General data protection regulation
On the 25th of May 2018, the General Data Protection Regulation, also known as the GDPR, came into force. This EU regulation is designed to protect personal data in the EU.
More safety is required in the European Union when handling sensitive personal data. The General Data Protection Regulation extends to all EU member states and it will act as the primary legal source with regards to the processing of personal data.
Personal data policy
The data protection policy applies to Malik supply A/S and all additional companies in the group, henceforth referred to as Malik Group. The object of the policy is to ensure and record that Malik Group processes and protects collected personal data in accordance with the conditions stipulated in the General Data Protection Regulations.
Outline of the personal data processing
Malik Group processes personal data in relation to:
- Costumers: One-man businesses – contact persons at companies
- Suppliers: One-man businesses – contact persons at companies
- Employees: present staff as well as persons seeking employment within the company
- Additional contact persons and collaborators with regards to the management of the company.
We have prepared an outline of the processing of personal data. The outline provides a layout of the processing procedures for which the company can be held responsible.
The personal data are prerequisites for Malik Group to undertake contracts with employees, customers, suppliers as well as communicating with the relevant contact persons and collaborators.
The purpose and legality of the processing
The personal data are processed and stored in connection with:
- Personnel administration, which includes recruiting, hiring, resignation and payment of wages.
- Master data and contact persons relating to costumers as well as marketing, commissions, sales and payment.
- Master data and contact persons relating to suppliers as well as commissions, purchases and payment.
- Personal data in addition provided by you via e-mail, skype, letter and telephone.
The personal data are used solely for the above-mentioned purposes, and we only collect the data necessary to this purpose.
Employees, please refer to the document distributed in relation to our duty of disclosure with regards to the processing of personal data during employment.
Storage and erasure
Malik Group has imposed the following general guidelines on storage and erasure of personal data:
- The personal data are stored in actual binders, in IT systems and on external servers in Denmark. All actual binders and domestic servers are stored in a secure, locked room.
- The personal data are stored the amount of time solely deemed necessary for the purpose of processing, and for a maximum of 5 years plus current bookkeeping year cf. the bookkeeping law relating to the storage of accounting records.
- Personal data relating to employees are erased five years after employment is ended.
- Personal data relating to both unsolicited and recruited applicants are erased after a period of six months.
Transmission of personal data
Standard personal data relating to customers and suppliers may be transmitted to transport firms, shipping agents, credit insurance companies, banks and accountants.
The transmission of personal data relating to employees appears in the document handed out for employees in relation to our duty of disclosure with regards to the processing of personal data during employment.
Personal data are not disclosed to third parties unless we have come to an agreement with you in relation to the collection or unless we have obtained your permission. In this regard you will always be informed about the use of your personal data.
Links to other websites etc.
Our website may include links to other websites or to integrated sites. We are not responsible for the contents of other companies’ websites nor for their method in relation to the collecting of personal data. When you visit other websites, we encourage you to read the owners’ policy with regards to the protection of personal data as well as other relevant policies.
Malik Group exclusively uses data processers who can guarantee an implementation of the technical and organizational security measures deemed appropriate for complying with the personal data regulation in force at the time of question.
With regards to data security, Malik Group has adopted internal regulations with instructions and measures protecting personal data from being destroyed, lost or altered, from unauthorized publication as well as from intruders gaining access to or knowledge of the data.
Our IT suppliers see to the continuous updating of our IT equipment as well as to the installing of suitable security measures, including firewall and virus protection.
Malik Group has an IT contingency plan and oversees periodic drills in handling of system breakdowns or breaches of data security.
Breach of personal data security
In the event of a breach of personal data security, Malik Group will report the breach to the Danish Data Protection Agency without undue delay and no later than 72 hours after having become aware of it. In the event of a security breach presenting a high risk for the individuals whose personal data is being processed by Malik Group, we will notify the individuals in question as soon as possible.
Malik Group protects the rights of the individuals registered, including the rights to access, to withdraw consent, to rectify and to erase, and we brief the registered individuals about the processing of personal data within the company.
Should you as a registered individual wish to file a complaint about our way of processing your personal data, please send it to the Danish Data Protection Agency. Please direct your attention to the Danish Data Protection Agency for further instructions on the rights of the individuals registered, which you will find on: www.datatilsynet.dk
Alteration of personal data etc.
If you wish for us to update, alter or erase the personal data, that we have collected about you, if you wish to access the personal data processed about you, or if you have questions with regards to the above mentioned guidelines, you can reach us at: firstname.lastname@example.org. We will then examine the matter at hand and respond as soon as reasonably feasible and no later than a month after receiving the inquiry.