Data Protection and Privacy Policy

1. Introduction

1.1 This Data Protection and Privacy Policy (the “Policy”) describes how Coignite ApS (“us”, “we” or “our”) collects and processes personal data in connection with the purchase of services or the general use of our website.

1.2 The Policy has been prepared and made available to comply with the General Data Protection Regulation (2016/679 of 27 April 2016) (“GDPR”) and the rules included herein regarding information to be provided to you.

2. Types of Personal Data Processed

2.1 We process personal data about you when necessary and in accordance with applicable law. Depending on the specific circumstances, the personal data processed include the following types:

• a) name
• b) address
• c) telephone number
• d) e-mail

2.2 If we need to collect more personal data than stated above, we will inform you about this. Such information will be provided by updating this policy.

3. Purpose of processing personal data

3.1 The personal data we collect about you is processed for the following purposes:

• a) To provide products or services to a user, customer or member.
• b) To facilitate a sales process.

4th. Legal basis for processing personal data

4.1 We only process your personal data when we have a legal basis to do so in accordance with GDPR. Depending on the specific circumstances, the processing of personal data takes place on the following legal bases:

• a) If we have asked for consent to the processing of specific personal data, the legal basis for such personal data is consent in accordance with Article 6 (1) (a) GDPR, since consent can always be withdrawn by contacting us via the contact details at the end of this policy, and if the consent is withdrawn, the personal data processed on the basis of consent will be deleted unless they can or must be processed, for example, to comply with legal obligations.
• (b) the processing is necessary for the performance of a contract to which the data subject is party in accordance with the first indent of Article 6 (1) (b) of the GDPR.
• (c) the processing is necessary in order to take measures at the data subject's request prior to the conclusion of a contract in accordance with the last indent of Article 6 (1) (b) of the GDPR.
• (d) the processing is necessary for the protection of legitimate interests if such interests are not overridden by the interests of the data subject or fundamental rights and freedoms which require the protection of personal data, cf. GDPR Article 6 (1) (f).
• e) The processing is necessary to comply with applicable law, cf. GDPR Article 6 (1) (c).

5. Disclosure and transfer of personal data

5.1 We only disclose personal data to others when permitted or required by law, including when applicable, and you or a data controller asks us to do so.

5.2 We transfer personal data to the following recipients from the EU/EEA:

• a) Data processors
• b) Suppliers

5.3 From time to time we use external companies as suppliers to help us provide our services. The external suppliers will not receive or process personal data unless the applicable law permits such transfer and processing. Where the external parties are data processors, the processing is always carried out on the basis of a data processing agreement in accordance with the requirements for this under the GDPR. Where the external parties are data controllers, the processing of personal data will be carried out on the basis of the external parties' own data protection policies and legal bases, of which the external parties are obliged to inform, unless otherwise permitted by applicable law.

5.4 We transfer personal data to countries or international organisations outside the EU/EEA. Personal data will be transferred to the following countries not covered by an Article 45 adequacy decision: the United States of America. Such transfers are based on the standard contractual clauses on data protection made or approved by the EU Commission and possibly approved by a national data protection agency, ensuring an adequate level of protection.

5.5 If you have any questions about our use of data processors, cooperation with other data controllers, including subsidiaries, or the transfer of data to third countries, please contact us for more information or proof of our legal basis for such transfers.

6. Deletion and storage of personal data

6.1 We ensure that the personal data are deleted when they are no longer relevant for the processing purposes described above. We also retain personal data to the extent that it is an obligation under applicable law, as is the case, for example, with accounting and accounting materials and records. If you have any questions about our storage of personal data, please contact the email mentioned in the last section of this policy.

7. Rights of the data subject

7.1 As a data subject under the GDPR, you have a number of rights:

• 7.1.1 You have the right to request access to the personal data we process about you, the purposes for which we process the personal data and whether we disclose or transfer your personal data to others.
• 7.1.2 You have the right to have incorrect information corrected.
• 7.1.3 You have the right to have certain personal data erased.
• 7.1.4 You may have the right to restrict our processing of your personal data. You may have the right to object to our processing of your personal data based on reasons and circumstances relating to your situation.
• 7.1.5 You have the right not to be subject to a decision based solely on automated means without human intervention, unless the decision is necessary for your employment, the decision has a legal basis or is based on your express consent.
• 7.1.6 If the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time. Withdrawal of your consent will not affect the lawfulness of the processing carried out prior to your withdrawal of consent.
• 7.1.7 You have the right to receive personal data that you have provided to us in a structured, commonly used and machine-readable format (data portability).
• 7.1.8 You can always lodge a complaint with the Data Protection Agency.

7.2 Your rights may be subject to conditions or restrictions. Therefore, there is no assurance that you will be entitled to, for example, data portability in the specific situation; it will depend on the circumstances of the processing.

7.3 You can find more information about the rights of data subjects in the guidelines of the national data protection authorities.

7.4 Please use the contact details below if you wish to exercise your rights.

7.5 We try to accommodate your requests regarding our processing of personal data, but you can always lodge a complaint with the data protection authorities.

8. Changes to this Policy

8.1 We reserve the right to update and amend this Policy. If we do, we will correct the date and version at the bottom of this policy. In the event of significant changes, we will provide notice in the form of a visible notice, for example on our website or via direct message.

9. Contact Us

9.1 You may contact us at the following email address if you:

• disagree with our processing or believe that our processing of your personal data violates the law;
• have questions or comments about this policy; or
• wish to invoke one or more of your rights as a data subject described in this Policy.

If you have any questions or comments about this policy, or if you would like to invoke the rights of one or more data subjects, please contact us via our contact page.