Privacy Policy

Introduction

This Privacy Notification describes how we collect and process personal data concerning you as a customer, supplier and business partner of Cubris.

This Privacy Notification furthermore describes how we collect and process data concerning you when you interact with Cubris on our social media pages or visit our website.

The data controller of the collection and processing of your personal data is:

Cubris ApS

CVR-nr.: 31744172

Industriparken 39

2750 Ballerup

+45 46 97 54 00

gdprlink@cubris.dk

Collection and processing of your personal data

In the description below, you can see in which contexts we collect and process personal data concerning you.

Customers

Purpose

We collect and process personal data concerning potential and existing customers to retain an updated customer relationship management (CRM) database that helps track information and interactions between Cubris and potential and existing customers and to comply with contract requirements in relation to our existing customers.

Categories of personal data

We process the following categories of non-sensitive personal data concerning you:

  • Contact information, including name, job title, business e-mail, business phone number and workplace.

Legal bases for processing

Our processing is based on the following legal bases:

  • GDPR, art 6(1)(b) (necessary for the performance of a contract or necessary steps prior to entering a contract).
  • GDPR, art 6(1)(f) (legitimate interest). Legitimate interest is justified by our business interest to track information and interactions with potential and existing customers.

Sources

We collect personal data directly from you when you interact with Cubris. We also may collect personal data concerning you from third parties e.g., our parent company Thales Group and from event organizers in case that you participate in business events/fairs where Cubris is represented.

Retention period

  • As a general rule, contact information regarding potential customers will be deleted 12 months after the expiry of the deadline for acceptance of the final offer.
  • As a general rule, contact information regarding existing customers will be deleted 3 years after termination of agreement, unless data must be stored in 5 years according to the Danish Bookkeeping Act.
  • In the case of written acknowledgement of the existence of claims, court decisions and/or settlements, a retention period of 10 years is necessary for the purpose of processing any claims.

Recipients

We may disclosure personal data concerning you to our parent company Thales Group, if necessary, in order to share potential sales and/or stakeholder mapping. Our legal base to disclose personal data concerning you to Thales Group is GDPR, art 6(1)(f) (legitimate interest). Our interest is justified by our business interest to share information of potential sales and/or stakeholder mapping with our parent company.

If we need legal assistance or other professional advice or assistance, we may disclose your personal data to our external lawyer, accountant, debt collection agencies and similar on basis of our legitimate interest in being able to establish, defend or assert a legal claim. The base for such disclosure of your personal data is GDPR art 6(1)(f) (legitimate interest).

Incident Management System for customers

Purpose

We collect and process personal data as part of the delivery of Incident Management System for our customers. The purpose of the processing is to deliver a professional services to our customers.

Categories of personal data

We process the following categories of non-sensitive personal data concerning you when you report incidents to the system:

  • Contact information, including name, business e-mail, business phone number and your description of the incident.

Legal bases for processing

Our processing is based on the following legal bases:

  • GDPR, art 6(1)(b) (necessary for the performance of a contract)
  • GDPR, art 6(1)(f) (legitimate interest). Legitimate interest is justified by our interest to provide high quality customer service.

Sources

We collect data directly from you when you report incidents to the system or to our Customer Support teams.

Retention period

  • Personal data will be deleted in accordance with contract requirements with the individual customer in question.
  • In the case of written acknowledgement of the existence of claims, court decisions and/or settlements, a retention period of 10 years is necessary for the purpose of processing any claims.

Recipients

We do not disclose your personal data to any recipients.

Suppliers and business partners

Purpose

We collect and process personal data from our suppliers and business partners to carry out contract management and to receive goods and services from you or your suppliers and business partners.

Categories of personal data

We collect and process the following categories of non-sensitive personal data concerning you as supplier or business partner:

  • Contact information, including name, business e-mail, business phone number and workplace.

Legal base for processing

Our processing is based on the following legal base:

  • GDPR, art 6(1)(b) (necessary for the performance of a contract) Sources We collect personal data directly from you when you interact with us as a supplier or business partner.

Retention period

  • Contact information concerning suppliers and business partners will be deleted 3 years after termination of agreement, unless data must be stored in 5 years according to the Danish Bookkeeping Act.
  • In the case of written acknowledgement of the existence of claims, court decisions and/or settlements, a retention period of 10 years is necessary for the purpose of processing any claims.

