We comply with GDPR
Privacy Policy
BookingStudio A/S CVR: DK27615090 is the data controller with regard to any personal information we gather about you, and we make sure that your information is processed in compliance with the law.
We take data protection seriously. To inform you of how we process your personal information, we have adopted this privacy policy.
Contact information
If you wish to get in touch with us about our processing of your personal information, you can get hold of us at:
Address: Møllergade 24, 1. Tv., 5700 Svendborg
E-mail: legal@bookingstudio.com
Processing of Personal Data
Personal data are all types of information that relate to an identifiable person. If you do not want us to process your data, it may be difficult for us to comply with some contracts and obligations.
As data controller, we have implemented suitable technical and organisational measures to prevent your data from being accidentally or illegally deleted, publicised, lost, corrupted, leaked, misused, or otherwise treated in non-compliance with applicable law. We ensure that processing only takes place in adherence with the principles of data protection, cf. GDPR art.5.
When we act as a data processor, we process data in accordance with the instructions from the data controller and the guidelines set out in the data processing agreement.
Please see below, the legal basis upon which we process your information, for what purpose and for how long we retain it.
Website Visitors
When you visit our website, we will process the following personal information about you:
- IP-address
- cookies
- which websites you have been on and when
- which browser you use
- or any information collected through a contact form on the website (name, e-mail address, etc)
We collect personal data about website visitors for the purpose of:
- Optimising our website to user preferences,
- Facilitating contact with users at their request
- Optimising the running of our website
We collect the information on the following legal basis:
- Consent has been given through our consent form and/or cookie banner, cf. GDPR art. 6(1)(a)
- The legitimate interest of the enterprise, i.e., optimal administration of the website, cf. GDPR art. 6(1)(f).
We retain the information no longer than legislation permits, and we will delete it, once it is no longer necessary for our purposes stated above. The retention period depends on the type of information and the purpose of the processing. Typically, personal data on website visitors will be deleted at an annual revision.
Customers
For you to be a customer or if you are a potential customer with us, it is necessary for us to collect the following information about you:
- Company name
- Names of contacts
- Address
- Phone number
- CVR-number
- Customer number
- Titles
- Complaints, including support cases
- Meeting notes
- Correspondence
- Banking information
We collect this information about potential customers for the purpose of:
- Processing your purchase and delivering our service
- Administration of your relations with us
- In relation to sales, optimization, further development, and operation of our cloud service BookingStudio
- Possible future collaboration or sale
We collect the information on the following legal basis:
- For the performance of a contract for our customers, cf. GDPR art. 6(1)(b)
- The legitimate interest of the enterprise, i.e. serve our customers and receive deliveries from our suppliers/partners, necessitates the processing, and we ensure that meeting our legitimate interest will not infringe on your rights, cf. GDPR art. 6(1)(f)
We retain the information no longer than legislation permits, and we will delete it, once it is no longer necessary for our purposes stated above. The retention period depends on the type of information and the purpose of the processing.
- Information about customers is deleted 3 years after the end of the customer relationship unless there is a dispute.
- Information that is relevant for accounting will be stored for 5 years plus the current financial year.
- Information on potential customers is deleted 3 years after last contact, or at request.
If we publicize customer testimonials etc., we use the legal basis: Consent.
Suppliers and partners
For you to be a supplier or partner to us, it is necessary for us to collect the following information about you:
- Same information as for customers
- Information about purchases and other inquiries between BookingStudio and Suppliers/partners regarding their contractual relationship.
We collect this information on suppliers and partners for the purpose of:
- Processing our purchases
- Administration of your relationship with us
We collect the information on the following legal basis:
- For the performance of a contract for our suppliers/partners, cf. GDPR art. 6(1)(b)
- The legitimate interest of the enterprise, i.e. receive deliveries from our suppliers/partners, necessitates the processing, and we ensure that meeting our legitimate interest will not infringe on your rights, cf. GDPR art. 6(1)(f)
We retain the information no longer than legislation permits, and we will delete it, once it is no longer necessary for our purposes stated above. The retention period depends on the type of information and the purpose of the processing.
