Privacy Policy

1.

Introduction

1.1.

This privacy notice explains how Trebo ApS ("Trebo", "we", "us", "our") processes personal data in various situations. We provide you with this information as we are required to do so under the General Data Protection Regulation (the "GDPR").

1.2.

Below, please find information on the various situations where we process personal data:

2.

Controller

2.1.

Trebo acts as a data controller for the processing of personal data in connection with the below mentioned purposes. You can find our contact details in section 13.

3.

Description of the processing

3.1.

Below, please find the specific purposes for our data processing, the categories of personal data that we process, the legal basis for such processing, and the retention periods that we have decided (in specific situations, we may defer from our general retention periods in case of e.g., complaints, objections, or other specific situations).

4.

Business purposes

Purpose

Categories

Legal basis

Retention

Communicating with you when you represent a customer, partner, supplier, or another third party. 

Name and contact information, title, and position. The relationship to the business that you represent.

Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing business contacts and fulfilling any agreement, we may have concluded with the company you represent. 

As long as the business relationship exists and up to 2 years after the end of the financial year in which the customer or supplier relationship has ended.  

Managing and answering general inquiries.

Name and contact information, title, and position. The subject of your inquiry.

Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing general inquiries.

Up to 12 months after the last communication.

Bookkeeping purposes.

Information stated on invoices etc.

Article 6(1)(c) of the GDPR, c.f. Section 12(1) of the Danish Bookkeeping Act.

Up to 5 years after the end of the financial year in which the customer or supplier relationship has ended. 

5.

Website operations

Purpose

Categories

Legal basis

Retention

To ensure the functionality and security on our website

User login, account management etc.

Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in ensuring the functionality and security of our website.

See our Cookie policy.

To compile statistics in order to optimize the user experience on our website and the services we offer.

Activity on our website, including location, IP-addresses, browser used, time and date of access, operating system, pages visited, web requests etc.

According to the Danish Executive Order on Cookies we are required to obtain you consent to use performance cookies for statistical and analytical purposes. At the same time we obtain your consent to the processing of your personal data, c.f. Article 6(1)(a) of the GDPR.

See our Cookie policy.

Tracking website visitors for marketing purposes, including targeted advertising that are relevant to you, and thus more valuable to publishers and third-party advertisers.

Activity on our website, including location, IP-addresses, browser used, time and date of access, operating system, pages visited, web requests etc.

According to the Danish Executive Order on Cookies we are required to obtain you consent to use targeting cookies for marketing purposes. At the same time we obtain your consent to the processing of your personal data, c.f. Article 6(1)(a) of the GDPR.

See our Cookie policy.

6.

Recruitment

(see also section 10 below)

Purpose

Categories

Receipt of applications etc. and conducting interviews

As part of the recruitment process, we will receive and process the personal data that you have included in your application, CV and any other material that you may have forwarded along with your application such as name, contact details, competence profile, current position, education, qualifications and information on current salary.We may also ask you to send us additional information, including information about your previous employments, work assignments, skills and performance, and information about your personal appearance and interpersonal skills. 

Review of social media

If relevant, we will obtain available information published by you on social media, such as LinkedIn and Facebook.

Processing references

If we wish to obtain references, we will first ask for your approval. Unless you are otherwise specifically notified by us, the information we obtain in that connection will include the following categories: Information about your previous employments, including information relating to work assignments, skills and performance.

Use of personality tests and competency tests

We may use a personality test and/or a competency test to identify your personal preferences and skills, forming a basis for a dialogue with you about your personal resources and conduct. 

Review of criminal records

During the recruitment process, we may ask you to show your criminal record certificate. Whether a criminal record certificate is required depends on the position, including the responsibilities and powers involved.

Job interviews

If you progress in the recruitment process, we will conduct interviews where we will focus on your professional and personal skills etc. We will write down some of the information disclosed during the interview(s). 

6.1.

If your application is rejected, we will generally delete the personal data about you when the recruitment process is completed and generallyno more than 3 months after the date when you were informed of the rejection.

Unsolicited job applications will be stored for 6-12 months, provided that your consent has been obtained.

If we employ you, the personal data that we have processed during the recruitment process will, if relevant, be stored in your personnel filein accordance with the applicable retention periods. In that case, you will be further notified.

6.2.

The legal basis the processing referred to above is Article 6(1)(f) of the GDPR as we pursue the legitimate interest in the processing of the personal data being necessary for our assessment of your personal skills. If we offer you a position, we will process the personal data necessary for staff administration purposes. In that case, you will receive further information on this. The legal basis for processing personal data stated in the application documents is article 6(1)(b) of the GDPR as it is necessary to process the personal data for the purpose of drafting an employment agreement.

