Privacy policy

Data controller
We are the data controller for the processing of the personal data that we process about our customers and business partners. You will find our contact information below.

Retroshirts.dk ApS
KA Hasselbalchs Vej 98
3070 Carpenter's stone
CVR no.: 43382683

It is not a requirement that our company has an external DPO, but if you have questions about the processing of your personal data, you can contact us via info@retroshirts.dk.

Treatment activities
As data controller cf. GDPR, we have the following processing activities.

Visit website
When you visit our website, we use cookies in order for the website to function, which you can read more about in our cookie policy.

Communication with potential customers
When you have questions about our site, or want to hear more about our services, you can contact us via:

- Contact form
- Email
- Telephone

Through this, we will process your personal data so that we can enter into a dialogue with you, e.g. answer questions about our services. We only process the information that you give us in connection with our communication.

We will typically process the following general information: name, email, telephone number.

Our authority to process this personal data is the data protection regulation's article 6, paragraph 1 liter f.

We delete our communication with you when it is clear whether you want our services or not.

Should in a special case arise a need to store your personal data for a longer period of time, this could be the case.

Customers
We need to communicate with our customers to ensure that the service is delivered correctly. Through this, we can process information about name, address, services, special agreements, payment information and the like.

The authority to process this personal data is the data protection regulation's article 6, subsection 1 liter b.

When the service has been delivered and any outstanding issues have been completed, we will immediately delete the personal data.

Newsletter
We have a newsletter that you can sign up for voluntarily - and you can always unsubscribe from this again.

The purpose of the newsletter is to send registered e-mails with new information from the company, which may deal with new content on the website, advertising of our services.

We will only send you emails if you have given your active consent to this. It initially requires that you enter your email address, to which we will subsequently send an email, so that you can confirm the registration. In this way, we ensure that you have actually signed up for the newsletter yourself, i.e. given active consent.

Our authority to process your personal data (i.e. the email address) in connection with the newsletter will be the data protection regulation, article 6, paragraph 1 letter a.

We will process your personal data as long as you are still registered for the newsletter. By unsubscribing from the newsletter, we will also stop sending this to you. If we have not sent you a newsletter for 1 year, your consent will expire as a result of our inaction.

If you unsubscribe from the newsletter, we will store your now previous consent for 2 years after it was last used due to statute of limitations, cf. Consumer Ombudsman's Spam Guide section 11.3.

Accounting
We must save all accounting documents cf. the Accounting Act. This means that we store invoices and similar attachments for accounting purposes. This may include general personal data such as name, address, service description.

Our authority to process personal data for bookkeeping is Article 6, subsection 1 letter of the data protection regulation.

We store this information for a minimum of 5 years after the current financial year has ended.

Job applications
We gladly accept job applications in order to assess whether they match an employment need in our company.

If you send us your job application, our authority to process your personal data is the data protection regulation, article 6, paragraph 1 liter f.

If you have sent an unsolicited application, HR will immediately assess whether your application is relevant, and then delete your information again if there is no match.

If you have sent an application for an advertised job, we will dispose of your application in the event that you are not hired, and immediately after the right candidate has been found for the job.

If you are part of a recruitment process and/or hired for the job, we will give you separate information about how we process your personal data in this connection.

Data processors
Few can handle everything by themselves, and the same applies to us. We therefore have business partners and use suppliers, some of whom may be data processors.

External suppliers can, for example, provide systems to organize our work, services, consultancy, IT hosting or marketing.

Shopify – hosting and operation of the webshop
Shipmondo – shipping, delivery and returns
Reepay/Billwerk - payment gateway for handling payments

It is our responsibility to ensure that your personal data is processed properly. That is why we make high demands on our business partners, and our partners must guarantee that your personal data is protected.

We therefore enter into agreements on this with companies (data processors) that handle personal data on our behalf in order to increase the security of your personal data.

Dissemination of personal data
We do not pass on your personal data to third parties.

Profiling and automated decisions
We do not make profiling or automated decisions.

Third country transfers
We generally use data processors in the EU/EEA, or who store data in the EU/EEA.

In some cases this is not possible, and here data processors outside the EU/EEA can be used, if these can provide your personal data with adequate protection.

Treatment safety
We keep the processing of personal data secure by having appropriate technical and organizational measures in place.

We have carried out risk assessments of our processing of personal data, and have subsequently introduced appropriate technical and organizational measures to increase processing security.

One of our most important measures is to keep our employees up-to-date on GDPR via ongoing awareness training, GDPR course, as well as by reviewing our GDPR procedures with employees.

The rights of the data subjects
According to the data protection regulation, you have a number of rights in relation to our processing of information about you.

If you want to make use of your rights, please contact us so that we can help you with this.

Right to see information (right of access)
You have the right to gain insight into the information that we process about you, as well as a range of additional information.

Right to rectification (rectification)
You have the right to have incorrect information about yourself corrected.

Right to erasure
In special cases, you have the right to have information about you deleted before the time of our normal general deletion occurs.

Right to restriction of processing
In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we may in future only process the information - apart from storage - with your consent, or for the purpose of establishing, asserting or defending legal claims, or to protect a person or important public interests.

Right to object
In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You can also object to the processing of your information for direct marketing.

Right to transmit information (data portability)
In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have this personal data transferred from one data controller to another without hindrance.

You can read more about your rights in the Data Protection Authority's guidance on the rights of data subjects, which you can find at www.datatilsynet.dk.

Withdrawal of consent
When our processing of your personal data is based on your consent, you have the right to withdraw your consent.

Complaint to the Danish Data Protection Authority
You have the right to lodge a complaint with the Danish Data Protection Authority if you are dissatisfied with the way we process your personal data. You will find the Data Protection Authority's contact information at www.datatilsynet.dk.

We would generally encourage you to read more about GDPR so that you are up to date on the rules.