- Information about customers is deleted 3 years after the end of the customer relationship unless there is a dispute.
- Information that is relevant for accounting will be stored for 5 years plus the current financial year.
Recruitment
The purpose of collecting information about you in the recruitment process is to evaluate, whether you are a suitable candidate for a position with us.
Personal information processed in the recruitment process, is the information supplied in your application, CV and any other attached documents registered to you. It is not necessary for you to include your CPR-no.
Your application, including appendices, will be disclosed internally to personnel relevant to the recruitment process, but will not be disclosed outside of our enterprise.
If you are invited to a job interview, we will collect further information for use in the continuing recruitment process.
We process your information based on our legitimate interest, cf. GDPR art. 6(1)(f), which is to assess your qualifications for the open position.
We retain your application, including appendices, for up to 6 months after the recruitment process has ended, after which your information will be deleted. The purpose of the retention beyond the end of the process is to safeguard our interests in case of complaints of discrimination, etc. during the recruitment process.
If we find your application relevant for a possible future position, we will retain it after acquiring your consent, cf. GDPR art. 6(1)(a)
Unsolicited applications
We process information from unsolicited applications based on our legitimate interest, cf. GDPR art. 6(1)(f), which is to assess your qualifications for possible future employment.
Unsolicited applications and appendices are retained from a maximum of 6 months, after which they are deleted. If we wish to retain your application for longer than this, we will contact you and ask for your consent.
Your consent should be freely given, and you can always withdraw it by getting in touch through the contact points at the top.
Additional information about data processing
Data minimization
We only process the information necessary for the fulfilment of our stated purposes. Beyond those, we may be required by law to collect and retain certain information about you. We only retain personal information for the necessary retention period or as required by law. The personal information is deleted or anonymised when it is no longer necessary for us to process it.
We keep data up-to-date
As our services depend on your personal information being correct and updated, we request that you inform us of any relevant changes in your personal information. You can use the contact points noted above to inform us of the changes. We will then make sure to update your information in our databases. If it comes to our attention that our information about you is incorrect, we will update it and notify you of this.
Newsletter
Your consent to receive our newsletter is voluntary, and you can withdraw it at any time by contacting us. Please use the contact information above for further information.
Transmission of your information
We use a number of third parties to store and process information, among them it-solutions, hosting and cloud services such as CRM, billing systems and analytic systems. They only process your information on our behalf and are not permitted to use the information for their own purposes. When relevant, your information may be disclosed to our bank, accountant, and lawyer.
We prioritize data processors from within the EU and from third countries approved by the European Commission with regards to an adequate level of protection of personal data, cf. GDPR art. 45.
Transmission of information to third countries
We use data processors in unsafe third countries. When legislation in these third countries does not offer the same protection of personal data as the EU does, we have an increased responsibility to ensure the protection of your information.
We have made sure to have a legal transfer mechanism, namely SCCs entered into in accordance with GDPR art. 46(2)(c), and that the information is processed with sufficient security measures.
You can find a list of these data sub-processors and their legal transfer mechanism on our list of sub-processors.
If you would like to know more about the transfer mechanisms that apply to your information, you can contact us by the above contact information.
Joint controllership (Use of social media)
We use the following social media Twitter, Facebook, Instagram, and LinkedIn, categorized as joint data controllers. Joint controllership means that both parties are responsible for the purpose and processing of personal information.
Your rights
By contacting us at the contact point at the top, you may:
- achieve access to the personal information we have on you
- rectify any faulty personal information
- have your personal information erased
- receive a copy of your personal information (data portability) for the purpose of moving it to another data controller
- object to the processing
- have the processing of your personal information restricted
When you contact us, requesting to exercise your abovementioned rights, we will respond within a month. If we cannot honor your request, you will receive an explanation.
In order to exercise your rights, or if you have questions about our processing of your information, you can always contact us. Our contact information is at the top.
If, after having been in touch, you are dissatisfied with how we process your information, you have the right to file a complaint with Datatilsynet.