Introduction and Data Responsibility
Digital Dogme collects and processes personal data on the website and in our system for managing information about our members and customers, contact persons, etc. Personal data is any type of information about individuals that can be identified directly or indirectly. This may include information such as name, position, phone number, address, email address, etc.
The data controller is the association Digital Dogme, Rued Langgaards Vej 8, c/o Netcompany, 2300 Copenhagen, CVR no. 40984909
Collection and processing of personal data is always carried out in accordance with the applicable rules, and we only process personal data if we have a legally sufficient basis for doing so. We are aware that we may only process the personal data necessary to achieve the purpose. We regularly review our registered personal data and delete information that is no longer relevant to process. We do not register sensitive information such as health information or religious or political beliefs or similar. We also do not register information about children.
This notice is part of our documentation that we comply with the applicable data protection legislation.
If you have questions regarding our processing of personal data, you are very welcome to contact us.
Our Processing Activities
We register and use different types of personal data depending on which services or products you have ordered or are interested in.
You can read more about which categories of information we process for which purposes and with which processing bases in the sections below.
We also register and use the information in connection with other activities related to specific services and products, including service to you, advising you, or administering the relationship between you and us.
We collect the information directly from you, e.g., when you communicate with us via emails or other electronic media.
We do not use profiling and automated decisions.
Purpose
The membership system is used for member service and the association’s operations, including management and development of the business and its services.
Registered
Contact person in the member company.
Categories of Personal Data
We process ordinary personal data, including information about name, phone number, email, job title, and company of the contact person.
Processing Basis
The processing of personal data is based on the member’s consent.
The processing of personal data is also necessary to fulfill the current agreement with the member company.
Storage Period
We store the information for 5 years, calculated from the end of the calendar year of the most recent membership, unless special circumstances require a shorter or longer storage period.
Contact persons are deleted as soon as possible after we become aware that they are no longer employed by the member company.
Recipients
We share personal data with our co-labs and external consultants where relevant.
Purpose
The purpose is to manage the collaboration with our customers (including creating customers, providing advice, invoicing), administering, managing and developing our business and services, managing the operation and maintenance of IT systems, and performing statistical processing.
Registered
The customer and the customer’s potential owners as well as any contact persons at the customer.
Categories of Personal Data
We process ordinary personal data, including information about name, phone number, email, job title, and company name of the customer.
Processing Basis
The processing of personal data is based on the customer’s consent. The processing of personal data is also necessary to fulfill the agreement with the customer.
Storage Period
We store the information for 5 years, calculated from the end of the calendar year of the most recent collaboration, unless special circumstances require a shorter or longer storage period.
Contact persons are deleted as soon as possible after we become aware that they are no longer employed by the customer.
Recipients
We share personal data with our Learning Academy and external consultants where relevant.
Purpose
The purpose is to manage the collaboration with our partners (including creating partners, providing advice, invoicing), administering, managing and developing our business and services, managing the operation and maintenance of IT systems, and performing statistical processing.
Registered
The partner and the partner’s potential owners as well as any contact persons at the partner.
Categories of Personal Data
We process ordinary personal data, including information about name, phone number, email, job title, and company name of the partner.
Processing Basis
The processing of personal data is based on the partner’s consent.
The processing of personal data is also necessary to fulfill the agreement with the partner.
Storage Period
We store the information for 5 years, calculated from the end of the calendar year of the most recent collaboration, unless special circumstances require a shorter or longer storage period.
Contact persons are deleted as soon as possible after we become aware that they are no longer employed by the partner.
Recipients
We share personal data with Learning Academy and professional consultants. We do not share information with third parties, but we use data processors, including IT suppliers, to whom we entrust personal data. We enter into data processing agreements with all data processors to ensure the necessary security.
Purpose
The purpose is to be able to administer and manage the operation of our co-labs, including participants, send invitations, and conduct co-lab meetings.
Furthermore, the purpose is to strengthen collaboration and dialogue in our co-labs.
Registered
Members.
Categories of Personal Data
We process ordinary personal data, including information about name, title, organization, phone number, and email address.
Processing Basis
The processing of personal data is based on the member’s consent. The processing of personal data is also necessary to fulfill the current agreement with the member company.
Storage Period
We store the information for 5 years, calculated from the member company’s withdrawal from the network, unless special circumstances require a shorter or longer storage period.
