1.1 This privacy notice explains how MarketLyze ApS (“we”, “us”, “our”) processes personal data in various situations. We provide you with this information as we are required to do so under the General Data Protection Regulation (the “GDPR”).
1.2 Below, please find descriptions of the various situations where we process personal data:
2.1 MarketLyze ApS acts as a data controller for the processing of personal data in connection with the below mentioned purposes.
3 Description of the processing
3.1 Below, please find the specific purposes for our data processing, the categories of personal data that we process, the legal basis for such processing, and the retention periods that we have decided (in specific situations, we may defer from our general retention periods in case of e.g., complaints, objections, or other specific situations).
3.2 Specific purposes
|Creation and management of user accounts on the website||For the purpose of creating and managing user accounts on the website, the following categories of personal data are processed: name, email, phone number, date of birth, and encrypted password.||GDPR art. 6, paragraph 1, point f, as we pursue our legitimate interest in managing our user account system.||User account information will be stored for up to 2 years after the termination of a subscription.|
|Payment and Subscription administration||For the purpose of payment and Subscription administration, the following categories of person data are processed: name, email, phone number, payment card details, billing information and purchase history.||GDPR art. 6, paragraph 1, point b, as it is necessary in order to be able to fulfill the agreement entered into for the purchase and delivery of the Services.||Information about customers that is included in our accounting records is generally stored for 5 years from the end of the accounting year to which the information relates.|
|Newsletters||For the purpose of sending newsletters to persons that have signed up for it, we process the following categories of personal data: Name and email.||GDPR art. 6, paragraph 1, point a, as we obtain your consent to receive newsletters in accordance with the Danish Marketing Practices Act.||Personal data is processed for as long as the consent is in use. Information about name and email is stored for up to 2 years after the latest newsletter delivery for the purpose of documenting compliance with the Danish Marketing Practices Act.|
|Support and other requests||For the purpose of responding to persons that send support questions or other requests, we process the following categories of personal data: Contact information, including name, email and phone number. Possibly supplier relation, and relevant information relating to the request.||GDPR art. 6, paragraph 1, point f, as we purpose our legitimate interest in handling requests, etc.||Support and other requests will be stored for up to 5 years after the request has been handled.|
|Optimizing the platform, including optimization of design, usability, the efficiency of our platform, as well as advertising and marketing (cookies)||For the purpose of optimizing our services, we process the following categories of personal data, from persons that have accepted statistic and/or marketing cookies:|
Information about the use of our platform, including page activity, time, clicks, pages/content visited, browser type, search terms, IP address, device type information (computer, smartphone, etc.) and the features used.
4 Categories of recipients
4.1 We disclose your personal data to our relevant affiliates and business partners, including external advisors.
4.2 We also make your personal data available to our data processors who e.g. host, develop and support our services.
5 Transfer to third countries
5.1 We transfer your personal data to our data processors located in “third countries” outside the European Union.
5.2 Where the data transfers cannot be done on the legal basis of an adequacy decision by the European Commission, the legal basis for our transfer is the Commission Decision of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
5.3 For data processors in the United States that participate in the EU-US Data Privacy Framework, the transfers will be on the legal basis of the European Commissions adequacy decision.
5.4 We currently use the following data processors which process personal data outside the EU: Supabase
5.5 If you want additional information about our transfer of personal data to third countries, including a copy of the above-mentioned standard contractual clauses, you may make a request for such additional information by contacting us. Find our contact details in section 8.
6 Your rights
6.1 As a starting point and depending on the specific situation, you have the following rights:
Right to withdraw consent: Where you have given your consent for our processing of your personal data, you have the right to withdraw your consent at any time. You can withdraw your consent by contacting us (see contact details in section 8 below). If you withdraw your consent, the withdrawal will not affect the lawfulness of processing that has already been carried out based on your consent.
Right of access: You have the right to have confirmed whether collection or processing of your personal data has taken place, and, if so, you have the right to request a copy of your personal data in a digital format.
Right of rectification: You have the right to require that we correct any inaccurate personal data, and that we complete incomplete personal data.
Right of erasure: In certain circumstances, you have the right to request that we erase personal data concerning you; for example, if it is no longer necessary for the purposes in which it was originally collected.
Right to restrict processing: In certain circumstances, you have the right to request that we restrict the processing of your personal data, for example, if you believe that the personal data is not accurate or lawfully processed.
Right to object to the processing: In certain circumstances, you have the right to request that we stop processing your personal data.
Right to data portability: In certain circumstances, you have the right to receive the personal data you have provided us with in a structured, commonly used, machine readable format, and the right to have us transmit the data to another entity, where technically feasible.
6.2 You can read more about your rights in the Danish Data Protection Agency’s guidelines on data subjects’ rights, which is available at https://www.datatilsynet.dk/borger/hvad-er-dine-rettigheder (in Danish) and at https://www.datatilsynet.dk/english/fundamental-concepts-/-what-are-your-obligations/rights-of-the-data-subjects (in English).
7 Complaint to a supervisory authority
7.1 If you want to lodge a complaint with a supervisory authority regarding our processing of your personal data, you can do so by contacting the Danish Data Protection Agency via their website, www.datatilsynet.dk.
8 Contact information
8.1 If you have any questions about how we process person data, please contact us here:
- MarketLyze ApS
- CVR-no 44203391
- Digevej 42
- 2300 Copenhagen S
- [email protected]