Privacy Policy
Privacy Policy for Nordstern ApS
At Nordstern ApS including all affiliated companies (hereinafter "Nordstern”, ”we" or "our") we prioritize confidentiality and data security.
This privacy policy describes how Nordstern collects and uses the personal data you leave and/or provide when you visit our website and use the various services and functions that we offer on the website. The privacy policy also contains information about our processing of your personal data when you apply for a job at Nordstern or are otherwise in contact with us, e.g. as a buyer, tenant, customer or business partner. Finally, the policy discusses our processing of personal data that is carried out when we receive a report via our whistleblower scheme.
The data controller for the processing of your personal data is formally the company in the Nordstern Group with which you are in contact when, for example, you enter into a purchase or rental agreement, apply for a job, cooperate with us or are otherwise in contact with us. If you are in doubt about who is the data controller for the processing of your information, you are welcome to contact us using the contact information at the bottom of this policy.
1. If you are a user of the website
The following section describes Nordstern's processing of personal data about users of our website www.nordstern.dk.
Collection of personal data
Nordstern may collect, process and store personal data about you in the following cases:
- When you visit and browse our website
- When you use our portal for professional contractors
- When communicating with Nordstern
- When you use other features and services offered by Nordstern
Types of personal data
Nordstern may collect, process, and store the following personal data about you:
- Name, email address and telephone number
- When using the portal for professional contractors, information is processed about the geographical area in which the professional contractor operates, the professional contractor's specialties, which professional group the professional contractor belongs to and the type of agreement that employees on the construction site are covered by
- A unique ID and technical information about your computer, tablet, or mobile phone
- IP address
- Your geographic location
- Information about your use of our website
- Information included in inquiries from you, e.g. information about leases. We encourage you not to provide sensitive personal data to us unless it is strictly necessary for the processing of your inquiry. In this connection, the information should only be sent in highly encrypted form if you submit the information by e-mail.
Purpose of processing
Your personal data may be processed for the following purposes:
- Administration of inquiries, including inquiries via the portal for professional contractors
- Statistics and analysis
Nordstern processes personal data on one or more of the following grounds:
- Legitimate interests: In most cases, the processing of personal data is based on our legitimate interest in, for example, conducting statistics, analyses, marketing activities (which do not require consent), providing support and improving and developing our products and services (Article 6(1)(f) of the General Data Protection Regulation).
- Contractual obligation: In some cases, processing of personal data may be necessary to fulfil an agreement between Nordstern and you, e.g. when you order material (Article 6(1)(b) of the General Data Protection Regulation).
Retention period
Personal data collected through correspondence will generally be deleted no later than after 1 year, unless the correspondence concerns settlements, legal claims or the like. The retention period is determined on the basis of our legitimate interest in providing customer service.
Personal data included in accounting material is stored for 5 years from the end of the financial year, after which the information is deleted.
We refer to section 4 regarding business partners in relation to the retention period for inquiries received via the portal for professional contractors, as professional contractors fall under the category of "partners".
2. If you are a buyer or tenant of our properties
This section describes Nordstern's processing of personal data about buyers and tenants of properties.
Types of personal data
When you are a buyer or tenant of one of Nordstern's properties, Nordstern may collect, process and store the following types of personal data about you:
- Contact information such as name, email, telephone number, address, company (if profession)
- CPR number (social security number)
- Payment and card information
- Property records
- Consumption records
- Information about the tenancy, including complaints, violations of house rules and the like
- Health information, if the agreement with you includes a need for this, e.g. in connection with special adjustments to your lease or correspondence regarding receipt of subsidies/payment of rent via the Danish Service Act or other social legislation
- Communication with you, including electronic communications
The purposes of the processing
Your personal data may be processed for the following purposes:
- Administration of all aspects of the purchase or rental relationship as part of the performance of the purchase or rental agreement, including communication with you
- Sale or mortgage on the property
- Preparation of consumption accounts and statements
- Coordination with craftsmen
- Registration for consumption companies/metering companies, including preparation of consumption accounts
Basis of treatment
Nordstern processes your personal data on one or more of the following bases:
- Contractual obligations: The processing of your personal data is generally necessary for the performance of the purchase or rental agreement (Article 6(1)(b) of the General Data Protection Regulation).
- Legal obligation: In addition, in certain situations, we process your personal data in order to fulfil our legal obligation as a seller or lessor (Article 6(1)(c) of the General Data Protection Regulation).
