Privacy policy for Salling Group A/S

Updated May 1, 2019

1.1    General points about Salling Group's processing of personal data
1.2   Your data protection is taken seriously
1.3   Data controller and contact information
1.4   Data processing occurs on the stated basis
1.5   The data we process about you
1.6   The purpose of our processing of your personal data
1.7   Sole purpose of processing relevant data
1.8   Sole purpose of processing necessary data
1.9   Collection of consent before data processing or processing on another legal basis
1.10 Other bases than consent for our processing of your data
1.11  Your personal data will be continually checked and updated
1.12  Erasure of unnecessary personal data
1.13  Protection of personal data
1.14  Cookies
1.15  The transfer and disclosure of personal data
1.16  Transfer or disclosure to recipients in third countries, including international organisations
2. Specific privacy policies
2.1  Privacy policy for the sending of marketing material 
2.2  Privacy policy for reservations with web shops (Click & Collect)
2.3  Privacy policy for stock notifications at web shops
2.4  Privacy policy for Sendoghent.dk
2.5  Privacy policy for oekoplus.foetex.dk
2.6  Privacy policy for social media
2.7  Privacy policy for Salling Group Profiles
2.8  Privacy policy for CCTV in Salling Group stores
2.9  Privacy policy for customer service
3. Your rights.

 

1. General points about Salling Group's processing of personal data

Privacy policy scope

Our privacy policy forms the basis of our processing of your personal data, and here we explain how we process your personal data. This applies regardless of whether you are a customer of ours, supplier or other type of business partner. 

The privacy policy contained in section 1 is an overall description of Salling Group A/S's personal data processing.

The following sections describe our personal data processing within a number of specific areas, formats or websites. There is therefore a direct link to these sections from the relevant websites etc.

In the privacy policy’s final section, you can read about your rights as a registered user, and how you make use of your rights.

In addition to this privacy policy, you will also be able to read about how we process personal data under subscription or trading conditions in our web shops, and in competitions and events we might hold. Regarding our websites’ use of cookies, we also refer you to the cookie policy on the individual pages.

Salling Group A/S owns, among other entities, the føtex, Bilka, Netto and Wupti.com formats, which are therefore subject to this privacy policy. Regarding the other companies in Salling Group, including foreign companies, please refer to the separate privacy policies/personal data policies of these companies.

1.2 Your data protection is taken seriously

We continually revise how we can best process your data, and we place a special emphasis on ensuring that your fundamental rights are not adversely affected. That is why we are particularly sensitive to the risk of discrimination, identity theft, financial loss, loss of reputation and data confidentiality generally.

1.3 Data controller and contact information

The data controller is:

Salling Group A/S
Cvr.nr. 35954716
Rosbjergvej 33
8220 Brabrand
www.sallinggroup.com

Salling Group A/S is responsible for data at the following websites and web shops: 

• bilka.dk
• br.dk
• bilkajob.dk
• bilkaelev.dk
• bilkamadudafhuset.dk
• bilkatogo.dk
• carlsjr.dk
• flowr.dk
• føtex.dk
• foetexelev.dk
• foetexmadudafhuset.dk
• guldmaerker.dk
• iposen.dk
• madskalspises.nu
• nettalk.dk
• netto.dk
• nettoelev.dk
• salling.dk
• sallinggroup.com
• sallinggroupelev.dk
• sendoghent.dk
• shopinion.dk
• vrs.dk
• wupti.com
• oekoplus.foetex.dk
• aarets-oekolog.dk

The list will be updated on an ongoing basis; we also link to the privacy policy from all the covered websites.

1.4 Data processing occurs on the stated basis

Upon the moment of submission of your personal data at the very latest, we will inform you about the data we process about you and why. 

This information will either be made through reference to this privacy policy or in the form of separate information for you, including any request for you to accept the processing. 

1.5 The data we process about you

Our processing of your personal data takes place to provide you with a better service and ensure the quality of the products and services we provide for you.

