1.0 GENERAL INFORMATION
1.1 This policy on the processing of personal data (“Personal data policy”) describes the way in which Illums Bolighus A/S (“Illums Bolighus”, “us”, “our”, “we”) collects and processes data about you.
1.2 The personal data policy applies to personal data that you provide us with or which we collect via Illums Bolighus A/S’ websites, www.illumsbolighus.dk, www.illumsbolighus.com ("The Website").
1.3 Illums Bolighus is the data controller of your personal data. All inquiries to Illums Bolighus can be sent via the contact details specified in section 7.
2.0 PERSONAL DATA WE COLLECT, FOR WHAT PURPOSES AND THE LEGAL BASIS FOR THE PROCESSING OF THE DATA
2.1 When you visit The Website, we automatically collect data about you and your use of The Website, e.g. the type of browser you use, what search terms you enter on The Website, your IP address (including your network location) and information about your computer.
2.1.1 The purpose of this is to optimise the user experience and The Website’s functioning, as well as to conduct direct marketing, including retargeting via Facebook, Instagram and Google. This processing of data is necessary for us to safeguard our interests in improving The Website as well as showing you relevant offers.
2.1.2 The legal basis for the processing of said data is the EU General Data Protection Regulation, article 6, paragraph 1, point (f).
2.2 When you place an order on The Website, we collect the data you provide yourself, e.g. your name, address, e-mail address, telephone number, payment method, information about which products you buy and may have returned, delivery preferences and information about the IP address from which the order was placed.
2.2.1 The purpose of this is to allow us to deliver the products you have ordered and otherwise fulfil our part of the agreement with you, including being able to administrate your rights to return and complain about a purchase. We can also process data about your purchases in order to comply with legislative requirements, such as for bookkeeping and accounting. In connection with a purchase, your IP address is collected for the purpose of safeguarding our interest in preventing fraud.
2.2.2 The legal basis for the processing of said data is the EU General Data Protection Regulation, article 6, paragraph 1, points (b), (c) and (f).
2.3 When you sign up to join our customer club, you will be asked to enter your name, address, e-mail address and telephone number, as well as which Illums Bolighus shop you prefer to shop at. In addition, we collect data about your use of the customer club’s benefits, competitions you participate in, etc., during your membership. We collate this data with other data we have on you, including data on items you have bought (and returned, if any).
2.3.1 The purpose of this is to administrate your membership, provide you with the services of your membership and offer you the benefits associated with your membership of the customer club, as well as to safeguard our interest in being able to send you newsletters and carry out direct marketing.
2.3.2 The legal basis for the processing of said data is the EU General Data Protection Regulation, article 6, paragraph 1, points (b) and (f). Upon registration, you will be asked to provide separate consent for electronic marketing.
3.0 RECIPIENTS OF PERSONAL DATA
3.1 Data concerning your name, address, e-mail and telephone number, as well as your order number and specific delivery preferences are passed on to PostNord, GLS or another carrier that handles the delivery of your purchase to your address. When purchasing an item that is not in stock, the aforementioned data may be passed on to the manufacturer or seller of the item in question, who will then be responsible for the delivery.
3.2 Data may be handed over to external partners who process the data on our behalf. Among other things, we use external partners for the technical operation of and improvements to The Website, sending out newsletters and direct marketing - including retargeting - as well as your review(s) of our company and products. These companies are data processors that carry out our instructions and process the data that we are the controllers of. The data processors are prohibited from using the data for any other purpose than the fulfilment of their agreements with us and are bound by confidentiality in relation to that data. We have entered into written data processing agreements with all the data processors that process personal data on our behalf.
3.3 Two of these data processors are Google Analytics, a subsidiary of Google LLC. and Facebook Inc., both of which are based in the USA. The mandatory guarantees for the transfer of data to the USA have been secured through the data processor’s certification under the EU-USA Privacy Shield (cf. the EU General Data Protection Regulation, article 45.)
3.3.2 A copy of Facebook Inc.’s certification can be found here: https://www.priva- cyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
3.4 Illums Bolighus also collects data on user behaviour via so-called cookies. See the section on Cookies here: https://www.illumsbolighus.com/about-us/privacy-cookies
4.0 YOUR RIGHTS
4.1 With a view to creating transparency in relation to the processing of your data, we, as the data controller, are required to inform you about your rights.
