How long do we keep your personal data
We will only keep your personal information for as long as it is necessary for the purposes described in this Privacy Notice. This means that the retention periods will vary according to the type of the information and the reason that we have the information. Examples of retention time:
- Call recordings will be stored for a period of 90 days.
- Until you opt out of a marketing campaign, which you can do at any point in time.
- We will store the photo and testimonials for as long is necessary and as described in a contract.
- Personal data are kept until the end of a recruitment process or withdrawal of the consent (if given for future recruitments).
- For compliance with, e.g., anti-corruption regulations, we will keep the data accordingly to laws which we are obliged to comply with.
Who do we share your personal data with
Our company is a part of the VELUX Group, which operates globally. We share your personal information within the VELUX Group, but only if it is necessary to fulfil the purpose for which we are processing your personal data. All entities in the VELUX Group have entered into an Intercompany Data Processing Agreement and/or joined agreement where everyone follows the same procedures when processing personal data, ensuring that the same level of security is maintained throughout the Group; dividing the roles and responsibilities between the VELUX companies. If two or more companies act as joint controllers, each of the joint controllers is obliged to independently:
- Be the first contact for you.
- Fulfil the information obligations referred to in Articles 13 and 14 of the GDPR.
- Exercise your rights provided in Articles 15-22 of the GDPR.
- Deal with privacy breach Notices and privacy complaints.
We may also share your personal data with selected third parties, including but not limited to:
- Business partners, suppliers, and sub-contractors that we cooperate with to deliver you the best services during the support and sales process, including, for example, logistic providers and outsourced customer services.
- Technology providers, for example, analytics, tracking technologies, targeting and re-targeting technologies, and search engine providers that assist us in the improvement and optimisation of our platforms, as well as companies who provide us with website support and hosting.
- Advertisers and advertising networks that use data to select and serve relevant adverts to you and others if you have given your consent. · Social networking sites such as Facebook, Instagram, and Google, if required, when processing for marketing purposes and based on your consent.
- With other parties to ensure the safety and security of our customers, to protect our rights and property, to comply with legal processes, or in other cases if we believe in good faith that disclosure is required by law.
- VELUX Group companies or third parties who operate digital platforms and tools on behalf of our company to provide services connected with our activities (e.g., points collection programs, cashback campaigns, sweepstakes, and training). When we cooperate with external service providers, we enter into a data processing agreement, if relevant. These service providers are prohibited from using your personal data for purposes other than those requested by us or required by law.
Transfer to third countries
In some cases, we may also transfer personal data to companies in so-called ‘third countries’, which are countries outside of the European Economic Area. If we do so, we make sure we safeguard data, and only transfer if one of the following conditions apply:
- there is an adequate level of protection in the country in question, as determined by the European Commission,
- the company is certified under the EU - U.S. Data Privacy Framework, or
- we use standard contractual clauses (EU model-clauses) approved by the European Commission and additional supplementary measures to regulate the data transfer.
The security, integrity, and confidentiality of your personal data is important to us. We have implemented technical, administrative, and physical security measures that are designed to protect your personal data from unauthorised access, disclosure, use, and modification. From time to time, we review our security procedures to consider appropriate recent technologies and methods. Please be aware that despite our best efforts, no security measures are perfect or impenetrable.