Data can be collected and processed by us in relation to the following forms of contact you may have with us:

  • The use of one of our websites and web shops without purchasing during the visit, including through cookies; see section 14.
  • Purchases via one of our web shops
  • Use of our mobile apps
  • Enquiries to us by email, telephone or post
  • Contact or booking forms
  • Enquiries to customer service via our customer service portal on the internet
  • Participation in competitions, events and so on. 

Data that can be collected and processed typically include one or more of the following:

  • Contact information, such as name, address, telephone number and email
  • Order data, purchase history, payment information
  • Contact information for suppliers’ employees
  • Consent for marketing material, newsletters or competitions
  • User and click behaviour collected via cookies in connection with your use of our websites, or through certain of our newsletters and marketing emails
  • Video or photo recordings via CCTV.

1.6 The purpose of our processing of your personal data

The collection and processing of your personal data will be based on specific stated purposes or for other legal business purposes. Such purposes may include:

  • The processing of your purchase and delivery of our service
  • Fulfilment of an agreement on the basis of your request
  • Administration of your relationship with us
  • Operations and optimisation of our websites and mobile apps
  • Fulfilment of legal requirements
  • Customer service and general communications with us
  • Administration of supplier relations
  • Distribution of marketing, including newsletters

1.7 Sole purpose of processing relevant data

Your personal data will only be processed on the basis of the various stated purposes, including, where appropriate, with reference to this privacy policy and the purposes listed herein. Only data necessary for the fulfilment of these purposes are relevant, and our processing will therefore be limited to such personal data.

Prior to the collection of your personal data, we will make a specific assessment of whether it is possible to limit the amount of personal data to be collected and processed. We also carry out a specific assessment of whether it is possible to process your personal data anonymously or pseudonymously.   

1.8 Sole purpose of processing necessary data

Our processing of your personal data will only include data necessary to process according to the stated purpose, or data necessary for the fulfilment of legal or contractual obligations. 

1.9 Collection of consent before data processing or processing on another legal basis

Before we carry out the processing, we will obtain your consent, or base the processing on another legal basis. We will inform you of the basis and purpose of the collection and processing of your personal data, including, where appropriate, with reference to the privacy policy.

Here are some examples of instances where we collect your consent:

  • The processing of personal data based on cookies when you visit our websites
  • Upon the creation of user profiles on one of our websites or web shops
  • Participation in competitions, events and so on
  • Distribution of marketing, including newsletters
  • Registration for loyalty programs

1.10 Other bases than consent for our processing of your data

The following points do not constitute an exhaustive list of cases in which we base our processing on the other bases than consent. We also refer, therefore, to specific sections here in the privacy policy.

1.10.1 The use of one of our websites, including web shops without purchasing during the visit

When you visit our websites, you will be asked to accept this privacy policy and cookie policy.

In addition, our websites apply necessary cookies that are placed without your consent in accordance with cookie legislation and upon the legal basis of the general data protection regulation article 6(f)

1.10.2 Enquiries to us by email, telephone or post

Here the processing of your personal data is based on the fact that your enquiry to us has been made on your own initiative; cf. the general data protection regulation article 6 (b) (c) (d) (f). If your information is collected in connection with your enquiry, our response will include a reference to this privacy policy.

1.10.3 Purchases via web shops

When purchasing through one of our web shops where you provide contact information and payment information without at the same time creating a user profile, you can find the privacy policy in the terms and conditions for the web shop’s use of the information you submit to enable the completed purchase; cf. the general data protection regulation, article 6 (b) (c).

1.10.4 Enquiries to customer service

Via telephone:

  • Here the processing of your personal data is based on the fact that your enquiry to us has been made on your own initiative, and we refer to the privacy policy on our customer service webpage; cf. the general data protection regulation article 6 (b) (c) (d) (f).

Through one of our websites or social media:

  • You will be asked to accept or be directed to our privacy policy on our customer service webpage; cf. the general data protection regulation article 6 (a) (c) (f).

See also section 2.9 about customer service.

1.11 Your personal data will be continually checked and updated

Personal data that we process about you will be checked and updated on an ongoing basis to ensure that the collected data is not false or misleading.

In order to ensure the quality of your data, we have adopted internal rules and established procedures for the verification and updating of your personal data. 

You can read more in section 3 about your rights and what to do in the event of significant changes related to your personal data.

