At Roccai ApS, Aldersrovej 34, 8200 Aarhus N, CVR no. 1064198 (“Roccai” or “we“), we understand the importance of processing personal data in a respectful and secure manner. Being a company incorporated in Denmark, we are committed to complying with the requirements and obligations relating to the processing of personal data under applicable law, namely the General Data Protection Regulation (“GDPR“). We have therefore implemented appropriate procedures to protect your personal data.
2. Categories of data, purpose, and legal basis
Roccai will process your personal data as described below:
|Data subjects and categories |
of personal data
|Purpose of processing||Legal basis|
|Use of contact form: When you use the “contact form” on our Website, we will process your name, email address, your preferences as to how you wish to be contacted, the name of the company you work in, and if relevant, the nature of your inquiry.||The purpose is to be able to administer your request to get in contact regarding our products.||We will process your personal data based on Article 6 (1) (f). Roccai has legitimate interests in providing a contact form that works optimally and ensures we can contact our potential customers when they request.|
|Creation of user account: When you create a user account on our Website, we will process your name, company name, email and the password you create, and the type of product you decide to choose.||The purpose is to be able to provide you with our products as part of our collaboration as well as administer your log-in to our platform.||We will process your personal data based on Article 6 (1) (f). Roccai has legitimate interests in providing you with the services and products you request.|
|Email marketing: As part of creating your user account, we will also obtain information on whether you wish to receive our newsletters.||When you sign up to receive newsletters, this is done for marketing purposes.||We will process your personal data based on Article 6 (1) (f), for example, when you sign up to receive newsletters from us. Roccai has legitimate interests in providing you with such newsletters on your request.|
|Provision of services: We provide B-2-B services, so our customer data consists mainly of company data. However, we may process your name as a contact person employed with our customer or a collaboration partner. We may also register your work email address; company address and other information which may be relevant and provided to us during our collaboration.||The purpose of this process is to be able to provide our services.||The legal basis for the processing of personal data in this regard is the GDPR Article 6 (1) (f). Our legitimate interest is to process your data for the performance of a contract to which you are a party or to take steps at your request before entering into a contract.|
In certain cases, the processing of your data is necessary to comply with a legal obligation imposed on Roccai, for example, in connection with the storage of accounting records under the Danish Bookkeeping Act. In such cases, the legal basis is the GDPR Article 6 (1) (c).
3. The source of the personal data
4. Recipients of personal data and third countries
Certain IT service providers will process your personal data, among them the provider of the technical solution behind our products. These IT providers will act solely on Roccai’s behalf and in accordance with our instructions and the obligations laid down in the data processing agreement concluded. These data processors may not process your personal data for their own purposes.
Your personal data may be transferred to countries outside the EU/EEA, for example, to the United States. Roccai will ensure that the transfer takes place in accordance with applicable data protection law. This entails that any party outside of the EU/EEA that receives your personal data will ensure an adequate level of protection; for example, by entering into the EU Commission’s Standard Contractual Clauses (“SCCs“) (a copy hereof can be requested by contacting Roccai) and we always will ensure the implementation of additional safeguards if deemed necessary on a case-by-case basis.
5. Retention of personal data
The data you provide through our contact form will be deleted once we have reached you, as requested. If you decide to move forward with an order, we will store your personal data for the period of our collaboration.
Inquiries from potential customers will be deleted immediately after the inquiry is handled unless a longer retention period is required for documentation purposes, e.g., to a dispute, including for the establishment, exercise, or defense of legal claims.
Inquiries from existing customers will be deleted two years after termination of the contractual relationship unless a longer retention period is required for documentation purposes, e.g., to a dispute, including for the establishment, exercise, or defense of legal claims.
If your personal data are included in Roccai’s accounting records, e.g., in connection with invoicing relating to a purchase, your data will be stored for five years from the end of the financial year to which the accounting records relate. This is to ensure compliance with our legal obligations under the Danish Bookkeeping Act.
6. Your rights
We have taken a number of measures to protect your personal data and safeguard your rights. Because of our processing of your personal data, you will have the rights described below. However, some rights apply only in certain circumstances and with exceptions. The Danish Data Protection Agency has issued guidance on the rights of data subjects. For details about your rights, please be informed that (available in Danish):
- You have the right to request access to and receive a copy of the personal data that we process about you and, in this context, also to receive a range of additional information.
- You have a right to have incorrect personal data about yourself rectified and to have incomplete personal data completed.
- You have the right to request that personal data about you are deleted in certain circumstances, e.g., if the processing is based on your consent and you choose to withdraw that consent.
- You have a right to restrict the processing of your personal data, e.g., if the accuracy of the personal data is contested.
- Where our processing is done automatically and is based on your consent or the performance of an agreement with you, you have the right to request to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format and to request the transmission, where technically feasible, of such data to another controller.
- You may object to our processing of your personal data, particularly in direct marketing.
- You may request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- You may withdraw your consent to processing your personal data at any time. Withdrawal of your consent will not affect the processing of your personal data before the withdrawal date.
If you wish to exercise any of the above rights, or if you wish to withdraw your consent, please feel free to contact us at firstname.lastname@example.org.
7. Questions, complaints, and contact details
If you disagree with the way in which we process your personal data, you may file a complaint with the Danish Data Protection Agency using the contact details that are available here. However, we hope that you will contact us first, using the above contact details, so that we may try to come to an agreement.
Last changed: the 3rd of July 2023