Cadpeople Data Protection Policy
We, at Cadpeople A/S, take protection of your personal data very seriously and strictly adhere to the rules laid out by data protection laws.
The following policy provides an overview of how we ensure this protection and what kind of data is collected for what purpose.
Responsible for GDPR:
8000 Aarhus C
Telephone: +45 8732 3900
CVR (Central Business Register) no.: 17264095
Claus Riekehr Møller
E-mail address: email@example.com
This policy refers to all parties (employees, job candidates, customers, suppliers etc.) who provide any amount of information to us.
The Data Protection Policy covers:
Employees of Cadpeople and our subsidiaries must follow this policy.
Contractors, consultants, partners and any other external entity are also covered.
Generally, our policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data.
Cadpeople only store information where we have a legitimate purpose, legal basis and written consent. Each case will need a specific assessment.
Data storage is subject to Cadpeople’s security policy.
This policy is divided into rules for non-sensitive information and sensitive information.
Processing of general non-sensitive information does not require express consent but can take place, fx. as part of the fulfilment of the conditions of employment, invitation for a seminar, CRM system, etc.
It can be:
- Identification information (name, address, tel. no., birthdate)
- Family circumstances
- Application and CV (education, exam information, former employment)
- Salary, work hours, absences, sick days (but not the reason for absence due to illness)
- Account number
- Tax and debt
Cadpeople does not process sensitive information as a general rule.
Sensitive information can be information about:
- Health conditions
- Trade union membership
- Racial or ethnic background
- Political, religious or philosophical persuasion
- Sexual relationships
- Genetic data
Cadpeople is data responsible for all personal information they require to process their daily work.
Including defining the agreement towards data processors like, accountant, lawyer, hosting suppliers and service suppliers.
Cadpeople are data processor in the event that we deliver hosting or a service for a costumer solution that involves personal information.
Including defining the agreement towards data processors like hosting suppliers and service suppliers.
Your rights and actions
In accordance with the data protection regulations, you have a number of rights with regard to the processing of information about yourself:
- Right to view the information (right of access)
You have the right to access the information we process about you.
- Right to rectification (correction)
You have the right to get erroneous information about yourself corrected.
- Right to erasure
In particular instances, you have the right to have the information about yourself deleted before the time our normal general deletion occurs.
- Right to restriction of processing
You have the right in certain instances to have the processing of your personal information restricted. If you are entitled to have processing restricted, we henceforth may only process the information – apart from storage – with your consent, or with reference to establishing, arguing or defending legal claims or for protecting a person or important public interests.
- Right to object
You have the right in certain instances to make objections to our or lawful processing of your personal information.
You can also object to the processing of your information for direct marketing.
- Right to transmit information (data portability)
You have the right in certain instances to receive your personal information in a structured, commonly used and machine-readable format and to have this information transferred from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency’s guidance about the rights of the registered person, which you can find at www.datatilsynet.dk
If you wish to make use of your rights, you must contact us at firstname.lastname@example.org.
Personal information: Responsible
Complaints to the Danish Data Protection Agency
You have the right to make a complaint to the Danish Data Protection Agency if you are dissatisfied with the way in which we handle your personal information. You can find the Danish Data Protection Agency’s contact information at www.datatilsynet.dk.
All breaches of the above policy will be reported to Datatilsynet within 72 hours.
To exercise data protection we’re committed to:
- Restrict and monitor access to sensitive data. (Cadpeople login policy)
- Train employees in online privacy and security measures (continuously)
- Identify rules of engagement as data responsible and as data processor (Contract)
- Include GDPR section in all contracts completed with relevant information(Contract)
- Build secure networks to protect online data from cyberattacks (Security manual)
- Establish clear procedures for reporting privacy breaches or data misuse ( All)
- Communicate statements on how we handle data ( Contract, website)
- Establish data protection practices (document shredding, secure locks, alarm, data encryption, frequent backups, access authorization etc.) Security manual)
Relevant information which can be required on request:
- Cadpeople security manual
- GDPR agreement with Hosting-Service provider.