1.12 Erasure of unnecessary personal data

When the purpose of collecting and processing your personal data is fulfilled, the information will be deleted, as long as there is no legal basis for retention.

We have assessed the need for the following retention periods, although this does not constitute an exhaustive list. We also refer, therefore, to specific sections here in the privacy policy.

1.12.1 Upon visiting one of our websites:

We refer to the sections for individual websites as well as the section on cookies, where you can learn more about the specific retention periods for data collected via cookies. 

1.12.2 Enquiries to us by email, telephone or post

Enquiries by email that concern us and are sent directly to one of our employees, or forwarded by one of our business partners to one of our employees, are deleted when there is no further purpose for their retention. This is assessed on the basis of the individual email in relation to the purpose of the request and the content of the message, including when the message falls under one of the other categories listed in this section.

Enquiries by e-mail to one of our employees that do not concern Salling Group are deleted upon notification to the sender if the request does not provide the employee cause to take it any further.

We have a general deletion policy whereby employees must delete or anonymise personal data when there is no longer a purpose or legal basis for retention.

1.12.3 Purchases via web shops

We refer here to the trading terms and conditions for the specific web shop, which you can find on the web shop's website.

1.12.4 Upon the creation of user profiles on one of our websites or web shops

We refer here to the privacy policy for the profile on the specific website or web shop. 

1.12.5 Competitions, events, loyalty programs and the like.

We store your personal data collected in connection with competitions, events, loyalty programs and the like (e.g., a customer club) as long as there is a purpose for the storage.

For example, the data retention period for a competition typically lasts until the winner is announced, and for events, until the event is completed. 

You can find detailed information about the specific retention periods in the privacy policy for the competition/event/loyalty programme, etc.

1.12.6 The sending of newsletters and other marketing material

If you have consented to receiving newsletters or other marketing material, we will keep your information until you unsubscribe from the newsletter or the receipt of marketing, or in accordance with the specific form of consent.

When it comes to the sending of individual pieces of marketing material, we keep your information until there is no longer a purpose for its retention, or in accordance with the specific form of consent.

See also section 2.1 about the privacy policy for newsletters and other marketing.

1.12.7 Cookies

Regarding the erasure of personal data collected via cookies, please refer to the section on cookies.

1.13 Protection of personal data

Our processing of personal data takes place in accordance with the rules we have adopted internally. These rules contain instructions and measures with the aim of protecting your personal data.

This means that we will treat your personal data in such a way as to avoid your personal data being destroyed, lost, changed or published unauthorised, and to stop unauthorised access to or familiarity with your personal data. 

We have established procedures for the granting of access rights to those of our employees who process personal data. We check their access attempts through logging and monitoring. In order to avoid data loss, we make continuous backups of our data sets. We also protect the confidentiality and authenticity of your data through encryption.

In the event of a security breach that results in a high risk of discrimination, identity theft, financial loss, loss of reputation or other significant damages for you, we will notify you of the breach as soon as possible. 

The Danish Data Protection Agency will also be informed upon security breaches in accordance with the law.

1.14 Cookies

1.14.1 What are cookies?

A cookie is a small text file that is stored on your computer, phone or other equipment that you use to visit the website. A cookie contains only text; it is not a program and does not contain viruses. Cookies are either placed by us (first party cookies) or one of our partners (third party cookies).

We use cookies to make our website function and to make it easier for you to use. Cookies help us, among other things, to recognise your computer or other web-enabled equipment and get an overview of your visits so we can continually optimise and focus the websites and our services. In this way we can provide you with a better user experience with more relevant content. 

We can also, in some cases, use cookies to track your behaviour on the websites in order to target marketing and ads on our, or our partners’ websites, or through email when you have signed up for newsletters or the receipt of other marketing from us. Read more about this in section 2.1.

We divide cookies into the following categories:

  • Necessary
  • Functional
  • Statistical
  • Marketing

You can read more about our websites’ use of cookies, as well as how to block or delete cookies, in our cookie policy on the individual websites.