4.2 Right to access
4.2.1 At any time, you have the right to submit a request for us to inform you about the data we have stored about you, the purpose of storing that data, the categories (if any) of personal data and recipients to whom the personal data has been or will be disclosed, as well as information about the source of this data.
4.2.2 You have the right to receive a copy of the personal data we have on you that we process. If you wish to receive a copy of the personal data we have collected on you, you can send a written request to [email protected]. You may be asked to document that you are the individual you claim to be.
4.3 Right to rectification
4.3.1 You have the right to have any inaccurate personal data about yourself rectified by us. In the event that you discover that there are inaccuracies in the data we have recorded about you, we encourage you to contact us in writing so that the information can be corrected. E-mails concerning rectification should be sent to [email protected]. You may be asked to document that you are the individual you claim to be.
4.3.2 You are able to correct any data collected on you in connection with your registration to our customer club by logging into your user profile.
4.4 Right to erasure (aka ‘Right to be forgotten’)
4.4.1 In certain cases, you have the right to have your personal data either partially or fully deleted by us, e.g. if you revoke your consent and we have no other legal basis for continuing with the processing of your data. To the extent that it is necessary to carry on processing your data, e.g. to ensure compliance with our legal obligations, or in order for legal claims to be determined, implemented or defended, we are under no obligation to delete your personal data.
4.5 Right to restriction of processing to storage
4.5.1 In certain cases, you have the right to limit the processing of your personal data exclusively to storage, for instance if you believe the data we process about you is inaccurate.
4.6 Right to data portability
4.6.1 In certain cases, you have the right to receive personal data that you have given us, sent to you in a structured, commonly used and machine-readable format, and have the right to transmit that data to another controller.
4.7 Right to object
4.7.1 At any time, you have the right to object to our processing of your personal data in relation to direct marketing, including the profiling that is carried out in order to target our direct marketing.
4.7.2 Furthermore, you have the right at any time for reasons that concern your personal situation to object to the processing of your personal data that we carry out on the basis of our legitimate interests (cf. section 2.1 and 2.3).
4.8 Right to revoke consent
4.8.1 At any time, you have the right to revoke any consent you have given us for a given processing of personal data, including for the profiling of you that is carried out through your membership in the customer club. Contact us if you wish to revoke consent (cf. section 7).
4.9 Right to complain
4.9.1 At any time, you have the right to lodge a complaint with the Danish Data Protection Agency, Borgergade 28, 5, DK-1300 Copenhagen concerning our processing of your personal data. You can lodge a complaint either by e-mail ([email protected]) or by phone (+45 33 19 32 00).
5.0 ERASURE OF PERSONAL DATA
5.1 Data collected on your use of The Website (cf. section 2.1) is - at the very latest - deleted if you have not made use of The Website for 1 year.
5.2 Data collected in connection with purchases you have made via The Website (cf. section 2.2) will in general be deleted 3 years following the end of the calendar year in which you made your purchase(s). However, data may be stored for a longer period than that provided we have a legitimate need to do so, e.g. in the event that it is necessary for legal claims to be determined, implemented or defended, or if storing said data is necessary to ensure compliance with legislative requirements. Accounting data is stored for 5 years to the end of an annual accounting period in order to ensure compliance with the Danish Bookkeeping Act.
5.3 Any data we have collected in connection with your registration to and during your membership of our customer club (cf. section 2.3) will be erased upon your deregistration.
6.1 We have implemented appropriate technical and organisational security safeguards to prevent the accidental or unlawful destruction, loss, alteration and deterioration of personal data, as well as unauthorised access to or abuse of personal data.
6.2 Only employees who have a legitimate need to access your personal data in order to perform their duties have access to your personal data.
7.0 CONTACT INFORMATION
7.1 Illums Bolighus A/S is the data controller of the personal data collected via The Website.
7.2 If you have any questions or comments relating to this Personal Data Policy, or if you wish to exercise one or several of your rights described under section 4, please contact:
Illums Bolighus A/S
Tel. no.: +45 3314 1941
E-mail: [email protected]
8.0 CHANGES TO THE PERSONAL DATA POLICY
8.1 In the event that we make any changes to the Personal Data Policy, you will be informed of such upon your next visit to The Website.
8.2 If you have signed up for our customer club, you will be informed about the changes to the policy through the issuance of information to the e-mail address you have provided us.
9.1 This is version 1.1 of Illums Bolighus’ personal data policy, dated 8 May 2018.