7.

Categories of recipients

7.1.

We disclose your personal data to our relevant business partners, including external advisors.

7.2.

Further, we make your personal data available to our processors who for example, host, develop, and support our IT systems.

7.3.

Moreover, please refer to our cookie policy in relation to third party providers and recipients.

8.

Transfer to third countries

8.1.

We transfer your personal data to our processors located in third countries. This includes the United States.

8.2.

The legal basis for our transfer is the Commission Decision of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.

8.3.

If you want additional information about our transfer of personal data to third countries, including a copy of the above-mentioned standard contractual clauses, you may make a request for such additional information by contacting us (see section 9 below).

9.

Your rights

9.1.

As a starting point and depending on the specific situations, you have the following rights:

  • Right to withdraw consent: Where you have given your consent for our processing of your personal data, you have the right to withdraw your consent at any time. You can withdraw your consent by contacting us (see contact details in section 9 below). If you withdraw your consent, the withdrawal will not affect the lawfulness of processing that has already been carried out based on your consent.
  • Right of access: You have the right to have confirmed whether collection or processing your personal data has taken place, and, if so, you have the right to request a copy of your personal data in a digital format.
  • Right of rectification: You have the right to require that we correct any inaccurate personal data, and that we complete incomplete personal data.
  • Right of erasure: In certain circumstances, you have the right to request that we erase personal data concerning you; for example, if it is no longer necessary for the purposes in which it was originally collected.
  • Right to restrict processing: In certain circumstances, you have the right to request that we restrict the processing of your personal data, for example, if you believe that the personal data is not accurate or lawfully processed.
  • Right to object to the processing: In certain circumstances, you have the right to request that we stop processing your personal data. 
  • Right to data portability: In certain circumstances, you have the right to receive the personal data you have provided us with in a structured, commonly used, machine readable format, and the right to have us transmit the data to another entity, where technically feasible.

9.2.

You can read more about your rights in the Danish Data Protection Agency's guidelines on data subjects' rights, which is available at datatilsynet.dk (in Danish) and at datatilsynet.dk (in English). Please contact us if you wish to exercise any of your rights. The relevant contact details are stated below.

10.

Complaint to a supervisory authority

10.1.

If you want to lodge a complaint with a supervisory authority about our processing of your personal data, you can do so by contacting the Danish Data Protection Agency via their website, www.datatilsynet.dk.

11.

Mandatory processing of personal datatment

(relevant for recruitment purposes)

11.1.

Under the data protection rules, you are entitled to be informed of whether the provision of personal data is a statutory requirement, or a requirement necessary to enter into a contract, and of whether you are obligated to provide the personal data and of the possible consequences of failure to provide such data.

11.2.

It should be noted in that respect that under the Danish Health Information Act, an employee must state of its own motion or at the employer's request to that effect whether the employee knows that (s)he suffers from an illness or shows symptoms of an illness which will significantly affect the employee's ability to carry out the work in question. Further, as a potential future employee, you are subject to the general duty of transfer which means that you must not knowingly withhold information that may be relevant to your opportunity for being employed. Moreover, it should be noted that if you are offered a position, we will use certain personal data about you to draft your employment agreement, including your name and address; see the provisions of the Danish Employment Contracts Act.

11.3.

If you do not wish to provide the information that you are required to provide under the provisions of the Danish Health Information Act and/or according to your duty of transfer or the information necessary for drafting an employment agreement, or any other information which we are required to collect from you by law, we will be unable to offer you a position. 

12.

Cookie policy

12.1.

Cookies are small text files that are placed on your computer by websites that you visit. Websites use cookies to help users navigate efficiently and perform certain functions. Cookies that are required for the website to operate properly are allowed to be set without your permission. All other cookies need to be approved before they can be set in the browser.

  • Strictly necessary cookies: Strictly necessary cookies allow core website functionality such as user login and account management. The website cannot be used properly without strictly necessary cookies.
  • Performance cookies: Performance cookies are used to see how visitors use the website, eg. analytics cookies. Those cookies cannot be used to directly identify a certain visitor.
  • Targeting cookies: Targeting cookies are used to identify visitors between different websites, eg. content partners, banner networks. Those cookies may be used by companies to build a profile of visitor interests or show relevant ads on other websites.

13.

Contact

13.1.

For any questions, please contact us through the following methods:

Trebo ApS
Herstedvang 10
2620 Albertslund
Denmark
hello@trebo.dk