Customers and users of our services

1. General

1.1 This privacy policy (“Privacy Policy”) describes how Dryk ApS (“Dryk ApS”, “us”, “our”, “we”) collects and processes data about you.

1.2 The Privacy Policy applies to personal data that you provide to us or which we collect via the Dryk ApS website,www.dryk.dk. (“The Website”).

1.3 Dryk ApS is the data controller for your personal data. All enquiries to Dryk ApS can be made via the contact details listed under item 7.

2. Which personal data do we collect, for what purpose and what is the legal basis for the processing?

2.1 When you visit our website, we automatically collect data about you and your use of the Website, for example which type of browser you use, which search terms you use on the Website, which pages you visit, your IP address, including your network location, and information about your computer and smartphone or other device which you use to access our Website. We use cookies and other technologies in certain areas of our Website. 

2.1.1 The purpose is to optimise the user experience, including the function of the Website, and to conduct targeted marketing, including retargeting via Facebook and Google. This data processing is necessary for the purposes of our legitimate interests in improving and displaying the Website and relevant content and offers.

2.1.2 The legal basis for the processing is Art. 6(1)(f) of the General Data Protection Regulation (GDPR), as we have determined, on a balance of our interests, that the processing described does not override your interests or fundamental rights and freedoms.

2.2 When you purchase a product or service – via a subscription – we collect the data you provide yourself, such as your name, address, email address, telephone number, method of payment, purchase and interaction history as well as information about the IP address from which the order was made.

2.2.1 The purpose is that we can deliver the products you have ordered and generally fulfil our contract with you. We may also process information about your purchases to comply with legal requirements, including for bookkeeping and accounting purposes. When making a purchase, your IP address is registered in order to help prevent fraud.

2.2.2 The legal basis for the data processing is to be able to perform the contract and deliver the products which have been purchased in accordance with GDPR Art. 6(1) (b). Compliance with legal requirements is with reference to GDPR 6(1) (c).

2.3 When you sign up for our newsletter, we collect data about your name and email address. We also register your consent to receive electronic marketing. We use the other data we collect in accordance with items 2.1 and 2.2 to target our marketing, so that we can show you new products and offers that match your interests.

2.3.1 The purpose is to take care of our interests in being able to deliver newsletters and conduct targeted marketing.

2.3.2 The legal basis for the processing is GDPR Art. 6(1)(f). We only send electronic marketing providing you have given us your consent.

2.4 When you communicate with us via our Website, or by telephone and email, or when you register as a new customer via our Website, or by completing a form at trade fairs, markets and events, we collect the information you provide yourself, e.g. your name, address, email address and telephone number, payment method etc.

2.4.1 The purpose is that we can take care of our interests in responding to your enquiries, communicating with you or registering you as a customer at your request.

2.4.2 The legal basis for the processing is GDPR Art. 6(1)(b)(f).

3. Recipients of personal data

3.1 Data controllers and data processors

A data controller is responsible for the processing of personal data. A data processor carries out the processing of the personal data on behalf of the data controller.

3.2 Disclosure and transfer of personal data

A distinction is made between disclosing and transferring data to third parties. A disclosure of personal data implies that the data are communicated to a third party, who then has an independent right to process the data. A transfer of personal data implies that the person to whom the data are communicated may only process the personal data on behalf of and on the instructions of the data controller. Data about your name, address, email, telephone number, order number and specific delivery requests will be passed on to the carriers who are delivering the purchased goods to you. If a food product is withdrawn, the Danish Veterinary and Food Administration is informed of which customers have received the product. There may be instances where we disclose your data to other parties in order to comply with legal or statutory requirements or as part of an organisational restructuring, merger, transfer or sale.

3.3 Data may be handed over to external partners who process the information on our behalf.

We use external partners for technical operations and improving the Website, customer service, sending newsletters, safeguarding our legal interests as well as targeted marketing, including retargeting and telemarketing, as well as for your assessment of our company and products. These companies are data processors, and process data for us as the data controller in line with our instructions. The data processors may not use the information for any purpose other than fulfilling the contract with us, and they are subject to an obligation of confidentiality. We have entered into written data processing agreements with all the data processors who process personal data on our behalf.

3.4 Several of these data processors are established in the USA.

The necessary safeguards for the transfer of data to the USA are ensured through the data processor’s certification under the EU-US Privacy Shield, cf. EU GDPR Art. 45. 45.

