(Last updated on 01.02.2021)
Here you will find an overview of why and how Frame ApS (hereinafter “Frame”) collects and processes your personal data (“Data”) and your rights in connection with the processing.
We are the data controller. Frame ApS, CVR no. 42 04 95 81, is the data controller, and we have the following contact information:
FRAME ApS
Bragesgade 8B, 2200 Copenhagen N
CVR no.: 42 04 95 81
Phone: +45 50 77 88 88 77
Mail: info@openframe.org
For e-mail inquiries about your Data, please indicate the following in the subject field: “Personal data – Frame”.
Consent. By consenting to this Privacy Policy, you agree that we may collect and use your Data accordingly.
Purpose of collecting personal data when you visit www.openframe.org
We automatically collect information about you and your use of www.openframe.org when you visit the site. This is, for example, information about your IP address, the type of browser you use, the pages you visit, the links you activate, and generally how you move around the website and how you use it.
The purpose is to optimize the user experience and the website’s functions as well as to be able to register how long visitors spend on the website and to be able to show you relevant information.
Purpose of collecting personal data when you visit and sign up for newsletters or other marketing emails through one of Frame’s platforms
We collect information about your email address, as well as any other information you choose to give us, except for any sensitive information.
The purpose of the processing is to communicate with you in order to provide you with the service you request.
You can always unsubscribe from marketing from Frame by following the “unsubscribe” link at the bottom of our emails or by writing to us at info@openframe.org.
Purpose of collecting personal data when you, as a private individual or contact person for a company/organization/association, have questions or communicate with Frame in general
We collect information about your name, your email, the company/institution/association you represent and any other information you choose to provide us with, except for any sensitive information and your question/content of the request.
The purpose of the processing is to answer questions or otherwise communicate with you in order to provide you with the service you request.
The legal basis for the processing of your Data. The legal basis for our processing of your Data is Article 6(1)(a-c) and (f) of the General Data Protection Regulation, which means that we base our processing of your Data on
- Your explicit consent to this in connection with your registration as a user or customer in our system, including your consent to this privacy policy.
- that processing is necessary for the performance of the contract entered into in relation to your use and interaction with our services.
- That processing is necessary to comply with certain legal obligations incumbent on us, including the Danish Bookkeeping Act, the Danish Money Laundering Act, etc.
- Processing is necessary for the pursuit of a legitimate interest and is not overridden by your interests or fundamental rights and freedoms which require the protection of your Data.
Frame’s privacy policy means, among other things, that we
– Only collects the information we need to provide the service the user has subscribed to, and only for specific and stated purposes.
– Do not share sensitive personal data with third parties without the explicit consent of the user.
– Anonymizes personal data used for statistical purposes.
Have implemented the IT security measures that we consider customary and necessary to protect the data against unauthorized intrusion and data leakage.
-Maintain strict controls to ensure that only staff with specific needs and training in handling personal data have access to it
Information that we collect. We typically collect and process the following types of data
- Contact details, such as name, address, telephone number, email, etc.
- Payment details.
- Your interaction with our services, such as which topics you click on, your log-on time, etc.
We do not collect sensitive personal data, including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, unless you choose to provide us with such data; in which case we will not make use of such data.
Recipients of your Data. We do not sell your personal information to third parties. We may share your Data with suppliers and partners who assist us, for example, with the execution of your order, or who assist us with our IT operations, hosting, email communication, etc. This means that we may share your data with, for example, our service providers, our technical support and our bank. We also share your data to the extent that we are obliged to do so, e.g. as a result of reporting requirements to public authorities such as the Danish Tax Agency. In all cases, we ensure that appropriate security measures are in place.
Recipients in other countries. We only transfer Data to recipients in other EU/EEA countries and recipients (e.g. Google) based in countries where the EU Commission has determined that adequate data protection is ensured or where the necessary guarantees are present in the form of Privacy Shield (see LINK).
Where your data originates from. The Data we collect about you originates from your interaction with our services or your communication with us (for example, when registering as a customer or user).
Retention of your Data. If you unsubscribe as a customer or user, we will delete or anonymize your Data within six (6) months from the later of (a) the date of deregistration; or (b) the date of your payment of any outstanding amount due to us, unless we are obliged or entitled to retain your Data for longer for other reasons. If we consider that the retention of your Data is necessary in relation to a liability period (typically 5 years according to the standard terms in AB18, ABT18, etc. Furthermore, we will delete or anonymize your Data as soon as the storage is no longer necessary for the purpose for which the Data was collected; this may be prior to the times indicated in the foregoing. Personal data (name and or email) entered in a project will not be deleted even if the personal profile is closed/deleted.
Your rights.
Insights. You have the right to access your Data that we process about you. By writing to us, you can request access to the Data that we have registered about you, including the purposes for which the data has been collected. We will respond to your access request as soon as possible.
Rectification and erasure. You have the right to request the rectification, supplementary processing, erasure or blocking of the Data we process about you. We will comply with your request as soon as possible, to the extent necessary and possible. If we are unable to meet your request, we will contact you.
Restriction of treatment. You have the right – in exceptional circumstances – to restrict the processing of your personal data. Please contact us if you wish to restrict the processing of your Data.
data portability. You have the right to receive your Data (only information relating to yourself that you have provided to us) in a structured, commonly used and machine-readable format (data portability). Please contact us if you want to benefit from data portability.
Right to object. You have the right to ask us not to process your personal data in cases where the processing is based on Article 6(1) (e) (public interest mission or exercise of official authority) or Article 6(1) (f) (legitimate interest). This privacy policy sets out the extent to which we process your data for such purposes. You can exercise your right to object at any time by contacting us.
Withdrawal of consent. If the processing of your Data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal does not affect the lawfulness of the processing carried out before you withdrew your consent. Please contact us if you wish to withdraw your consent.
If you wish to withdraw your consent to receive promotional information and offers in general, including by post, email, SMS, telephone or other electronic means, you can do so at any time by writing to us. If we have doubts about your identity, we may ask you to identify yourself. Apart from the normal communication costs you may incur from your telecoms company or others, this is free of charge.
The exercise of the above rights may be subject to conditions or limitations. Therefore, you may not necessarily have a right to data portability, for example, in the specific case – it depends on the specific circumstances of the processing activity in question.
Automated decisions. Profiling. We will not use your Data for automated decision-making or profiling unless you have given your explicit consent.
Security. In Frame, the processing of your Data is subject to our IT and Security Policy. Our IT and security policy also contains rules for conducting risk assessment and impact assessment of existing, as well as new or modified processing activities. We have implemented internal rules and procedures for maintaining appropriate security from the time we collect your Data until deletion, and we only entrust our processing of your Data to data processors who maintain a similarly appropriate level of security.
Complaint to the supervisory authority. If you are dissatisfied with our processing of your Data, you can complain to the Data Protection Authority:
Data Protection Authority
Borgergade 28, 5th floor
1300 Copenhagen K
Telephone +45 33 19 32 00
dt@datatilsynet.dk
Changes to the personal data policy. We may make changes to this privacy policy in the future. Unless changes are immaterial, we will notify you and you may need to consent to such changes in order to continue using our services.