- Legitimate interests: We base the processing of your personal data on our legitimate interests, including the establishment and safeguarding of legal claims (Article 6(1)(f) of the General Data Protection Regulation).
- Consent: We base our processing of your CPR number on the basis of your consent (Article 6(1)(a) of the General Data Protection Regulation).
Retention period
Your personal data will be deleted when we no longer need to process it for the fulfilment of one or more of the above purposes. However, the information may be processed and stored longer in anonymised form or if we are required to do so by law.
Personal data necessary to document your rental agreement with us is stored for as long as the rental agreement exists and as long as the information is then necessary to document our legal position vis-à-vis you, e.g. in connection with a dispute or recovery of arrears.
As a general rule, personal data about tenants is deleted or anonymized 3 years after the tenant moves out. Personal data registered about buyers is deleted or anonymized at the end of Nordstern's liability period as seller, which as a general rule is 5 years after delivery of the sold property.
Personal data included in accounting material is stored for 5 years from the end of the financial year, after which the information is deleted.
3. If you are a visitor or user of our social media profiles
The following section describes Nordstern's processing of the personal data that you leave and/or provide when you visit Nordstern's social media profiles such as Nordstern's LinkedIn (the "social media"). The section supplements the general privacy policy prepared by the individual social media.
Nordstern and the social media providers are joint data controllers for the processing of personal data collected in connection with your visit to our profile or page on the individual social media. We currently have a profile on LinkedIn (LinkedIn Ireland Unlimited Company):
Types of personal data
When you visit or interact with our social media profiles, Nordstern and the provider of the respective social media may collect, process, and store the following types of personal data about you:
- Information available on your profile, including your name, gender, marital status, workplace, interests and city
- Whether you "like" or have used other reactions to our profile
- Comments you leave on our posts
- That you have visited our profile
Purposes of processing
We process your personal data for the following purposes:
- Improving our services
- Statistics and analysis
- To be able to communicate with you
- Marketing in general
- Recruitment
The social media providers process, among other things, your personal data for the following purposes:
- Ad system improvement
- To provide Nordstern with statistics that social media providers compile on the basis of your visit to our profiles
- Advertising and personalization of activities on the Site
Basis of treatment
The processing of your personal data is based on the following basis:
- Legitimate interests: We base the processing of your personal data on our legitimate interest in being able to communicate with and market ourselves to you on our social media profiles as well as our legitimate interest in improving our services (Article 6(1)(f) of the General Data Protection Regulation).
Under data protection legislation, you have several rights, which you can read more about in section 7 of this policy. The general setup of the social media and the agreements entered into between Nordstern, and the social media require you to contact the social media in question if you wish to exercise your rights against the social media. This is because only social media is functionally capable of taking the necessary steps to meet most of your requests.
If you are a LinkedIn user, please click here to change your settings (link) or exercise your rights (link).
Retention period
We encourage you to delete comments, likes and other interactions that you have left on our profile if you no longer want them to appear on our site. We do not delete such publicly available interactions.
If you communicate with us via the messaging function, we generally delete the messages after 1 year.
Please refer to the privacy policy of the individual the social media providers for information on how long they keep your personal data.
Who do social media providers share your personal data with?
The social media providers may share your personal data with the following categories of recipients, among others:
- Other entities in the group of which the social media provider is a part
- Externally with partners who provide analysis and investigation services
- Advertisers
- Other people who visit our profile or social media page (to the extent your information is publicly available)
- Researchers and other academics
You can find more information about who the social media providers share your personal data within the privacy policies of each provider. The social media providers may transfer your personal data to recipients outside the EU/EEA in accordance with applicable data protection legislation. You can read more in the privacy policies of each provider.
4. If you are a contact person for Nordstern's customers, suppliers, and other business partners
This section describes Nordstern's policy for processing personal data collected from contact persons at Nordstern's customers, suppliers and other business partners, who cooperate with Nordstern.
