“Personal data” means any data relating to an identified or identifiable natural person, including, without limitation, name, address, date of birth, telephone number, e-mail address and user IDs of the Customers.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Controller” means a legal person, etc. which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a legal person, etc. which processes personal data on behalf of the Controller.
(2) Types of personal data to be collected
The Company will collect the following types of personal data concerning the Customers in connection with the Service:
a) company name and address
b) phone number and email address
c) bank account number
d) relationships with the network of the Company
e) interests in the products of the Company
f) products related information
g) cookies, when interacting on our website
(3) Purposes of use of personal data
The Company will process the Customers’ personal data for the following purposes:
a) to calculate/recommend the right type of product
b) to promote the Company’s products and services
c) to respond to inquiries, requests and questions from customers
d) to retain warranty claim information
e) to make payments in relation to purchase and warranty
f) to provide after warranty service and
g) to manage and monitor the contacts among the Company, Customers and sales, service network to improve the customer experience
If the Company is to process the Customers’ personal data for purposes other than the above, the Company will notify the Customers in advance.
The Company may require the Customers to provide their personal data in connection with the provision of the Services. In such case, if certain Customers do not provide their personal data, the Company may be unable to provide the Services.
(4) Retention period
The Company will retain the Customers’ personal data to the extent the Company requires such data for achieving the purposes of use specified in 1.(3) above and will promptly delete the same when such data is no longer necessary.
(6) Third party transfer
(a) certain countries outside the EEA may not be furnished with the same level of data protection laws as the EEA, thus part of the rights granted to the Customers within the EEA may not be available;
(b) the Customers’ personal data may be provided and processed for the purposes specified in 1.(3) above; and
(c) the Customers’ personal data may be provided to third parties located in a country outside the EEA
(7) Disclosure, correction, and other procedures concerning the personal data
The Customers are entitled with the rights to access to request for correction, request for deletion, request to limit the processing, object to the processing and request for data portability with regards to the personal data retained by the Company pursuant to the provisions of relevant laws and regulations. Such requests shall be attended to the contact point set forth in “5. Contact” as per below.
The Company may refuse the Customers’ request if the Company deems that there is no basis for such request or if the request is deemed excessive.
The Customers may file objections to the data protection authorities having jurisdiction over the location of the Customers’ domicile with regards to the processing of their personal data by the Company.
In order to protect the personal data from unauthorized access and loss etc., taking into account the type of personal data, the degree of sensitivity and the degree of affect to the Customers including economic influence and mental harm in case the personal data is unlawfully infringed, the Company has comprehensively evaluated and judged the risks of personal data infringement. The Company has implemented necessary and appropriate personal, organizational and technical safety management measures in accordance with such the risk of personal data infringement and further will review such safety management measures as necessary, set up the process for taking corrective actions, and constantly make effort to improve its security.
The Company will make an effort to appropriately manage personal data by restricting the entry of outsiders into the offices where the processing of personal data takes place, conducting educational awareness raising activities targeting all officers and employees involved in the protection of personal data and appointing managers in charge for each division which processes personal data.
If the Company, in its role as a Controller, contracts a Processor, the Company shall select a Processor which is capable of implementing appropriate technical and organizational measures and shall manage such Processor in an appropriate manner.
Pursuant to the GDPR, the Company shall prepare records of the processing of personal data.
The Company shall continuously review and revise its efforts regarding the processing of personal data in order to correspond with changes in the GDPR, processing methods and the environment.
Blue Wave A/S
H.C. Ørstedsvej 2
Phone: +45 73221414
Contact person: Michael Hasbo