Privacy Policy Data Controller
We are the data controller for the processing of personal data about our customers and partners. You can find our contact information below.
Kragsbjerggaard Hostel and Hotel Kragsbjergvej 121, 5230 Odense M Phone: +45 42 42 52 30 Email: odv@odv.dk Website: www.Kragsbjerggaard.com CVR no.: 39916444
It is not a requirement for our company to have an external DPO, but if you have questions regarding the processing of your personal data, you can contact us via odv@odv.dk.
Processing Activities
As the data controller under GDPR, we have the following processing activities.
Website Visits
When you visit our website, we use cookies to ensure the website's functionality, as explained in our cookie policy.
Communication with Potential Customers
If you have questions about our site or want to learn more about our services, you can contact us via:
Through these channels, we process your personal information to engage in a dialogue with you, such as answering questions about our services. We only process the information you provide in connection with our communication.
We typically process the following general information: name, email, phone number.
Our legal basis for processing this personal information is Article 6(1)(f) of the GDPR.
We delete our communication with you when it becomes clear whether you want our services or not. If there is a specific need to retain your personal information for a longer period, this may be the case.
Customers
We need to communicate with our customers to ensure that the service is delivered correctly. This may involve processing information such as name, address, services, special agreements, payment information, and similar.
The legal basis for processing this personal information is Article 6(1)(b) of the GDPR.
Once the service is delivered and any outstanding issues are resolved, we will immediately delete the personal information.
Newsletter
We have an optional newsletter that you can subscribe to, and you can always unsubscribe. The purpose of the newsletter is to send subscribers emails with new information from the company, which may include new content on the website or advertisements for our services.
We will only send you emails if you have given your active consent. This initially requires you to provide your email address, to which we will send a confirmation email for you to confirm your subscription actively.
Our legal basis for processing your personal information (i.e., email address) in connection with the newsletter is Article 6(1)(a) of the GDPR.
We will process your personal information as long as you are subscribed to the newsletter. Upon unsubscribing, we will stop sending it to you. If we have not sent you a newsletter in 1 year, your consent expires due to our inactivity.
Upon unsubscribing from the newsletter, we retain your previous consent for 2 years after its last use, following the Consumer Ombudsman's spam guidelines section 11.3.
Accounting
We are required to retain all accounting documents according to the Accounting Act. This means that we store invoices and similar documents for accounting purposes, which may contain ordinary personal information such as name, address, service description.
Our legal basis for processing personal information for accounting purposes is Article 6(1).
We keep this information for a minimum of 5 years after the current fiscal year is completed.
Job Applications
We welcome job applications to assess whether they match employment needs in our company.
If you submit your job application to us, our legal basis for processing your personal information is Article 6(1)(f).
If you have submitted an unsolicited application, HR will immediately assess whether your application is relevant and then delete your information if there is no match.
If you have applied for a posted job, we will dispose of your application if you are not hired, immediately after the right candidate is found.
If you enter a recruitment process and/or are hired for the job, we will provide you with separate information on how we process your personal information in this context.
Data Processors
Few can handle everything on their own, and the same goes for us. Therefore, we have partners and use suppliers, some of whom may be data processors.
External vendors may, for example, provide systems to organize our work, services, consulting, IT hosting, or marketing. We have the following external vendors that process data:
It is our responsibility to ensure that your personal information is treated properly. Therefore, we set high standards for our partners, and our partners must guarantee the protection of your personal information.
We enter into agreements with companies (data processors) that handle personal information on our behalf to enhance the security of your personal information.
Disclosure of Personal Information
We do not disclose your personal information to third parties.
Profiling and Automated Decisions
We do not perform profiling or automated decision-making.
Transfers to Third Countries
As a starting point, we use data processors in the EU/EEA or who store data in the EU/EEA.
In some cases, this is not possible, and data processors outside the EU/EEA may be used if they can provide appropriate protection for your personal information.
Processing Security
We keep the processing of personal information secure by implementing appropriate technical and organizational measures.
We have conducted risk assessments of our processing of personal information and have then implemented appropriate technical and organizational measures to enhance processing security.
One of our key measures is to keep our employees informed about GDPR through ongoing awareness training, GDPR courses, and by reviewing our GDPR procedures with employees.
Rights of Data Subjects
Under the GDPR, you have several rights regarding our processing of information about you.
If you wish to exercise your rights, please contact us so we can assist you with this.
Right to Access (Right of Access)
You have the right to access the information we process about you, as well as a range of additional information.
Right to Rectification (Correction)
You have the right to have incorrect information about yourself corrected.
Right to Erasure
In special cases, you have the right to have information about you deleted before the time of our regular general deletion occurs.
Right to Restriction of Processing
In certain cases, you have the right to have the processing of your personal information restricted. If you have the right to have processing restricted, we may only process the information – except for storage – with your consent, or to establish, assert, or defend legal claims, or to protect a person or important societal interests.
Right to Object
In certain cases, you have the right to object to our otherwise lawful processing of your personal information. You can also object to the processing of your information for direct marketing.
Right to Data Portability
In certain cases, you have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to have this personal information transferred from one data controller to another without hindrance.
You can read more about your rights in the Data Inspectorate's guidance on the rights of data subjects, which you can find at www.datatilsynet.dk.
Withdrawal of Consent
When our processing of your personal information is based on your consent, you have the right to withdraw your consent.
Complaint to the Data Inspectorate
You have the right to file a complaint with the Data Inspectorate if you are dissatisfied with how we process your personal information. You can find the Data Inspectorate's contact information at www.datatilsynet.dk.
We generally encourage you to learn more about the GDPR to stay updated on the rules.