Customers, potential customers and newsletter recipients at Notes of Colour A/S.
At Notes of Colour A/S (”Notes”), we only process personal data required for the purposes for which it was collected. We make sure that we comply with data protection legislation, and it is important to us that you have confidence in our processing of your personal data.
1. Data controller.
The legal entity responsible for your personal data is:
If you have any questions about our processing of your personal data, you are always welcome to contact our legal department at the email address stated above.
2. Categories of personal data.
The personal data we process about you as a customer or potential customer may include:
Identifying information, including name, company name, address, telephone number, email address, company registration number, Notes customer number and, possibly, birthday.
Payment history, payment details and credit rating.
Information included in our correspondence with you.
Cookies and electronic traces.
3. Purpose and legal basis.
Our data processing has the following purpose and legal basis:
3.1 Management of existing and potential customer relationships.
In connection with your orders and purchases, we process your identifying information, pay-ment details and information included in our correspondence with you. GDPR Article 6(1)(b) concerning processing necessary for entering into a contract and for the performance of a contract.
When granting credit to business customers (sole proprietors), we process identifying information, payment history and credit rating. GDPR Article 6(1)(b) concerning processing necessary for entering into a contract and for the performance of a contract.
When granting credit to private customers, we use identifying information, payment history, credit rating and social security number. GDPR Article 6(1)(b) concerning processing necessary for entering into a contract and for the performance of a contract, and section 11(2)(4) of the Danish Data Protection Act.
3.1 Marketing, newsletters and general building of customer relationships.
For the purpose of building and developing existing and potential customer relationships, including sending out newsletters, we process identifying information, purchase history and information included in our correspondence with you. Our newsletters contain tracking pixels, which makes it possible to register and analyse logfiles. From the pixel we can see, if and when an e-mail is opened by the recipient, and which links in the e-mail that the recipient has clicked on.
GDPR Article 6(1)(f) concerning processing necessary for the purposes of legitimate interests that are not overridden by the interests of the data subject. The legitimate interests pursued by Notesare the promotion of our business and provision to our customers of the best possible service and special offers.
3.3 Social media (Facebook, Instagram and TikTok).
When you visit Notes’ pages on social media like Facebook, Instagram and TikTok, data is collected about you, for which Notesand the specific social media are joint controllers. The purpose of this processing is for Notes to receive anonymised data from the social medias about visitors to our pages.
When you write to us through social media, we will process the personal data included in our correspondence with you. The purpose is to be able to answer your enquiry.
GDPR Article 6(1)(f) concerning processing necessary for the purposes of legitimate interests that are not overridden by the interests of the data subject. The legitimate interest pursued by Notes is insight into our social media visitors as well as being able to respond to enquiries on social media.
3.4 Cookies and electronic traces.
When you visit our webpage cookies are placed, and we collect your IP address and data about your use of the webpage. Some cookies are necessary, while others have a functional, statistical or marketing purpose and can be selected or deselected in your cookie consent. Some information will be transferred to third parties.
GDPR Article 6(1)(a) concerning processing the data subject has consented to and GDPR Article 6(1)(f) concerning processing necessary for the purposes of legitimate interests that are not overridden by the interests of the data subject. The legitimate interests pursued by Notes are the interest in offering an interesting, relevant and functional webpage.
4. Use of tracking pixels for marketing.
When you sign up for our newsletter, accept our cookies or buy goods from us, in some cases Notes sends non-reversible hashed information in the form of e-mail address, address, telephone number and in some cases information about your interest in one or more of Notes’ products to Facebook (Meta) and TikTok. This is due to the fact that Notes uses Custom Audiences (also referred to as Lookalike Audiences) in order to create target groups for subsequent advertising.
The legal basis for our processing of your information is our interest in spreading knowledge about Notes’ products and services, including to other persons who might have similar interests in Notes products, cf. the General Data Protection Regulation, article 6, subsection 1, letter f – see possibly also point 3 above. The overall purpose is thus marketing and branding.
In addition to the possibility of making objections to our processing for this purpose in accordance with section 7 below, you have the opportunity to object to Facebook and TikTok by changing your settings and deactivating “Custom Audiences and Lookalike Audiences”.
You can do so by following the instructions on the following links:
Your personal data is exclusively processed for the purpose mentioned above as long as we legally may process the information in regard to other purposes, and as long as we have a legal cookie consent, if the processing was made on this basis or until we receive your objection to the processing of your personal data to the purpose above. Since Facebook has a parent company located in the United States, there can be a risk of access to your personal data from this unsecure third country. However, Notes has ensured that your personal data are hashed (encrypted) and in addition to this, Notes has entered the EU Commission’s Standard Regulations with Facebook and TikTok as the basis for any transfer.
5. Categories of recipients.
Notes will only disclose information about you in strict compliance with the rules on processing of personal data and other Danish legislation. We will assess in each case whether such disclosure requires your explicit consent, or whether disclosure may take place on a different legal basis.
We disclose or make available personal data to the following categories of recipients:
Our data processors based on data processing agreements.
Banks in connection with the administration of payments.
Debt collection and credit rating agencies when granting credit and in case of default on loans/credits.
Public authorities in connection with statutory reporting.
Collaborators who are independent data controllers.
Other companies in the Flügger group for administration and support purposes.
Flügger Franchise stores if you pick up your web shop order in a Franchise store.
6. Transfer to third countries.
In some cases, including when we provide support for our web services, your personal data may be transferred to data processors in countries outside the EU/EEA. We will only transfer personal data to data processors in countries that the European Commission considers to be safe third countries, or who have given the required data protection guarantees through the EU Commission’s standard contractual provisions.
If you want to know more about this processing, you can contact us by email at firstname.lastname@example.org.
We will delete the data about you when it is no longer required for the purposes for which it was processed.
In order to ensure correct handling of recurring customer relationships, potential complaints, warranty and bookkeeping obligations, and to be able to meet other obligations, we have ascertained that we need to retain the data for up to five financial years plus the current year from the end of the customer relationship.
For future and potential customers covered by marketing-related activities, we follow the applicable rules in the Danish Marketing Practices Act and comply with fair marketing practices.
8. Your rights.
When we process your personal data, you have the following rights provided by law:
You have the right to request access to and rectification or erasure of the data we process about you.
You also have the right to request restriction of processing of your personal data or object against it, including and particularly in the case of profiling and direct marketing.
In some cases, you have the right to receive personal data you have provided to us in a structured, commonly used and machine-readable format as well as to transmit the data to another data controller.
If we process your personal data based on your consent, you may withdraw your consent at any time.
If you wish to exercise any of these rights, please contact our legal department by e-mail at email@example.com. We will then access whether it is possible to accommodate your request. You will receive our reply as soon as possible and no later than one month after we received your request.
If you are not satisfied with our reply, or if you disagree with the way your personal data has been processed, you can complain to the Danish Data Protection Agency. See how to contact the Data Protection Agency at www.datatilsynet.dk.
Version 3, updated July 2023.