Privacy policy


Privacy policy – GapSolutions

GapSolutions A/S (CVR: 38582356) is data controller for the personal information we process about you. That means, it is our responsibility, that your personal information is processed in accordance with the legislation, this includes the principles in the General Data Protection Regulation (GDPR) art. 5.

As data controller it is our duty to inform you of the personal information we process, why and how we process them, how long we retain them and how you can reach us regarding your information, as well as how you can exercise your rights in this regard.

This Privacy Policy covers all this for a range of different situations. If your situation is not covered in this policy e.g., if you are an employee, we have separate documents with further information, we will make available for you.

Contact information:

If you wish to contact us regarding the processing of your personal information, your can do it on:

Uraniavej 6, 8700 Horsens
and/or
+45 8844 0808

Processing of personal information

Personal information is any information that, to some extent, can be attributed to an individual, directly or indirectly. This privacy policy describes how we process your personal information, from the time we collect it, store and use it, until we delete it. We only process information about you if it is necessary and fulfils a specific purpose. We always process your personal information confidentially.

Data protection

It is our responsibility to protect all personal information in our custody against accidental or illegal destruction, loss, alteration, unauthorised disclosure or unauthorised access. Therefore, we have implemented both technical and organisational measures to ensure their security. We will furthermore ensure that processing only takes place when we can comply with all our obligations under data protection.

We keep information up to date

As our services depend on our information about you being accurate, we ask that you keep us informed about relevant changes. You can always make use of the contact details above to let us know about any changes. We will update your information accordingly. If we become aware of minor discrepancies in the information we hold about you, such as spelling errors in your name or address, we will correct it accordingly.

How did we get your information?

We gather personal information about you in a variety of ways, e.g.:

  • By providing information yourself, for example by completing a questionnaire, filling out a form on our website, or contacting us by phone.
  • When you comment or follow us on social medias, like LinkedIn.

We always have a specific purpose, when processing your personal information. Below, you can see our purposes. For every type of processing, you can also see our legal basis for the processing. The legal basis means we can point to a law, which allows our processing. You will also be able to see our retention periods for the information we process. We have sorted our processing activities into headlines, to make it easier for you to find the information that pertains to your specific situation.

Services/products

When buying our service

When you buy services from us, we will collect and process the following information about you:

  • Name.
  • E-mail.
  • Phone number.
  • Title.
  • Signature.

Our purpose for processing your information is to receive and process your order, so we can deliver our service.

Our legal basis for processing your information is:

  • Necessity for our fulfilment of a contract with you (GDPR art. 6(1)(b))

We will as a rule delete the information no later than 5 years after completed service.

When we are the data processor

We provide our services to other companies, and in doing so, we become a data processor for them. It is always the data controller that must provide information about purpose and legal basis. Thus, if we process your personal information as data processor for another company, we cannot inform you about any specifics. You should reach out to the data controller for further information. If you reach out to us, we cannot respond to your request but are instead required to pass it on to the relevant data controller in accordance with the data processing agreement governing our business relationship.

Transmission of personal information

We sometimes have third parties store and process information for us. That makes them a data processor for us. When we take on a data processor, we make sure to have a data processing agreement in place with them. They will only process the information on our behalf and will not be allowed to use the information for their own purposes.

We prioritise suppliers located within the EU or in third countries covered by adequacy decisions from the European Commission, cf. GDPR art. 45.

In some situations, your information will be passed on to other data controllers, such as SKAT, banks, accountants et cetera.

Unsafe third countries

We make use of some data processors/suppliers in unsafe third countries. When legislation in those countries does not offer the same level of protection as we have here in the EU, we have stricter obligations to protect your personal information.

When we transfer personal information to recipients in the USA, we do so based on e.g., The European Commissions standard contractual clauses (GDPR art. 46(2)(c)) or Data Privacy Framework (GDPR art. 45(9)].] If you wish to know more about whether your personal information is transferred and the steps we have taken to protect it, you can reach out to us to learn more. You can also request our documentation for appropriate safeguards.

