1. WHO ARE WE?
The company responsible for the processing of your personal information is:
DK-1401 Copenhagen K
Company registration no. (CVR) 15 69 04 88
Telephone number +45 88 52 80 00
2. WHY DO WE PROCESS YOUR PERSONAL INFORMATION AND WHAT IS OUR LEGAL BASIS?
We process personal information about you for the following purposes:
- to provide you with the products or services you have requested and for which we have collected the information
- for communication with you regarding the products and services
- Processing of your personal information for the purposes described in a) and b) is necessary for the performance of the contract with you or in order to take steps at your request prior to entering into a contract. The legal basis is the Data Protection Regulation Art. 6, paragraph 1 (b).
- to get to know you better
- as part of our marketing and other communication
- to send you marketing content and offers tailored to your preferences and interests
- Processing of your personal information for the purposes described in c), d) and e) is necessary for our legitimate interest to market our products and services to you and to tell you about events in our stores. The legal basis is the Data Protection Regulation Art. 6, paragraph 1 (f).
- Where required by law we will only send you e-marketing if you have consented to this.
- investigations, statistics, and analyses in order to improve products, services, and technologies
- Processing of your personal information is necessary for our legitimate interest to continuously improve products, services, and technologies as well as the shopping experience when you shop with us. The legal basis is the Data Protection Regulation Art. 6, paragraph 1 (f).
- handling of claims you may file with us
- Processing of your personal information is necessary for the performance of the contract with you. The legal basis is the Data Protection Regulation Art. 6, paragraph 1 (b).
- Processing may also be necessary for our legitimate interest to comply with a legal obligation or to pursue a warranty claim or to improve quality of our products and services. The legal basis is the Data Protection Regulation Art. 6, paragraph 1 (c) and (f).
- If handling of claims requires the processing of health information We will only process such sensitive personal information if consent has been provided or if it is necessary for the establishment, exercise or defence of legal claims. The legal basis is the Data Protection Regulation Art. 9, paragraph 2 (a) and (f).
- CCTV Surveillance recordings
- Processing is necessary for our legitimate interest to ensure safety and to prevent theft and to document and report shoplifting to the police. The legal basis is the Data Protection Regulation Art. 6, paragraph 1 (f).
3. WHAT PERSONAL INFORMATION MIGHT WE PROCESS ABOUT YOU?
We only process personal information about you for the specific purposes mentioned above under Section 2, and We only process personal information that is necessary. We may process the following categories of personal data about you:
- Ordinary personal data such as:
- Basic contact details (e.g. your name, address, telephone number and email address)
- Photos (Occasionally, we may do photo recordings in our shops in connection with special events, e.g. store openings or re-openings, special sales or other campaigns. If we do such photo recordings, there will always be signs informing about this at the entrance to the store and - if a special event is limited to a certain area - in the immediate surroundings of this area. We may also process photos that you submit to us in relation to competitions in which you participate)
- Payment cards
- Purchase history
- Credit information
- Competition participation, results and information provided by you in connection with competition
- CCTV recordings
- Information provided by you in connection with filing of a complaint
- Sensitive personal information such as:
- If you file a customer claim including health information, Zebra collects and processes the necessary health information for the purpose of handling your claim. Normally, the health information is collected from you. We will only process sensitive personal information if consent has been provided, or if it is necessary to comply with a legal obligation, or to defend a legal claim.
4. HOW DO WE COLLECT PERSONAL INFORMATION ABOUT YOU?
We will normally collect your personal information directly from you. However, We may also collect personal information from another source than you, which may be:
- Online sources, e.g. social media
- Our affiliates and partners
5. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?
We may share your personal information with:
- Other group entities, subsidiaries and partner entities. You may find information on the entities we may disclose your personal data to here: Zebra Group
- Suppliers and vendors that We work with, such as supplier of products that we sell, service providers, technical support, IT consultants, supply services and financial institutions, including insurance companies.
- Public authorities such as Tax authorities, the national Police and the Danish Data Protection Agency (Datatilsynet).
- Social media platforms, such as Facebook, Instagram, YouTube, and Twitter.