Recipients

We do not disclose your personal data to any recipients.

Social Media

Purpose

When visitors visit our social media pages (LinkedIn, Facebook, YouTube and Instagram) the purpose of the processing is to ensure that the content is relevant and presented in the most effective manner for the visitors, and that the visitors have a positive experience when navigating our sites.

Categories of personal data

We collect and process the following categories of non-sensitive personal data concerning you when you visit our social media pages:

  • Information about the digital interactions: E.g., use of chat rooms, message boards, social media pages or other interactive forums including any comments, photos, videos or other information about the visitor from interactions.

Legal base for processing

Our processing is based on the following legal base:

  • GDPR, art 6(1)(f) (legitimate interest). Legitimate interest is justified by our interest in managing and administering our social media sites and to provide you with the content and services on our social media sites.

Sources

We collect personal data directly from you when you visit our social media pages.

Retention period

We refer to the social media providers’ privacy statement.

Recipients

Non-sensitive personal data of digital interactions concerning the visitors of our social media pages may be disclosed to third parties such as business partners, suppliers and vendors including analytics providers. In cases of disclosure to third parties it is based on GDPR, art 6(1)(f) (legitimate interest).

If data disclosed to third parties results in transfer of data to third countries, the transfer is based on standard contractual clauses in accordance with GDPR, art 46(2)(c).

Website

Purpose

When visitors visit our website the purpose of the processing is to manage and improve our website, to ensure that the content is relevant and presented in the most effective manner for the visitors and that the visitors have a positive experience when navigating our website.

Categories of personal data

We collect and process the following categories of non-sensitive personal data concerning you when you visit our website:

  • Information about the digital interactions when visiting the webpage, technical information: E.g., the Internet protocol (IP) address used to connect the visitor’s device to the Internet, and strictly necessary cookies which enable the visitor to move around the website and use its features.

Legal base for processing

Our processing is based on the following legal base:

  • GDPR, art 6(1)(f) (legitimate interest). Legitimate interest is justified by our interest in managing and administering our website and to provide you with the content and services on our website.

Sources

We collect personal data directly from you when you visit our website.

Retention period

Personal data will be deleted 1 year after the time when you visit our website.

Recipients

We do not disclose your personal data to any recipients.

Your privacy rights

Right to withdraw consent

You have the right to withdraw your consent at any time in case that our processing is based on your consent. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right of access

You have the right to obtain from Cubris the confirmation as to whether personal data concerning you are being processed, and you have the right of access to personal data concerning you.

Right to rectification

You have the right to obtain from Cubris the rectification of inaccurate personal data and you have the right to have incomplete personal data completed.

Right to erasure

Your personal data is deleted when it is no longer necessary in relation to the purpose for which it was collected (se section “retention period”). For compelling reasons, you have the right to have some types of personal data deleted before our usual retention period. If you withdraw your consent and we do not have another legal base for processing your personal data, you have the right to have your personal data deleted, unless we have a legal obligation to retain the data.

Right to restriction

In exceptional circumstances, you have the right to have the processing of your personal data restricted.

Right to data portability

You have the right to data portability of personal data provided by yourself when the processing is based on consent or performance of an agreement with you and the processing is carried out by automated means. If you have the right to data portability, information will be provided in a commonly used and machine-readable format that you can transfer to another service provider, if technically feasible.

Right to object

You have the right to object to processing of your personal data, if the data controller processes your data on point of:

  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • The processing is necessary for the data controller or a third party to pursue a legitimate interest, unless your interests or fundamental rights and freedoms that require the protection of personal data prevail.

Questions

If you have any questions, concerns, or complaints about our processing of your personal data, you can contact us (see contact details in the section “Introduction”).

We process inquiries as soon as possible and we usually respond no later than one month after receipt of the inquiry unless it is not possible due to the complexity or scope of the request. In this case, the deadline for replying may be up to 3 months after the date of receipt of the request, cf. GDPR, art 12(3).

Danish Data Protection Agency

You have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet), if you are dissatisfied with the way we process your personal data. You can find the Danish Data Protection Agency’s contact information on www.datatilsynet.dk.

Updates to this Privacy Notification

This Privacy Notification was last updated on 8th of March 2023.