Privacy policy for Invoicery Danmark ApS

Protecting the personal data of our employees and customers is important to us. We want you as a data subject at Invoicery Danmark ApS to feel safe regarding the processing of your personal information. With this document we will inform you about how we collect and process your personal information, for what purpose it is done and how long the information is stored. We will also tell you what rights you have and how you can exercise them.

Personal data controller

Invoicery Danmark ApS (hereinafter referred to as "Invoicery Danmark", "we"), CVR no. 40024018, is the personal data controller for the personal data processed in the company. Invoicery Danmark determines the purpose of the processing and the manner in which the processing shall take place.

Contact information for the data controller and data protection representative can be found at the end of this privacy policy.

What is personal data and what does processing personal data involve?

Personal data is any information that can be directly or indirectly attributed to a natural, living person. Examples of personal data are name, social security number, email address, phone number, pictures and IP number. Processing of personal data includes all forms of handling of personal data, such as collection, registration, storage, transfer and deletion.

What personal information do we process?

Invoicery Denmark processes many different types of personal data. What information depends on the capacity in which you have come into contact with us.

Employees:

If you are an employee of Invoicery Denmark, i.e. if you have been offered a fixed-term employment with us by using our services to perform and get paid for work tasks, we process the personal data that traditionally occurs in connection with an employment. This includes name, social security number, address, email address, telephone number, bank account number, credit information, receipts for expenses, education certificates and correspondence. The processing is necessary for us to be able to employ you and fulfill our legal obligations as an employer. It is also necessary in order to fulfill the agreement with the customer you have performed the task for, to administer customer service for you and the customer, to fulfill our legal obligations to various authorities, and to market our services to you.

Customers and suppliers:

If you are a customer of ours because one of our employees has performed tasks for you or if you are a supplier to us, we process e.g. name, social security number, address, e-mail address, telephone number and correspondence. We process this personal data in order to fulfill our agreement with you, to fulfill our legal obligations and to safeguard our and our employees' legal interests.

How and from which sources do we collect the information?

We collect information about you when you create an account on our website. We collect the information that you enter into the system yourself. This could be your name, social security number, address, email address and business title. If you have obtained your employment with us through one of our contract customers, we collect similar information directly from the customer. As your employment with us progresses, additional information about you is generated in our system. This could be, for example, your payslips or your employee number. We also collect information about you when you contact us regarding matters related to your employment with us. This information could be your correspondence, sick leave, education certificates, etc.

In addition to the information that you provide to us or that we collect when you use our services or correspond with us, we may also collect information from a so-called third party. Information that we collect from third parties is, for example, credit information from credit reference agencies and address information from public registers.

We also collect information about you by using cookies on our websites.

What do we use the data for?

In order for us to be allowed to process your personal data, there must be a legal basis in the relevant legislation, a so-called lawful ground. For our processing of personal data to be lawful, one of the following grounds must be met:

The processing is necessary for us to fulfill the agreement with you.

The processing is necessary for the performance of a legal obligation to which we are subject.

The processing is necessary for the purposes of the legitimate interests pursued by Invoicery Denmark, and that your interest in personal data protection does not outweigh these interests (a so-called balancing of interests).

Below is an overview of the purposes for which we process your personal data and on what legal basis we do so.

Purpose of the service

To be able to offer our service that enables you to work as a fixed-term employee

Categories of personal data

Name, social security number, address, email address, telephone number, employee number, bank account number, business title, work permit, tax information, credit information, certificates of education, certificates of authorization, salary information, per diems/expenses, pension information, holiday information, insurance information, sick leave, working hours, correspondence, photo and other information that traditionally occurs in connection with employment

Examples of processing

Identification.

Credit information to determine whether we can grant the employee and customer credit by prepaying wages.

Checking professional authorization and ensuring that adequate insurance protection is in place.

Payment and administration of salary, per diems, reimbursement of expenses.

Lawful ground: Performance of contract and legal obligation.

The processing is necessary in order for us to enter into and complete the employment contract with the employee and handle the administration related to the employment. The processing is also necessary in order for us to fulfill our legal obligations as employer towards the employee and third parties.

Purposes

To fulfill the agreement with our customer with regard to the task performed by the employee.

Categories of personal data

Name, address, e-mail address, telephone number, social security number, CVR number (e.g. private company), correspondence, invoice information, contract information, property designation (e.g. tax deductible services)

Examples of processing

Creating and signing a task agreement.