Customer service, support, & sales

When you reach out to us by mail, phone, website contact form, or ordinary post, we will process the following information about you:

  • Your contact information as well as the contents of your inquiry.

Our purpose for processing this information is to respond to your inquiry and to uphold our customer service standards.

Our legal basis for the processing is:

  • We process your personal data in order to provide you with a service in connection with a contract (GDPR art. 6(1)(b)).
  • We process your personal data based on a legitimate interest in being able to respond to your questions and, where appropriate, engage in a follow-up conversation to identify your needs (GDPR art. 6(1)(f)).

We delete your information when it has served its purpose. Whether the purpose has been served is assessed based on the nature of each specific inquiry. We will process your information for as long as we have on-going correspondence with you. Once that correspondence is completed, any issues fixed, and if the contents require no further action, we will delete your information.

When you find us online

Our website

Cookies
A cookie is a small text file, saved to your computer, tablet or phone. A cookie is not a program that can contain viruses or other harmful software.

Some cookies are necessary to make websites work at all. With cookies, a website owner can also build statistics for the use of the website, as well as map how visitors navigate the site. This way, they can continue to improve the site and customize it for specific needs and interests. Many websites use the information gathered to show content customised for the individual user.

When you first visited our website, you were met with a cookie banner, informing you about the cookies we use. You also had the opportunity to decline all cookies; they are not strictly necessary for the functionality of the website.

Strictly necessary cookies:

If no cookies beyond the strictly necessary ones are active, we will only process the following personal information about you:

  • Cookie-consent status, IP-address and dynamic IP-address

Our purpose for this processing is:

  • Saving your cookie-choices, so we can respect your rejection of all optional cookies.
  • Managing the necessary content, functionality and security of our website.

Our legal basis for this processing is:

  • Our legitimate interest in adhering to your rejection of optional cookies (GDPR art. 6(1)(f))
  • Our legitimate interest in stable and secure management of our website (GDPR art. 6(1)(f))

The few types of personal information we process, when only strictly necessary cookies are in play, will be deleted either as your session on our website ends, or when you close your browser (session cookies), or when we have anonymised the information for analysis of security measures on the website.

Optional cookies:

If you consented to the use of one or more types of optional cookies, we also process the following information about you:

  • IP-address, dynamic IP-address, and cookies or information, that appears on a contact formular, such as name, phone number and e-mail.

Our purpose with the processing varies, depending on the exact cookies in use. You can find more detailed information about our cookies in our cookie policy: https://gapsolutions.dk/cookiepolitik/

Our various purposes for our use of cookies can be summarised as follows:

  • Regarding the optional statistical/analytical cookies: Our ability to use information about your visit to the website, for aggregating anonymised statistics, for overall use of our website.
  • For marketing cookies: Our ability to exchange information with our business partners about your tracked activities across different websites, so we and our partners can use the information for marketing to your interests.

Our legal basis for all of the above is:

  • Your consent given via our cookie banner (GDPR art. 6(1)(a))

We will delete the information, when it has served the purpose for which we collected it. This means that the criteria that trigger deletion, are as follows:

  • When your visit on our website ends, or you close your browser (session cookies).
  • When the information has been anonymised for statistics and analyses.
  • When you revoke your consent.
  • When the consent you gave expires automatically – this may vary by cookie.

You can always read more about cookies in our cookie policy, which can be found here https://gapsolutions.dk/cookiepolitik/ where you can also revisit and adjust your consent options.

Newsletters

When you sign up for our newsletter, we will process the following information about you:

  • Name.
  • E-mail.

Our purpose is to send you a newsletter that you will find relevant to your interests and preferences, and to assess our success at achieving that goal.

Our legal basis for this processing is:

  • Your consent to receive our newsletter (GDPR art. 6(1)(a))

We will delete your personal information, when you revoke your consent. You can freely revoke your consent at any time, by using the “unsubscribe”-link included in all newsletters or reaching out to us directly to revoke your consent.

Social media

When you like and/or follow us on social media, we get access to the following information about you:

  • Your name.
  • Your likes, and your comments.
  • The contents of your message to us.
  • Any backend statistics for our page, aggregated from user interactions. We only have access to this information after it has been pseudonymised, and only the Social Media platform could identify you. More info on this and how your personal information is used to aggregate statistics will be available to you on the social media platform in question.

