Privacy Policy

efacto
Gersonsvej 7
DK-2900 Hellerup
VAT number: 24223183
This is version 6, last updated May 1st 2023 at 2:43pm.

Introduction
1. This privacy policy (“Policy”) describes how efacto (“us”, “we”, “our”) in the role of data controller collects and processes your personal data in connection with the purchase of services, membership, products, or general use of our website.
2. The Policy has been created and made available to comply with the General Data Protection Regulation (2016/679 of April 27 2016) (“GDPR”) and the rules therein regarding the obligation to inform.
3. The Policy aims to help you understand what personal data we collect, why we collect it, and how we protect, store, and delete it.
Collection of Information through the Use of Cookies
1. When visiting and using our website(s), cookies are collected and used based on consent. Information in these cookies includes (“Cookie data”):
  1. IP address
  2. Location at login
  3. Browser Type
  4. Search terms on our website(s)
  5. Search terms on other website
2. Cookie data is used for improving our website and user experience, delivering services, and for preventing fraud.
3. The use of cookies for the collection of information and data is also in accordance with the Cookie Notice (BEK no. 1148 of 09/12/2011), § 3.
4. If you wish to reject or limit the cookies that are placed on your computer when visiting our website, you can always do this by changing the settings in your browser. However, you should be aware that rejecting or limiting cookies will affect some of the functionality of the website and will result in features on the website that you cannot access or see. All browsers allow you to delete cookies in bulk or individually. How this is done depends on the browser used. If you use multiple browsers, remember to delete cookies in all browsers.
5. You can also manage your consent and reject or limit cookies here.
Types of Personal Data Processed
1. We process personal data about you when it is relevant and in accordance with applicable law. Depending on the specific circumstances, the processed personal data may include some of the following types of personal information:
  1. Name
  2. Adress
  3. Phone number
  4. Email
  5. Company name
  6. Bank information (card details or account information)
  7. IP address
  8. Customer number
  9. Username
  10. Shipping tracking information (for example, tracking number)
  11. Invoice and accounting documents
  12. Invoice status (balance, customer points, etc.)
  13. Social security number (CPR number)
  14. Purchase history
2. Under certain circumstances, and where it is strictly relevant, we may process special categories of personal data (also referred to as “sensitive personal data”) about you. These personal data include:
  1. Information revealing racial or ethnic origin
  2. Information about a person’s trade union membership
  3. Information about a person’s political tendencies or convictions
  4. Information about a person’s religious or philosophical beliefs
  5. Health information (health, illness, diagnosis, etc.)
  6. Information about sexual orientation or preferences
3. We process these sensitive personal data with the following purpose in mind: These are follow-up data that may appear on stored invoices.
4. When relevant, personal data is collected from external sources. The information can appear on stored invoices.
5. If we need to collect and process additional personal data beyond what is specified above, we will inform you at the time of collection. Such information can also be provided by updating this Policy.
For what purpose do we process personal data?
1. We only process your personal data if we have a legitimate purpose and therefore in accordance with the rules of the GDPR. Depending on the circumstances, personal data may be processed for the following purposes:
  1. To be able to deliver or offer our services to users, customers, or members.
  2. To provide service announcements and information to users, customers, or members.
  3. To store personal data to the extent required by applicable law, such as the retention of accounting and bookkeeping documents.
  4. To respond to inquiries and/or complaints from users, customers, or members.
  5. For marketing purposes
    1. For processing and sending marketing content based on preferences.
    2. For creation of interest profiles to promote relevant services, provide customised marketing for you, improve your user experience with our services/websites.
    3. For identifying you as a user and showing you the ads that are most likely to be relevant to you.
    4. Providing the services you have requested, such as sending you a newsletter, a white paper, webinar information or contacting you on request.
Legal Basis for Processing Personal Data
1. We only process your personal data when we have a lawful basis for processing in accordance with the GDPR. The processing of personal data, depending on the specific circumstances, is based on the following legal grounds:
  1. The basis for processing the specific personal data is your consent, cf. to GDPR, article 6(1)(a). You can withdraw your consent at any time by contacting us using the contact information provided at the bottom of this Policy. If you withdraw your consent, the personal data processed on the basis of consent will be deleted unless they can or must be processed, for example, to comply with a legal obligation.
