Privacy Policy

1. Data Controller

We are the data controller for the processing of the personal data that we handle about our customers and business partners. You can find our contact information below.

Worm ApS
Bakkegårdsvej 4, 7900 Nykøbing M
CVR: 39708809

If you have any questions regarding the processing of your personal data, you can contact us via worm@worm.dk.

2. Processing Activities

2.1. Website visit

When you visit our website, we use cookies to ensure that the website functions. You can read more about this in our link to the cookie policy.

2.2. Communication with potential customers

When you have questions about our website or wish to hear more about our services, you can contact us via:

• Contact form
• Email
• Telephone
  
  

Through this, we will process your personal data so that we can engage in a dialogue with you, for example, by answering questions about our services. We only process the information that you provide to us in connection with our communication.

We will typically process the following common information: name, email, telephone number, address.

Our legal basis for processing this personal data is Article 6(1)(f) of the General Data Protection Regulation (GDPR).

We will delete our communication with you once it is clear whether you wish to use our services or not.

In certain cases, if there arises a need to store your personal data for a longer period, this may be applicable.

2.3. Customers

We need to communicate with our customers to ensure that the service is delivered correctly. Through this, we may process information such as name, address, services, special agreements, payment information, and similar details.

The legal basis for processing this personal data is Article 6(1)(b) of the GDPR.

When the service is delivered and any outstanding matters are resolved, we will promptly delete the personal data.

2.4. Newsletter

We have a newsletter which you can subscribe to on a voluntary basis – and you can always unsubscribe again.

The purpose of the newsletter is to send emails containing new information from the company to those subscribed, which may include new content on the website or announcements of our services.

We will only send you emails if you have given your active consent to this. Initially, this requires you to provide your email address, to which we subsequently send an email so that you can confirm your subscription. In this way, we ensure that you have indeed subscribed to the newsletter, i.e., you have given active consent.

Our legal basis for processing your personal data (i.e., the email address) in connection with the newsletter is Article 6(1)(a) of the GDPR.

We will process your personal data as long as you remain subscribed to the newsletter. Upon unsubscribing from the newsletter, we will also stop sending it to you. If we have not sent you a newsletter for 1 year, then your consent will lapse as a result of our inactivity.

Upon unsubscription from the newsletter, we will store your previous consent for 2 years after it was last used, in accordance with the statute of limitations pursuant to section 11.3 of the Danish Consumer Ombudsman’s spam guidelines.

2.5. Bookkeeping

We are required to store all accounting documents in accordance with the Bookkeeping Act. This means that we store invoices and similar documents for accounting purposes. These may include ordinary personal data such as name, address, and service descriptions.

Our legal basis for processing personal data for bookkeeping is Article 6(1) of the GDPR.

We retain this information for at least 5 years after the current financial year has ended.

2.6. Job Applications

We gladly accept job applications in order to assess whether they match a recruitment need in our company.

If you send your job application to us, our legal basis for processing your personal data is Article 6(1)(f) of the GDPR.

If you have sent an unsolicited application, we will immediately assess whether your application is relevant and subsequently delete your data if there is no match.

If you have sent an application for a posted job, we will discard your application in the event that you are not hired, immediately after the right candidate has been selected for the job.

If you enter a recruitment process and/or are hired for the job, we will provide you with separate information on how we process your personal data in connection with that.

3. Data Processors

Few can do everything by themselves, and the same applies to us. Therefore, we have business partners and use suppliers, some of which may be data processors.

External suppliers may, for example, provide systems to organize our work, services, consulting, IT hosting, or marketing.

It is our responsibility to ensure that your personal data is processed properly. Therefore, we impose high standards on our partners, and our partners must guarantee that your personal data is protected.

We therefore enter into agreements with companies (data processors) that handle personal data on our behalf in order to enhance the security of your personal data.

4. Disclosure of Personal Data

We do not disclose your personal data to third parties.

5. Profiling and Automated Decisions

We do not engage in profiling or automated decision-making.

6.  Transfers to Third Countries

As a rule, we use data processors in the EU/EEA, or who store data in the EU/EEA.

In some cases, this is not possible, and in these cases data processors outside the EU/EEA may be used if they can provide appropriate protection for your personal data.

7.  Processing Security

We keep the processing of personal data secure by implementing appropriate technical and organisational measures.

We have conducted risk assessments of our personal data processing and have subsequently implemented appropriate technical and organizational measures to increase processing security.

One of our most important measures is to keep our employees updated on GDPR through continuous awareness training, GDPR courses, and by reviewing our GDPR procedures with our employees.

8. The Rights of the Data Subjects

Under the General Data Protection Regulation, you have a number of rights regarding our processing of information about you.

If you wish to exercise your rights, please contact us so that we can assist you.

8.1. Right of Access

You have the right to obtain access to the information that we process about you, as well as a number of additional details.

8.2. Right to Rectification

You have the right to have inaccurate information about yourself corrected.

8.3. Right to Erasure

In certain cases, you have the right to have information about you deleted before the time for our general deletion occurs.

8.4. Right to Restriction of Processing

In certain cases, you have the right to restrict the processing of your personal data. If you are entitled to restrict the processing, we may from then on only process the data – apart from storage – with your consent, or for the purposes of establishing, asserting, or defending legal claims, or to protect a person or important public interests.

8.5. Right to Object

In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You may also object to the processing of your data for direct marketing purposes.

8.6. Right to Data Portability

In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that personal data transferred from one data controller to another without hindrance.

You can read more about your rights in the Danish Data Protection Agency’s guidelines on the rights of data subjects, available at www.datatilsynet.dk.

8.7.  Right to Withdraw Consent

When our processing of your personal data is based on your consent, you have the right to withdraw that consent.

9.  Complaint to the Data Protection Agency

You have the right to file a complaint with the Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find the contact information for the Data Protection Agency at www.datatilsynet.dk.