PRIVACY POLICY FOR USERS OF APP

In connection with the use of the Carswip app (the “App”), Carswip ApS (“Carswip” or “we”) collects and processes, in the role as data controller, personal data about the users of the App. This privacy notice provides information which we are required by law to give about our processing of personal data.
In this policy, “user(s)” or “you” refers to users of the App.

1. Categories of personal data and purposes

We process personal data for the following purposes:
– To identify you and to enable you to use the App
– User account administration
– To process and handle your orders, invoices, and payments
– Sales
– To comply with applicable personal data protection regulation and other legitimate interests, e.g. to communicate with you in order to respond to any queries you may have.

We collect and process the following types of personal data about the Users of the App:

Non-sensitive categories of personal data:
Basic personal data e.g. email address, username, password, geo-location network data, IP-address and your use of the app, inter alia when you take photos.

Legal basis
The legal basis for the collection and processing of personal data is the performance of the contract cf. GDPR art. 6(1)(b) and the processing is necessary for the purpose of our legitimate interests cf. GDPR art. 6(1)(f).

Our legitimate interests are the following:
– User support and administration, i.e., to ensure that we can assist you with any questions and provide you with the services and products that you have requested via the App
– To handle any potential claims (e.g., debt collection) and/or legal proceedings as well as preventing fraud, misuse of the App etc.

2. Sources

The personal data are collected directly from you in connection with your account registration and use of the App.

When we collect personal data directly from you, you either provide us with the personal data on a voluntary basis or in order for us to comply with the law. It will depend on the specific circumstances whether you are under an obligation to provide us with such personal data. Your personal data can also be collected from our business partner you are employed at.

The consequence of not providing us with the personal data mentioned above will be that we cannot pursue the specific purposes set out above, which for example means that we cannot provide the features and services of the App to you.

If you have provided us with your consent to a specific processing activity, you have the right to withdraw such consent without any consequences for you. However, if you withdraw your consent, the withdrawal will not affect any processing based on your consent given before the withdrawal. If you wish to withdraw your consent, please contact us using the contact information in section 8 of this policy.

3. Recipients of personal data

Personal data can be disclosed to and shared with the following recipients:
– Auditors and legal advisers
– Other advisers, e.g. consultants and legal advisors
– Business partners, if relevant
– Data processors (for instance hosting)
– In the event of suspicion of criminal offences, data may be disclosed to the police or other third parties relevant to the matter in question

Legal basis for disclosure
The legal basis for disclosure of personal data to auditors is the Danish Act on Approved Auditors and Auditing Firms (revisorloven) and disclosure for the purpose of legal assistance is in order for us to safeguard our legal interests. Disclosure of personal data for the purpose of external legal advice is necessary for us to safeguard our legitimate interests, see article 6(1)(f) of the GDPR. The same applies to other advisers.

Any disclosure of personal data to our business partners will only happen if necessary to fulfil our legitimate interests in accordance with article 6(1)(f) of the GDPR.

In the event of suspicion of criminal offence where data may be disclosed to the police or other third parties, the legal basis is that disclosure is necessary for safeguarding our legitimate interests, see article 6(1)(f) of the GDPR.

4. Transfer of personal data to recipients in countries outside the EU/EEA

In certain cases, Carswip will transfer your personal data to third countries outside of EU/EEA. If your personal data are transferred to such third countries, Carswip will ensure that such transfer will be carried out in accordance with applicable data protection legislation so that an adequate level of protection is ensured. If the personal data are transferred to recipients established in insecure third countries that are not approved by the EU-Commission, Carswip ensures an adequate level of protection for instance by entering into the EU-Commission’s standard contractual clauses and by implementing additional safeguards.

If in exceptional cases, none of the above legal bases apply, Carswip will obtain your explicit and prior consent to the transfer of your personal data to the specific third country.

You are welcome to request more information on our legal basis and safeguards for any transfers to countries located outside the EU/EEA and you may obtain a copy by contacting support@carswip.com.

5. Storage period

We will we store the personal data for as long as it is necessary to fulfil the purposes set out in this policy. This means that we store the personal data as long as you have an account with the App. If you delete your profile in the App, we will delete your personal data when we do no longer need to document compliance with applicable data protection legislation or any other relevant legislation (e.g. the Danish Bookkeeping Act requires that accounting records are stored for five years to the end of a financial year) and when we are no longer exposed to legal claims from you or other entities under applicable laws.

6. Your rights

Subject to the applicable restrictions in the Danish Data Protection Act and General Data Protection Regulation, you have the following rights:
– The right of access to personal data
– The right to rectification of inaccurate and inadequate personal data
– The right to erasure of personal data
– The right to restriction of processing of personal data
– The right to object
– The right to data portability

The right to object
You have the right to object – on grounds relating to your particular situation – to processing of personal data where the legal basis for our processing is legitimate interests, as stated above. If you exercise your right to object, Carswip may no longer process your personal data unless Carswip demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defense of legal claims.

You also have the right at any time to object to the processing of your personal data for marketing purposes, which includes the right to object to profiling in so far as it relates to direct marketing. If you object to Carswip’s processing for the purpose of direct marketing, your personal data may no longer be processed for this purpose.

You also have a right to submit a complaint to the competent supervisory authority, including the Danish Data Protection Agency. You will find the contact information of the Danish Data Protection Agency on www.datatilsynet.dk. You can also read more about your rights on www.datatilsynet.dk.

7. Contact

Please contact us if you have any questions about the processing of your personal data or how to exercise your rights.

Contact details:
Carswip ApS
Langdyssen 5
8200 Aarhus
CVR No.: 38653490

Email address: support@carswip.com

Date of last change to this Privacy Policy: 6 January 2023.