Carlottas Village delivers eyewear, services and counselling. To do this we collect a series of data regarding you and/or your business. Below we provide detailed information on what we collect, why we do that and what we do to protect your data. From where we collect personal data and the rights you have in this relation.
Personal data can be many things. It can be a name, and address and a telephone number. It can also be a photo or an IP-address. Personal data is all kinds of information that can be used to identify a person. That is why it is not always just one single piece of information that defines whether it is personal data. If more pieces of data can be put together and then identify a person they will be personal data anyhow.
We use the below ways to collect data:
When you buy our products online When you have appointments with our agents
Below you can see why and on which grounds we do that.
We collect and use your personal data for specific purposes – it can be divided into the below categories:
1) In the first category we have the data we need to be able to deliver our products or services to you. It could be your name, VAT-number, address, telephone number, email, etc. So, basically essential identification and contact information. These are our ”legal grounds”. If we cannot keep this information we are not able to deliver anything to you. It might also be due to legislation that we register and store certain personal data. For instance for the tax and financial reporting legislation. If we wish to use your personal data in any other way than the initial purpose suggested we will tell you about it. We will do that before we start as well as why we need to do it.
2) In the secound category we have certain data, that we would like to keep to improve our products and services and adjust our communication to your needs in the best possible way. This also covers collection of personal data from our website including IP-adresses and cookies on your computer. It can be necessary to make our website work correctly.
None of the data in the second category is strictly necessary to deliver our products and services to you. That is why we need your explicite consent to collect and use them. Our legal grounds in this matter is your consent.
Your consent is voluntary and you can withdraw it any time by contacting us using the contact information on the bottom of this page.
Please know that according to the Danish legislation we have the right to contact you with quotations on our own products like the ones you have bought earlier because of you being a customer. This is the case if we have received your email address earlier and even without an explicit consent from you. You will always have the opportunity to opt-out of this type of information at the same time.
3) In the third category we have certain data that we keep to maintain future interests in case there will come a need for them. The reason for keeping them will be ”legitimate interest” as mentioned in the GDPR. This means that we keep your data for a period of time based on a specific evaluation. See more below regarding deletion and removal of data.
We make an estimate to see when we will no longer need your data and when this is the case, we delete them.
Among other things it is based on:
We have to keep some data at least five years due to ”Bogføringsloven” (financial reporting). This could be invoices to pay tax and VAT and to be able to document this to the authorities.
We regularly check that the data we keep is not wrong or misleading by comparing our records to public databases. Please feel free to supply any changes yourself using the contact information below.
We sometimes have to pass on your data.
We do NOT sell, publish or pass on your data to other parties unless:
We will obtain your consent before we pass on your personal data to data partners in a third country, unless they are our data processors. A third country could be certain African states. The USA is not a third country due to the so-called Privacy-shield agreement between the USA and the EU, when the company in the US has joined the Privacy-Shield agreement (eg. MailChimp). If we decide to pass on your data to a third country we would have ensured that their level of protection of personal data complies with the policy and demand we have in this document as well as the demands from the applicable legislation.
Below you will see that you have numerous rights in relation to our processing of your personal data, e.g. the right to:
If you would like to know more or use your rights, we ask you kindly to get in touch using the contact information at the bottom of this page.
The right to have erroneous data corrected
We regularly check that the personal data we process are not wrong or misleading. Among other things we do it by checking public records. You are entitled to have any wrong registrations about yourself corrected.
Get insight in your personal data and require a copy
You are entitled to obtain insight in the personal data we have registered about you at any time and require a copy of them. You may also be informed of the purpose of the processing, how long we keep them and whether we make any automatic transfers, to whom we eventually transfer and from where we have your personal data. On the other hand this is not valid if you already know of the data. For the sake of good order we inform that the right to insight can be limited due to protection of other people’s personal data and our business interests.
You can – at any time – demand to have our personal data records deleted. If we no longer have a purpose to keep them we will delete them shortly after your request
You can – at any time – ask us to limit the processing of your personal data
Make an objection to be registered
You can – at any time – protest against us keeping your personal data. This includes the right to object to us using your data for marketing purposes. We will evaluate your objection as soon as you present it to us.
Withdraw your consent
You can – at any time – withdraw the consent(s) you have given to us.
Be informed of transfer of your data to organisations outside the EU
You have the right to be informed whether we transfer your personal data to a country outside the EU. We can inform that we transfer personal data to it-suppliers that work as our data processors in the US and other countries if relevant. All our data processors in the US have joined the Privacy-Shield agreement and have obliged themselves to comply with the current Personal Data Act.
Our business has an adult target group. We do not deliberately collect data from and about children. On the other hand we do realize that the use of electronic devices means that we can never be 100% sure that we do not receive data from and about children. If you are a parent or a guardian and think that your child has provided personal data to us for any reason we ask you to get in touch as fast as possible using the contact information at the bottom of this document.
We are obliged to protect your personal data. Because of the legislation but also because our own ethical rules require that we take good care of your personal data. We use relevant and reasonable technical and organizational safety precautions to ensure that we do not provide unauthorized access to the personal data we keep. The purpose of this is to ensure that the personal data will not be used, destroyed, changed or made public or in any way misused.
This means – among other things – that personal data is only accessible to those who need it. These people have signed a confidentiality agreement.
For our IT-systems we have implemented the below:
The largest threat to misuse of personal data is the act of people themselves. It is up to you to take good care of your personal data (e.g. never give out passwords), as it is up to us to take human actions into account. Even though we have taken all the above steps to limit risk in processing personal data we do not have a 100% guarantee that unintended events will not occur.
We therefore disclaim any loss resulting from unintended events relating to our use and processing of your personal data to the extent that we can do so under applicable law. We cannot be held liable for any loss arising from the use of our company, our products and services, our website, systems, apps and other software to the extent that we can do so under applicable law. We recommend that you also take steps to secure your personal data yourself. You can do this by closing your browser after use, by logging out of all accounts after use, by installing antivirus, antimalware and other software that can improve the security of your computer.
As mentioned, we have taken a large number of steps to obtain secure processing of your personal data. Should our IT systems and other security measures be compromised, we will notify you without undue delays if compromise entails a high risk of your rights and freedoms.
Our company Carlottas Village ApS is data controller and ensures that your data is processed compliant with applicable legislation:
Carlottas Village ApS
Østrupvej 23
DK‐8543 Hornslet
cvr 3294 8790
tel 2115 6303
www.carlottasvillage.com
service(at)carlottasvillage.com
We update our personal data policy when we consider it necessary. This may be, for example, when we provide new services and products. When we make changes to the personal data policy, we will mention it below.