Privacy policy
It is important to us that we protect and respect your privacy when you use our products and services.Apart from being a preferred partner and supplier of eyewear, one of our main goals is to keep your data safe and sound so you can feel absolutely secure working with us. We maintain high ethical standards and have executed strong internal procedures to ensure that we use and store your data in the best possible way. In our policy below you will find the terms of working with your data and the rights you have using our website, products and services. If you have any comments or queries to our privacy policy – or if you would like to get in touch for any other reason, you are welcome to contact us using the contact information at the bottom of this document.


What do we supply?
Carlottas Village delivers eyewear, services and counselling. To do this we collect a series of data regarding you and your business. Below we provide detailed information on what we collect, why we do that and what we do to protect your data. From where we collect personal data and the rights you have in this relation.


What is personal data?
Personal data can be many things. It can be a name, and address and a telephone number. It can also be a photo or an IP-address. Personal data is all kinds of information that can be used to identify a person. That is why it is not always just one single piece of information that defines whether it is personal data. If more pieces of data can be put together and then identify a person they will be personal data anyhow.

We use the below ways to collect data:

• When you buy our products online
• At sales appointments with our agents
• When you are in touch with our customer service
• When you sign up for our news letter
• When you make a profile at our website
• When you participate in campaigns or queries
• When you give us the data yourself
• When you give information to one of our partners

Below you can see why and on which grounds we do that.


We use your data in more ways
We collect and use your personal data for specific purposes – it can be divided into the below categories:

1) In the first category we have the data we need to be able to deliver our products or services to you. It could be your name, VAT-number, address, telephone number, email, etc. So, basically essential identification and contact information. These are our ”legal grounds”. If we cannot keep this information we are not able to deliver anything to you. It might also be due to legislation that we register and store certain personal data. For instance for the tax and financial reporting legislation. If we wish to use your personal data in any other way than the initial purpose suggested we will tell you about it. We will do that before we start as well as why we need to do it.

2) In the secound category we have certain data, that we would like to keep to improve our products and services and adjust our communication to your needs in the best possible way. This also covers collection of personal data from our website including IP-adresses and cookies on your computer. It can be necessary to make our website work correctly. None of the data in the second category is strictly necessary to deliver our products and services to you. That is why we need your explicite consent to collect and use them. Our legal grounds in this matter is your consent.

Your consent is voluntary and you can withdraw it any time by contacting us using the contact information on the bottom of this page.

Please know that according to the Danish legislation we have the right to contact you with quotations on our own products like the ones you have bought earlier because of you being a customer. This is the case if we have received your email address earlier and even without an explicit consent from you. You will always have the opportunity to opt-out of this type of information at the same time.

3) In the third category we have certain data that we keep to maintain future interests in case there will come a need for them. The reason for keeping them will be ”legitimate interest” as mentioned in the GDPR. This means that we keep your data for a period of time based on a specific evaluation. See more below regarding deletion and removal of data.

We delete your data when we no longer need them
We make an estimate to see when we will no longer need your data and when this is the case, we delete them.

Among other things it is based on:
− What did we deliver (product, service, counselling)
− How long is it since we have had a relation (employee, customer, supplier, etc.)
− Did we have any communication since then
− Whether we know that you get normally in touch from time to time to order new   products, etc.
− Did you consent to let us keep your personal data, e.g. for marketing purposes
− Do we take on a responsibility towards you doing this and what would that be

We have to keep some data at least five years due to the ”Bogføringsloven” (financial reporting). This could be invoices to pay tax and vat and to be able to document this to the authorities.


We check and update your data on a regular basis
We regularly check that the data we keep is not wrong or misleading by comparing our records to public databases. Please feel free to supply any changes yourself using the contact information below.


We sometimes have to pass on your data
We do NOT sell, publish or pass on your data to other parties unless:

• To deliver our products or services to you
• To comply with legislation
• You gave us your consent
• We haver to protect a partner or third party
• It is part of using data partners like MailChimp or DropBox
• It is necessary. We do work with carefully selected partners delivering our products and services to you. It could be delivering goods to your company or home address, manufacturing goods, import, counselling, outsourcing of IT-systems, etc.
• If legislation tell us to. In certain situations legislation can force us to give out information without your consent. It can also be to maintain our immaterial rights or rights belonging to partners or third parties. Relevant examples could be to prevent fraud or other criminal acts.

About our cooperation with data processors in or outside the EU.
We will obtain your consent before we pass on your personal data to data partners in a third country, unless they are our data processors. A third country could be certain African states. The USA is not a third country due to the so-called Privacy-shield agreement between the USA and the EU, when the company in the US has joined the Privacy-Shield agreement (eg. MailChimp). If we decide to pass on your data to a third country we would have ensured that their level of protection of personal data complies with the policy and demand we have in this document as well as the demands from the applicable legislation.