Collection of personal data
Personal data about you may be collected in one or more of the following cases:
- When your company or the company you are employed by enters into an agreement with Nordstern, including purchasing services offered by Nordstern
- When you have shown interest in Nordstern's services, e.g. by giving Nordstern your business card
- When you collaborate or communicate with Nordstern
- When visiting Nordstern's physical facilities
Types of personal data
Nordstern may collect, process and store the following personal data:
- Name, email address, telephone number, and similar identifying information
- Individual information, such as preferred languages
- Organization information such as company name, company address, position, line of business, primary place of work and country
- Contractual information such as purchase orders, invoices, contracts and similar agreements between your company (or employer) and Nordstern, which may include, among other things, your contact details
- Financial information, such as payment terms, bank account details and creditworthiness
- IT-related information, such as user ID, log-in details as well as data and logs about your use of Nordstern's website and portals
- IP address
- Records collected through Nordstern's security measures, including video surveillance footage
Such information may be provided directly by you (primarily through emails and other correspondence) or by third parties, such as your employer.
Purpose of the processing
The personal data may be collected and processed for the following purposes:
- In general, to plan, fulfil and administer the cooperation, including any contracts
- Administration, e.g. processing of payments (including collection of outstanding invoices), creditworthiness assessment, carrying out accounting, auditing and invoicing activities, shipping and delivery and support services
- Handling requests made by you
- General communication
- Development of products and services
- Statistics and analysis
- Compliance and regulatory purposes, such as fulfilling our legal and compliance obligations to prevent illegal activities
- Maintaining a level of security
- Handling of disputes
Nordstern processes your personal data on the following basis:
- Contractual obligations: In certain cases, the processing of your personal data is necessary for the performance of a contract to which you are a party (Article 6(1)(b) of the General Data Protection Regulation).
- Legitimate interests: We may process your personal data on the basis of our legitimate interest in managing day-to-day operations, including safeguarding our rights and obligations under the agreements etc. that we have entered into with our business partners (Article 6(1)(f) of the General Data Protection Regulation).
- Legal claims: Processing may also be necessary to prevent fraud or to establish, pursue or defend legal claims (Article 6(1)(f) and Article 9(2)(f) of the General Data Protection Regulation).
- Legal obligation: Processing of personal data may in some cases be necessary to comply with legal obligations, e.g. our obligation to prevent illegal activity (Article 6(1)(c) of the General Data Protection Regulation).
Retention period
As a rule, your personal data will be stored for 3 years from the end of the cooperation. However, the information may be stored longer in anonymized form.
Personal data included in accounting material, including documentation of orders, is stored for 5 years from the end of the financial year, after which the information is deleted. The storage period is determined on the basis of the storage requirements in section 12 of the Danish Bookkeeping Act and is therefore done in order to comply with applicable legislation (Article 6(1)(c) of the General Data Protection Regulation).
5. If you apply for a job at Nordstern
If you are applying for a job at Nordstern, you can read more about our processing of your personal data in connection with the recruitment process in this section.
We recommend that your application does not contain a CPR number or sensitive personal data, such as personal data revealing racial or ethnic background, religion, trade union membership, sexuality or health information.
Types of personal data
Nordstern may collect, process and store the following types of personal data about you:
- Contact information such as name, email address and phone number
- Information that appears from the application, CV and any appendices
- Relevant information that is publicly available on the internet and social media, including information about previous employment, activities, competencies, performance and general appearance
- Results of personality tests, if you complete them
- References from former and/or current employers
Purpose of the processing
Your personal data is part of our evaluation of whether you are offered a position at Nordstern.
Basis of treatment
We process your personal data on one or more of the following bases:
- Legitimate interests: We process your personal data, including your application and CV as well as any other attachments we receive from you, on the basis of our legitimate interest in assessing whether you are a suitable candidate for a vacant position with us (Article 6(1)(f) of the General Data Protection Regulation). In connection with our assessment of whether we can offer you an employment, we may also process additional information about you, including obtaining references from former and/or current employers that you have provided in your application or obtaining relevant information that is publicly available on the internet and social media.
Retention period
If we can offer you a position at Nordstern, your application as well as any additional relevant personal data collected in connection with the recruitment procedure will be stored in your personnel file with us.
If, on the other hand, we cannot offer you a position, we generally store your personal data for up to 6 months after our refusal, unless you have consented to longer storage.
6. If you use our whistleblower scheme
Purpose of our whistleblower scheme
Suspicion of misconduct and violations of applicable law or internal guidelines can be reported via our whistleblower scheme. When a report is made, we will process personal data of the data subjects who are part of the alert (i.e. the sender of the report, the person reported and other third parties involved) for the purpose of handling and investigating the report.
If you report a suspected breach, such report will remain confidential and, at your option, anonymous. However, in any case, you should provide an email address at which you can be contacted, as we may need to obtain additional information about the violation in order to handle the matter properly.
