09/10/2018

Privacy Policy

1. Introduction

At BURNBLOCK ApS, Wilders Plads 15C, 1403 København K, Denmark, CVR 33581173 (“Burnblock“), we understand the importance of processing personal data securely and confidentially. This Privacy Policy is intended for our customers, suppliers, business partners, website visitors, and other persons with whom we interact. Burnblock is committed to complying with the requirements and obligations relating to the processing of personal data under applicable law, including the General Data Protection Regulation (“GDPR“). We have therefore implemented appropriate procedures to protect your personal data.

Burnblock is the data controller for the processing of your personal data. This Privacy and Cookie Policy (“Privacy Policy“) provides an overview of Burnblock’s processing activities, including the purposes and legal basis of the processing.

If you have any questions in relation to this Privacy Policy, or if you wish to exercise your rights under Chapter III of the GDPR in accordance with para. 5 of this Privacy Policy, please contact Burnblock at Hroar Bay-Smidt, hbs@burnblock.com.

2. Processing activities

2.1 Website visitors

2.1.1 What personal data do we process and for what purposes

When you visit Burnblock’s website, https://burnblock.com/, Burnblock will be processing personal data about you, such as cookies, browser information, IP address and time spent on the website. We use cookies i.a. to improve your user experience and the functionality of our website, to compile statistics, to target advertisements to your needs, and to remember your preferences. You can read more about our use of cookies in our Cookie Policy. If you use our partner log-in, we also process your name, e-mail address, and your username.

2.1.2 Legal basis

The legal basis for the processing of your personal data is Burnblock’s legitimate interests, which, in Burnblock’s view, are not overridden by your fundamental rights and freedoms as provided in Article 6(1)(f) GDPR. The legitimate interests pursued by Burnblock are to make a well-functioning website available, to provide a unique user experience, to engage in marketing activities, and, if you are using our partner log-in, our interests in handling our contractual obligations and maintenance, and strengthening of our customer relationships. In some cases, the legal basis is your consent, which you will be asked to give when you visit our website as provided in Article 6(1)(a) GDPR.

2.1.3 Disclosure of personal data

Burnblock will in certain cases disclose your personal data to business partners or other partners for business purposes. Such third parties include, inter alia, social media providers as specified in para. 4 below.

Additionally, your personal data will be processed by certain third parties, among them the provider of the technical solution behind our website and the provider of our partner log-in site, on Burnblock’s behalf and in accordance with Burnblock’s instructions and the obligations laid down in the data processing agreement concluded with Burnblock. These data processors may not process your personal data for their own purposes.

2.1.4 Storage of personal data

Personal data collected via cookies during visits to our website are stored for different periods of time depending on the type and purpose of the cookie. For details, see our Cookie Policy.

Personal data processed when using our partner log-in is deleted upon termination of the contractual relationship.

2.2 Contacts at (potential) customers, suppliers, and other business relations

2.2.1 What personal data do we process and for what purposes

As a contact person at one of our (potential) customers, suppliers, or other business relations, Burnblock will process personal data about you when you communicate with Burnblock, for example via emails in the context of Burnblock’s (potential) contractual relationship with the company by which you are employed or in the context of the conclusion or termination of a contract. Burnblock will process general personal data about you, including your name and surname, email address, telephone number, job title, etc.

2.2.2 Legal basis

The legal basis for the processing of your personal data is Burnblock’s legitimate interests, which, in Burnblock’s view, are not overridden by your fundamental rights and freedoms as provided in Article 6(1)(f) GDPR. The legitimate interests pursued by Burnblock are the performance of our contractual obligations, the making, maintenance, and strengthening of our customer relationships, the invoicing of the services provided to Burnblock by the company you are employed by and vice versa, and for documentation purposes where an agreement is concluded by email.

In certain cases, the processing of your personal data is necessary to comply with a legal obligation imposed on Burnblock, for example in connection with the storage of accounting records under the Danish Bookkeeping Act. In such cases, the legal basis is Article 6(1)(c) GDPR.

2.2.3 Disclosure of personal data

Burnblock will in certain cases disclose your personal data to other group companies, business partners or other partners for business purposes. Such third parties include, inter alia, social media providers as specified in para. 4 below.

In certain specific cases, e.g. in the context of disputes, including where disclosure is necessary for the establishment, enforcement, or defence of Burnblock’s legal claims, Burnblock may disclose your personal data to advisors or other relevant third parties, if deemed lawful and necessary.

2.2.4 Storage of personal data

If you are a contact person of one of Burnblock’s customers, suppliers or other business associates, Burnblock will process personal data about you for as long as Burnblock is communicating with you because you are our contact person, as long as deemed necessary by Burnblock, or until your personal data is no longer necessary for the establishment, exercise or defence of legal claims.

If your personal data are included in Burnblock’s accounting records, e.g. in connection with invoicing, your data will be stored for five years from the end of the financial year to which the accounting records relate. This is to ensure compliance with our legal obligations under the Danish Bookkeeping Act.

2.3 Customer service

2.3.1 What personal data do we process and for what purposes

When you contact our customer service, we will process the personal data you provide to us in order to handle your inquiry. This will typically be your name, telephone number, email address, and the contents of your inquiry.