Your rights are numerous
Below you will see that you have numerous rights in relation to our processing of your personal data, e.g. the right to:

• Have erroneous data corrected
• Get insight in your personal data and require a copy
• Have your personal data deleted
• Have your data limited
• Make an objection to be registrated
• Withdraw your consent
• Demand to be informed of transfer of your data to organisations outside the EU
• Present a complaint on how we process your personal data

If you would like to know more or use your rights, we ask you kindly to get in touch using the contact information at the bottom of this page.

The right to have erroneous data corrected
We regularly check that the personal data we process are not wrong or misleading. Among other things we do it by checking public records. You are entitled to have any wrong registrations about yourself corrected.

Get insight in your personal data and require a copy
You are entitled to obtain insight in the personal data we have registered about you at any time and require a copy of them. You may also be informed of the purpose of the processing, how long we keep them and whether we make any automatic transfers, to whom we eventually transfer and from where we have your personal data. On the other hand this is not valid if you already know of the data. For the sake of good order we inform that the right to insight can be limited due to protection of other people’s personal data and our business interests.

The right to have your data deleted
You can – at any time – demand to have our personal data records deleted. If we no longer have a purpose to keep them we will delete them shortly after your request

The right to have your data limited
You can – at any time – ask us to limit the processing of your personal data

Make an objection to be registered
You can – at any time – protest against us keeping your personal data. This includes the right to object to us using your data for marketing purposes. We will evaluate your objection as soon as you present it to us.

Withdraw your consent
You can – at any time – withdraw the consent(s) you have given to us.

Be informed of transfer of your data to organisations outside the EU
You have the right to be informed whether we transfer your personal data to a country outside the EU. We can inform that we transfer personal data to it-suppliers that work as our data processors in the US and other countries if relevant. All our data processors in the US have joined the Privacy-Shield agreement and have obliged themselves to comply with the current Personal Data Act.

Present a complaint
We do everything we can to ensure that your personal data is kept safe and that your rights have the best possible protection. We regularly evaluate our procedures and handling of personal data. Nevertheless, if you do not agree that we are compliant with the current legislation in processing your personal data we ask you to present your complaint by email with the text “GDPR complaint” in the Subject field. You can address us at cdl@carlottasvillage.dk. We will handle your complaint to eliminate any mistakes or wrong perceptions. If you still do not think that we comply with the current legislation you can present your complaint to the “Datatilsynet” at www.datatilsynet.dk


Children
Our business has an adult target group. We do not deliberately collect data from and about children. On the other hand we do realize that the use of electronic devices means that we can never be 100% sure that we do not receive data from and about children. If you are a parent or a guardian and think that your child has provided personal data to us for any reason we ask you to get in touch as fast as possible using the contact information at the bottom of this document.


How do we keep our personal data?
We are obliged to protect your personal data. Because of the legislation but also because our own ethical rules require that we take good care of your personal data. We use relevant and reasonable technical and organizational safety precautions to ensure that we do not provide unauthorized access to the personal data we keep. The purpose of this is to ensure that the personal data will not be used, destroyed, changed or made public or in any way misused.


We have internal rules on information security
This means – among other things – that personal data is only accessible to those who need it. These people have signed a confidentiality agreement.

For our IT-systems we have implemented the below:

• Antivirus on all IT-systems processing personal data
• Passwords on all computers with regular mandatory changes
• Regular backup on all IT-systems processing personal data
• Limited access to personal data and only access to necessary data
• Data processing agreements with suppliers that process our personal data where relevant, to ensure compliance with legislation and our policies
• Risk assessment and documentation of all IT-systems processing personal data


Risk and disclaimer
The largest threat to misuse of personal data is the act of people themselves. It is up to you to take good care of your personal data (e.g. never give out passwords), as it is up to us to take human actions into account. Even though we have taken all the above steps to limit risk in processing personal data we do not have a 100% guarantee that unintended events will not occur. We therefore disclaim any loss resulting from unintended events relating to our use and processing of your personal data to the extent that we can do so under applicable law. We cannot be held liable for any loss arising from the use of our company, our products and services, our website, systems, apps and other software to the extent that we can do so under applicable law. We recommend that you also take steps to secure your personal data yourself. You can do this by closing your browser after use, by logging out of all accounts after use, by installing antivirus, antimalware and other software that can improve the security of your computer.


Information
As mentioned, we have taken a large number of steps to obtain secure processing of your personal data. Should our IT systems and other security measures be compromised, we will notify you without undue delays if compromise entails a high risk of your rights and freedoms.


Contact information
Our company Carlottas Village ApS is data controller and ensures that your data is processed compliant with applicable legislation:

Carlottas Village ApS
Østrupvej 23
DK‐8543 Hornslet
cvr 3294 8790
tel 2115 6303
www.carlottasvillage.dk
info(at)carlottasvillage.dk


Updates to this policy
We update our personal data policy when we consider it necessary. This may be, for example, when we provide new services and products. When we make changes to the personal data policy, we will mention it below.