Types of personal data
We may process the following personal data about the reported person:
- Name, position, contact details and reported information
- Description of the suspected infringement
The following personal data may be processed about other persons mentioned in the report:
- Name, position, workplace, contact information and other reported information
The purposes of the processing
Your personal data will be processed for the following purposes:
- Administration of the whistleblower scheme
- Handling of reported incidents, including clarification of potentially criminal matters
Basis of treatment
We process the personal data on the basis below.
- Legitimate interests: We may process your personal data on the basis of our legitimate interest in investigating reported matters (Article 6(1)(f) of the General Data Protection Regulation).
- Legal obligation: As it is mandatory for Nordstern to have a whistleblower scheme, we process the personal data to fulfil our legal obligation to keep the scheme in operation and handle the reports that take place through the scheme (Article 6(1)(c) of the General Data Protection Regulation).
Retention period
We store the personal data for as long as necessary to handle the specific reports, i.e. as long as the investigation or case is ongoing, or as long as we assess that the report may be relevant for future or other reports and cases. Reports that fall outside the scope of the whistleblower scheme will be deleted immediately after review.
7. General information for everyone covered by this Privacy Policy
Disclosure to other data controllers and entrustment to data processors
In order to fulfil the above purposes, we may grant third parties, who provide relevant services on the basis of a contractual relationship with Nordstern, access to your personal data. This could be, for example, suppliers of IT solutions, marketing services, hosting providers and other suppliers of systems or services to Nordstern. Such service providers will only process personal data on behalf of Nordstern and in accordance with our instructions in entered into data processing agreements.
In connection with the provision of services or in case of violation of the law, Nordstern is in some cases obliged and in other cases entitled to disclose your information to the authorities (Article 6(1)(c) of the General Data Protection Regulation). We may also disclose your personal data for the establishment, exercise or defence of legal claims (Article 6(1)(f) and Article 9(2)(f) of the General Data Protection Regulation). In addition, we may also disclose your personal data to external auditors in order to comply with our audit obligation (Article 6(1)(c) of the General Data Protection Regulation).
In connection with Nordstern's development, the corporate structure may change. In the case of partial transfer of assets containing personal data, the basis for the connected transfer of personal data is generally Nordstern's legitimate interest in transferring parts of its assets and making commercial changes (Article 6(1)(f) of the General Data Protection Regulation).
If your personal data is transferred to data processors or data controllers established in countries outside the EU/EEA that do not have an adequate level of protection, such transfer will be based on the EU Commission's standard contractual clauses, unless the recipient is certified under the so-called EU-U.S. Data Privacy Framework
If you have any questions or want to know more about specific transfers, including the transfer basis, you are always welcome to contact us. You also have the right to receive a copy of the transfer basis.
Security
We protect the confidentiality, integrity and availability of your personal data and have implemented security measures to ensure that our internal procedures meet established security standards and applicable legal requirements.
We have internal rules on information security, which contain instructions and measures that protect your personal data from being destroyed, lost, altered, against unauthorized disclosure and against unauthorized access or knowledge of them.
Your rights
- You have the right to gain insight into the personal data we process about you, with certain exceptions provided for by law
- You have the right to object to our collection and further processing of your personal data
- You have the right to rectification and erasure of your personal data, with certain statutory exceptions
- You have the right to request from us the restriction of your personal data
- In certain circumstances, you may also request to receive a copy of your personal data, as well as the transmission of your personal data that you have provided to us to another data controller (data portability)
- You can withdraw your consent at any time.
Contact
If you have any questions about our processing of your personal data, including this privacypolicy, or if you wish to complain about the way we process your personal data, you are welcome to contact us at:
Nordstern ApS
CVR-nr.: 29205272
Port 58700 Horsens
Email: info@nordstern.dk
Phone: +45 7562 7900
The Danish Data Protection Authority
If your complaint is not resolved by us and you want to proceed with the case, you can complain to the Danish Data Protection Agency:
The Danish Data Protection Authority
Carl Jacobsens Vej 35
DK-2500 Valby
Phone: +45 3319 3200
Email: dt@datatilsynet.dk
Changes to the Privacy Policy
We reserve the right to make changes to this Privacy Policy from time to time. In case of changes, the date at the bottom of the privacy policy will be changed.
Last updated: June 2024