Privacy Policy

1. GENERAL

1.1 This Privacy Policy (“Personal Data Policy”) describes how Northstake A/S (Northstake, us, ours, we) collect and handle data about you.

1.2 The Personal Data Policy applies to personal information that you provide to us or that we collect via the Northstake website, Northstake.dk (the “Website”).

1.3 Northstake A/S is committed to ensuring the privacy and protection of our users' data. In line with this commitment, we adhere to the standards and regulations set forth by the EU General Data Protection Regulation (GDPR). Our practices and policies are designed to ensure compliance with this regulation, ensuring that your personal data is handled with the utmost care and security.

1.4 Northstake A/S is the data controller for your personal information. All inquiries to Northstake can be made via the contact information listed under point. 7.

2. WHAT PERSONAL INFORMATION DO WE COLLECT, FOR WHAT PURPOSES AND LEGAL BASIS FOR THE PROCESSING

2.1 When you visit the Website, we automatically collect information about you and your use of the Website, such as the type of browser you use, the search terms you use on the Website, your IP address, including your network location, and information about your computer.

2.1.1 The purpose is to optimise the user experience and the Website's function, as well as carry out targeted marketing, including retargeting via eg Facebook, LinkedIn and Google. This processing of information is necessary so that we can take care of our interests in improving the Website and show you relevant offers.

2.1.2 The legal basis for the processing is Article 6 (1) of the EU Personal Data Regulation. 1, letter f.

2.2 When you buy a product or communicate with us on the Website, we collect the information you provide, eg name, address, e-mail address, telephone number, payment method, information about which products you buy and possibly have returned, delivery requests, and information about the IP address from which ordering was made.

2.2.1 The purpose is that we can deliver the products you have ordered and otherwise fulfil our agreement with you, including to be able to manage your rights to return and advertise. We can also process information about your purchases to comply with legal requirements, including for bookkeeping and accounting. Upon purchase, the IP address is collected for the purpose and to serve our interest in being able to prevent fraud.

2.2.2 The legal basis for the processing is Article 6 (1) of the EU Personal Data Regulation. 1, letters b, c and f.

2.3 When you sign up for our newsletter, we collect information about your name, e-mail address and possibly mobile number.

2.3.1 The purpose is to take care of our interest in being able to deliver newsletters to you.

2.3.2 The legal basis for the processing is Article 6 (1) of the EU Personal Data Regulation. 1, letter f.

3. RECIPIENTS OF PERSONAL INFORMATION

3.1 In the course of our operations, there may be instances where personal data is transferred across borders or shared with third-party entities. We want to be transparent about these processes:

3.1.1 The reason for sharing your data with third parties are among other things, technical operation and improvements of the website, distribution of newsletters and targeted marketing, including retargeting, as well as for your assessment of our company and products as well as compliance related obligations.

3.1.2. These companies are data processors and under our instruction and process data for which we are data responsible. The data processors may not use the information for any purpose other than fulfilling the agreement with us and are subject to confidentiality about this. We have entered into written data processor agreements with all data processors who process personal data on our behalf.

3.2 Three of these data processors, Google Analytics v / Google LLC., Facebook Inc. and LinkedIn Corporation are established in the United States. The necessary guarantees for the transfer of information to the United States are secured through the certification of the data processor under the EU-U.S. Privacy Shield, cf. EU Personal Data Regulation Art. 45.

3.3.1 A copy of Google LLC's certification can be found here: http://bit.ly/2cHnS92

3.3.2 A copy of Facebook Inc.'s certification can be found here: http://bit.ly/2oXQf8L

3.3.3 A copy of LinkedIn Corporation certification can be found here: http://bit.ly/2FBM2Bg

4. YOUR RIGHTS

4.1 In order to create transparency regarding the processing of your information, we, as the data controller, must inform you of your rights.

4.2 The right of access

4.2.1 You are at all times entitled to request information from us about, among other things, what information we have registered about you, what purpose the registration serves, what categories of personal information and recipients of information that may. may be, as well as information on where the information comes from.

4.2.2 You have the right to receive a copy of the personal data that we process about you. If you want a copy of your personal information, you must send a written request to privacy@northstake.dk. You may be asked to document that you are who you claim to be.

4.3 The right to rectification

4.3.1 You have the right to have incorrect personal information about yourself corrected by us. If you become aware that there are errors in the information that we have registered about you, you are encouraged to contact us in writing so that the information can be corrected.

4.3.2 Information that we have collected in connection with your registration with our client membership, you have the opportunity to correct via log-in to your user profile.

4.4 The right to delete

4.4.1In certain cases, you have the right to have all or some of your personal data deleted by us, e.g. if you revoke your consent and we do not have another legal basis to continue the processing. To the extent that continued processing of your information is necessary, eg for us to comply with our legal obligations, or for legal claims to be established, asserted or defended, we are not obliged to delete your personal information.

4.5 The right to limit the treatment to storage

4.5.1 In certain cases, you have the right to have the processing of your personal data limited to storage only, eg if you believe that the information we process about you is incorrect.

4.6 The right to data portability

4.6.1 In certain cases, you have the right to have personal information that you have provided to us provided in a structured, commonly used and machine-readable format and you have the right to transfer this information to another data controller.

4.7 The right to object

4.7.1 You have the right at any time to object to our processing of your personal data, with a view to direct marketing, including the profiling carried out to target our direct marketing.

4.7.2 You also have the right at any time, for reasons relating to your personal situation, to object to the processing of your personal data, which we carry out on the basis of our legitimate interests, cf. pkt. 2.1 and 2.3.

4.8 The right to withdraw consent

4.8.1 You have the right at any time to revoke a consent you have given us for a given processing of personal data. If you wish to revoke your consent, please contact us at privacy@northstake.dk

4.9 The right to complain.

4.9.1 You always have the right to submit a complaint to the Danish Data Protection Agency, Borgergade 28, 5, 1300 København K about our processing of your personal data. Complaints can be submitted by e-mail dt@datatilsynet.dk or telephone +45 33 19 32 00.

5. DELETION OF PERSONAL DATA

5.1 Information collected about your use of the Website, cf. pkt. 2.1. deleted at the latest when you have not used the Website for 1 year.

5.2 Information collected in connection with your subscription to our newsletter will be deleted when your consent to the newsletter is withdrawn, unless we have another basis for processing the information.

5.3 Northstake is committed to ensuring that the data we collect from you is stored for no longer than necessary. This means that we only store your information for as long as we need to deliver our services to you and to fulfil our obligations under § 30 in the Danish Anti-Money Laundering Act (“Hvidvaskloven”) and § 10 of the law on accounting. We are required to keep information related to KYC documentation and completed transactions for a period of 5 years.

6. SECURITY

6.1 We have implemented appropriate technical and organizational security measures against the accidental or unlawful destruction, loss, alteration, or deterioration of personal data, as well as against the disclosure or misuse of unauthorised persons.

6.2 Only employees who have a real need to access your personal information to perform their work have access to it.

7. CONTACT INFORMATION

7.1 Northstake A/S is data responsible for the personal data collected via the Website.

7.2 If you have questions or comments about this Personal Data Policy or wish to make use of one or more of your rights described in section 4, you can contact:

Northstake A/S
Højbro Plads 10
DK-1200, Copenhagen
E-mail: privacy@northstake.dk

8. CHANGES IN THE PERSONAL DATA POLICY

8.1 If we make changes to the Personal Data Policy, you will be informed of this on your next visit to the Website.

8.2 If you have joined our client membership, you will be notified of the policy changes by sending information to your registered email address.

9. VERSIONS

This is version 2 of Northstakes privacy policy.