In some situations, Plura Consulting ApS will use and record certain personal
data about you. We may do so, for example, when you visit our website,
when you sign up for one of our events, when your business becomes a
customer of ours, or in the performance of our services.
In most situations Plura Consulting will be the controller of those data. This
will be the case, for example, where personal data are processed in our day-
to-day business activities, work and advisory services to our customers.
Accordingly, only in the context of very specific services if we use IT tools to
prepare or store documents on our customers behalf, such as Contract
Management are we required to conclude a data processing agreement with
our clients.
Below are some more details on when and how we may collect and use your
personal data.
Website – Plura Consulting will process personal data about you when you visit our website, pluraconsult.com
When? | Types of personal data | Purpose | Legal basis | Retention period | Recipients |
Signing up for events | Name, contact details, such as address and email address, company and title. | We will record and use the information for event administration purposes (e.g. to confirm registration and to prepare name tags). | The legal basis for processing is the legitimate interests of Plura Consulting, given that processing is necessary for the functioning of the event (see Article 6(1)(f) of the General Data Protection Regulation). | Personal data provided for purposes of signing up for one of our events will be immediately erased once the event is over. | We will not disclose personal information about you to any third party except where necessary for the functioning of the event. In certain circumstances, therefore, your contact details may be shared with external parties working on the event for processing on Plura Consultings’s behalf. Such third parties must not use the data for their own purposes. |
Filling and submitting a contact form | Full name, Email, Message | We will record and use the information to answer the request (e.g. sending a quote) | The legal basis for processing is the legitimate interests of Plura Consulting given that processing is necessary to answer the request (see Article 6(1)(f) of the General Data Protection Regulation). | Personal data provided for purposes of signing up for sending a request will be immediately erased once the user is no longer active | We will not disclose personal information about you to any third party except where necessary to answer the request. In that case, the recipient will be given a written notice of the forwarded information. |
Your rights as a data subject
Data processor – In the performance of our services Plura Consulting
will be processing personal data on behalf of our clients and is
therefore, by definition, a data processor.
As a data subject you have a number of rights available to you, which you
may exercise by contacting Jacob Knudsen. You have the right to request
information about what personal data about you we are processing and to
receive a copy of the data. You also have the right to object to our processing
of personal data about you, to request rectification or erasure of any
personal data about you which you believe are incorrect, outdated, etc., and
you can request a restriction of our processing of personal data about you.
For some of these rights, e.g. the right to erasure, exercising them requires
satisfaction of certain concrete conditions set by data protection law.
Another right of yours as a data subject is the right to data portability –
again, subject to fulfilment of concrete conditions set by data protection law.
This means you have the right to receive, in a structured, commonly used
and machine-readable format, the personal data about you which has been
sent to us, where the processing is carried out by automatic means and is
based on consent or contract. You are also entitled, where technically
feasible, to have your personal data transmitted to another controller.
There may be instances, though, where the rules allow for a restriction of
your rights, e.g. where your rights are deemed to be overridden by essential
private interests.
Where you have given consent to the processing of your personal data, you
are free to withdraw your consent at any time. Withdrawal will not affect the
lawfulness of the processing which has already taken place on the basis of
your consent. If you choose to withdraw your consent, the processing of
your personal data will cease and the data will be erased, unless there are
objective grounds for their continued retention, e.g. for documentation
purposes.
See the Danish Data Protection Agency’s guidance on the rights of data
subjects for more about your rights here (in Danish).
Exceptions to Plura Consultings’s duty of disclosure
As a data subject you are entitled to information about Plura Consulting’s
processing of your personal data.
However, Plura Consulting may decline disclosure to you to safeguard
essential private interests, including your own, or to safeguard essential
public interests, where such interests are found to override your interest in
receiving the information. This exception will be relevant where disclosure
would prejudice the interests of our customers, e.g. in connection with legal
action and enforcement of civil law claims or criminal acts, control or
supervisory functions, and similar situations.
Also, Plura Consulting may decline disclosure to you if you are in possession
of the information already or if disclosing them to you is impossible or would
involve a disproportionate effort or would impair the achievement of the
objectives of the processing.
Transfer of personal data to countries outside the EU/EEA
Transfer of personal data to a country outside the EU/EEA (a third country)
that is considered to provide an adequate level of protection does not
require a specific authorization. Personal data can without further measures
be transferred to such third countries.
Transfer to so-called “unsafe” third countries may be carried out based on a
variety of appropriate safeguards that have been established to provide an
adequate level of protection of the data subjects’ rights. In terms of specific
examples we can refer to entering into the EU-Commission’s standard
contractual clauses with the recipient of the personal data or, if the recipient
is established in the U.S., by ensuring that the recipient in question is
certified under the EU-U.S. Privacy Shield scheme.
Where no appropriate safeguards are provided, transfer of personal data to
“unsafe” third countries may take place based on specific legal basis for the
transfer. The transfer can, for instance, take place based on a consent, for
the performance of a contract with a company established in such third
country and if necessary in relation to legal claims. The specific legal bases
are stated in article 49 (1) of the General Data Protection Regulation.
You can obtain a copy of the relevant legal basis for the transfer or
information about where it has been made available by contacting the
responsible for our privacy policy: Jacob Knudsen.
Security of processing at Plura Consulting
We will also process your personal data in a manner that ensures the
security and confidentiality of the data as required under the data protection
laws in force from time to time, including by use of the required technical
and organisational security measures. We have, among other things,
procedures in place to ensure that only selected Plura Consulting employees
have access to your personal data and that your personal data are not kept
longer than necessary. To the extent allowed under applicable data
protection laws, we may also use your personal data for statistical purposes
so that we can continuously improve on our servicing of clients.
Contact for Plura Consulting
If you have any questions for Plura Consulting about our processing of
personal data, you are more than welcome to contact our person in charge
of privacy: Jacob Knudsen.
Contact the Danish Data Protection Agency
If you have any grievances about the manner in which Plura Consulting
processes your personal data, you can lodge a complaint with the Danish
Data Protection Agency (website in Danish), the authority responsible for
supervising data protection in Denmark.
Additional information
How we protect your data
- We protect your data by keeping WordPress up to date, keep data
encrypted with SSL and log out of the WP-admin database after use.
What data breach procedures we have in place
- To prevent any sign of data breach, we will keep updating to the latest
software and educate ourselves and future staff to follow best data
breach prevention practices.