Privacy

PERSONAL DATA POLICY FOR CroxxMed ApS

1. GENERAL INFORMATION
   
   1.1. The present policy regarding the processing of personal data (“Personal Data Policy”) describes how CroxxMed ApS, CVR. no. 33247117 (the “Business”) collects and processes your data.
   
   1.2. The personal data policy applies to information which you pass on to the Business in connection with advice and insurance brokerage with the Business, or an application collected by the Business through its website.
   
   1.3. The Business is Data Controller regarding your personal data, and you can contact the Business by means of the contact information in item 7.
   

2. WHICH PERSONAL DATA DO WE COLLECT, FOR WHICH PURPOSE, AND THE LEGAL BASIS FOR THE PROCESSING
   
   2.1. The Business is a professional insurance broker and communicates with other businesses about advice and insurance brokerage. When you communicate with the Business, the Business will collect the information you disclose, such as name, e-mail address, and telephone number.
   
   2.1.1. The purpose of the above collection of personal data is to enable us to provide the advice and brokerage you want to buy, and otherwise fulfil our agreement with you, including administer your rights to complain, and in order to be able to contact you regarding relevant information about the advice you have bought.
   
   2.1.2. The legal basis for the processing is Article 6, (1), letter a, b, c, and f, of the EU Regulation on
   the processing of personal data.
   

3. RECIPIENTS OF PERSONAL DATA
   
   3.1. Information about your name, address, e-mail address, and telephone number, and choice of insurance will be disclosed to the insurance company chosen.
   
   3.2. Data can be disclosed to external cooperation partners processing information on behalf of the Business. The Business uses external cooperation partners, among other things for technical operation of systems. Such businesses are Data Processors instructed by the Business and will process data for which the Business is the Data Controller. The Data Processors must not use the data for any other purpose than to fulfil the agreement with the Business and are covered by a duty of secrecy. The Business has entered into written data processor agreements with all Data Processors processing personal data on behalf of the Business.
   

4. YOUR RIGHTS'
   
   4.1. Right to access
   
   4.1.1. You are at any time entitled to ask the Business for information, among other things about which personal data the Business has registered about you, the purpose of the registration, the categories of data, and any recipients of your data, and information about the origin of the data.
   
   4.1.2. You are entitled to a copy of the personal data processed by the Business about you. If you want a copy of your personal data, you must forward a written request to the person responsible for data at the Business as mentioned in item 7. You will be asked to document your identity.
   
   4.2. Right to rectification
   
   4.2.1. You have the right to demand from the Business rectification of incorrect information about you. If you become aware of errors in the personal data registered about you by the Business, we ask you to contact the Business in writing, so that such data can be rectified. You will be asked to document your identity.
   
   4.3 Right to erasure
   
   4.3.1. In certain cases, you are entitled to have all or some of your personal data erased by the Business, for example if you revoke your consent, and the Business does not have another justified legal basis for continuing the processing. To the extent that continued processing of your personal data is necessary, for example to enable the Business to fulfil its legal obligations, or in order to establish, make or defend a legal claim, the Business is not obliged to erase your personal data. If you want erasure of your personal data, you must forward a written request to the person responsible for personal data in the Business as mentioned in item 7. You will be asked to document your identity.
   
   4.4.Right to restriction of processing
   
   4.4.1. In some cases, you have the right to restrict the processing of your personal data to include only storing, for example if you think that the data processed by the Business about you is incorrect.
   
   4.5. Right to data portability
   
   4.5.1.In some cases, you have the right to have personal data provided to us by you handed over in a structured, commonly used and machine-readable format, and the right to transmit such data to another data controller.
   
   4.6. Right to object
   
   4.6.1. You will at any time have the right to object to the processing by the Business of your personal data.
   
   4.7. Right to revoke consent
   
   4.7.1. You will at any time have the right to revoke consent given to the Business to a specific processing of personal data.
   
   4.8. Right to complain
   
   4.8.1. Furthermore, you have the right to complain to the Danish Data Protection Agency (Datatilsynet) if you are dissatisfied with the processing of a complaint on the part of the Business.
   
   Datatilsynet
   Borgergade 27, 5.
   1300 Copenhagen K
   

5. ERASURE OF PERSONAL DATA
   
   5.1. Personal data collected in connection with the purchase of a product will in principle be erased after five years from expiry of the agreement, as the Business may be obliged to store such data according to the Accounting Act. The information may be stored for a longer period, if the Business has a legitimate need for more long-term storing, for example if it is necessary to be able to establish, make or defend a legal claim, or if necessary to enable the Business to meet other statutory requirements.
   

6. SECURITY
   
   6.1. The Business has taken appropriate technical and organisational security measures to prevent personal data from being destroyed, lost, changed or deteriorated accidentally or illegally, and to prevent personal data from being disclosed to or abused by unauthorised persons.
   
   6.2. Only employees with an actual need for access to your personal data in order to carry out their work will have access to your data.
   

7. CONTACT INFORMATION
   
   7.1. CroxxMed ApS, CVR. no. 33247117 is Data Controller for the personal data processed on behalf of the Business.
   
   7.2. If you have any questions to or comments on the present Personal Data Policy or wish to utilise one or more of the rights described in item 5, please contact:
   
   CroxxMed ApS
   Agern Allé 242970 Hørsholm
   Denmark
   
   Att. CEO, Birgitte Telmer MD
   Tlf.no. +45 20151221
   e-mail: bte@croxxmed.com
   

8. VERSION
   
   8.1. This version was most recently revised on 10 January 2020.