Privacy Policy
Data controller
We are responsible for processing the personal data we collect about our customers and partners. Our contact details:
BLID Instituttet I/SHans Broges Vej 31
8220 Brabrand
CVR: 42116483
We are not required to have an external Data Protection Officer, but if you have questions about how we handle your personal data, email: info@butikbutik.dk
What we do (business activities)
As data controller under the GDPR, our activities include:– Webshop
– Website visits
Website visits
We use cookies so the site works properly – see our cookie policy for details.
Contacting potential customers
If you contact us with questions or to learn about our services, you can reach us via:– Contact form
– Phone
We will process the personal data you provide so we can respond and communicate with you about our services. We only use the information you give us. Typical data: name, email, phone number. Our legal basis for this processing is GDPR Article 6(1)(f) (legitimate interest). We delete the communication once it’s clear whether you want our services. In special cases (for example a therapy course) we may need to keep data longer.
Customers
We need to process customer information to deliver services correctly. This may include name, address, service details, special agreements, and payment information. The legal basis is GDPR Article 6(1)(b) (contract). Once the service is complete and any outstanding issues are closed, we will delete the personal data.
Newsletter
Subscribing to our newsletter is optional and you can unsubscribe at any time. The newsletter informs subscribers about news, website updates, and our services. We only send newsletters if you have actively consented. You give your email, we send a confirmation to verify your subscription (double opt-in). We may ask if you want the newsletter during checkout.
Legal basis: GDPR Article 6(1)(a) (consent). We will process your email while you remain subscribed. If you unsubscribe we stop sending emails. If we have not sent you a newsletter for 1 year, your consent expires due to inactivity. When you unsubscribe, we keep a record of your previous consent for 2 years (to meet limitation rules), per the Danish Consumer Ombudsman guidance.
Accounting
We must keep accounting records under bookkeeping law, so we store invoices and similar documents that may contain personal data (name, address, service descriptions). Legal basis: GDPR Article 6(1)(c) (legal obligation). We retain these records for at least 5 years after the end of the relevant fiscal year.
Job applications
We welcome job applications to assess fit for roles. If you send an application, our legal basis for processing is GDPR Article 6(1)(f) (legitimate interest). For unsolicited applications we will assess relevance and delete your data if there’s no match. For applications to advertised positions we will delete applications if you are not hired, once the right candidate is chosen. If you join a recruitment process or are hired, we will provide separate information on how we process your data.
Data processors (partners)
We use external partners and suppliers that may process personal data on our behalf, for example for systems, IT hosting, accounting, payments, shipping, or marketing. Examples:– e-conomic (accounting)
– one.com (hosting)
– Dansk Revision (auditor)
– Flatpay (payment gateway)
– Shipmondo (shipping)
– Storebuddy (bank-accounting integration)
We are responsible for ensuring these partners protect your data. We set high requirements and sign contracts with processors to secure your personal data.
Sharing personal data
We do not share your personal data with third parties.
Profiling and automated decisions
We do not perform profiling or make automated decisions.
Transfers outside the EU/EEA
We primarily use processors within the EU/EEA or that store data in the EU/EEA. If we must use a processor outside the EU/EEA, we will ensure adequate protection for your data.
Security
We protect personal data with appropriate technical and organizational measures. We perform risk assessments and apply safeguards accordingly. We also train staff on GDPR and internal procedures to maintain data security.
Your rights
Under the GDPR you have rights regarding our processing of your data. Contact us to exercise any of these rights.
- Right of access: You can request a copy of the data we hold about you.
- Right to rectification: You can ask us to correct inaccurate data.
- Right to erasure: In certain situations you can request deletion before our standard retention periods.
- Right to restriction: In some cases you can ask us to limit processing.
- Right to object: You can object to our processing in certain situations, including direct marketing.
- Right to data portability: In some cases you can receive your data in a structured, machine-readable format and request transfer to another controller.
Read more about your rights on the Danish Data Protection Agency’s website: www.datatilsynet.dk
Withdrawal of consent
If processing is based on your consent, you can withdraw that consent at any time.
Complaints
If you are unhappy with how we handle your data, you can complain to the Danish Data Protection Agency (Datatilsynet). Their contact details are on www.datatilsynet.dk
We encourage you to read more about GDPR so you are informed about your rights.