Privacy Policy - FinTech Subscription Management Solution - Subaio

B2B Privacy Policy

Last Update: 4 January 2021

Questions or comments?

Send an email to:

info@subaio.com

1. General

1. 1. This B2B Privacy Policy (the ”Policy”) applies when you contact and submit information to Subaio ApS, CVR nr. 37766585, Gasværksvej 26B 1, 9000 Aalborg, Denmark, e-mail: info@subaio.com (”Subaio”, “our”, “us” or “we”), via contact forms at Subaio websites, Subaio’s social media accounts and similar third party services (the ”Forms”) or where you have visited Subaio’s website or otherwise reached out to Subaio for business purposes, as well as where Subaio has collected information about you via social media accounts, other public sources or by us both having attended an event, meeting or had a similar interaction for B2B purposes.

2. Which data does Subaio process about you?

2.1. Subaio collects and processes your personal data when you submit information in Forms, such as name, email address, and other information that you may provide by such Forms. Subaio also collects information by public searches, event and other meeting attendance, and own or third party cookies and other follow-up tools, see section 7, below.

2.2. Your personal data is kept by Subaio only for such time periods as necessary to fulfil the purposes for which the data was collected. However, Subaio may retain the data for a longer period of time if required by law or if needed to protect Subaio’s legal interests, e.g. in the event of an ongoing legal proceeding. In such cases, the personal data is only kept to fulfill such legal obligations, and for protecting Subaio’s legal interests, being a legitimate interest of Subaio, respectively. You may find further information in the overview set out below, see section 3, below.

3. Why does Subaio process your personal data?

3.1. Subaio processes your personal data for several purposes. The main purpose of Subaio’s processing of personal data concerns providing the information that you have asked for when filling out the relevant Form, to fulfil the task that you have requested. In respect of the data that Subaio has collected on its own, the main purpose for Subaio’s processing of it is processed for sales and marketing of Subaio and Subaio’s products and services, the basis for which being Subaio’s legitimate interest of promoting its business operations. The data may also serve as material for marketing and customer analyses, market research, statistics, follow-up of business operations and business and methods development, which is carried out based on Subaio’s legitimate interest of following-up and analysing its B2B contact persons. You may find the relevant legal bases in the below overview, including with regard to the General Data Protection regulation (the “GDPR”).

3.2. If you do not want Subaio to process your personal data for direct marketing, you may notify Subaio thereof in writing via the contact details provided in section 8.

3.3. In the below overview, you may find information related to our legal basis and retention periods in relation to each processing activity:

Activity

Legal basis

Retention

Communication with you, including if you represent a customer, supplier or another third party or if you contact us as a private individual. 

The legal basis for our processing is article 6(1)(f) of the GDPR as we pursue our legitimate interest in being able to communicate with you or perform our agreement with the business that you represent. 

As a general rule, data relating to the business you represent, are stored for 5 years after the end of the financial year in which your last enquiry was closed, or the agreement has ended.

 

As a general rule, we erase data not related to a particular case or agreement 12 months after the end of the financial year in which your last enquiry was closed. 

Customer analysis, market research, statistics.

The legal basis for our processing is article 6(1)(f) of the GDPR as we pursue our legitimate interest in being able to perform analysis etc. 

For the general retention periods, see above. As part of transforming personal data into statistical information, such personal data is anonymized.

Your use of the website (cookies etc.) 

With respect to cookies for functionality purposes (necessary cookies), the legal basis is article 6(1)(f) of the GDPR as we pursue our legitimate interest in optimizing user experience and correcting errors on the website. 

With respect to other cookies (including for analysis purposes), consent is required according to the Danish Cookie Order. The legal basis for processing personal data based on consent is article 6(1)(a) of the GDPR. 

You can see the time limits for storage in respect of the individual cookies in our cookie policy. 

Also, see section 7, below.

Distribution of marketing material.

The legal basis for our processing is section 10 of the Danish Marketing Practices Act (markedsføringsloven) as we distribute electronic marketing material if you have given your prior consent to it. 

