Data controller
We are the data controller for the processing of the personal data we process about our customers and business partners. Please find our contact details below.
Pandektes ApS
CVR no.: 43620002
B!NGS Vesterbrogade 149, Building 12, 5th floor
1620 Copenhagen V, Denmark
If you have any questions about the processing of your personal data, you can contact us via [email protected].
Processing activities
As data controller we have the following processing activities:
Communication with potential customers
When you have questions about our site or want to hear more about our services, you can contact us via:
Email: [email protected]
Phone: +45 2428 9098
We will process your personal data in order to be able to enter into a dialogue with you, for example to answer your questions about our services. We only process the information you share with us for the purpose of assisting you and communicating with you.
We will typically process the following general information: name, email, job title, phone number.
Our legal basis for processing this personal data is consent, cf. GDPR art. 6 (1)(a) and/or that processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, cf. GDPR art. 6 (1)(b).
We will only store your personal data as long as it is necessary. Should a need to store your personal data for a longer period of time arise in a specific case, this may be the case.
Customers
We need to communicate with our customers to ensure that the service is delivered correctly. In doing so, we may process information about name, address, services, special agreements, payment information and the like.
The basis for processing this personal data is GDPR art. 6 (1)(b) and our legitimate interest in managing customer relationships, cf. GDPR art. 6 (1)(f).
When you use our platform, we collect information about your activity for analytical and statistical purposes. This information is collected both to optimise product development and to be able to present it to the user as part of the service. This includes information about how much the user utilises the artificial intelligence, including how much the user asks and how much they get back in response. We do not collect the content of the questions and responses.
Interactions on website
We collect information about your browsing activity for analytical and statistical purposes such as testing conversion rates and experimenting with new product designs. This includes, for example, the versions of your browser and operating system, your IP address, which websites you have visited and how long they took to load, and which website referred you to us. If you have an account and are logged in, this web analytics data is linked to your IP address and user account until your account is no longer active. The web analytics we use are further described in our cookie policy.
Our legal basis for processing this personal data is consent, cf. GDPR art. 6 (1)(a) and/or necessity for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, cf. GDPR art. 6 (1)(b).
Our newsletter
We have a newsletter that you can voluntarily sign up for – and you can always unsubscribe again. For this, we process your e-mail address.
The purpose of the newsletter is to send emails to subscribers with new information from the company, which may include new content on the website, updates on the platform, news from the company, or other relevant content.
Our legal basis for processing your personal data in connection with the newsletter is your consent, cf. GPDR art. 6 (1)(a).We will process your personal data as long as you are still subscribed to the newsletter. If you unsubscribe from the newsletter, we will also stop sending it to you. If we have not sent you a newsletter for 1 year, your consent will lapse due to our inactivity.
If you unsubscribe from the newsletter, we will store your previous consent for 2 years after it was last used due to limitation requirements, cf. the Danish Consumer Ombudsman's spam guide section 11.3.
Statistics and analytics
We collect personal data about you to perform statistics and analytics for development of our products and services. This legal basis is found in Article 6(1)(f) of the GDPR. You can object to this processing at any time by contacting us (see the first section for our contact details).
Job applications
We welcome job applications in order to assess whether they match an employment need in our company.
If you send us your job application, our legal basis for processing your personal data is consent, cf. GDPR art. 6 (1)(a) and/or necessity for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, cf. GDPR art. 6 (1)(b). We store your data only as long as necessary or as long as required by law.
If you have sent an unsolicited application, we will immediately assess whether your application is relevant and then delete your data again if there is no match.
If you have submitted an application for an advertised job, we will dispose of your application in the event that you are not hired and immediately after the right candidate has been found for the job.
If you are part of a recruitment process and/or hired for the job, we will provide you with separate information about how we process your personal data in this connection.
If it becomes necessary for the position you have applied for and in exceptional circumstances, we will ask for your explicit consent to process any health data (Article 9(2)(a) of the GDPR).
Use of services
We have built an anonymisation tool with artificial intelligence so that the tool itself recognises most personal data, saving a lot of time when anonymising decisions.
The tool processes personal data and is built for optimal compliance and security.
The decisions are temporarily stored on a server’s memory (RAM) and then deleted after the decision has been anonymised.
Personal data may be processed when you upload documents and ask questions in order to use our services. Pandektes ApS is data processor and not data controller in this regard. The information is not used for training or other purposes.
Social media
If you visit our social media profiles, we may process your personal data as the data controller. In some cases, we act as joint data controllers together with the provider of the social media platform and has entered into a joint data controller agreement. We refer you to the individual social media providers’ privacy policies for more information about their processing of your personal data.