  2. The processing is necessary for compliance with applicable law, cf. to GDPR, article 6(1)(c).
  3. The processing is necessary for the pursuit of a legitimate interest, where the data subject’s interests or fundamental rights and freedoms, which require protection of personal data, do not override such interests, cf. to GDPR, article 6(1)(f).
2. When relevant and strictly necessary, sensitive personal data (“special categories of personal data”) indicated in the GDPR, article 9(1), are processed. In such cases, processing will only occur if allowed under the GDPR, article 9(2) to 4, including in the following cases:
  1. The processing is necessary for compliance with a work, health, or social law obligation, when the obligations follow from legislation or a collective agreement that provides necessary guarantees for the data subject’s fundamental rights and interests, cf. to the GDPR, article 9(2)(b).
Disclosure and Transfer of Personal Data
1. We only disclose personal data to others when the law permits or requires it, including when it is relevant and upon your and/or the data controller’s specific request.
Deletion and Storage of Personal Data
1. We ensure that personal data are deleted when they are no longer relevant to our processing purposes as described above. We always retain personal data for the period required by applicable law, including for the purpose of documenting compliance with, among other things, the provisions of the accounting act. If you have any questions regarding the storage and processing of personal data, you are welcome to contact us at the email address you can find in the last section of this Policy.
Your rights
1. As a data subject, you have a number of rights:
  1. You have the right to request access to the personal data we process about you, the purposes of the processing, and whether we disclose your personal data to others.
  2. You have the right to have incorrect personal data about you rectified.
  3. In certain cases, you have the right to have some of your personal data deleted.
  4. In certain cases, you have the right to have the processing of your personal data restricted, so that we can only store your personal data for a specified period.
  5. In certain cases, you have the right to object to our processing of your personal data on the basis of reasons and circumstances relating to your particular situation.
  6. You have the right not to be subject to an automatic decision without human intervention, unless the decision is necessary for your employment with us, or the making of the decision is authorised by law or your explicit consent.
  7. If we have obtained your consent for part of our processing of your personal data, you have the right to withdraw your consent at any time. Withdrawing your consent does not affect the lawfulness of the processing based on the consent prior to the withdrawal.
  8. In certain cases, you have the right to so-called data portability of the personal data you have submitted to us.
  9. You always have the right to complain to the Data Protection Authority.
2. There may be conditions or limitations to these rights. It is therefore not certain, for example, that you have the right to data portability in the specific case – this depends on the specific circumstances of the processing activities.
3. You can find more information about your rights as a data subject on the website of the Data Protection Authority.
4. Please use the contact information below if you wish to exercise your rights.
5. We strive to meet your wishes regarding our processing of personal data, but you can always submit a complaint to the Data Protection Authority.
Changes to This Policy
1. We reserve the right to update and make changes in this Policy. If we change the Policy, we will change the date and version at the top of the document. In the case of significant changes, we will notify you in the form of a visible notice on our website, by email, or by using other communication.
Contact Information
1. You are welcome to contact us at the email address below, if you:
  1. Disagree with our processing or believe that our processing of your personal data violates the law.
  2. Have questions or otherwise have comments on this Policy, or
  3. Wish to exercise one or more of your rights as a data subject.

Please contact Tonny Jørgensen at tj@efacto.com.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_144068818_2	1 minute	This cookie is set by Google and is used to distinguish users.
_gat_gtag_UA_144068818_3	1 minute	This cookie is set by Google and is used to distinguish users.
_gat_UA-144068818-3	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.

Cookie	Duration	Description
_ga_110RV1MMJR	2 years	No description
_ga_29E4GVHTMB	2 years	No description
_lfa	2 years	This cookie is set by the provider Leadfeeder. This cookie is used for identifying the IP address of devices visiting the website. The cookie collects information such as IP addresses, time spent on website and page requests for the visits.This collected information is used for retargeting of multiple users routing from the same IP address.
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-others	1 year	No description