1. Information about the processing of personal data

Your data security is important to us, and we therefore take great care to ensure that your personal data is handled responsibly.

Below you can read how Sjørring Maskinfabrik A/S (hereinafter ”Sjørring”, "we", "us " or "our ") process personal data about you when we act as data controller. You can also read about your rights in relation to our processing.

 

2. Sjørring's role as a data controller

In connection with the operation of our business, we process certain personal data. We do this in order to serve you in the best possible way. We mainly collect and process general (non-sensitive) personal data.

If you have any questions regarding our processing of your personal data, please contact Sjørring here:

Sjørring Maskinfabrik A/S
CVR: 737 303 17
Sjørringvigvej 4, 7700 Thisted, Denmark
Email: gdpr@sjorring.com

 

3. What personal data do we collect and why

We process personal data about you in a number of different situations. Read more about our processing in the different situations below.

 

3.1. Visitors to Sjørring's website and users of Sjørring's online services

When you visit Sjørring’s website (e.g. http://www.sjorring.com) or use our other online services (on, for example LinkedIn, Facebook, Instagram or Youtube), Sjørring may process information about your IP address as well as information about your computer, device and browser.

We also process information about your visit (e.g. information about how you access our websites, how you navigate around them, which pages you visit, content you view, your searches, advertisements you have seen, etc.). Personal data is collected through cookies, log files and other technologies (you can read more about our use of cookies here.

We also process personal data that you provide to us in connection with your use of the website or our online services, for example, when you use our online contact form, including your name, email address, the message you send us, and any other information you provide to us.

We use your personal data so that we can make relevant products, supplies, benefits and services ("Services") available to you and to improve your experience of our websites and online services and the Services we offer. We also use personal data to show you content on our and other sites based on your activities and preferences, and to limit the number of times you see the same content.

The legal basis for processing is our legitimate interests in making our website (and online services) available to you cf. Article 6(1)(f) of the General Data Protection Regulation) or your consent (Article 6(1)(a) of the General Data Protection Regulation and Section 3 of the Danish Executive Order on Cookies).

We store personal data collected in connection with your visit to our website in thirty (30) days after termination of the provision of the Services. Hereinafter we delete the personal data.

When you visit our page on social media, we are, together with each social media provider, joint data controllers for the processing of your personal data. We have entered into a joint controller agreement with Facebook and LinkedIn. 

The joint controller agreement with Facebook can be read here: https://www.facebook.com/legal/controller_addendum.

The joint controller agreement with LinkedIn can be read here: https://legal.linkedin.com/pages-joint-controller-addendum.

Transfer to third countries
In connection with this processing activity, we may transfer your personal data to third countries. 

The transfer will be based on the EU-U.S. Data Privacy Framework (“DPF”) for the organisations that are certified under the DPF.

When we transfer to organisations, which are not certified under the DPF, the transfer basis will be the Standard Contractual Clauses approved by the European Data Protection Board.

 

3.2. Customers of Sjørring

When you are a customer of Sjørring, Sjørring processes personal data about your name, your address, email address, your purchases, payment information, and other information that you provide to us.

We process the personal data for the purpose of fulfilling the agreement with our customers, for the purpose of providing the Services, invoicing, keeping statistics and performing quality management as well as for maintaining our customer records and providing general service, marketing and sales to our customers.

The legal basis for processing is the agreement with you cf. Article 6(1)(b) of the General Data Protection Regulation or our legitimate interests in managing your information as a customer with us cf. Article 6(1)(f) of the General Data Protection Regulation.

We store personal data about our customers in five (5) years after end of the cooperation. Hereinafter we delete the personal data.

Transfer to third countries
In connection with this processing activity, we may transfer your personal data to third countries. 

The transfer will be based on the EU-U.S. Data Privacy Framework (“DPF”) for the organisations that are certified under the DPF.