Managing and sending an invoice to the customer for work performed.

Lawful ground: Performance of contract.

The processing is necessary for the performance of a contract with our customer.

Purpose:

To fulfill our legal obligations.

Categories of personal data

Name, address, email address, social security number, phone number, business title, salary information, per diems/expenses, pension information, insurance information, sick leave, working hours and other information that traditionally occurs in connection with employment.

Examples of processing

Declaration and reporting of tax, payroll taxes, VAT, etc.

Completion of an employer declaration

Legal reason: Legal obligation.

The processing is necessary for us to fulfill our legal obligations under the law or other regulations, governmental regulations, decisions, requests or guidelines regarding e.g. bookkeeping, tax matters and obligations linked to our responsibilities as an employer.

Purpose

To be able to handle customer service.

Categories of personal data

Name, social security number, address, email address, phone number, correspondence, invoice information, contract information, salary information, technical information about computer and browser, etc.

Examples of processing

Communication and correspondence with employees, customers and stakeholders via phone, email, chat or social media.

Responding to inquiries, handling complaints and disputes, advice, technical support, etc.

Performance of contract and legal obligation.

The processing is necessary for the performance of our contract with the employee and our contract with the customer. The processing is also necessary in order for us to fulfill our and our contractual partners' interest in maintaining good customer service.

Purposes

To be able to market our services via direct marketing and remarketing.

Categories of personal data

Name, email address, IP number, technical information about computer and browser.

Examples of processing

Sending direct marketing via e-mail.

Use of cookies when visiting our website for remarketing on other websites.

Lawful ground: Legitimate interest.

The processing is necessary in order to fulfill Invoicery Denmark's legitimate interest in being able to market existing or new services and inform about new events.

Who may we share your personal data with?

In certain cases, we may share your personal data with other legal entities.

Companies within the same group as Invoicery Denmark

As we have certain common group functions within our group, we may in some cases share your personal data with other companies within the group.

Other legal entities that are independent data controllers.

We share your personal data with other independent data controllers, i.e. companies or authorities that decide for themselves how to process information provided to them. When personal data is shared with other independent data controllers, their privacy policy and data processing routines apply.

The independent data controllers that we may share your personal data with are:

Public authorities, such as the Danish Tax Agency, the Danish Data Protection Agency, the Danish Business Authority, unemployment insurance funds, municipalities, the police and the Danish Working Environment Authority, if we are required to do so by law, in order to fulfill our responsibilities as an employer or in case of suspected crime.

Companies or other legal entities that you as an employee have performed tasks for in order to fulfill our employment agreement with you and our agreement with the customer.

Data processors

In order for us to provide our services and fulfill our obligations under the agreement with you, we share some of your personal data with companies that help us with marketing, IT solutions, debt collection, etc. These companies are personal data processors for us and we enter into an agreement with them to ensure that they only process your data in accordance with our instructions and for the purposes for which it was collected.

Suppliers in third countries

We always aim to keep the personal data we process within the EU/EEA. However, some of our suppliers have their operations outside this area, in a so-called third country. If we transfer your data to a third country, we take appropriate safeguards to ensure that the level of protection is the same as within the EU/EEA. Examples of such safeguards are approved code of conduct in the recipient country, standard contractual clauses, binding corporate internal rules and Privacy Shield.

How long do we store your personal data?

We store your personal data for as long as it is necessary to fulfill the purpose for which the data was collected. The data we collect and that is generated when you use our services is processed for different purposes. Therefore, it is also stored for different lengths of time, depending on what it is to be used for and what our legal obligations are. For example, it may be as long as it is required for us to fulfill our employer responsibilities towards you. It may be in order to handle complaints from your client, or for as long as it is required to fulfill certain legal retention periods regarding e.g. bookkeeping.

How do we protect your personal data?

We take appropriate technical and organizational security measures to ensure that all data we process is protected against illegal or unauthorized access, but also against loss, destruction or other damage. Only the processors who have access to our system have access to your personal data. Their handling of the information is strictly regulated in internal governance documents.

Your rights as registered

As a data subject, you have a number of rights under current legislation that are linked to our processing of your personal data. Below we list your rights and what they entail. You will find contact details at the end of the document, which you can use to exercise your rights

We will process your request without undue delay and usually within one month. Please note that we may need additional information from you to ensure your identity and verify that the request comes from the right person.