Burnblock will not process special categories of personal data (sensitive personal data) about you, e.g. health data, unless you have provided such data yourself. Burnblock kindly asks that you do not send any sensitive personal data to us.

2.3.2 Legal basis

The legal basis for the processing of your personal data is Burnblock’s legitimate interests in providing customer service and developing our business, which, in Burnblock’s view, are not overridden by your fundamental rights and freedoms as provided in Article 6(1)(f) GDPR.

2.3.3 Disclosure of personal data

In certain specific cases, e.g. in the context of disputes, including where disclosure is necessary for the establishment, enforcement, or defence of Burnblock’s legal claims, Burnblock may disclose your personal data to advisors or other relevant third parties, if deemed lawful and necessary.

Additionally, your personal data will be processed by certain third parties on Burnblock’s behalf and in accordance with Burnblock’s instructions and the obligations laid down in the data processing agreement concluded with Burnblock. These data processors may not process your personal data for their own purposes.

2.3.4 Storage of personal data

Inquiries from potential customers will be deleted after the inquiry is resolved, unless a longer retention period is deemed necessary by Burnblock or required for documentation purposes, e.g. to a dispute, including for the establishment, exercise, or defence of legal claims.

Inquiries from existing customers will be deleted three years after termination of the contractual relationship, unless a longer retention period is deemed necessary by Burnblock or required for documentation purposes, e.g. to a dispute, including for the establishment, exercise, or defence of legal claims.

3. Transfer of personal data to third countries (countries outside the EU/EEA)

In certain cases, your personal data may be transferred to countries outside the EU/EEA. Burnblock will ensure that the transfer takes place in accordance with applicable data protection law. This entails that any party outside of the EU/EEA that will receive your personal data will ensure an adequate level of protection, for example, by entering into the EU Commission’s Standard Contractual Clauses (SCCs) with Burnblock. Burnblock will ensure the implementation of additional safeguards if deemed necessary on a case-by-case basis.

You can request a copy of the legal basis for the transfer by contacting Hroar Bay-Smidt, hbs@burnblock.com.

4. Social media

Our website features integrated plug-ins from the social media LinkedIn and YouTube. When you visit any of our social media pages or our website with integrated plug-ins, the social media providers will collect and process personal data by means of cookies, provided you have consented to the use of cookies. Such collection and processing of personal data will take place whether you have a social media profile or not.

If you access our website, which features integrated social media plug-ins, your browser will contact the server of that social medium, load the visual presentation of the plug-in and present the content to you. While this is happening, the social media provider will receive information about your use of the website, as well as additional personal data, such as your IP address. Burnblock will receive anonymous demographic and geographic statistics from the social media provider about visitors to our website and our social media pages.

Burnblock is joint data controller together with the social media providers for the processing of personal data in connection with visits to our social media pages and our website. This means, i.a., that you can contact both Burnblock and the social media provider if you wish to exercise your rights under the GDPR. LinkedIn and YouTube have primary responsibility for ensuring compliance with the GDPR and for responding to requests to exercise data subjects’ rights. If you have a social media profile, you can exercise your rights through your account settings.

We have no influence on the amount of personal data that the social media provider collects via the active plug-ins. For details, please refer to the relevant privacy policy:

5. Your rights

We have taken a number of measures to protect your personal data and safeguard your rights. Because of our processing of personal data about you, you will have the rights described below. However, some rights apply only in certain circumstances. The Danish Data Protection Agency has issued guidance on the rights of data subjects. For details about your rights, please see here (in Danish).

  • You have the right to request access to, and receive a copy of, the personal data that we are processing about you and, in this context, also to receive a range of additional information.
  • You have a right to have incorrect personal data about yourself rectified and to have incomplete personal data completed.
  • You have the right to request that personal data about you be deleted in certain circumstances, e.g. if processing is based on your consent and you choose to withdraw that consent.
  • You have a right to have the processing of your personal data restricted, e.g. if the accuracy of the personal data is contested.
  • Where our processing is done automatically and is based on your consent or the performance of an agreement with you, you have the right to request to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format and to request the transmission, where technically feasible, of such data to another controller.
  • You may object to the processing of your personal data by us, including in particular in relation to direct marketing.
  • You may request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  • You may withdraw your consent to the processing of your personal data at any time. Withdrawal of your consent will not affect the processing of your personal data that took place before the date of withdrawal, however.

If you wish to exercise any of the above rights, or if you wish to withdraw your consent, please feel free to contact Hroar Bay-Smidt, hbs@burnblock.com.

6. Questions or complaints

If you have any questions about this Privacy Policy or if you wish to exercise any of your rights as explained above or if you disagree with the way we process personal data about you, please contact Hroar Bay-Smidt, hbs@burnblock.com.

If you disagree with the way in which Burnblock processes your personal data, you may file a complaint with the Danish Data Protection Agency, using the contact details that are available here. However, we hope that you will contact us first, using the below contact details, so that we may try to come to an agreement.

7. Amendments to this Privacy Policy

This Privacy Policy is regularly updated and amended, including as required on account of changes to statutes, practices and rules and regulations on the data protection area. You are advised, therefore, to stay up-to-date on the contents of this Privacy Policy at all times.

Last changed: 06.12.2023