As a general rule, we store your data for marketing purposes for a period of 2 years after our last distribution of marketing material (unless you have withdrawn your consent before that). 

4. Third Parties

4.1. Subaio may provide or otherwise make available information relating to you to Subaio’s collaboration partners and companies that process personal data on behalf of Subaio, i.e. data processors of Subaio, such as our IT-suppliers or suppliers engaged by Subaio for Subaio’s marketing efforts. However, Subaio will always be responsible for the correct processing of your personal data. The information provided by Subaio to advertisers in Subaio’s marketing network will only be provided for marketing purposes. Unless we are obligated to obtain your prior consent, these activities are carried out based on Subaio’s legitimate interest of providing relevant information and offers to its B2B contact persons.

4.2. Subaio may also disclose personal data if required under applicable law or a decision of a competent authority, to fulfil legal obligations. Further, personal data may be processed to protect Subaio’s legal interests or to detect, prevent or observe fraudulent behaviours and other security or technical issues, which constitute legitimate interests for Subaio for performing the processing.

Your personal data will be transferred to or stored in countries outside of the EU/EEA, provided that there is an adequate level of protection or that Subaio and its data processors have implemented appropriate safeguards, such as standard contractual clauses, please see https://ec.europa.eu/info/law/law-topic/data-protection_en. Currently, Subaio uses the following service providers outside of the EU/EEA based on the following legal bases (if you wish to receive a copy of the relevant legal basis, please contact us using the below contact information, see section 8):

              1.  

Entity

Location outside EU/EEA

Legal basis

Active Campaign

USA

EU Standard Contractual Clauses

Calendly

USA

EU Standard Contractual Clauses

Facebook

USA

EU Standard Contractual Clauses

Google

USA

EU Standard Contractual Clauses

LinkedIn

USA

EU Standard Contractual Clauses

5. Changes to the Privacy Policy

Subaio has the right to, at any time, change this Privacy Policy. Subaio shall notify upcoming changes to the Privacy Policy via its website with reasonable advance notice. You have the right to notify Subaio that you are not permitting any further processing of your personal data prior to the changed Privacy Policy enters into force.

6. Data security

We aim to ensure that you at all times remain confident in trusting Subaio with your personal data. In this respect, Subaio has implemented such security measures necessary to protect your personal data from unauthorised access, modification and deletion.

7. Cookies

The services provided via Subaio’s websites use cookies and other techniques (hereinafter ”cookies”) in order to function properly. Cookies are used for Subaio to keep statistics of the number of visits and to enable enhancements of the user experience. If you do not agree to the use of cookies, you may configure your web browser not to accept cookies. If you choose to set your web browser not to accept cookies, Subaio can, however, unfortunately not guarantee that the websites will function properly. Further information on Subaio’s use of cookies is provided at our cookie policy which is available here.

8. Contact details etc.

8.1. Subaio is the data controller and is responsible for the processing of your personal data in accordance with applicable legislation. Subaio has also appointed a data protection officer for its data processing, please see below.

8.2. You are entitled to, in accordance with applicable law, request access to and rectification or erasure of your personal data or restriction of processing concerning you and to object to processing, including processing for direct marketing, as well as to data portability. You are entitled to request this free of charge. In case of requests that are manifestly unfounded or excessive, in particular because of their repetitive character, Subaio is entitled to charge an administrative fee – in such cases you will be notified thereof beforehand. Subaio will normally answer your request within one (1) month from receipt of your request through info@subaio.com

8.3. Also, if our processing is based on your consent, you may withdraw your consent at any time. If you withdraw your consent, it will not affect the lawfulness of our processing before the withdrawal. As a result, your withdrawal will only be effective in respect of future processing.

8.4. Do not hesitate to contact Subaio if you have any questions on the processing of your personal data, whish to exercise your rights or if you have any complaints, directed to:

Subaio ApS

Data Protection Officer: Mikkel Bonde Christensen

Gasværksvej 26B 1

9000 Aalborg

Denmark

info@subaio.com

If you should remain discontent after having been in contact with us, you may contact Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, www.datatilsynet.dk, that is the supervisory authority in respect of data processing, and to which you may submit your complaint.