Personal data
This data protection policy applies to Bosscom ApS.
The policy is intended to help ensure and document that Bosscom protects all personal data in accordance with the provisions of the GDPR. This policy also informs about the processing and use of registered personal data.
List of the processing of personal data
Bosscom processes personal data about:
- Employees
- Customers
- Suppliers and other partners
We have drawn up a list of our processing of personal data. The list gives an overview of the processing the company is responsible for.
Personal data is a prerequisite for Bosscom’ ability to enter employment, customer and supplier contracts.
Purpose and legal basis for the processing
The personal data is processed and stored in connection with:
Personnel administration, including recruitment, employment, resignation and payment of salaries.
Master data for customers and customer products as well as marketing, orders and sales.
Master data for suppliers and other partners as well as requisitions and purchases.
We only use personal data for the stated purposes, and we only collect the data that is necessary to fulfil the purpose.
Storage and deletion
Bosscom has implemented the following general guidelines for storage and erasure of personal data:
Personal data is stored in physical folders.
Personal data is stored in IT systems and on server drives.
Personal data is only stored for as long as necessary to fulfil the purpose of processing.
Personal data about employees is erased five years after employment concludes, if they are no longer required, and personal data on applicants is erased after twelve months.
Data security
Bosscom has taken the following security measures for the protection of personal data:
Only employees who have a work-related need to access registered personal data have access to them, either physically or via IT systems with rights management.
All computers are protected by access codes and employees may not give their access codes to others.
Computers must have a firewall and antivirus software installed that is continually updated.
Personal data is erased in a proper manner when phasing out or replacing IT equipment.
USB sticks, external hard drives etc. containing personal data must be stored in locked drawers or cabinets.
Physical folders must be placed in locked cabinets.
Personal data in physical folders is deleted by shredding.
All employees have been instructed in the processing and protection of personal data.
Disclosure
Employee personal data may be shared with public authorities, e.g. SKAT, Statistics Denmark and pension companies. We do not obtain employee consent if we are legally obligated to disclose personal data, e.g. as part of a mandatory reporting to an authority.
Data Processors
Bosscom only engages data processors who can guarantee that they will implement the appropriate technical and organisational security measures necessary to comply with the requirements of the GDPR.
Rights
Bosscom protects the rights of data subjects, including the right to access, withdrawal of consent, rectification and erasure and will inform the data subject about the company’s processing of personal data. Data subjects have the right to complain to the Danish data Protection Agency.
Breach of personal data security
In the event of a breach of personal data security, Bosscom will report the breach as quickly as possible, and within 72 hours, to the Danish Data Protection Agency. The company’s CEO is responsible for this being performed. The report will describe the breach, which groups of persons are affected and what consequences the breach may have for these persons, as well as how Bosscom has remedied or will remedy the breach. In cases where the breach entails a high risk for those persons about whom Bosscom processes personal data, these persons will be notified. Bosscom documents all breaches of personal data security.
Changes to data etc.
If you wish us to update, amend or erase personal data we have registered about you, wish to gain access to the personal data about you that is processed or do not wish to receive further messages from us or if you have any questions regarding the above, you can direct your inquiries to Bettina Bohn, at bb@bosscom.com. You can also write to us at the following address:
Bosscom ApS
Att.: Bettina Bohn
Ambolten 19
DK-6000 Kolding
Our current privacy policy can always be found on our website. Any amendments, adjustments, revisions etc. will come into force from the time of publication on the website. This also applies to previously registered personal data.