Recipients
We only share personal data with the other participants in our co-labs.
We do not share information with third parties, but we use data processors, including IT suppliers, to whom we entrust personal data. We enter into data processing agreements with all data processors to ensure the necessary security.
Physical and Digital Events
Purpose
The purpose is to administer registrations, hold events, and maintain contact with participants before, during, and after the events.
We are an association that wants to brand ourselves, our members, and the events we hold. Participants in our events should be aware that in some cases, situational photos may be taken from the event, and we may post them on our website and/or social media. You can inform us at the beginning of our event if you prefer to avoid being in any situational photos that may be taken.
Registered
The participant.
Categories of Personal Data
We process ordinary personal data, including name, position, organization, address, phone number, and email address.
Processing Basis
The processing of personal data is based on the participant’s consent.
The processing of personal data is also necessary to fulfill an agreement with the participant.
Furthermore, the processing is necessary for us to pursue a legitimate interest in being able to market, conduct events, subsequently evaluate them, and generally target the material we send out.
Storage Period
We store the information for 5 years, calculated from the date of the event. We generally keep registration lists for 12 months from when the event is held. We do this to be able to evaluate who participates in events with a view to improving the content of the event if we later offer the same event again. Therefore, we do not use participants’ information to, for example, invite them again or for general marketing.
If you are employed by one of our members and you are registered for an event, we keep your personal information as long as we have a membership relationship with our member.
Regarding paid events, we keep invoice data for the financial year plus 5 years in accordance with Danish accounting rules, including the Bookkeeping Act.
Recipients
We share personal data with any partners and/or speakers. In addition, we share personal data with the other participants in the event.
We use data processors, including IT suppliers, to whom we entrust personal data. We enter into data processing agreements with all data processors to ensure the necessary security.
Purpose
The purpose is to administer registrations, conduct courses, and maintain contact with participants before, during, and after the courses.
We are an association that wants to brand ourselves, our members, and the events we hold. Participants in our courses should be aware that in some cases, situational photos may be taken from the course, and we may post them on our website and/or social media. You can inform us at the beginning of the course if you prefer to avoid being in any situational photos that may be taken.
Registered
The participant.
Categories of Personal Data
We process ordinary personal data, including name, position, organization, address, phone number, and email address.
Processing Basis
The processing of personal data is based on the participant’s consent.
The processing of personal data is also necessary to fulfill an agreement with the participant.
Furthermore, the processing is necessary for us to pursue a legitimate interest in being able to market, conduct courses, subsequently evaluate them, and generally target the material we send out.
Storage Period
We store the information for 5 years, calculated from the date of the course. We generally keep registration lists for 12 months from when the course is held. We do this to be able to evaluate who participates in the course with a view to improving the content of the courses if we later offer the same course again. Therefore, we do not use participants’ information to, for example, invite them again or for general marketing.
If you are employed by one of our members and you are registered for a course, we keep your personal information as long as we have a membership relationship with our member.
Regarding paid courses, we keep invoice data for the financial year plus 5 years in accordance with Danish accounting rules, including the Bookkeeping Act.
Recipients
We share personal data with any partners and/or speakers. In addition, we share personal data with the other participants in the course.
We use data processors, including IT suppliers, to whom we entrust personal data. We enter into data processing agreements with all data processors to ensure the necessary security.
Purpose: The purpose is marketing initiatives, including being able to target our communication to relations. Registered: The relation. Categories of Personal Data: We process ordinary personal data, including name, position, organization, address, phone number, and email address. Processing Basis: The processing of information as part of the delivery of our newsletters is based on consent. You can always withdraw your consent by email or through the unsubscribe link in the newsletters. If you unsubscribe from our newsletters, we will immediately stop sending you newsletters, and your personal data will be deleted within 30 calendar days at the latest. Storage Period: We store the information for 5 years, calculated from our most recent dialogue with the relation. If the registered persons have subscribed to our newsletter, we process the information until the consent is withdrawn. Recipients: We do not share personal data, but we use data processors, including IT suppliers, to whom we entrust personal data. We enter into data processing agreements with all data processors to ensure the necessary security.
Purpose
The purpose is to perform statistics, making it possible to target content and optimize Digital Dogme’s digital services (see Cookie Policy).
Registered
Visitors to the website, members, customers, and partners.
