1. Data controller

When you visit our website or interact with us as described in this privacy policy, Reform Group Holding ApS, Otte Busses Vej 5, 2450 København SV is the data controller and process your personal data as described in this privacy policy.

If you have any questions regarding our processing of personal data, this policy or your rights as a data subject please us at privacy@reformcph.com or +45 71 99 42 20.

 

 

2. We process your personal data

 

2.1 Private customers

 

When you purchase our products, we process your personal data for the purpose of providing our products and the best service to you, including:

  • Name, address, contact information, credit card and billing information and information regarding your old and new interior, in accordance with article 6(1)(f) of the GDPR.

We only disclose your personal data when it is necessary to provide our service to you. We may disclose your personal data to relevant suppliers, business partners, group companies and data processors. 

We store your personal data for a period of 7 years after your purchase.

 

2.1 Users of our website

 

When you use our website we process your personal data, if you give us consent to place cookies. Depending on the cookies you accept, we process your personal data for marketing, statistical and development purposes, including:

  • IP-address, which sites you visit on our website and which products you are interested in or have purchased in accordance with article 6(1)(a) and (f) of the GDPR.

If you consent to third party cookies, we share information about your visit to our website with social media providers such as Meta Platforms, Pinterest, Twitter and LinkedIn for statistical purposes, to improve our website, measure our marketing efficiency and to target marketing. In connection with these processing activities, we are joint data controllers with the social media providers in accordance with article 26 of the GDPR. 

We only disclose your personal data when it is necessary for the purposes for which the personal data is processed. We may disclose your personal data to relevant suppliers, business partners, group companies and data processors. 

We store and process the personal data for as long as the cookies are active, which depends on the specific type of cookie and whether you withdraw your consent to cookies. 

You can read more about cookies, including third party cookies and retention, in our cookie policy: https://www.reformcph.com/cookie-policy


 

2.3 Business contact persons with business customers, partners and service providers

 

If you are employed by one of our business customers, partners or service providers, we may process your personal data for business administration purposes, as part of our day-to-day business operations, e.g. if we correspond with you via email, including:

  • Name, title, business contact information and CRM-related information in accordance with article 6(1)(f) of the GDPR. 

We only disclose your personal data when it is necessary to provide our service to you or your employer. We may disclose your personal data to relevant suppliers, business partners, group companies and data processors. 

We store and process the personal data for as long as you are employed with our business partner, customer or service provider or as long as the business relationship exists. If your personal data is registered in invoices or other documents related to accounting, we store the personal data for five (5) years after the financial year in question. 

 

2.4 Direct marketing

 

If you sign up for our newsletter or otherwise give consent to marketing, we process your personal data for the purpose of providing you with relevant news and our best offers, including:

  • Name, contact information and product preferences in accordance with article 6(1)(a) of the GDPR and section 10 of the Danish Marketing Act.

We only disclose your personal data to our data processors. 

As a starting point, we process your personal data until you unsubscribe from our newsletter service. You can unsubscribe from our newsletter service by clicking ”unsubscribe” in our newsletters or by contacting us  https://www.reformcph.com/unsubscribe

If you unsubscribe from our newsletters or withdraw your consent to marketing, we retain your personal data for six months to be able to document your consent in accordance with article 6(1)(f) of the GDPR. We will not process your personal data for marketing purposes in this retention period. 

 

2.5 Applicants

 

If you apply for a job, we process the following categories of personal data to be able to process unsolicited application material or in connection with a job advert:

  • The personal data received from you in your application material including name, contact information, job history, education, professional competences, photo, etc. in accordance with article 6(1)(b) and (f) of the GDPR.
  • Personal data collected from publicly available social media platforms, for example LinkedIn, Facebook, etc. in accordance with article 6(1)(b) and (f) of the GDPR.
  • Personal data collected from your references or public authorities, if you have consented hereto in accordance with article 6(1)(a) of the GDPR and section 8(2)(i) of the Danish Data Protection Act.
  • Personal data processed in connection with personal tests or similar tests, if you have consented hereto in accordance with article 6(1)(a) of the GDPR.

