We provide you with this information as we are required to do so under the General Data Protection Regulation (the "GDPR").
1.Controller
PaBoCo acts as a data controller for the processing of your personal data in the various situations described in more detailed below. You can find our contact details [see section 9] below.
2. Processing activities
We process your personal data for different purposes in the following situations:
• When you communicate with us [see section 3]
• When you represent our business partners [see section 4]
• When you visit our social media profiles [see section 5]
Below, you can read more about the various purposes of our processing of your personal data in different situations. You can also see what data we process, what the legal basis for the processing is, for how long we store the personal data and who we share it with.
Further, you can read more about your rights [see section 7] and how to contact us [see section 9] below.
3. When you communicate with us
Below, you can read more on how we process your personal data when you contact us and communicate with us, e.g. regarding our products, etc.
Managing and answering enquiries.
Persons who contact us
Name and contact information, including email address and phone number, as well as any other information provided by you in the correspondence, e.g. association with a company.
Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interest in managing enquiries.
Information deriving from communications will be deleted 12 months after the end of the financial year where your last enquiry has been handled/concluded.
Recipients:
We use external partners who process personal data on our behalf (data processors). Such external partners include e.g. providers of technical assistance with regard to our IT systems, website, and email systems.
For information on third country transfers, please refer to section 6 [see section 6].
4. When you represent our business partners
When you communicate with us (e.g. via email) as or on behalf of our supplier, business partner or other third party, you communication will often contain personal data. This can e.g. be your contact details, including your name and email address, as well as association with a certain company, and any other personal data you may provide us with. We may also receive such personal data from a third party, such as your employer.
Business partner (or other third party) administration.
Persons representing our business partners or other third parties.
Name, email address, association with a certain company and any other personal data you may provide us with.
Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interest in managing and answering your enquiries and to communicate with you and/or the company you represent.
Personal data pertaining to our communication with you will generally be deleted 3 years after the end of the financial year in which our last contact with the business you represent took place.
Bookkeeping
Persons representing our business partners or other third parties.
Information that appears on invoices, such as your name, email address and association with a certain company.
We are obligated to store bookkeeping information, including information related to payments/transactions in accordance with the Danish Bookkeeping legislation. Our GDPR-legal basis in this regard is Article 6(1)(c).
Bookkeeping records will be stored for 5 years after the end of the financial year where your order was concluded.
Recipients:
We disclose personal data included in our account records to the relevant public authorities, including in connection with our statutory bookkeeping, etc.
We may also disclose your personal data to our relevant (other) business partners, including external advisors. We also make your personal data available to external partners who process personal data on our behalf (data processors). Such external partners include e.g. providers of technical assistance with regard to our IT systems and email systems.
For information on third country transfers, please refer to section 6 [see section 6].
5. When you visit our social media profiles
When you visit our social media profiles, the social media providers use cookies to collect and process personal data on your behaviour, in accordance with the consent you may have given to the social media provider. We will also receive statistics on e.g. demographics and geography from the social media providers. The statistics are gathered via plug-ins from the social media (e.g. "Page Insight" on Instagram). Below, you can read more about our processing of your personal data when you visit our social media profiles.
We have a joint controllership with the social media providers with regard to personal data collected and processed when you visit our social media accounts. You can read more about our joint controllership below, under "Recipients" (in this section).
Promoting our businesson social media and interact with customers/social media users.
Visitors to our social media accounts (Instagram, YouTube and LinkedIn)
Information you have made available through settings on Instagram, YouTube and LinkedIn, as well as your reactions, comments or sharing of our posts, or when you tag us in your posts, etc.
Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interest in promoting our business via our presence on social media and to interact with our customers or other social media users.
We have joint controllership with the suppliers of the social media platforms. You can read more about this just below.
Information provided to us through social media is deleted when the post is deleted or when you choose to withdraw your reaction to our post (like, comment, share, etc.)
If you do not delete your post, comment, etc., the information will be deleted after 5 years.
Recipients:
As we have a joint controllership with the social media providers, you may exercise your rights under the GDPR towards us and the social media providers. You can find a more detailed description of the joint controllership here:
• Instagram (Meta)
• YouTube (Google)
• LinkedIn
You can read about the social media providers' own processing of personal data here:
• Instagram (Meta) Privacy Policy
• YouTube (Google)
• LinkedIn Privacy Policy
We use external partners who process personal data on our behalf (data processors). Such external partners include e.g. providers of technical assistance with regard to our IT systems and website.
For information on third country transfers, please refer to section 6 [see section 6].
6. Transfer to third countries
We use Microsoft Outlook for our email services. Thus, when you contact us via email, personal data is transferred to recipients located in so-called third countries (countries outside the EU and EEA), including the United States. Unless the country in question has been approved by the European Commission as having sufficient level of protection (including companies located in the US that are covered by the EU-US Data Privacy Framework (e.g. Microsoft USA)), the basis for the transfer is the European Commission's Standard Contractual Clauses.
You can find a list over Microsoft's sub-processors here.
If you want additional information about our transfer of personal data to third countries, including a copy of the above-mentioned standard contractual clauses, you may make a request for such additional information by contacting us (see section 9).
7. Your rights
You have the following rights:
• Right to withdraw consent: Where you have given your consent for our processing of your personal data, you have the right to withdraw your consent at any time. You can withdraw your consent by contacting us (see contact details below).
• Right of access: You have the right to have confirmed whether collection or processing your personal data has taken place, and, if so, you have the right to request a copy of your personal data in a digital format.• Right of rectification: You have the right to require that we correct any inaccurate personal data, and that we complete incomplete personal data.
• Right of erasure: In certain circumstances, you have the right to request that we erase personal data concerning you; for example, if it is no longer necessary for the purposes in which it was originally collected.
• Right to restrict processing: In certain circumstances, you have the right to request that we restrict the processing of your personal data, for example, if you believe that the personal data is not accurate or lawfully processed.
• Right to object to the processing: In certain circumstances, you have the right to request that we stop processing your personal data.
• Right to data portability: In certain circumstances, you have the right to receive the personal data you have provided us with in a structured, commonly used, machine readable format, and the right to have us transmit the data to another entity, where technically feasible.
You can read more about your rights in the Danish Data Protection Agency's guidelines on data subjects' rights, which is available at www.datatilsynet.dk. Please contact us if you wish to exercise any of your rights. The relevant contact details [see section 9] are stated below.
There may be conditions or limitations on these rights. It is therefore not certain that you, e.g., have the right of data portability in the specific case - this depends on the specific circumstances of the processing activity.
8. Complaint to a supervisory authority
If you want to lodge a complaint with a supervisory authority about our processing of your personal data, you can do so by contacting the Danish Data Protection Agency via their website, www.datatilsynet.dk.
9. Contact information
Paper Bottle Company A/S
Fabriksvangen 5A
3550 Slangerup
CVR no.: 28993854
+45 23 10 64 19
tim.silbermann@paboco.com