Right of access (register extracts)

You have the right to request information about which of your personal data we process, a so-called register extract. The request for a register extract must be made in writing, signed by you and mailed to the address you find at the end of this document. The register extract will be sent to your registered address.

Right to rectification

If personal data linked to you is incorrect, you have the right to request its rectification. You also have the right to supplement personal data that you believe is missing and that is relevant for the purpose of the processing. You also have the option to update your information yourself in your account on our website when you are logged in.

If personal data has been corrected at your request, we will inform those to whom we have provided the data that a correction has been made. However, we will only do so if such notification is possible and does not involve disproportionate effort. We will also inform you to whom we have disclosed the information if you request it.

Right to erasure

You have the right to request deletion of your personal data held by us. In the following cases, your personal data must be deleted:

if the data is no longer needed for the purposes for which it was collected,

if the processing is based solely on consent and the consent is withdrawn by you,

if the processing is for direct marketing purposes and you object to such processing,

if you object to processing that is carried out on the legitimate basis of a balancing of interests and there are no legitimate grounds that outweigh your interest,

if the personal data is processed in violation of applicable law,

if erasure is required to comply with a legal obligation,

if the personal data has been collected about a child under the age of 13 for whom you have parental responsibility and the collection has taken place in connection with the provision of information society services.

There may be legal obligations that prevent us from deleting certain personal data. These obligations may stem from, for example, civil registration legislation, tax legislation or consumer rights legislation. The processing may also be necessary for us to establish, exercise or defend legal claims.

If personal data has been deleted at your request, we will inform those to whom we have provided the data that a deletion has taken place. However, we will only do so if such notification is possible and does not involve disproportionate effort. We will also inform you to whom we have disclosed the data if you so request.

Right to restriction of data processing

In certain cases, you have the right to request that our personal data processing is restricted. This means that we will mark the personal data in such a way that it is only used for certain limited purposes in the future.

The right to restriction applies, for example, if you have requested a correction of your personal data. In these cases, you can also request that our processing of the personal data is restricted while we investigate whether the personal data is correct. You may also invoke the right if you have objected to processing carried out on the legitimate basis of balancing of interests and you want the data processing to be restricted while it is investigated whose legitimate grounds prevail.

If personal data is restricted at your request, we will inform that restriction to those to whom we have disclosed the data. However, we will only do so if such notification is possible and does not involve a disproportionate effort. We will also inform you to whom we have disclosed the information if you request it.

Right to object

You have the right to object to the processing of personal data that we carry out on the basis of a balance of interests. In the event of such an objection, we may only continue processing if we can demonstrate that there are compelling legitimate grounds for processing the personal data and these grounds override your interests. We may also continue to process the data for the establishment, exercise or defense of legal claims.

If your personal data is processed for direct marketing purposes, you always have the right to object to the processing at any time. Direct marketing means all types of marketing outreach, such as by post, email and SMS. If you object to direct marketing, we will stop processing your personal data for that purpose.

Right to data portability

If you have provided us with personal data, you have the right, under certain conditions, to have this personal data removed from our records and used by another data controller. In order for you to exercise this right to data portability, the request must relate to data that you have provided to us and that we process with your consent or to fulfill contracts. The right to data portability does not apply to personal data that is processed based on a balance of interests or legal obligation.

Complaints

If you believe that your personal data is processed in violation of applicable law, you have the right to lodge a complaint with Invoicery Denmark or the Danish Data Protection Agency.

Changes to the Personal Data Policy

Invoicery Denmark reserves the right to change and update the privacy policy as needed. The latest version of the personal data policy will always be published on our website. In case of changes that are of crucial importance to our processing of personal information, you as an employee will receive information about this via e-mail well in advance of the update taking effect.

About cookies

A cookie is a small text file consisting of letters and numbers that is stored on your browser or device when you visit our website www.invoicery.dk. Cookies are used to improve your user experience and to analyze how you use our service. We also use cookies to target marketing to you.

If you want to read more about cookies and how we use them, further information is available on our website www.invoicery.dk/en.

Contact details for the data controller and data protection officer

Personal data controller:

Invoicery Danmark ApS c/o Stockholmsgade 45 2100 Copenhagen Ø

CVR number: 40024018

Telephone number: +45 72 17 08 80

E-mail address: info@invoicery.dk

Data Protection Officer:

Our Data Protection Officer monitors that we follow applicable laws and that we process your personal data correctly. If you want to get in touch with our data protection officer, please send an email to dpo@invoicery.dk.