Privacy Policy – Huuray A/S
Welcome to our website. Your privacy is important to us & we value the trust you place in us.
Huuray provides various rewards, incentives, and other products and services to corporate clients, and our Clients provide these rewards, incentives, and other products and services to individuals for redemption.
We are the data controller of the personal data we process about our customers and business partners. You can find our contact details below.
Huuray A/S
Carl Jacobsens Vej 16, 2. 11
2500 Valby, Denmark
CVR no.: 33948786
Huuray A/S DPO is: Ronnie Gasseholm, CTO. If you have any questions about the processing of your personal data, you can contact our DPO via dpo@huuray.com.
Processing of personal data
As a data controller under the GDPR, we have the following processing activities.
Visit our website
When you visit our website, we use cookies to make the website work, which you can read more about in our [cookie policy].
Communication with potential customers
When you have questions about our website or want to know more about our services, you can contact us via:
– Contact form
– E-mail us
– Telephone
In doing so, we will process your personal data so that we can engage in a dialogue with you, such as answering questions about our services. We only process the data that you provide to us in the context of our communication.
We will usually process the following general information: name, email, phone number.
Our legal basis for processing these personal data is Article 6(1)(f) of the General Data Protection Regulation.
We will delete our communication with you once it is clear whether you want our services or not.
If in an individual case there is a need to store your personal data for a longer period of time, this may be the case.
Our customers
We need to communicate with our customers to ensure that the service is delivered correctly. In doing so, we may process data on name, address, services, specific contracts, payment information, and the like.
The legal basis for processing these personal data is Article 6(1)(b) of the General Data Protection Regulation.
Once the service has been delivered and any outstanding issues have been closed, we will delete the personal data immediately afterward.
Our newsletter
We have a newsletter that is optional to subscribe to – and you can unsubscribe at any time.
The purpose of the newsletter is to send emails to subscribers with new information from the company, which may include new content on the website, and advertising our services.
We will only send you emails if you have actively consented to this. This requires that you first enter your email address, to which we then send an email to confirm your subscription. In this way, we ensure that you have actually signed up for the newsletter yourself, i.e. given active consent.
Our legal basis for processing your personal data (i.e. email address) in the context of the newsletter will be Article 6(1)(a) of the General Data Protection Regulation.
We will process your personal data as long as you still subscribe to the newsletter. If you unsubscribe from the newsletter, we will also stop sending it to you. If we have not sent you a newsletter for 1 year, your consent will expire due to our inactivity.
When you unsubscribe from the newsletter, we will store your now previous consent for 2 years after it was last used due to limitation rules, cf. the Consumer Ombudsman’s spam guide section 11.3.
Bookkeeping
We must store all accounting documents in accordance with the Danish Accounting Act. This means that we store invoices and similar documents for accounting purposes. This may include general personal data such as name, address, and description of the service.
Our legal basis for processing personal data for accounting purposes is Article 6(1)(1) of the General Data Protection Regulation.
We keep this information for at least 5 years after the end of the relevant financial year.
Job applications
We receive job applications to assess whether they correspond to an employment need in our organisation.
If you send your job application to us, our legal basis for processing your personal data is Article 6(1)(f) of the General Data Protection Regulation.
If you have sent an unsolicited application, HR will immediately assess whether your application is relevant and then delete your data again if there is no match.
If you have submitted an application for an advertised job, we will discard your application if you are not hired and immediately after we have found the right candidate for the job.
If you are part of a recruitment process and/or hired for the job, we will provide you with separate information on how we process your personal data in this context.
Data processors
Few people can do everything themselves, including us. This is why we have business partners and use suppliers, some of whom may be data processors.
External providers may, for example, provide systems to organize our work, our services, our advice, our IT hosting, or our marketing.
It is our responsibility to ensure that your personal data is processed correctly. This is why we set high standards for our business partners, and our partners must ensure that your personal data is protected.
We, therefore, enter into agreements with companies (processors) that handle personal data on our behalf to increase the security of your personal data.
Disclosure of personal data
We do not disclose your personal data to third parties.
Profiling and automated decisions
We do not perform profiling or automated decision-making.
Transfers to third countries
We use data processors within the EU/EEA or who store data within the EU/EEA.
In some cases, this is not possible, in which case data processors outside the EU/EEA may be used if they can provide adequate protection for your personal data.
Safety of treatment
We keep the processing of personal data secure by implementing appropriate technical and organizational measures.
We have conducted risk assessments of our processing of personal data and have subsequently implemented appropriate technical and organizational measures to enhance the security of the processing.
One of our most important measures is to keep our employees updated on the GDPR through ongoing awareness training, GDPR training, and by reviewing our GDPR procedures with employees.
Data subjects’ rights
Under the General Data Protection Regulation, you have a number of rights in relation to our processing of your data.
If you wish to exercise your rights, please contact us so that we can help you to do so.
Right to see data (right of access)
You have the right to access the data we process about you, as well as a range of additional data.
Right of rectification (rectification)
You have the right to have inaccurate data about you corrected.
Right to erasure
In specific cases, you have the right to have your data deleted before the date of our regular general deletion.
Right to restriction of processing
In some cases, you have the right to restrict the processing of your personal data. If you have the right to restrict processing, we may continue to process the data – except for storage – only with your consent, or for the establishment, exercise or defence of legal claims, or for the protection of a person or important public interests.
Right to object
In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You can also object to the processing of your data for direct marketing purposes.
Right to transfer data (data portability)
In some cases, you have the right to obtain your personal data in a structured, commonly used, and machine-readable format and to have these personal data transmitted from one controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency’s guidance on data subjects’ rights, which can be found at www.datatilsynet.dk.
Withdrawal of consent
When our processing of your personal data is based on your consent, you have the right to withdraw your consent.
Complaints to the Danish Data Protection Agency
You have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with how we process your personal data. You can find the Danish Data Protection Agency’s contact details at www.datatilsynet.dk.