Privacy Policy

(external personal data policy)

for

Aqoola A / S

relating to

processing of personal data

Version 1.2

Date 16.04.2020

Approved by Niels Legaard, Aqoola A / S

 

Privacy Policy

Thank you for visiting Aqoola A / S.

It is important to us that we protect and respect your privacy when dealing with us. In addition to software trading, our ultimate goal is to process your personal data properly and appropriately, so that you can feel comfortable visiting and do business with Aqoola A / S.

We have high ethical standards and have incorporated strict internal procedures to ensure that we process your personal data in the best possible way. In our privacy policy you can read the terms and conditions for the processing of your personal data and the rights you have in connection with visits and trading at Aqoola A / S.

If you have any questions or comments about our privacy policy - or would you like to contact us regarding other matters, you are welcome to do so.

 

1. Which services do we provide

An Online platform for streamlining bookkeeping including Invoice Workflow, Expense Management and Contract Management.

For this purpose, we collect a number of data about you. Below, we have elaborated on what we collect, why we do it, what we do to protect your data, from which we collect the personal data and what rights you have in that regard.

 

2. What is personal data?

Personal data can be a lot of things.

It can be a name, an address and a phone number. It can also be a photo or an IP address. Personal data is any type of information that can be used to identify a person. It is therefore not only the individual information that determines whether something can be called personal data. If multiple personal data cannot identify a person singularly, but together they can, they have the nature of personal data.

 

3. We collect personal data in several ways

We collect personal data about you in the following ways:

  • When you receive a quote.
  • When we perform a service.
  • When you are in contact with our customer service.
  • When you sign up for our newsletter.
  • When participating in promotions, contests, or surveys.
  • When you give us the personal data yourself.
  • When you provide information to third parties with whom we cooperate.

Below, you can read why we do it and on what basis we do it.


4. We use your personal data in several ways

The list below show how your personal data is handled:

  • That we collect and use your personal data for specific purposes.
  • That we delete your personal data when they are no longer needed.
  • That we continuously monitor and update your personal data.
  • That we disclose your personal data in certain cases.

 

4a. We collect and use your personal data for specific purposes

The purpose of collecting and using your personal data can be divided into the following categories:

1) In the first category, there are certain personal data we need to know about you in order to provide our service to you. For example,  your name, your work address, your work telephone number and your work mail, ie. necessary identification and contact information. This constitutes our legal "treatment basis". If we cannot process these personal data, we cannot provide our service to you. It may also be that we have an additional treatment basis, for example that according to the law, we must register and store certain personal data. For example, personal data for the purposes of our compliance with tax law and the Bookkeeping Act. If we want to use your personal data in any other way than what we collected them for, because we redeem it necessary, we will inform you if we exceed the “framework” for the original purpose. We will do this before we start and inform you of the reasons for this.

2) In the second category, there are certain personal data that we would like to know about you, so that we can improve our products and services, adapt our communication and marketing to you and further optimize your relationship with us, so that we can offer you exactly the services and products you need. None of the "Category 2 personal data" is strictly necessary for us to provide our service to you. Therefore, you must give explicit consent in order for us to collect and use this personal data. Our basis for treatment in this regard is thus, your consent. Your consent is voluntary and if you have given it to us, you may withdraw it at any time by contacting us at the contact details at the bottom of this page. If we wish to use your personal data in any other way than what we collected them for with your consent, we will always ask for your renewed consent, if the "framework" for the original purpose is exceeded. We will do this before we start and inform you of the reasons for this.

 

3) In the third category, there are certain personal data that we keep, in order to safeguard our interests in the future if needed. Our treatment base is therefore in the nature of "legitimate interests", as this is understood in current personal data legislation. This among other things means, based on a specific assessment that we keep your personal data for a period of time. The time period and extent of the personal data for this processing is determined based on the criteria you can see in the section "we will delete your personal data when they are no longer needed".

 

5. We will delete your personal data when they are no longer needed

We make a discretionary assessment to see when we no longer need your personal data. When we no longer need the personal data for the purpose for which we collected it, we will delete it. We, among other things, give consideration to the following:


  • What service we have provided, e.g. whether we have provided a product or advice as mentioned in the following sections.
  • When we have had a relationship with you as an employee, customer, partner or something else.
  • Whether there has been dialogue or correspondence since then.
  • If we know that you contact us periodically, e.g. every six months to order new items or services, as we would like to provide you with the best possible service.
  • Whether you have given us consent to store your personal data, including data for later marketing campaigns.
  • What responsibility we assume to you and what responsibility we take in relation to our counseling.