When we transfer to organisations, which are not certified under the DPF, the transfer basis will be the Standard Contractual Clauses approved by the European Data Protection Board.

 

3.3. Marketing recipients

When you receive marketing communications, including newsletters from Sjørring, we process personal data about name, telephone number, email address and title. We also process information about your marketing or communication preferences, your use of the marketing we send to you (including, for example, whether you have opened an email from us, whether the email has been read and which links you have opened), and any other information you provide to us.

We process your personal data for the purpose of marketing our company and Services, and for setting up and managing your marketing subscription. We use the personal data about your preferences and usage to understand the way customers receive our marketing messages and to improve our marketing to you and other customers going forward.

We will only send you marketing material by email, text messages or other electronic means once we have obtained your consent where this is required under the Danish Marketing Practices Act.

We also use personal data about you to show you content on our and other sites based on your activities and preferences, and to limit the number of times you see the same content, as well as to measure the effectiveness of our content and marketing. For this purpose, we may upload your email address to advertising tools with for instance Google or Facebook for the purpose of sending targeted marketing messages.

The legal basis for processing is our legitimate interests in complying with your wish to receive marketing communications from us to which you have consented under the Danish Marketing Practices Act cf. Article 6(1)(f) of the General Data Protection Regulation.

We store personal data about recipients of marketing communications as long as the contact is valid, and the data subject has not withdrawn his or her consent. If the data subject withdraws his consent, documentation of the original consent is kept for two (2) years from the date of revocation in accordance with the Consumer Ombudsman's guidelines and requirements.

 

3.4. Visitors to Sjørring's office

When you visit Sjørring’s office, we process personal data about your name, company name, title and any other information you choose to provide to us.

We process this personal data for security reasons. The legal basis for processing is our legitimate interests in preventing crime cf. Article 6(1)(f) of the General Data Protection Regulation.

We keep our visitor records at the reception desk for up to thirty (30) days after the visit has taken place. Our visitor records are stored securely and are only reviewed if there is a specific need to do so, for example in the event of a security breach. These records are reviewed only by persons who have a work-related need to do so.

Areas monitored by video surveillance are identified in accordance with Section 3(1) of the Danish Television Surveillance Act. All recordings are stored securely and only played if necessary, for example in the event of a security breach. Recordings are available only to persons who have a work-related need to see them. Recordings are typically overwritten automatically after a short period of time, unless a problem is identified that requires investigation, such as theft.

We store personal data collected in connection with TV surveillance for up to thirty (30) days after the collection.

 

3.5. Participants in Sjørring's events

When you register and participate in events organised by Sjørring, we process personal data about your name, telephone number, and email address, the event being attended.

We process this personal data for the purpose of managing the event and for security reasons, as well as to be able to send you relevant material.

The legal basis for processing is our legitimate interests in holding events cf. Article 6(1)(f) of the General Data Protection Regulation or your consent cf. Article 6(1)(a) of the General Data Protection Regulation and Section 10 of the Danish Marketing Practices Act.

We store personal data about participants in events in twelve (12) months after the end of the event. Hereinafter we delete the personal data.

 

3.6. Business partners and/or suppliers to Sjørring

When you are a business partner or supplier to Sjørring or are a contact person of a business partner/supplier, we process personal data about your name, company name, work telephone number, email address, title as well as publicly available information and other information you provide to us.

We process personal data for the purpose of contract management, receiving goods and services from our suppliers and business partners, and where appropriate to fulfil agreements with our customers.

The legal basis for processing is the agreement with you cf. Article 6(1)(b) of the General Data Protection Regulation or our legitimate interests in managing the relationship with you/the company you represent as a business partner/supplier cf. Article 6(1)(f) of the General Data Protection Regulation.

We store the personal data about business partners and/or suppliers in one (1) year after the end of cooperation. Hereinafter we delete the personal data.

Transfer to third countries
In connection with this processing activity, we may transfer your personal data to third countries. 