Processing Basis
The basis for our processing is your consent, cf. Article 6(1)(a) and (b) of the General Data Protection Regulation. You always have the right to withdraw your consent. We ensure that it is just as easy to withdraw consent as it is to give consent, and we keep documentation to be able to prove that you have given consent for us to process your personal data.
If we are to deliver a service or other service to you pursuant to an agreement between us, the basis is Article 6(1)(a) of the General Data Protection Regulation.
Regarding our marketing activities, the basis is Article 6(1)(f) of the General Data Protection Regulation, concerning our interest in marketing ourselves, including our interest in targeting materials that we send out (legitimate interest).
Storage and Deletion Procedures
The legislation does not contain rules on when personal data must be deleted, which is why we decide this as the data controller in each individual situation. In making this assessment, we particularly emphasize whether continued storage of personal data serves a legitimate purpose.
Processing Security
We process your personal data confidentially and maintain adequate physical frameworks as well as IT technical and administrative restrictions on access to your information to ensure against unauthorized access to personal data that is subject to our responsibility.
We have also implemented a number of technical and organizational security measures with the aim of protecting your personal data against accidental or unlawful destruction, loss or deterioration, as well as against it coming to the knowledge of unauthorized persons, being misused or otherwise processed in violation of data protection legislation.
We continuously develop our security policies and procedures to protect processing security.
Only persons who need to process personal data have access to them.
We require the same of partners as we require of ourselves.
Our employees are instructed in how they should or may process personal data, and internal guidelines have been adopted for what they should do in case of breach of data security. Should we – e.g. as a result of cyber attacks or similar – be affected by security breaches, we will notify you as quickly as possible if the security breach entails a high risk for you.
Use of Data Processors
In addition to us having access to your personal data, we have also given access to a number of data processors to handle and process personal data as part of our normal operations. We use, for example, data processors in connection with backup, hosting, and other operational and IT security tasks. It is solely for the purpose of data processors being able to provide IT services or support to us that they have access to your personal data. Access occurs only within the framework we have set up in our capacity as data controller. Data processors may not use personal data for their own marketing or other purposes. The data processors’ storage of personal data is subject to data processing agreements with all data processors. These include, among other things, requirements for an appropriate level of security.
Transfer to Third Countries
The information we collect will primarily, and as far as possible, be processed and stored in Denmark, the EU, and the European Economic Area (EEA).
At the time of entry into force of this latest version of the privacy policy, we use a data processor in the USA. The data processor handles Customer Relations Management (CRM) for us. We have entered into written agreements with the data processor in the USA, which has committed to adequate measures to ensure that data processing takes place in accordance with the rules that apply in the EU.
Your Rights, Including the Right to Request Access, Rectification, and Deletion
You have the right to be informed about which personal data we process about you, why we process it, where we have the information from, how long we store it, and who we may disclose it to. You can submit a request for access to us at any time, and it does not need to be justified.
You have the right to request correction of any incorrect, incomplete, or irrelevant personal information that we may have under our processing.
You have the right to have your information about you deleted from us if we only process the information based on your consent, or if the personal information has been processed unlawfully, or if you object to a specific, otherwise lawful processing of the personal information. You can always object to the processing of your personal data for marketing purposes.
Your rights regarding deletion do not prevent us from anonymizing certain information, and processing and storing it for longer in an anonymized form (statistical data).
In connection with your exercise of your rights, we may require relevant identification to ensure your identity.
You can read more about your rights in the Danish Data Protection Agency’s guide on data subjects’ rights (www.datatilsynet.dk).
Complaint Options
If you wish to complain about our processing of personal data, we encourage you to send us your complaint to the email address kontakt@digitaldogme.dk.
You also have the right to complain to the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data.
For further information on how to complain to the Danish Data Protection Agency, please refer to the Danish Data Protection Agency’s website www.datatilsynet.dk.
Update of Privacy Policy
We always strive to ensure the greatest possible transparency regarding the collection and use of personal information. We will therefore continuously
update this Data Protection Notice. Updates to the practices we follow as part of our processing of personal data in accordance with this Data Protection Notice apply immediately to the information we have about you. If we make significant changes to the Data Protection Notice, we will take reasonable and customary steps to communicate this to the data subjects, including the consequences of our changes.
The Data Protection Notice was last updated on the date shown at the top under “effective from”.