- Distributors of e-marketing such as MailChimp
Where We engage a third party data processor to process personal information on our behalf, We will delegate such processing in writing, will choose a data processor that provides sufficient guarantees with respect to technical and organisational security measures governing the relevant processing, will obligate the processor to act on our behalf and under our instructions and to comply with all relevant legislation regarding the use of data processors. In addition, We will impose in writing appropriate data protection and information security requirements on such third party data processors.
From time to time, We may also need to disclose personal information to other parties, such as any person (natural or legal) or organisation to whom We may be required by applicable laws to disclose personal information, including, but not limited to, law enforcement authorities, financial institutions, and central and local government.
Personal information may also be disclosed in connection with a corporate restructuring, sale, or assignment of assets, merger, divestiture, or other changes of the financial status of Us or any of our affiliated entities.
Finally, personal information may also be disclosed if necessary to protect the legitimate interests of Us (unless this would prejudice the rights and freedoms or interests of you), or in our judgment to comply with applicable law, legal or regulatory obligations or regulatory inquiries or requests.
6. UNDER WHAT CIRCUMSTANCES WILL WE TRANSFER YOUR PERSONAL INFORMATION OUTSIDE THE EU/EEA?
In some cases, We will be transferring personal information to countries outside the EU/EEA - e.g. when using IT service providers in such countries.
Such transfers will only happen for the specific purposes mentioned above under Section 2, and We will always ensure that appropriate safeguards are in place for such transfer as set out below:
- The country/countries or company/companies has/have been deemed by the Commission of the European Union to have an adequate level of protection of personal data
- The country/countries has/have not been deemed by the Commission of the European Union to have an adequate level of protection of personal data. We will in such cases provide appropriate safeguards for the transfer through the use of "Model Contracts for the Transfer of Personal Data to Third Countries", as published by the Commission of the European Union, or any other contractual agreement approved by the competent authorities. You may obtain a copy of the contract/agreement by contacting Us at firstname.lastname@example.org.
7. FOR HOW LONG WILL WE RETAIN YOUR PERSONAL INFORMATION?
We will retain your personal information only for as long as it is necessary for the purposes for which the data was collected or later processed. As a general rule, We will store data on customer contracts and purchases for five (5) years from the end of the year, where the contract was entered into or the purchase completed. If necessary in order to fulfil the purposes mentioned above, we will store your information for an extended period. We may also retain your personal information for a longer period if we are legally required to do so or if retention is necessary for the establishment, exercise or defence of legal claims.
We have specific retention policies for the following type of personal information:
- Information processed for marketing purposes will be deleted upon your request
- Information processed in relation to customer claims will be deleted five (5) years after the case has been closed
- Information processed in relation to personal injury will be stored for a period of 10 years
- Recordings from CCTV surveillance will generally be deleted 30 days from the date of the recording, unless longer retention is necessary for the handling of a dispute
Information on criminal offences will be deleted upon final judgement has been delivered
8. WHAT IF THE PROVISION OF YOUR PERSONAL INFORMATION IS MANDATORY?
In some cases, the provision of at least some of your personal information is a requirement necessary to enter into a contract.
Therefore, if you refuse to share such personal data, we may not be able to provide the services you request.
9. WHAT ARE OUR SECURITY MEASURES?
We will implement security measures to protect your personal data against manipulation, loss, destruction, and against unauthorised access. We continuously revise our security procedure based on the newest, technological developments.
In practice, it is not possible to provide 100 % security, and therefore we cannot guarantee that the information is protected completely against anyone who will succeed in circumventing the security measures and gain access to the data. Thus, you provide your data information at your own responsibility.
10. WHAT ARE YOUR RIGHTS?
In general, you have the following rights:
- You have the right to request access to and rectification or erasure of your personal data.
- You also have the right to object to the processing of your personal data and have the processing of your personal data restricted.
- If processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent.
- You have the right to receive your personal information in a structured, commonly used and machine-readable format (data portability).
There may be conditions or limitations on these rights. It is therefore not certain for example you have the right of data portability in the specific case - this depends on the specific circumstances of the processing activity. Also, if you request to have your personal data deleted for example, we may not be able to provide the services you request.
You may always lodge a complaint with the data protection supervisory authority
Borgergade 28, 5.,
DK-1300 Copenhagen K.
Phone: +45 33 19 32 00