The transfer will be based on the EU-U.S. Data Privacy Framework (“DPF”) for the organisations that are certified under the DPF.

When we transfer to organisations, which are not certified under the DPF, the transfer basis will be the Standard Contractual Clauses approved by the European Data Protection Board.

 

4. Disclusure of your personal data to others

Sjørring may disclose your personal data to other suppliers and/or service providers in the ordinary course of our business as well as to our group affiliates.

Sjørring may also disclose your personal data to a public authority in situations where we are specifically obliged to disclose your personal data pursuant to legislation and notification obligations to which we are subject.

It may for example be necessary to disclose personal data to the following recipients:

TerraTech Group AB
Titangatan 9
195 72 Rosersberg, Sweden

We try to limit the disclosure of personally identifiable information and thus the disclosure of information that can be attributed to you personally.

Sjørring also discloses your personal data to data processors. Our data processors only process your personal data for our purposes and under our instructions.

 

5. Transfer of personal data to countries outside EU/EEA

In connection with our processing of your personal data, we may transfer such information to countries outside the EU/EEA (third countries).

Your personal data may be transferred to countries where the European Commission has determined that the level of data protection is equivalent to that in the EU/EEA (secure third countries).

We may also transfer your personal data to unsecure third countries. The transfer of your personal data to unsecure third countries will be based on the Standard Contractual Clauses (SCC) drawn up by the European Commission, which have been specifically designed to ensure an adequate level of protection. We assess the adequacy of the transfer basis and adopt additional measures if necessary to ensure an adequate level of protection for the transfer.

You can read more about the transfer of personal data to countries outside the EU/EEA on the European Commission's website.

If you would like further information about our transfer of personal data to countries outside the EU/EEA, please contact us.

 

6. Storage, data integrity and security

When your personal data is no longer needed, we will ensure that it is deleted in a secure manner.

It is our policy to protect personal data by taking adequate technical and organisational security measures.

We have implemented security measures to ensure data protection for all personal data that we process. We conduct regular internal follow-ups on the adequacy of and compliance with policies and measures.

 

7. Your rights

As a data subject, you have certain rights under the General Data Protection Regulation. If you want to exercise your rights, please contact us.

You may – unconditionally and at any time – withdraw your consent. You can do so by sending us an email (see email address above). Withdrawal of your consent will not have any negative impact. However, this may mean that we cannot meet specific requests from you in the future. Withdrawal of your consent will not affect the lawfulness of the processing based on consent before it is withdrawn. Furthermore, it will not affect any processing carried out on another lawful basis.

You can also – unconditionally and at any time – object to our processing when it is based on our legitimate interests.

Your rights also include the following:

• Right of access: You have the right to access the personal data we process about you.
• Right to rectification: You have the right to obtain rectification of any inaccurate and incomplete personal data about you.
• Right to erasure (right to be forgotten): In exceptional cases, you have the right to obtain erasure of information about you before the time when we would normally delete your personal data.
• Right to restriction of processing: In certain situations, you have the right to restrict the processing of your personal data. If you have the right to restrict the processing of your personal data, we may only process personal data in the future – apart from storage – with your consent, or for the establishment, exercise or defence of legal claims, or to protect an individual or important public interests.
• Right to object: In certain situations, you have the right to object to our processing of your personal data, and always if the processing is for direct marketing purposes.
• Right to data portability: In certain situations, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have such personal data transferred from one data controller to another.
• Right to lodge a complaint: You can lodge a complaint at any time with the Danish Data Protection Authority about our processing of personal data. See more at www.datatilsynet.dk where you can also find further information on your rights as a data subject.

 

8. Updates of our privacy policy

From time to time it will be necessary to update this Privacy Policy. We will review our Privacy Policy on a regular basis in order to ensure that it is updated, valid and in accordance with current legislation and the principles for processing of personal data. We will publish new versions of the policy on our website.

This policy has version no. 2 and is valid from November 20, 2023.