data protection policy.

Melsen Tech A/S

Data Protection Policy

(GDPR – General Data Protection Regulation)

Policy for Process and Protection of Personal Information


This Data Protection Policy concerns Melsen Tech A/S.

This policy helps to ensure and document how the company protects any personal information in compliance to the rules for the process of any personal information.

The policy further contributes to and makes sure that the company informs of the process and whenever personal information is used in any way.

The policy is reviewed every year.


Register of the Process of Personal Information

This register describes how Melsen Tech A/S processes any data collected by business clients, suppliers and employees.


Cataloguing of Registered People

The company processes personal information about

  1. Clients

  2. Suppliers

  3. Employees


Purpose of Registration of Data

The company does not collect any more personal information than necessary in regards to fulfilment of the purpose at hand.

The register provides an overview of the processing which the company is responsible for.

The personal information is a prerequisite for the company to be able to confirm and enter into contracts with clients, suppliers and employees.

The purpose of collection data with clients is entirely in regards to billing and order registration.

The purpose of collection of data with suppliers is entirely in regards to billing and order registration.

The purpose of collection of data with employees is part in regards to employee administration, in which we include recruiting, employment, resignation and payment of salary. It is also in regards to use of Melsen Tech A/S’s recordings of any photos and videos for a sale and marketing purpose.

The company does not use any personal information for other purposes than listed above.


How to Approve Storage of Data for Clients, Suppliers and Employees

Along with any offers and order confirmations, clients and customers are made aware of the fact that their personal data will be stored through a link in this document,

”Melsen Tech A/S Data Protection Policy”

at Melsen Tech A/S’s own webpage www.melsentech.com.

The following information of identification is stored:

Name

Address

E-mail

Phone number

CVR of the company

Purchase information which include the client’s or the customer’s potential remarks to any given order.

Employees at Melsen Tech A/S sign a statement of consent for process of personal information.


Collection and Registration of Data

The following information is stored:

Personal information: see the Contractual Functions Act and Law of Proof of Employment

Name

Address

E-mail

Phone number

Social security number

Photo and video – for use in a sale and/or marketing purpose

Sensitive personal information:

Information in regards to health – see the Law for Illness Benefits or the Law for Flexible Jobs

Information about criminal records


Every Piece of Information is Stored Electronically

The company has introduced the following main guidelines in regards to storage and deleting of any personal information:

  1. E-mails received from clients/suppliers and employees are stored electronically in Melsen Tech A/S’s own e-mail system.

  2. Any used computer has a password, antivirus, firewall programs as well as spam filters.

  3. Client invoices and supplier invoices with name, address and purchase are stored physically in accordance to the Accounting Act.

  4. Personal information is stored in physical binders in locked archives.

  5. Personal information is stored in IT-systems and on separate servers.


Deleting of Data

  1. Deleting of information about clients/suppliers takes place after five years in accordance to the Accounting Law.

  2. Personal information is not stored longer than necessary for the purpose of the case in question.

  3. Employee information is deleted five years after any employee expiration.

  4. Job applicants personal information, which is not activated, will be deleted after six months.


Data Security

Based on the attached risk assessment the company has installed the following safety measures to protect any personal information:

  1. Only employees with a work related purpose has access to the registered personal information either with access to the physical entries or a rights management access to the IT-systems.

  2. All computers are password protected and employees may not hand over their passwords to anyone else.

  3. Computers must have a firewall and an antivirus program installed to be updated continuously.

  4. Computers are automatically set to a shutdown/time out of 15 minutes.

  5. Personal information will be deleted responsibly when any IT-equipment is replaced or repaired.

  6. USB-keys, external hard drives and such with any personal information must be kept in a locked drawer or cabinet.

  7. Physical binders are placed in a locked office or locked cabinets.

  8. Email correspondences in relation to a recruitment, administration of employee and treatment of salaries are carried out with a specific email address.

  9. General employee information is treated with a link or a short cut on the personal computers to PDF documents that are secure and unable to print.

  10. All employees must receive instructions on how to deal with personal information as well as how these shall be protected.


Disclosure of Data

A disclosure of relevant data occurs for processing with data processors.

A data process agreement is in place with all Melsen Tech A/S’s data processors.

A safe and encrypted email is used through the encryption form SSL. The server is located in Denmark and our webpage is thus hosted within the EU.


Rights

The company takes care of the rights of any registered including the right to insight, redraw of consent, correction and deleting, and the company keeps the registered updated about the company’s process of any personal information.

Registered always has the right to file a complaint to the Data Inspectorate.


Violation of the Data Protection Policy

In case of a violation of the Data Protection Policy the company reports the break as soon as possible to the Data Inspectorate within 72 hours.

CFO Birgit Villadsen is responsible for this action to take place.

In the report the break is described as well as the group of people it concerns, the consequences the break may have for these people and how the company has or plans to remedy the break.

In cases where the break implies a higher risk for the involved people, of whom the company processes the personal information, the company will further notify those people.

The company documents all breaks of the Data Protection Policy at

https://www.datatilsynet.dk/blanketter/generelt-om-anmeldelse/anmeldelse-trin-for-trin