Our purpose with this processing is to keep interested followers updated on among others, new points of attention, new employments, events et cetera.

Our legal basis for the processing is:

  • Our legitimate interest in marketing our business/products (GDPR art. 6(1)(f))

LinkedIn

We have joint controllership with LinkedIn regarding the information collected about you, when you interact with our company profile. This means that we cooperate with LinkedIn, when it comes to establishing and delegating responsibilities for our compliance regarding the processing of your personal information.

We have an agreement regulating this joint controllership, which you can find here: https://legal.linkedin.com/pages-joint-controller-addendum

If you do not have a personal LinkedIn-profile, LinkedIn collects information about the device you use, when accessing LinkedIn, your location/geodata, and information about your activity on LinkedIn. Any information your cookie settings allow to be tracked as regards your visits to other websites, will also be collected.

If you do have a personal LinkedIn profile, LinkedIn collects the same information as above. In addition to this, LinkedIn also collects any information, you have consented to, through creating your user profile, ie. Your reactions, comments, shares and any other activities on LinkedIn connected to your profile.

Of all the information gathered by LinkedIn, we only receive that which you give us through direct interactions, e.g.: messages, likes/reactions, or comments. Beyond that, LinkedIn Page Analytics gives us access to anonymised statistics based on the information LinkedIn collects as described previously.

If you wish to delete the information LinkedIn has about you, you can delete your user profile. If you choose to do that, all of your posts, pictures and information will be deleted. If you have any questions regarding the inner workings of LinkedIn Page Analytics, please contact LinkedIn directly.

Facebook (Meta platforms)

We have joint controllership with Meta regarding the information collected about you, when you interact with our company profiles on Facebook, Instagram, or Threads. This means that we cooperate with Meta, when it comes to establishing and delegating responsibilities for our compliance regarding the processing of your personal information.

We have an agreement regulating this joint controllership, which you can find here: https://www.facebook.com/legal/controller_addendum

Meta uses Insights on their platforms to collect and aggregate statistical data about user activities, these include age, gender, relationship status, work, lifestyle, interests, purchase information, and geodata. For this purpose, Meta places a cookie on your device, when you visit one of their platforms. Every cookie contains a unique identifier, which remains active for 2 years unless deleted before the end of that period. Meta collects your personal information by using these cookies, and they store and process your information for the mentioned statistics. We receive these statistics, but not the raw data, they are built on. You can read more about Meta’s use of cookies on Facebook here and on Instagram and Threads here.

We do not pass along any information about you that we receive from Meta. Meta may do so, however, and we encourage you to read more about their information exchange with third parties in their Privacy Policy.

If you wish to delete Meta’s cookies from your devices/browsers, you can see how in our cookie banner or you can contact Meta for further information.

Meta will process information about you even if you do not have an account on one of their platforms. You can read more about this in Meta’s policy here.

Our organisation

Suppliers and business partners

When we enter contracts with suppliers or other business partners, it is necessary for us to collect and store information about their points of contact/account managers. We typically limit such processing to just:

  • Name.
  • E-mail.
  • Phone number.
  • Position.
  • Signature.

Our purpose with this processing is to adhere to our obligations and commitments under our contracts as well as ensure efficient communication.

Our legal basis for this processing is:

  • Our obligations and commitments under our contract (GDPR art. 6(1)(b))

Any information collected for this purpose will typically be deleted once a contract is fulfilled, unless we have specific reason to retain them for longer, e.g. a warranty period or to enable complaints.

We are required by law to retain our bookkeeping materials for 5 years from the end of the year they were filed. This may include some personal information, which will then be deleted along with the rest of the bookkeeping materials, once the retention period has passed – unless we have other reasons for keeping them, such as warranties or complaints.

Recruitment

If you apply for a position with us, we will process all the information included with your application, CV, and any other attached documents. We may choose to reach out to any references you have included with your application. Any information about you collected from those references will be processed with your application. Please note: We do not need you to include your CPR-number with your application.

