GDPR/ Personal data information
THIS INFORMATION IS FOR CUSTOMERS
Processing of personal data at Krathusgaard
1. Preliminary remarks
1.1.1. At Krathusgaard, we will continuously process various personal data about you electronically and in other systematic ways in connection with the fact that you are a customer of ours. It is necessary for you to become a customer with us, so that we can offer you horse riding with us. In this connection, we are obliged to inform you about which information about you we collect, register, pass on or otherwise process.
1.1.2. The overall purpose of processing your information is to be able to carry out the administration linked to riding with us, i.e. the conclusion of the agreement, the start, course and end of the treatment process, including in relation to services etc., to which you are entitled, as well as the obligations to which you are subject. 1.2 Data responsibility and contract information 1.2.1. Krathusgaard is the data controller for the information that is processed by us, and is therefore responsible in accordance with data protection legislation for your personal data to be processed lawfully. 1.2.2. For all the mentioned personal data, it applies that they are processed in accordance with the guidelines and framework, data protection legislation and any other legislation provides for this.
1.2.3. This means, among other things, that you can at any time contact Krathusgaard, Bindesbøllsvej 7, 2920 Charlottenlund, T: 20934167, CVR: 33514530, firstname.lastname@example.org, if you have questions about our processing of your personal data, or if you wish to exercise your rights under data protection legislation.
2. Processing of personal data
2.1 Customer file
2.1.1. When you contact us, we may need to collect your information in order to create a booking, send information and, for example, send invoices. Here we register a number of different personal data, which basically come from you. 2.1.2. We register e.g. your full name, home address, home and work telephone number, e-mail address if necessary. Payment information may also be registered. As well as you signing a riding contract with us. In addition, information is recorded on other special matters such as insurance, credit agreements, health schemes and agreements on other payers.
2.1.2. The information in the system may be combined with information about other customers, e.g. to create various types of statistics and calculations for internal use and when requested by public authorities. 2.1.4. The legal basis for the processing basically follows from § 6, subsection of the Personal Data Act. 1, no. 2 (per 25 May 2018 the data protection regulation article 6 (1), letter b. 2.2 Images and videos on Social Media
2.1.3. When you ride with us, you sign that photos/videos may be taken of you and your fellow riders, which can be used for advertising for Krathusgaard on e.g. website and social media. 2.2.2. You can ask for the removal of the images/videos at any time, but this must be done in writing by email. The copyright is ours and you cannot later collect money or salary for its use. 2.1.4. Legal basis The legal basis for the processing basically follows from § 6, subsection of the Personal Data Act. 1, no. 2 (per 25 May 2018 the data protection regulation article 6 (1), letter b. 2.3 Text messages, messages, e-mails and payment.
2.1.5. When you book horses with us, this is typically done via SMS or email (other forms of bookings may occur). These messages/emails will be saved for documentation of the booking. Since our payment system requires personal data in order to send you the bill, this system will also have access to your information. 3. Storage, transfer and disclosure, etc.
3. Storage, transfer and disclosure, etc.
3.1. Storage of personal data
3.1.1. The information about you is stored at the company's address.
3.1.2. Certain information is also stored by our data processors in connection with operational and IT security tasks (such as external hosting of IT programs, software backup etc.). We get solved externally. Storage of the information with external partners (our data processors) is subject to the Danish data protection rules, and data processing agreements have been entered into with data processors that must ensure that your information, among other things, not come into the hands of unauthorized persons.
3.1.3. Your personal data can also be left to our lawyers or accountants for use in solving a specific task. This could be, for example, if Krathusgaard has used legal or auditing assistance in a case in which you are involved, and where the relevant personal data must therefore be used by our accountant or lawyer.
3.2.1. In connection with i.a. reimbursement from insurance companies, reimbursement from municipalities and payment from your company, the material may contain personal data about you. In addition, Krathusgaard may pass on personal data about you to our insurance company or other insurance companies, if this is relevant and necessary for their use in processing reported damages, etc.
3.2.2. Your personal data may also be disclosed in connection with a potential purchase and sale of Krathusgaard, including in connection with the investigation and clarification process (due diligence investigation) that may be carried out prior to a possible sale, etc.
3.3. Deletion of data
3.3.1. Data protection legislation does not contain specific rules on when personal data must be deleted in customer relations. This must be decided by Krathusgaard as data controller in the individual situation. When assessing this, particular emphasis must be placed on whether continued storage serves a legitimate purpose.
3.3.2. The consideration of being able to store documentation for the history of a customer case, including that Krathusgaard has the opportunity to see which steps have previously been taken in the customer case, is considered in practice to be a factual purpose. The data that Krathusgaard uses to manage your customer relationship will therefore, as a rule, only be deleted, no earlier than 5 years after the customer relationship has ended.
3.3.3. Other information about you, which is not necessary to store in order to manage your customer relationship, will be deleted at the time when there is no longer any factual need for continued storage, or if the law otherwise requires us to delete this information on a specific point in time.
4.1 Obligation to provide information
4.1.1. Data protection legislation gives you various rights when we process personal data about you electronically. And the legislation imposes certain duties on us – such as telling you that we have collected or will collect personal data about you.
4.1.2. If in special cases we process other personal data about you or carry out a different form of processing than the one we describe here in this letter, Krathusgaard will inform you separately about this on the website.
4.2 Insight, correction, etc.
4.2.1. You also have the right to be told what personal data about you we have collected in connection with your customer relationship, and you have the right to gain insight into the information. You have the right to ask that we limit, correct or delete personal data if you believe that it is, for example, incorrect or gives the wrong impression.
4.2.3. To the extent that you have given your consent to the processing of your personal data, you always have the option to revoke this. However, Krathusgaard can continue to process your personal data if Krathusgaard has a basis for this. You always give consent by signing our riding contract.
4.3 Additional information
4.3.1 To the extent that you have questions about the above or your rights according to data protection legislation, you always have the opportunity to contact Krathusgaard. You can read more about data protection legislation and your rights on the Danish Data Protection Authority's website www.datatilsynet.dk The Danish Data Protection Authority is the authority that can ultimately assess whether your personal data is processed lawfully – for example as part of a complaint. You therefore always have the option of submitting a complaint to the Data Protection Authority.