3.4.1 A copy of Google LLC’s certification can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

3.4.2 A copy of Facebook Inc.’s certification can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

3.4.3 A copy of Zapier Inc.’s certification can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000TNk2AAG&status=Active

3.4.4 A copy of The Rocket Science Group LLC d/b/a MailChimp’s certification can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active

3.4.5 A copy of Citrix Systems Inc.’s certification can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000KzMSAA0&status=Active

3.4.6 A copy of SurveyMonkey Inc.’s certification can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000Gn7zAAC&status=Active

4. Your rights

4.1 In order to create transparency regarding the processing of your data, we are obliged, as a data controller, to inform you of your rights.

4.2 Right of access

4.2.1 You are entitled at any time to ask us for details about the data we have registered about you, the purpose for registering the data, the recipients or categories of recipient to whom the personal data have been or will be disclosed, as well as information about where the data originate etc.

4.2.2 You have the right to receive a copy of the personal data we process about you. If you want a copy of your personal data, please send a written request to persondata@dryk.dk. You may be asked to prove that you are who you claim to be.

4.3 The right to rectification

4.3.1 You have the right to have inaccurate personal data concerning you rectified by us. If you become aware that errors exist in the data we have registered about you, you are encouraged to contact us in writing so that the data can be corrected.

4.3.2 You are able to correct some personal data yourself by logging in to your profile.

4.4 The right to erasure

4.4.1 In some cases, you have the right to have all or some of your personal data erased by us, for example if you withdraw your consent on which the processing is based and we have no other legal ground for the processing. To the extent that continued processing of your personal data is necessary, for example in order to comply with our legal obligations or so that legal claims can be established, exercised or defended, we are not obliged to delete your personal data.

4.5 The right to restriction of processing

4.5.1 In certain cases, you have the right to restrict the processing of your personal data to storage, for example if you believe that the personal data we process about you are incorrect, that we do not have a sufficient legal basis, or, in certain cases, if you have objected to us processing your data.

4.6 The right to data portability

4.6.1 In certain cases, you have the right to receive the personal data which you have given us in a structured, commonly used and machine-readable format, and you have the right to transmit these data to another data controller.

4.7 The right to object

4.7.1 You have the right to object at any time to our processing of your personal data intended for direct marketing, which includes profiling to the extent that it is related to such direct marketing.

4.7.2 You also have the right at any time on grounds relating to your particular situation to object to the processing of your personal data which we carry out on the basis of our legitimate interests.

4.8 The right to withdraw consent

4.8.1 You have the right at any time to withdraw the consent you have given us to process your personal data, including subscribing to our newsletter. If you wish to withdraw your consent, please contact us at persondata@dryk.dk.

4.9 The right to lodge a complaint

4.9.1 You have the right at any time to lodge a complaint with the Danish Data Protection Agency, Borgergade 28, 5, DK-1300 Copenhagen K, about our processing of your personal data. Complaints can be submitted by email dt@datatilsynet.dk or telephone +45 33 19 32 00.

5. Deletion of personal data

5.1 Data collected about your use of our service, cf. item 2.1, are deleted after you have not used our Service for one year, if not before.

5.2 If you stop shopping with us, we automatically delete your contact details, i.e. your email address and telephone number. We do this three years after the end of the calendar year in which you made your last purchase. In order to meet the requirements of the Danish Bookkeeping Act (Bogføringsloven), we store data related to your purchases for five years after the end of the calendar year in which you made your last purchase. The remaining data we have registered about you are then deleted. However, data may be stored for a longer period of time if we have a legitimate need to store such data for longer, for example if it is necessary for legal claims to be established, asserted or defended, or if storage is necessary for us to comply with legal requirements.

5.3 Data gathered in connection with you registering for our newsletter, cf. item 2.3, are deleted when your consent to receive the newsletter is withdrawn, unless we have another reason for processing the data. However, we will keep proof of your consent for two years so we can prove that we have not sent direct marketing without valid consent.

6. Security

6.1 We have implemented appropriate technical and organisational security measures against the accidental or unlawful destruction, loss, alteration or deterioration of personal data and against unauthorised disclosure or misuse.

6.2 Only employees with a valid need to access your personal data in order to perform their tasks have access to these data.

7. Contact details

7.1 Dryk ApS is the data controller for the personal data collected via the Website or otherwise as described in this Privacy Policy.

7.2 If you have any questions or comments about this Privacy Policy, or if you wish to exercise one or more of your rights as described in item 4, please contact:

Dryk ApS

Dyrehavevej 5

4672 Klippinge

Tlf. nr.: 7177 4980 E-mail: persondata@dryk.dk

8. Changes to Privacy Policy

8.1 If we make changes to the Privacy Policy, you will be informed of such changes when you next visit the Website.

9. Versions

9.1 This is version 1 of Dryk ApS’s Privacy Policy, dated 16.01.2020 16.01.2020