will be handled in accordance with GDPR timelines and may be subject to limits where statutory obligations require retention.


    8. Cookies & Tracking

    We use cookies and similar technologies to provide a secure online environment, personalize content, analyze site performance, and manage marketing. We do not identify individual visitors through cookies, except for etrack1 customers.

    You may manage cookies via your browser settings; however, rejecting cookies may limit functionality on our site.


    9. Policy Updates

    We may update this Privacy Policy and our Cookie policies. Changes will be published here with a revised date. Significant changes will be communicated directly to affected users.


    10. Contact Information

    For questions or requests regarding this policy, please contact:

    Thomas Drewes
    CEO, Confirma etrack A/S

    info@etrack1.com

     

    Rekvirér dine oplysninger her

    Ønsker du ikke længere, at vi skal behandle dine personoplysninger, ønsker oplyst hvilke oplysninger vi har registreret eller at vi skal begrænse behandlingen af dine personoplysninger, kan du sende os en anmodning herom.