When Riskline ApS processes your personal data in relation to the COVID-19 self-service platform, Riskline ApS must provide you with information about the processing of your personal data in accordance with Article 13 of the General Data Protection Regulation (hereinafter “GDPR”) .
1. DATA CONTROLLER
Riskline ApS is the data controller for the processing of your personal data (hereinafter “Riskline”, “we”, “us” or “our”).
We have appointed a data privacy manager who is responsible for overseeing questions in relation to the processing of personal data. If you have any questions about our processing of your personal data, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below:
Lidemarksvej 57, 4681 Herfølge, Denmark
Telephone number: +45 70 111 911
2. PURPOSE AND LEGAL BASIS
Creation of user profile:
Riskline will process personal data about you in connection with the creation of your user profile on our COVID-19 self-service platform (
). For the purpose of creating your user profile and thus, for the purpose of providing you with access to our platform in accordance with our agreement, we will need to process ordinary personal data about you (name, position, email address, password, organization, country, and credit card details).
If you choose to provide us with the information, we also process the following:
- Information on how you have heard about us
- Information on how you are planning to use the platform
- Information on other Duty of Care providers
The legal basis for our processing of your personal data in connection with the creation of your user profile is GDPR Article 6(1)(b) and (f). It is our legitimate interest to process such personal data in order for us to comply with your request for access to our platform which provides you with country specific information about restrictions imposed by COVID-19.
If you have provided us with your consent to receive our Informer newsletter and/or our updates on Riskline services, we will process ordinary personal data about you (name and email), cf. GDPR Article 6(1)(a) and the Danish Marketing Practices Act, section 10.
3. RECIPIENTS AND CATEGORIES OF RECIPIENTS
In connection with creating your user profile and in order for us to retrieve payment for our service, we will transfer your personal data to the following recipients:
- Payment service providers
- The data processors we use, including for example hosting providers and IT providers in general
If you have provided us with your consent to receive our Informer newsletter and/or our updates on Riskline services, we will also transfer your personal data to marketing service providers.
4. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
We will transfer your personal data to a payment service provider in the U.S. (Stripe, Inc.) in connection with your payment on our platform. We will make sure to process your personal data in accordance with chapter 5 of the GDPR.
In case you have provided us with your consent to receive direct marketing from us, we will use the U.S. marketing service provider Mailchimp. We will make sure to process your personal data in accordance with chapter 5 of the GDPR.
5. DATA RETENTION
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your data: see your legal rights below for further information.
6. YOUR LEGAL RIGHTS
You have a number of rights according to the GDPR.
Consent, Article 7
You have the right to withdraw your consent at any time when our processing of your personal data is based on your consent in accordance with GDPR article 6(1)(a) or article 9(2)(a). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to access data (right of access), Article 15
You have the right to obtain access to the personal data we are processing about you as well as a variety of other information.
Right to rectification, Article 16
You have the right to have any inaccurate personal data about you rectified.
Right to erasure, Article 17
In special circumstances, you have the right to have personal data about you erased before our usual time limit for erasure.
Right to restriction of processing, Article 18
In certain circumstances, you have the right to restriction of the processing of your personal data. If you are entitled to restriction of processing, we may in future only process your personal data – with the exception of storage – with your consent, or for purposes of establishing, exercising or defending legal claims or protecting a person or important public interests.
Right to object, Article 21
In certain circumstances, you have the right to object to our lawful processing of your personal data.
You also have the right to object to our processing of your personal data for direct marketing purposes.
Right to transmit data (data portability), Article 20
In certain circumstances, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have those data transmitted from one data controller to another without hindrance.
You can read more about your rights in your national data protection agency’s guidance on the rights of data subjects.
7. RIGHT TO LODGE A COMPLAINT
You have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) about our processing of your personal data. You can find the contact details for the Danish Data Protection Agency (Datatilsynet) on their website