We have the following social media profiles;
- LinkedIn (LinkedIn Ireland Unlimited Company)
- See LinkedIn’s privacy policy here: LinkedIn Privacy Policy
- You can customise your privacy settings here: Manage your account and privacy settings | LinkedIn Help
When you visit our social media profiles, we and the social media provider may process the following personal data about you:
- Publicly available information on the platform such as user information (name, email, phone number, address), gender, workplace, interests etc.
- Any likes, comments, posts, messages, and other interactions with our social media profile page
- Other personal data you may share with our profile
We process your personal data for the purpose of analysis and statistical purposes, to improve and develop our business and services.
The social media providers may process your personal data for their adverting and sales initiatives, to provide us with statistics data about you visit to social media profile and to improve their social media offerings, features and products.
We may process your personal data to communicate with you, for marketing purposes on our social media profiles, and to improve our business, products, and services, cf. Article 6(1)(f) of the GDPR.
Data processors
Few people can do everything themselves, and the same goes for us. We therefore have partners and use suppliers, some of whom may be data processors.
External suppliers may, for example, provide systems to organise our work, services, consulting, IT hosting or marketing.
You can read more about this in our licence terms.
It is our responsibility to ensure that your personal data is processed properly. Therefore, we place high demands on our business partners, and our partners must guarantee that your personal data is protected.
We therefore enter into agreements with companies (data processors) that handle personal data on our behalf to enhance the security of your personal data. A list of data processors can be forwarded upon request.
Third countries
We generally use data processors in the EU/EEA or who store data in the EU/EEA.
In some cases, where it is not possible to find a suitable processer in the EU/EEA, we may use data processors in third countries if they can provide your personal data with adequate protection. When transferring your personal data to data processors in third countries, it will always be in compliance with EU requirements. For EU-US transfers, the transfer is based on the EU-US Data Privacy Framework.
We currently use the following data processor in the USA:
Intercom, Inc., USA, Intercom processes the user's name and email in connection with submission of feedback and support enquiries.
Security of processing
We have high standards for security, also when it comes to the protection of your personal data. Therefore, we have a number of internal procedures and policies to ensure that we live up to our high security standards and meet the requirements of implementing appropriate technical and organisational security measures. In doing so, we do our best to ensure the quality and integrity of your personal data.
Storage and erasure
We delete your personal data when we no longer need to process it to fulfil one or more of the purposes stated above. However, specific regulation, including the Danish Bookkeeping Act, the Danish Money Laundering Act, and the Danish Act on Limitation, may give us the obligation or right to retain it for a longer period of time. The data may also be processed and stored longer if it is anonymised.
Data collected in connection with the development of existing or potential customer relationships is stored for as long as it is relevant to the existing or potential customer relationship and for an additional period of up to six months.
Personal data included in accounting material is stored for five years from the end of the financial year, after which the data is deleted. The retention period is determined on the basis of the retention requirements in section 10 of the Danish Bookkeeping Act and is therefore done in order to comply with applicable legislation.
Once every 24 hours, we delete all personal data from documents you have shared with us when using our services. This means that we safely store this data for up to 47 hours maximum.
Data subject rights
If you want to exercise your rights, please contact us so we can assist.
As a data subject, you have the following rights, subject to conditions and exceptions set out in applicable law:
Right of access
You have the right to access the data we process about you, as well as a range of additional information, with certain exceptions set out in applicable law.
Right to rectification (rectification)
You have the right to have inaccurate information about yourself corrected.
Right to erasure
If you request it, we will delete the personal data we have registered about you without undue delay, unless we can continue processing on another basis, for example if the processing is necessary to establish or defend a legal claim, if it is necessary to respond to an enquiry from you, or if we are required by law to retain the data.
Right to object
In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You can also object to the processing of your data for direct marketing purposes.
Right to restrict processing
In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to restrict processing, we may in future only process the data - except for storage - with your consent, or for the establishment, exercise or defence of legal claims, or to protect a person or important public interests.
Withdrawal of consent
When our processing of your personal data is based on your consent, you have the right to withdraw your consent.
Making a complaint
If you would like to make a complaint about our processing of you personal data, you are welcome to contact us. Our contact details are listed in the first section above.
You also have a right to file a complaint to the Danish Data Protection Agency (Datatilsynet) if you are dissatisfied with the way we process your personal data.
The Danish Data Protection Agency (Datatilsynet)
Carl Jacobsens Vej 35
2500 Valby, Denmark
Telephone: +45 33 19 32 32 00
E-mail [email protected]
Updating our privacy policy
Pandektes ApS may update this privacy policy when this is necessary to provide a fair description of our processing of personal data.
This privacy policy was last updated in June 2024.