Personal data protection policy for customers of Newsec Advisory

Dansk

Background and purposes

Newsec Advisory A/S prioritises data protection highly. Customers, suppliers, business associates etc. must feel confident that their personal data are protected according to data protection legislation.

We work with personal data on a daily basis. Our confidentiality policy generally concerns personal data within Newsec Advisory A/S, and has been compiled to define the types of data we process, why and how.

Personal data is processed in our Administration, including in our CRM and accounts systems. They can also be used in our applications, platforms on the social media and our website. ("Digital channels"). The confidentiality policy applies to customers, suppliers and our business associates.

Customers, suppliers, other business associations ect.

Newsec gathers and processes personal data on you during the course of its provision of services to customers, suppliers, business associates etc.

Duty to advise

When Newsec gathers and processes personal data on customers, suppliers, business associates etc., we are obliged to advise on:

(a) The purpose of and basis for processing

Newsec gathers and processes personal data on customers, suppliers, business associates etc. for the following purposes

• Gathering, storing and reporting mandatory information
• Gathering and processing information to be able to document and invoice for work performed in accordance with contracts
• Ordering and payment of services from suppliers etc., and documentation for the same

(b) Which categories of personal data are involved, including

• Contact and identification details on customers, suppliers, business associates etc., including name, title, company address, telephone number
• Other details concerning customers, suppliers, business associates etc., with regard to documentation for work performed, including (e.g. case-specific details

(c) The basis on which personal data are processed, and the legitimate interests pursued by Newsec when appropriate

• Newsec processes the details of contact persons as part of a contractual obligation to its customers and Newsec’s other legitimate interests
• The basis on which we process personal data on customers, suppliers, business associates etc. is confirmation obtained when setting up new customers, and details on suppliers to be able to pay for their services.
• Confirmation obtained from customers will usually be a contract concerning commission or other undertaking, or written confirmation concerning sending out marketing material, including market reports, invitations etc.

(d) Recipients or categories of recipients of personal data

• Newsec is an associated member of the Stronghold group, which is the biggest consultancy group in the Nordics within commercial property. Group companies work together, including on customer cases and marketing, for instance. They therefore share data with each other, and process personal data on behalf of each other.

• Certain personal data on customers, suppliers, business associates etc. can be disclosed for the purpose of legal audits as part of random inspections, or by some other supervisory organisation such as RICS or Dansk Ejendomsmæglerforening.
• To be able to provide their services, different suppliers of e.g. IT solutions (networks, storage services, email etc. (data processors)) are used. Data processors can only process personal data in accordance with the express instructions of Newsec, and cannot do so for their own purposes. All such suppliers are bound by the law, and a contract on the protection of personal data.
• If your personal data are transferred to a Data Controller or Data Processor located in a country outside the EU/EEA, and which does not have a sufficient level of protection, transfer will be protected by the EU Commission’s standard provisions.
• In some instances, Newsec can also share information with other recipients, primarily authorities, due to a statutory requirement or in connection with legal proceedings. Personal data can also be shared with potential buyers and vendors for all or part of the business.

(f) How long data are stored – or if not possible, the criteria applied to determine a storage period

• Some personal data on customers, suppliers, business associates etc. will be stored to comply with regulatory requirements on documentation. The duration and start date of storage will be specifically determined.
• Details on contact persons will be stored for 5 years from registration if necessary as e.g. documentation for orders etc. Details on customers and cases will be stored for an indefinite period, as customers may return several years after the end of a given case.

(g) The right to request Newsec for insight into and correction or erasure of personal data, or limitation of processing concerning your data, or to object to processing and the right of data portability

• Newsec wants to remind you of the rights bestowed by GDPR on persons who receive their own personal data.
• As a registered subject, you have the right to request confirmation of whether we process personal data on you or not. If we do, you have the right to see what data we process on you through a registration example.
• If your personal data are incorrect or incomplete, you have the right to demand that they are corrected.
• If we process your personal data in pursuance of the law, you have the right to withdraw your consent at any time with future effect.
• Registered data subjects have the right to object to personal data processing for direct marketing. The best way to do so is to unsubscribe from the mailing list by clicking on the ‘Unsubscribe’ link in the mail, or by contacting us.
• The data subject also has the right to contract the supervisory authority directly to complain. The supervisory authority (the Danish Data Protection Agency) will then investigate the complaint.
• As a registered data subject, you have the right to object to any processing that supports a legitimate interest if there is a reason for doing so. If you object to processing, and there is a convincing legitimate reason that carries more weight, we will be able to continue.
• Registered data subjects have the right to request, and in certain circumstances can demand, that their personal data is erased. Such a request cannot be fulfilled if we are obliged to retain such data by law.
• Registered data subjects have the right to request that processing of their personal data is constrained.
• They also have the right to receive copies of their personal data in a structured, common and machine-readable format (data portability). This right only applies to personal data the data subject has given us, and when the legal basis is either consent or agreement.