Some personal data will be stored for at least 5 years for the sake of legislation, including: the Bookkeeping Act. This is, for example, personal data for the purpose of issuing invoices, so that we can settle the tax and VAT correctly and be able to document it to the authorities. We regularly check and update your personal data. We continually check that the personal data we process about you is not incorrect or misleading. We do this by sending you a confirmation by the start of the agreement, about the personal data we have registered about you.

You can use the contact information form at the bottom of this page to notify us of your changes.

 

5a. We pass on your personal data in these cases

We do not sell, we do not publish and we do not otherwise pass on your personal data to others, unless:

  • it is necessary for us to perform our service to you,
  • it is necessary for us to comply with the law
  • you have consented to it
  • it is necessary to protect a business partner or a third party (there are strict laws in place to disclose personal data on this basis)
  • As a part of our use of data processors, both inside and outside the EU.

 

6. Only if necessary

We cooperate with selected and trusted partners to provide our service to you, including our suppliers, hosting partners, our own intra-group companies, partners and data processors. To them, we pass on the necessary personal data so that we can collectively deliver our services to you. It could for example be the provision of services, production of customizations, integration tasks etc. It can also be the Danish VAT database, to update any name or address changes in databases on our customers.

 

7. If you have given consent

We only disclose personal data to companies, organizations or individuals outside our company and group if we have your consent. You can object to this type of disclosure at any time and you can also opt out of marketing inquiries in the Danish CPR register.

If required by law, or to protect ourselves, a business partner or a third party. In some cases, the legislation allows us to disclose personal data without your consent. Sometimes we have to do it by law, other times by choice.

To the extent permitted by law, we may disclose personal data for the purpose of either protecting or enforcing our rights. The same applies to rights that belong to our partners and third parties, for example in connection with fraud prevention or other criminal matters. Our use of data processors, both inside and outside the EU. We will obtain your consent before disclosing your personal data to third-country partners, unless the respective partners act as our data processors. For example, a third country may be certain countries in Africa. The United States is not a third country because of the so-called Privacy Shield Agreement between the United States and the EU, if the company in the United States has acceded to the Privacy Shield Agreement.

If we disclose your personal data to third countries, we have ensured that their level of personal data protection complies with the requirements we have set for ourselves in this policy and the requirements we are subject to under the law.

 

8. You have many rights

In this section you can read that you have a number of rights in connection with our processing of your personal data, including that you have the right to:

  • Get wrong personal data corrected.
  • Gain access to your personal data and to receive a copy.
  • Get your personal data deleted.
  • Claim restriction.
  • Demand limitation of treatment.
  • Revoke consent.
  • Demand information about transfer of information to countries and organizations outside the EU.
  • Avoid profiling.
  • Complain about our processing of your personal data.

 

If you would like to know more or take advantage of your rights, please contact us via the contact formular at the bottom.

Right to get wrong personal data corrected

We check that the personal data we process about you is not incorrect or misleading. We do this by sending you a confirmation at the start of the agreement about the personal data we have registered about you. You have the right to correct your personal data that we have. You have the right to gain access to your personal data and to receive a copy. You have the right at any time to gain access to the personal data we have registered about you and to have a copy of the personal data provided.

You may also be informed about the purposes of the processing, how long we keep your personal data, whether we make automatic decisions (including profiling), who we pass the personal data to and where we have the personal data from. However, this does not apply if you are already familiar with the personal data. Please note that the right of access may be limited for the protection of the privacy of other persons and for our business secrets.

Right to delete your personal data

You may at any time require that we delete your personal data that we hold. If we no longer have a purpose for holding the personal data, we will delete it as soon as possible at your request.

Right to demand limitation of treatment

You have the right to at any time to request us to restrict the processing of your personal data.

Right to object to treatment

You have the right to at any time to object to us processing your personal data. This includes the right to object to the use of personal data for marketing purposes. We will consider your objection as soon as possible if you submit such.

Right to revoke consent

You may revoke the consent(s) you have given us at any time.

Right to require information about transfer of information to countries and organizations outside the EU

You have the right to be informed if we forward personal data to a country outside the EU. We can disclose that we forward personal data to IT companies that act as our data processors in the United States and Ukraine. All of our data processors in the United States have signed up to the Privacy Shield Agreement (read more here: https://www.datatilsynet.dk/generelt-om-databeskyttelse/danmark-eu-og-resten-af-verden/) and have committed to comply with applicable personal data laws. We can therefore pass on the personal data to these companies.

