Data Protection Policy

All About Data Protection

The General Data Protection Regulation (GDPR) was adopted by the EU in 2016 and came into effect on May 25, 2018.

For businesses, this means that they must be able to demonstrate that personal data is handled in a responsible manner.

Therefore, no more data than absolutely necessary should be collected and recorded, and it should not be stored longer than needed.

Key principles
Personal data is defined as any information relating to an identified or identifiable natural person.
At DanBlumen, such data will be collected and processed based on the principles outlined below in the General Data Protection Regulation (GDPR).
Homepage
We do not collect any information about visitors to our website.
Furthermore, our marketing activities generally do not involve the processing of personal data.
Customers and Suppliers
We collect only the information on our customers that is necessary for day-to-day business operations, such as phone numbers and email addresses of purchasers.
This data is stored in our ERP system and may also be found in our email system and shared data drives.
Employees
DanBlumen employees have been informed of the applicable personal data regulations, and it is a standard part of onboarding for new employees to be educated on this topic.
The data is stored in our ERP system and may also be found in our email system and shared data drives.
Contact
For further information or questions
regarding this, please contact our data controller:
Henrik Christensen
mail@danselection.com
Tel: (+45) 66 18 59 00

Fundamental Principles

Personal data is defined as any information relating to an identified or identifiable natural person.

At DanBlumen, such data will be collected and processed in accordance with the principles outlined in the General Data Protection Regulation (GDPR).

Lawfulness

We only process data for which we have a legal basis.

This includes legal obligations, consent, legitimate interest, and contractual necessity.

Fairness

We only process data to the extent that it serves a reasonable and legitimate purpose.

Transparency

We clearly inform employees and business partners about how we process data.

Again, the legal basis may be legal obligation, consent, legitimate interest, or contractual necessity.

Data Processing and Rights

Data sharing:

We only share data in the form of employee-related information when necessary for legal or contractual obligations.
DanBlumen has entered into Data Processing Agreements with all relevant partners. In cases where third parties may gain access to data, a confidentiality agreement will be signed.

Data storage:

All electronic data is stored on servers located in Denmark. Data may also be exchanged through Office365.
All servers and employee computers are protected by up-to-date firewalls and antivirus programs. Physical documents are stored in locked cabinets.

Rights:

According to the GDPR, you as an individual have the right to be informed about which personal data we hold about you, and to have that data updated, provided to you, and/or deleted.
You also have the right to file a complaint with the Danish Data Protection Agency (Datatilsynet) regarding our data security and handling practices.

Data Security and Management

At DanBlumen, we are systemically protected by updated firewalls, spam filters, and antivirus software.
Computers are secured with personal passwords. Only employees with a work-related need have access to personal data.

Data Deletion and Breaches

Deletion:

Data is deleted or shredded securely once the established retention period has expired.

Data Breach:

In the event of a data breach, DanBlumen will notify the Danish Data Protection Agency (Datatilsynet) within 72 hours of discovery.