1. Introduction
Information that can be linked to an identified or identifiable natural person is considered personal data. TakeHost may process such personal data both as a controller and a processor, depending on how and why we process the personal data. As a processor, we process personal data in accordance with the data processing agreement entered into with the individual controller. This privacy policy provides information about our processing, as a controller, of personal data about users of our website and contact persons of potential and existing customers, suppliers and other partners.
We recognize that it is important for you to keep your personal data private, and that it is an ongoing responsibility for us. We reserve the right to change the content of this privacy policy at any time and for any reason, without prior notice. We will always post the most recent version of the privacy policy here, and we encourage you to read updated versions when they become available. We may send periodic reminders with information about updates to our Privacy Policy to those who choose to receive such updates.
This Privacy Policy was updated on July 6, 2024 and supersedes any previous notices or statements regarding our privacy practices.
2. Collection and Processing of Personal Data
The personal data we process is collected directly from you or your employer/company. Our website also processes personal data collected through the use of cookies to optimize the end-user experience. For more information about our use of cookies, please read our Cookie Policy.
We only process the personal data specified below and only for the purposes described. We do not process sensitive personal data (special categories of personal data). We only use personal data for the purpose for which the data was collected. If we rely on legitimate interests as the legal basis for our processing, we have concluded that these interests are not overridden by your rights and freedoms.
The personal data we process is stored on TakeHost’s servers and cloud-based servers. We regularly assess the necessity and accuracy of the personal data and strive to ensure that incorrect and unnecessary personal data is corrected or deleted. Access to the data is limited to personnel with appropriate authorization and a clear need to use the data.
Kunderelasjoner og kontoer, levering av tjenester
If you, as the contact person for a new potential customer, contact us on your own initiative, we will process the contact information you register, such as your name, company name, job title, email, telephone number and other information you provide in order to contact you. The legal basis for such processing is GDPR Article 6(1)(a) (consent) and (f) (legitimate interest). It is voluntary for you to provide us with such personal data. When you, as the contact person for your employer/company, register as a new customer in our online store, we process your name, company name, job title, email, telephone number and other information you provide in forms, downloads, etc. The legal basis for this processing is GDPR Article 6(1)(b) (performance of a contract), (c) (necessary for compliance with a legal obligation, such as accounting, tax or product liability) and (f) (legitimate interest). When performing our services, we may process personal data about employees of our customers and their suppliers and partners. Such personal data may include name, company name, job title, email, telephone number and other information you provide in forms, downloads, etc., username, feedback and message history, subscription information (e.g. validity period, last login time and number of active sessions), financial information, electricity meter data, visits to our website, whether you receive, open and read emails from us and other data necessary to maintain the customer relationship. The legal basis for such processing of personal data is GDPR Article 6(1)(b) (performance of a contract), letter c (necessary for compliance with a legal obligation, such as accounting, tax or product liability) and letter f (legitimate interest). We store the above-mentioned personal data for five years or less if the purpose of the processing ceases earlier. Supplier and other business partner relationships If you are a contact person for a potential or existing supplier or partner of TakeHost, we may process your name, company name, job title, email, telephone number, any customer support correspondence and other data related to the delivery of products/services in order to negotiate and enter into supplier/collaboration/partner agreements, and to fulfill our obligations under such agreements. The legal basis for this processing is GDPR Article 6 No. 1 letter b (performance of a contract) and letter f (legitimate interest). We store such personal data for as long as TakeHost deems it necessary to maintain the customer relationship.
Evaluation of our products, services and website In order to evaluate and improve our products, services and communications (blog posts, content offers, emails, etc.), we may process visits to our website and data you provide in forms, downloads, etc., whether you receive, open and read emails from us, and other data we collect through customer analysis and surveys. The legal basis for this processing is GDPR Article 6(1)(a) (consent) and (f) (legitimate interest). We store such personal data for five years or less if the purpose of the processing ceases earlier. Marketing, newsletters and events/webinars In order to provide information related to our products and services, for example through newsletters and direct marketing, we process personal data such as name, email address, telephone number, IP address, company name and job title. If you download content (e.g. an e-book, guide or similar) that indicates an interest in other relevant content, you may receive a follow-up email with tips, such as blog posts or other content offers. If you consistently show interest in TakeHost’s content and services that indicate a strong interest in our services, we may call you or send you an email to discuss a possible business opportunity. The legal basis for such processing is Article 6 No. 1 letter a (consent) and letter f (legitimate interest) for targeted advertising to existing customers pursuant to Section 15, third paragraph, of the Marketing Act. It is voluntary for you to provide us with personal data for marketing purposes. If you register for our events and webinars, we will process your name, company name, job title, email and other data you provide to provide information about the event/webinar for which you have registered. The legal basis for such processing is GDPR Article 6 No. 1 letter a (consent) and letter f (legitimate interest). It is voluntary for you to provide us with such personal data. We store such personal data for five years or less if the purpose of the processing ceases earlier. You can opt out of receiving marketing communications at any time.
3. Sharing of Personal Data
Personal data will only be shared with other third parties when necessary to provide our services. We occasionally use third parties to work on our behalf as data processors, and we will only share necessary information in such circumstances in accordance with written data processing agreements entered into with each party. We will not disclose your data to any third parties for the purpose of marketing or such third parties’ own purposes.
4. Transfer of Personal Data
Personal data may be transferred outside the EEA to our service providers. For transfers to other entities in the TakeHost Group, we have adopted the EU Standard Contractual Clauses (SCCs) incorporated into the GDPR to authorize global transfers. This allows us to transfer personal data outside the EEA, based on our internal practices, while protecting the privacy of the data subject in accordance with the requirements of the GDPR. Other transfers of personal data outside the EEA are made either to a country deemed to provide an adequate level of data protection by the European Commission, or by using a valid transfer basis such as the EU’s standard contractual clauses. Where necessary, we will implement appropriate safeguards to ensure that the personal data has the same level of protection as in the EEA.
5. Security of processing
Ensuring the integrity and confidentiality of personal data is important to TakeHost. All non-personal and personal data is stored on secure servers by TakeHost. We have taken adequate technical, physical and administrative measures to keep your personal data safe and to secure it against accidental loss, unauthorized access or disclosure, misuse or alteration by third parties, and other unlawful forms of processing and alteration or access, for example by encryption, access controls and firewalls. In the event of a data breach, we will notify the Danish Data Protection Agency and you to the extent required by the GDPR
6. Your rights
Under applicable data protection laws, you have a number of rights in relation to your personal data. You have the right to: Access the personal data processed; Request the rectification of inaccurate personal data; Have your personal data erased (please note, however, that certain personal data are strictly necessary to achieve the purposes defined in this Privacy Policy and may also be required to be retained by applicable law, therefore you may not be able to erase such personal data); Have your processing of your personal data restricted; Receive the personal data, which you have provided to TakeHost, in a structured, commonly used and machine-readable format and have the right to transmit these data to another controller without hindrance from TakeHost; Object to the processing of your data where TakeHost relies on its legitimate interests as the legal basis for processing (e.g. you may object at any time to the use of your personal data for marketing purposes); Ask TakeHost to restrict the processing of personal data for a period of time if the data is inaccurate or there is a dispute as to whether your interests override TakeHost’s legitimate grounds for processing the data; and Withdraw any consent you have given.