Our purpose with collecting information about you in the recruitment process is to assess, whether you are the right candidate for a position with us.

Our legal basis for this processing is:

  • Our legitimate interest in assessing your qualifications and skills pertaining to the position we are seeking to fill (GDPR art. 6(1)(f)).

If, during the recruitment process, we collect and process your CPR number or any information about criminal convictions and offences, we do so in accordance with the following:

  • If you are applying for a position, for which we require to see your diplomas or other papers and documentation, and if your national identification number / CPR-number appears in that documentation, we process it for the purpose of verifying the authenticity of your documents in order to establish, exercise, or defend against legal claims. The legal basis for this is (Danish Data Protection Act § 11, subsection 2, no. 4, cf. § 7, subsection 1 cf. GDPR art. 9(2)(f)).
  • If we find it relevant for the position, you are applying for, we will require your certificate of criminal record/ “straffeattest”. We do this for the purpose of ensuring your suitability for the position, and our legal basis is your consent (Danish Data Protection Act § 8, subsection 3.

If you include sensitive personal information with your application, we will process it based on the following legal basis:

  • Our legitimate interest in assessing your potential future with us, and a necessity for assessing and establishing any legal claims related to the recruitment process. (GDPR 6(1) (f & c) and (GDRP art. 9(2)(f)).

We will keep your application with addendums for up to 6 months beyond recruitment being finalized. After that point, your information will be deleted. Our purpose for this retention is to protect ourselves against any legal claims resulting from the recruitment process.

If we find your profile to be of interest, albeit not for any currently open position, we may wish to keep your application with addendums for potential future positions opening up. If this is the case, we will reach out to you, to get your consent for this continued retention. (GDPR art. 6(1)(a))

If you send us an unsolicited application, we will keep it for a maximum of 6 months, after which we will delete it.

According to data protection legislation, you have the right to be informed, whether giving us your personal information is a requirement by law, or a necessity for entering into a contract with us. You also have the right to be informed of any consequences of not giving us the information we ask of you.

Please note that according to the Danish Health Information Act, before an employee takes up a new position, they are required to divulge, whether they know they have a condition or symptoms of a condition that will have significant impact in their ability to carry out the tasks associated with the job. This means you must let us know of such conditions or symptoms, either when asked or by your own initiative, and if you do not, it may mean you cannot remain in the position.

Furthermore, it should be noted that if you are offered employment, we will need certain personal data about you in order to prepare your employment contract, including, among other things, your name and address, in accordance with the provisions of the Danish Act on Employment Contracts. If you do not wish to provide the information that you are obliged to provide in accordance with the Danish Act on Health Information, as well as the information necessary for the preparation of an employment contract, it will not be possible to offer you employment.

Your rights

By reaching out to us you can exercise your data subject rights. This means you can make a data subject request to:

  • gain access to any personal information we have about you
  • rectify any erroneous personal information about you
  • request deletion of your personal information
  • have the processing of your personal information restricted
  • receive your personal information for the purpose of moving it to another data controller (data portability)
  • object to our processing of your personal information. Whether or not we can accommodate your objection depends on an assessment of e.g. legitimate interest (GDPR art. 6(1)(f)). You will receive an explanation of that assessment and its results.

Some processing activities are based on your consent (GDPR art. 6(1)(a)). If you give your consent for us to process your personal information, it must be freely given and will have no negative consequences for you, if you do not give your consent, if you only consent to specific parts of the processing, or if you withdraw your previously given consent. Withdrawal of consent can happen at any given time by reaching out to the contacts above. If you choose to withdraw your consent, it will have no bearing on the lawfulness of our processing of your information in the period from when your consent was given and until you withdrew it.

When you reach out to us with a request to exercise your above-mentioned rights, we will get back to you within one month. If we cannot accommodate your request, we will let you know the reason why.

To exercise your rights, or if you have any questions regarding the above, you may contact us. Our contact details can be found at the top of the page.

If you are not satisfied with our handling of your personal information or your data subject request, you have the right to lodge a complaint with the supervisory authority: Datatilsynet.