We take data protection seriously
To protect your data in the best way possible, we continuously assess the level of risk involved in our data
how it may adversely affect your basic rights. We are especially aware of the risk of your being exposed to
or ID theft or suffer financial loss, loss of reputation or data confidentiality.
In the event that the decisions we need to make depend on our being able to process sensitive personal data,
or information about your criminal record, we analyse the consequences of the data processing in order to protect
This analysis is completed before we commence the processing of your personal data.
CORNATOR A/S is the data controller and we ensure that your personal data are processed in compliance
Toldboden 1, 8800 Viborg
Telefonnr.: 7020 7970
We ensure fair and transparent data processing
When we ask you to make your personal data available to us, we inform you of the data we process about you and the
of our processing. You receive information about this on the date on which your personal data are collected.
If we collect data about you from others, e.g. a supplier, government body or partner, we inform you of this within
days of having collected your personal data. We also inform you of the purpose of the collection and the legal
that permits us to collect your personal data.
Processing of personal data
We use this type of data about you
We use data about you to improve our service and ensure quality in our products and services as well as in our
The data we use include:
Standard personal data
In some cases, we may need to combine your data with data we receive from other operators, e.g. from social media. If
combination may reveal your identity and information of a personal or sensitive nature, we obtain your consent for
Before we collate data, we assess whether there is a risk that our processing will have an adverse effect on your
If this is the case, we inform you of our processing and its purpose and ask for your consent to continue processing
You are entitled to object to this form of data processing and are entitled to restrict processing if you believe
data we collate about you are inaccurate.
We collect and store your personal data for specific purposes
We collect and store your data for specific purposes and other lawful commercial purposes. This takes place when we
- To process your purchases and deliver our services
We only process relevant personal data
We only process data about you that are relevant and adequate for the purposes defined above. The purpose is vital in
the types of data that are relevant to us. The same applies to the scope of the personal data we use. We do not e.g.
more data than what is required for the specific purpose.
Before we process your personal data, we check whether it is possible for us to minimise the volume of data about
also check whether some of the types of data we use can be applied in an anonymised or pseudonymised form. This is
if it does not impact adversely on our obligations or the services we offer you.
We only process necessary personal data
We only collect, process and store the personal data required in order to fulfil our set objectives. Legislation may
dictate the type of data we need to collect and store in our commercial operations. The type and scope of the
we process may also be necessary in order to fulfil a contract or other legal obligation.
We want to ensure that we only process personal data that are required for each of our specific purposes. That is why
IT systems are programmed only to collect the data volume required. It is also ensured automatically that the scope
processing is not unnecessarily wide and that the storage period is not excessively long.
In order to protect you against unauthorised persons gaining access to your personal data, we also use solutions that
ensure that data are only accessible to relevant employees. Our IT systems also protect against an unlimited number
being given access to data.
We check and update your personal data
We check that the personal data we process about you are not incorrect or misleading. We also ensure that we update
personal data continuously.
As our service depends on your data being correct and up to date, we ask you to inform us of any changes to your
use the contact details above to notify us of changes to your data.
In order to ensure the quality of your data, we have adopted internal rules and defined procedures for checking and
your personal data.
We delete your personal data when they are no longer required
We delete your personal data when they are no longer required for the purpose for which we collected, processed and
We obtain your consent before processing your personal data
We obtain your consent before processing your personal data for the purposes described above unless we have a legal
to collect them. We inform you of such rights and about our legitimate interest in processing your personal data.
Your consent is voluntary and you are entitled at any time to withdraw your consent by contacting us. Please use the
details above if you require further information.
If we wish to use your personal data for any other purpose than the original purpose, we will inform you of the new
and ask for your consent prior to commencing data processing. If we have any other legal basis for the new
will inform you of this.
We do not disclose your personal data without your consent
If we disclose your personal data to partners and operators, e.g. for use in marketing, we obtain your consent and
you of the purpose for which your data is to be used. You are entitled at any time to object to this form of
and you are also entitled to opt out of contact for advertising purposes in the Danish CPR register.
We do not obtain your consent if we are legally obliged to disclose your personal data, e.g. as part of our reporting
a government body.
We obtain your consent prior to disclosing your personal data to partners in third countries. If we disclose your
data to partners in third countries, we ensure that their level of data protection complies with the requirements
in this policy pursuant to applicable legislation. We make requirements of the processing of data and of the
of the rights you have e.g. to object to profiling and to complain to the Danish Data Protection Agency.
We protect your personal data and apply internal data security rules
We have adopted internal data security rules which contain instructions and measures that protect your personal data
destruction, loss and change, against unauthorised publication and against unauthorised third parties gaining access
or knowledge of your data.
We have defined procedures for the allocation of access rights to those employees who process sensitive personal data
data that reveal information about personal interests and habits. We check access through logging and supervision.
data loss, we continuously back up our data sets. We protect the confidentiality and authenticity of your data by
In the event of security breaches that result in a high risk of discrimination, ID theft, financial loss, loss of
or other significant inconvenience, we will inform you of the security breach as soon as possible.
You are entitled to access to your personal data
You are entitled at any time to be informed about the data that we process about you, their origin and the purpose
we use them. You are also entitled to know how long we store your personal data and who receives data about you to
to which we disclose data in Denmark and abroad.
If you request it, we can also inform you of the data we process about you. Access may, however, be restricted in
protect the privacy of others, commercial secrets and intellectual property rights.
You may exercise your rights by contacting us. Our contact details can be found above.
You are entitled to have inaccurate personal data rectified or erased.
If you believe that the personal data we process about you are inaccurate, you are entitled to have them rectified.
to contact us and state the nature of the inaccuracies and how they can be rectified.
In some cases, we will be under obligation to erase your personal data. This applies if e.g. you withdraw your
you believe that your data are no longer required for the purpose for which we collected them, you may ask to have
erased. You may also contact us if you believe that your personal data are being processed in contravention of the
other legal obligations.
When you contact us with a request to have your personal data rectified or erased, we check whether conditions have
met and, if so, implement rectification or erasure as soon as possible.
You are entitled to object to our processing of your personal data.
You are entitled to object to our processing of your personal data. You are also entitled to object to our disclosure
your data for marketing purposes. You may use the contact information at the top to send us an objection. If your
is found to be justified, we will ensure that we stop processing your personal data.
You are entitled to receive the personal data you have made available to us as well as the data we have collected
from other operators on the basis of your consent. If we process data about you as part of a contract to which you
you can also be sent your data. You are also entitled to transfer your personal data to another service provider.
If you wish to exercise your right to data portability, you will receive your personal data from us in a standard
If you wish to gain access to your data, have them rectified or erased or object to our data processing, we will
this is possible and respond to your enquiry as quickly as possible and within a month of our receiving your
You may complain to the Danish Datatilsynet –
www.datatilsynet.dk – if
- you do not get the information you are entitled to according to the rules of insight
- improper information about you are placed on the internet
- information about you improperly have been disclosed