Copus ApS, reg. no. 37622192
Identity of the data controller
- Copus ApS
- Studiestræde 14 A, 4., 1455 Copenhagen C
- Company registration number: 37622192
We are processing your personal data in accordance with the General Data Protection Regulation (GDPR) and any national regulation applicable to us.
Purpose of processing
Non-sensitive personal data
We may collect the following non-sensitive personal data about you when you sign up as a customer/user
- EMPLOYEE RELATIONSHIPS
- AREA OF WORK
- DATE OF BIRTH
We process non-sensitive personal data on the basis of Article 6 in the GDPR, more specifically, our legal basis for collecting and processing personal data is for each service outlined below:
The processing of your data is either based on:
- Consent – processing is based on an obtained consent from you.
- Contract – processing is necessary to fulfil a contractual obligation with you or entering into such obligation.
- Legal obligation – it is required by law that we process the personal data.
- Vital interest – processing is necessary in order to protect the vital interests of you or of another natural person.
If the processing is based on your consent, you may at any time withdraw your consent by contacting us.
Transfer of personal data
We may share or transfer your personal data to a country or territory outside the EU/EØS, namely Switzerland due to the company’s activity in the country. Switzerland and our Swiss department ensure an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data in accordance with the GDPR laws, which is also applicable in Switzerland, as well as the Swiss Federal Data Protection Act. We will not share your personal data to any third-parties without your consent, unless it is specifically stated or required by law that we do so.
Use of personal data
When we store and process personal data that we have received from you, we always take every step possible to store it in a secure manner. However, we cannot guarantee that your data is 100% secure as we cannot guarantee that the data will not be accessed or otherwise misused as a result of an unlawful act or similar. We do take all necessary precautions to keep your data safe. When you give us access to- or transfer personal data to us - you do so at your own risk.
The following security measures are in place to keep your data safe:
- Firewalls & anti-virus
- Online multi-factor authentication
- Internal policies & password protection
To further increase the level of security, we have “deletion policies” in place. Personal data is kept for a maximum period of 12 months from after the purpose of the processing has ended, though we aim to delete it as soon as it has served its purpose.
Access to your information
Right to access:
GDPR Article 15: You have the right to obtain a confirmation from us as to whether or not personal data concerning you is being processed, including information on the purpose-, categories-, recipients- , and time of storage of the processing.
Right to rectification:
GDPR Article 16: If you figure out, that the data that is being processed about you is inaccurate or incomplete, you have the right to get that data rectified. We will communicate any rectification or erasure of personal data to any recipient to whom the personal data has been originally disclosed, unless it proves impossible according to Article 19.
Right to erasure and restriction of processing:
GDPR Article 17: You also have the right to get your personal data erased, if the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed. Please see Article 17 for the full list of reasons for your right to erasure. GDPR Article 18: You have the right to restrict the processing of your personal data if it is (i) inaccurate; (ii) unlawful; (iii) the purpose of the processing has changed; or (iv) you have objected to the processing according to Article 21.
Right to data portability GDPR Article 20:
You have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format. You can also request that we transmit your data to another party.
Right to object GDPR Article 21:
You have the right to object to the processing of your personal data if it is being used for profiling or direct marketing purposes.
We use data processors to be able to deliver our services and run our business. We have listed the various categories of handling, its purposes and the supplier in the below table.