Privacy policy

Responsible for personal data

We are the data controller for the processing of the personal data we process about our customers and business partners. You can find our contact details below.

Huuray A/S
Carl Jacobsens Vej 16, 2. 11 2500 Valby.
CVR no.: 33948786

Huuray A/S DPO is: Ronnie Gasseholm, CTO. If you have any questions about the processing of your personal data, you can contact our DPO via dpo@huuray.com.

Processing of personal data

As a data controller under the GDPR, we have the following processing activities.

Visiting our website

When you visit our website, we use cookies to make the website work, which you can read more about in our cookie policy.

Communication with potential customers

When you have questions about our website or want to know more about our services, you can contact us via

  • Contact form
  • Email to us
  • Phone us

In doing so, we process your personal data so that we can initiate a dialogue with you, e.g. answer questions about our services. We only process the data that you provide us with in connection with our communication.
We will usually process the following general information: name, email, phone number.
Our legal basis for processing this personal data is Article 6(1)(f) of the General Data Protection Regulation.
We will delete our communication with you when it is clear whether you want our services or not.
If in individual cases there is a need to store your personal data for a longer period of time, we may do so.

Our customers

We need to communicate with our customers to ensure that the service is delivered correctly. In this context, we may process data about name, address, services, specific contracts, payment information and the like.
The legal basis for processing this personal data is Article 6(1)(b) of the GDPR.
Once the service has been provided and any outstanding issues have been resolved, we will delete the personal data immediately afterwards.

Our newsletter

We have a newsletter that is voluntary to sign up for – and you can unsubscribe at any time.
The purpose of the newsletter is to send emails to subscribers with new information from the company, which may include new content on the website, advertising our services.
We will only send emails to you if you have actively consented to this. This requires you to first enter your email address, after which we will send you an email to confirm your subscription. In this way, we ensure that you have actually signed up for the newsletter yourself, i.e. given active consent.
Our legal basis for processing your personal data (i.e. the e-mail address) in connection with the newsletter will be Article 6(1)(a) of the General Data Protection Regulation.
We process your personal data as long as you are still subscribed to the newsletter. If you unsubscribe from the newsletter, we will also stop sending it to you. If we have not sent you a newsletter for 1 year, your consent will expire due to our inactivity.
When you unsubscribe from the newsletter, we will store your now previous consent for 2 years after it has last been used due to statute of limitations rules, cf. the Consumer Ombudsman’s spam guide section 11.3.

Bookkeeping

We must store all accounting documents in accordance with the Danish Bookkeeping Act. This means that we store invoices and similar documents for bookkeeping purposes. This may include general personal data such as name, address and description of the service.

Our legal basis for processing personal data for accounting purposes is article 6.1.1 of the General Data Protection Regulation.
We keep this information for at least 5 years after the end of the relevant financial year.

Job applications

We receive job applications to assess whether they correspond to an employment need in our organisation.
If you submit your job application to us, our legal basis for processing your personal data is Article 6(1)(f) of the GDPR.
If you have sent an unsolicited application, HR will immediately assess the relevance of your application and then delete your data again if there is no match.
If you have submitted an application for an advertised job, we will discard your application if you are not hired and immediately after we have found the right candidate for the job.
If you are part of a recruitment process and/or hired for the job, we will provide you with separate information about how we process your personal data in this context.

Data processors

Few people can do everything themselves, and that includes us. Therefore, we have business partners and use suppliers, some of whom may be processors of personal data.
External suppliers may, for example, provide systems to organise our work, our services, our consulting, our IT hosting or our marketing.
It is our responsibility to ensure that your personal data is processed correctly. Therefore, we place high demands on our business partners, and our business partners must guarantee the protection of your personal data.
We therefore enter into agreements with companies (data processors) that handle personal data on our behalf to increase the security of your personal data.
Disclosure of personal data.
We do not disclose your personal data to third parties.

Profiling and automated decisions.
We do not perform profiling or automated decision-making.

Transfer to third countries

We use data processors within the EU/EEA or who store data within the EU/EEA.
In some cases this is not possible, in which case data processors outside the EU/EEA may be used if they can provide adequate protection for your personal data.

Security of processing

We keep the processing of personal data secure by implementing appropriate technical and organisational measures.
We have conducted risk assessments of our processing of personal data and have subsequently taken appropriate technical and organisational measures to increase the security of processing.
One of our most important measures is to keep our employees updated on GDPR through ongoing awareness training, GDPR training and by reviewing our GDPR procedures with employees.

The rights of data subjects

According to the General Data Protection Regulation, you have a number of rights in relation to our processing of your data.
If you wish to exercise your rights, please contact us so we can help you with this.

Right to view data (right of access)

You have the right to access the data we process about you, as well as a range of additional data.

Right to rectification (rectification)

You have the right to have inaccurate data about yourself corrected.

Right to erasure

In special cases, you have the right to have your data erased before the date of our regular general erasure.

Right to restriction of processing

In some cases, you have the right to restrict the processing of your personal data. If you have the right to restrict processing, we may in future only process the data – except for storage – with your consent, or for the establishment, exercise or defence of legal claims, or for the protection of a person or important public interests.

Right to object

In some cases, you have the right to object to our otherwise lawful processing of your personal data. You can also object to the processing of your data for direct marketing purposes.

Right to transfer data (data portability)

In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have this personal data transferred from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency’s guide on the rights of data subjects, which you can find at www.datatilsynet.dk.

Withdrawal of consent

When our processing of your personal data is based on your consent, you have the right to withdraw your consent.

Complaints to the Danish Data Protection Agency

You have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find the Danish Data Protection Agency’s contact details at www.datatilsynet.dk.

Copenhagen, 01 September 2023