1 INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA
Your data security is important to us, and we therefore take great care to ensure that your personal data is handled responsibly. Below you can read how MESSAGE A/S (hereinafter ”mbyM”, "we ", "us " or "our ") process personal data about you when we act as data controller. You can also read about your rights in relation to our processing.
2 MBYM’S ROLE AS DATA CONTROLLER
In connection with the operation of our business, we process certain personal data. We do this in order to serve you in the best possible way. We mainly collect and process general (non-sensitive) personal data.
If you have any questions regarding our processing of your personal data, please contact mbyM here:
A F Heidemanns Vej 19, 9800 Hjørring
3 WHAT PERSONAL DATA DO WE COLLECT AND WHY
We process personal data about you in a number of different situations. Read more about our processing in the different situations below.
3.1 Visitors to mbyM’s website and users of mbyM’s online services
When you visit mbyM’s website (e.g. mbyM-shop.com) or use our other online services (on, for example Facebook, Instagram, LinkedIn, Pinterest, Snapchat, TikTok), mbyM may process information about your IP address as well as information about your computer, device and browser.
We also process personal data that you provide to us in connection with your use of the website or our online services, including and any other information you provide to us.
We use your personal data so that we can make relevant products, supplies, benefits and services ("Services") available to you and to improve your experience of our websites and online services and the Services we offer. We also use personal data to show you content on our and other sites based on your activities and preferences, and to limit the number of times you see the same content.
The legal basis for processing is our legitimate interests in making our website (and online services) available to you (Article 6(1)(f) of the General Data Protection Regulation) or your consent (Article 6(1)(a) of the General Data Protection Regulation and Section 3 of the Danish Executive Order on Cookies).
We store personal data collected in connection with your visit to our website 2 years.
3.2 Marketing recipients
When you receive marketing communications, including newsletters from mbyM, we process personal data about name, telephone number, email address and product interest. We also process information about your marketing or communication preferences, your use of the marketing we send to you (including, for example, whether you have opened an email from us, whether the email has been read and which links you have opened), and any other information you provide to us.
We process your personal data for the purpose of marketing our company and Services, and for setting up and managing your marketing subscription. We use the personal data about your preferences and usage to understand the way customers receive our marketing messages and to improve our marketing to you and other customers going forward.
We will only send you marketing material by email, text messages or other electronic means once we have obtained your consent where this is required under the Danish Marketing Practices Act.
We also use personal data about you to show you content on our and other sites based on your activities and preferences, and to limit the number of times you see the same content, as well as to measure the effectiveness of our content and marketing. For this purpose, we may upload your email address to advertising tools with for instance Google or Facebook for the purpose of sending targeted marketing messages.
The legal basis for processing is our legitimate interests in complying with your wish to receive marketing communications from us to which you have consented under the Danish Marketing Practices Act (Article 6(1)(f) of the General Data Protection Regulation).
We store personal data about recipients of marketing communications 2 years.
3.3 Participants in competitions
When you participate in competitions, we process personal data about name, email address, telephone number, responses to the competition, profile name.
We process your personal data for the purposes of managing competitions, drawing winners, etc.
The legal basis for processing is our legitimate interests in running the competition and contacting the winner (Article 6(1)(f) of the General Data Protection Regulation).
We store the personal data collected in connection with the organisation of competitions 2 years.
4 DISCLOSURE OF YOUR PERSONAL DATA TO OTHERS
mbyM may disclose your personal data to other suppliers and/or service providers in the ordinary course of our business as well as to our group affiliates.
mbyM may also disclose your personal data to a public authority in situations where we are specifically obliged to disclose your personal data pursuant to legislation and notification obligations to which we are subject.
We try to limit the disclosure of personally identifiable information and thus the disclosure of information that can be attributed to you personally.
mbyM also discloses your personal data to data processors. Our data processors only process your personal data for our purposes and under our instructions.
5 TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE EU/EEA
In connection with our processing of your personal data, we may transfer such information to countries outside the EU/EEA (third countries).
Your personal data may be transferred to countries where the European Commission has determined that the level of data protection is equivalent to that in the EU/EEA (secure third countries).
We may also transfer your personal data to unsecure third countries.
You can read more about the transfer of personal data to countries outside the EU/EEA on the European Commission's website.
If you would like further information about our transfer of personal data to countries outside the EU/EEA, please contact us.
6 STORAGE, DATA INTEGRITY AND SECURITY
When your personal data is no longer needed, we will ensure that it is deleted in a secure manner.
It is our policy to protect personal data by taking adequate technical and organisational security measures.
We have implemented security measures to ensure data protection for all personal data that we process. We conduct regular internal follow-ups on the adequacy of and compliance with policies and measures.
7 YOUR RIGHTS
As a data subject, you have certain rights under the General Data Protection Regulation. If you want to exercise your rights, please contact us.
You may – unconditionally and at any time – withdraw your consent. You can do so by sending us an email (see email address above). Withdrawal of your consent will not have any negative impact. However, this may mean that we cannot meet specific requests from you in the future. Withdrawal of your consent will not affect the lawfulness of the processing based on consent before it is withdrawn. Furthermore, it will not affect any processing carried out on another lawful basis.
You can also – unconditionally and at any time – object to our processing when it is based on our legitimate interests.
Your rights also include the following:
· Right of access: You have the right to access the personal data we process about you.
· Right to rectification: You have the right to obtain rectification of any inaccurate and incomplete personal data about you.
· Right to erasure (right to be forgotten): In exceptional cases, you have the right to obtain erasure of information about you before the time when we would normally delete your personal data.
· Right to restriction of processing: In certain situations, you have the right to restrict the processing of your personal data. If you have the right to restrict the processing of your personal data, we may only process personal data in the future – apart from storage – with your consent, or for the establishment, exercise or defence of legal claims, or to protect an individual or important public interests.
· Right to object: In certain situations, you have the right to object to our processing of your personal data, and always if the processing is for direct marketing purposes.
· Right to data portability: In certain situations, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have such personal data transferred from one data controller to another.
· Right to lodge a complaint: You can lodge a complaint at any time with the Danish Data Protection Authority about our processing of personal data. See more at www.datatilsynet.dk where you can also find further information on your rights as a data subject.
This policy has version no. 17 and is valid from 8. June, 2022.