Right to avoid profiling and that we make automatic decisions

You have the right at all times to prevent us from creating profiles of you and your personal data, or making automatic decisions. We can inform that we do not use profiling or making automatic decisions in our company.

Complaint

We do everything we can to ensure that your personal data is processed securely and that your rights are protected optimally and we regularly review our procedures and the handling of personal data. If you believe that we do not treat your request and your rights in accordance with the law, please contact us by filling out the contact formular below. We will then submit your inquiry to a senior employee of our company so that any misunderstandings and misconceptions can be investigated. If you continue to believe that we are not treating your inquiry and your rights in accordance with the law, you may appeal to the Data Inspectorate via:

The Data Protection Agency

Borgergade 28

1300 Copenhagen K

Phone: 33 19 32 00

www.datatilsynet.dk

9. Children

Our business is targeted at adults. We do not knowingly collect personal data from and about children. We are realistic about that e.g. children's use of electronic devices can never mean with 100% certainty that we do not receive personal data about children. We have designed our systems in the best possible way, so that we cannot receive personal data from children. We immediately delete the personal data if we become aware that we have inadvertently received personal data about children. If you are a parent or guardian and believe that your child has provided us with personal data knowingly or unknowingly, we ask you to contact us as soon as possible via our contact formular at the bottom.

 

10. How do we store your personal data?

We are committed to protecting your personal data. Besides that the legislation demands it, we also have our own internal ethical rules which require that we take good care of your personal data. We use relevant and professional technical and organizational security measures to ensure that unauthorized access to the personal data we store is not possible. The purpose of this is to ensure that the personal data is not used, destroyed, changed, published or otherwise misused.

In this section you can read that

  • We have internal rules on information security in connection to personal data.
  • We have implemented IT technical measures.
  • User behavior is important to ensure a sufficiently high level of security.
  • We inform affected persons if there is a risk of or actual data breach.
We have internal information security rules that contain guidelines and procedures. This includes, among other things, that personal data is only available to the employee(s) who need it. Employees who need to handle personal data have signed a confidentiality agreement. Also included in our rules about information security, is that we continuously train our employees in the proper handling of personal data and make sure that the rules are complied with by the employees.

IT-technical we have among other things, implemented the following measures:

  • Antivirus installed on all IT systems that process personal data.
  • Installed password on computers with regular renewal requirement.
  • Continuous backup of all IT systems that process personal data.
  • Restricting access to personal data so that only employees who need it have access. And only to the extent necessary.
  • Investigating whether the personal data we use can be used in anonymized or pseudonymized form. We will do so if it does not adversely affect our service and obligations to you.
  • Entered into data processing agreements with suppliers who process personal data on our behalf, to ensure that the processing is in accordance with the legislation and our own rules and ethical standards.


11. The risk and disclaimer

The highest risk of misuse of personal data is due to people's own actions. It is up to each individual to take good care of their own personal data (including never disclosing passwords to others), and it is up to our company to take into account human interference. Although we have taken the above measures to limit risks in the processing of personal data, it cannot constitute a 100% assurance that no unintended events will occur.

We therefore disclaim any loss arising from unintended incidents related to our use and processing of your personal data to the extent that we can do so under applicable law. Accordingly, we cannot be held liable for any loss incurred related to the use of our company, our products and services, our website, systems, apps and other software to the extent we can do so under applicable law.

We recommend that you also take steps to secure your own personal data. You can do this, among other things, by closing your browser after use, by logging out of all accounts after use, by installing antivirus antimalware and other software that can improve the security of your computer. We recommend that you constantly update software, the apps you use, your computer and mobile devices and never disclose your password to others.

Notification

As mentioned, we have taken a wide range of measures to ensure the processing of your personal data. Should our IT systems and other security measures be compromised anyway, we will notify you without undue delay if the compromise involves a high risk of your rights and freedoms. Our company Aqoola A / S is responsible for data processing and ensures that your personal data is processed in accordance with the legislation:

Update of this Privacy Policy

We update our privacy policy when we believe it is needed. This could be, when we offer new services and products or in other situations.

When we make changes to the Privacy Policy, we will mention it below.

Changes compared to previous versions

Version 1.0 to 1.1: Has been updated in relation to the new GDPR legislation.

Version 1.1 to 1.2: Has been translated by Ali Karatas from Danish to English

Contact us for further information
Aqoola A/S | Agern Alle 5A | 2970 Hørsholm | +45 7070 1811