If we process special categories of personal data (sensitive data) about you in accordance with article 9(2) of the GDPR or your CPR-number, because you provided this information on your own initiative in your application material, your submission of this information is considered as your explicit consent to our processing of the information during the recruitment process in accordance with article 9(2)(a) of the GDPR and section 11(2)(ii) of the Danish Data Protection Act.

To the extent necessary, we may disclose your personal data to our data processors or business partners, including, for example, recruitment consultants and test providers.

If your application does not lead to employment with us, we will normally store your application material for up to 6 months after the recruitment process is complete.

Under specific circumstances, we will retain your personal data for a longer period of time if we deem this necessary to be able to defend ourselves against a potential legal claim in accordance with article 6(1)(c) of the GDPR.

When you send an application to us, solicited or unsolicited, we request your consent to retain your application material for possible future vacancies for 12 months in accordance with article 6(1)(a) of the GDPR. 

You may withdraw your consent at any time and consequently have your application material deleted by contacting us as described above under clause 1.

 

 

3. If you would like to withdraw your consent

 

If we process your personal data based on your consent, you can withdraw your consent at any time by contacting us as outlined above under clause 1 or follow the instructions on our website, in newsletters etc. 

If you withdraw your consent, it will not affect the legality of our processing of your personal data until the time you withdraw the consent. In special cases we may be entitled to continue our processing of your personal data, e.g. to defend ourselves against a potential legal claim. 

 

 

4. Transfer of personal data to third countries

 

To the extent necessary to comply with the purposes of the processing of your personal data, we may transfer personal data to international organisations or companies established in countries outside the EU/EEA. We only perform such transfers if we have a sufficient legal basis for this, including e.g.:

  • If the European Commission has assessed that the security in the relevant third country is adequate in accordance with the nature of article 45 of the GDPR, or
  • If other appropriate safeguards can be provided, including, e.g. the conclusion of the EU Commission’s standard contracts in accordance with the nature of article 46 of the GDPR.

 

 

5. Security measures

 

Your personal data security is a high priority to us, and our focus is therefore on processing your personal data in compliance with applicable data protection law.

In order to best protect your personal data, we continuously assess the risks that may be associated with our processing of your personal data. In particular, we pay attention to protecting your personal data against discrimination, identity theft, financial loss, loss of reputation and confidentiality.

In the event of a data breach that involves high risk to your rights, we will notify you of the breach as soon as possible under the given circumstances.

 

 

6. Your rights

 

When we process your personal data, you have a number of rights. If you request to make use of your rights, you can contact us as described above under clause 1. 

  • RIGHT OF ACCESS. You are entitled to access and receive copies of the personal data, we process about you
  • RIGHT OF RECTIFICATION. If we process incorrect personal data about you, you are to same extent entitled to rectification of any such incorrect personal data.
  • DELETION. In specific cases, you have the right to have the personal data we process about you deleted.
  • RESTRICTION OF PROCESSING. In specific cases, you have the right to request that our processing of your personal data shall be limited to storage.
  • OBJECTION. In specific cases, you are entitled to object to our processing of your personal data. 
  • DATA PORTABILITY. In specific cases, you are entitled to receive your personal data in a structured, commonly used, and machine-readable format and to have such personal data readily transferred from one data controller to another.

Learn more about your rights at the Danish Data Protection Agency’s website: www.datatilsynet.dk.
 

6. Avenues of complaint

 

You have the right to file a complaint to the Danish Data Protection Agency, if you are dissatisfied with the way in which we process your personal data. However, we hope that you will reach out to us first to find a solution.

The Danish Data Protection Agency’s contact information and information on complaints can be found at www.datatilsynet.dk.