1.14.2 Data we process about you based on cookies

In the cookie policy of the specific website you visit, you can see if the website's cookies may collect the following types of information about you, which may constitute personal data:

  • a unique ID
  • technical information about your computer
  • tablet or mobile phone
  • your equipment’s IP address
  • your geographical location
  • which pages you click (interests and search history) 
  • information about transactions

1.14.3 The purpose and legal basis of our processing of your personal data

We process your personal data on the basis of different types of cookies for the following purposes:

Necessary cookies:

  • Basic functions on the websites so they function and are displayed correctly in your internet browser

Functional, Statistical and Marketing cookies:

  • Website analysis cookies are used to track which pages are visited
  • Customer service/Interaction cookies are used to support enquiries to customer service
  • Social media cookies are used to share/"like" products
  • Profiling/Personalising cookies are used to adapt content on the page to the visitor
  • Marketing cookies are used to promote relevant products
  • Video cookies are used to support content in the form of visual product guides and user guides

You can read more about the processing of information, including personal data, and the purpose of each cookie in the cookie policy on the individual websites, as well as in section 1.14.

The legal basis of our processing of your personal data consists of:

  • The collection and processing of personal data on the basis of necessary cookies is carried out in accordance with the general data protection regulation article 6 (f) as the collection is necessary in order to make the website usable by activating its basic features, and because the website cannot function properly without these cookies. Therefore, you cannot reject the placement of these cookies, but you can read more about how to delete these cookies in the cookie policy on the individual websites.
  • The collection and processing of personal data via Functional, Statistical and Marketing cookies is carried out in accordance with the general data protection regulation article 6 (a) and (f) since the collection takes place on the basis of your consent to the applicable cookie policy concerning our placement of cookies and thus the processing of personal data, and also from our legitimate interest in being able to optimise the websites’ functions, information and layout for your benefit.  

1.14.4 Erasure of personal data collected via cookies

Please refer to the cookie policy for the individual website.

When the purpose of collecting and processing your personal data via cookies is fulfilled, your personal data will be deleted, as long as there is no legal basis for retention.

Where it is stated that we disclose personal data collected via cookies on our websites to third parties, we refer you to the deletion policy/retention policy in the privacy policy or equivalent policy with the receiving third party.

1.14.5 The disclosure of personal data collected via cookies and the transfer thereof to third countries

Regarding the disclosure of personal data and transfer to recipients in third countries on the basis of cookies, please refer to section 1.16.1.

1.15 The transfer and disclosure of personal data

We can, as appropriate, disclose your personal data to the following categories of beneficiaries:

  • Data processors, such as IT suppliers as part of the operation and support of our websites and systems
  • Group companies
  • Our business partners in the form of suppliers and subcontractors of goods and services to you on our behalf, e.g., the transportation and delivery of goods from web shops
  • Suppliers of services to target marketing based on cookies (3rd-party cookies). You can read more about our disclosure of personal data to third parties on the basis of cookies in the cookie policies on the specific websites, in the subsections of this policy for specific websites and in section 16.
  • Accountants, lawyers and other advisors
  • Public authorities, where legislation prescribes it

1.16 Transfer or disclosure to recipients in third countries, including international organisations

1.15.1 Disclosure to recipients in third countries via cookies

1.15.2 General terms

We transfer personal data from cookies to a number of recipients outside the EU and EEA. You can read more about this in the individual sections below, where a number of our websites, formats, concepts and products are more specifically described, and in the cookie policy for the specific website.

In addition, we will collect data on a number of websites via cookies about your behaviour on the website, which we pass on to suppliers of services in the field of targeted marketing.

Products used for targeting marketing can be, for example, Google Analytics, Adobe Analytics and Facebook Pixel.

You can see in the cookie policy for the specific website if we use these cookies.

Recipients of data are:

  • Google Analytics --> Google LLC
  • Adobe Analytics --> Adobe Systems Incorporated
  • Facebook Pixel --> Facebook Inc

The transfer basis is certified under the EU-U.S. Privacy Shield; cf. the general data protection regulation article 45.

You can read more about the EU-U.S. Privacy Shield at www.privacyshield.gov

You can read more about the basis of the transfer on the Danish Data Protection Agency website.

The data collected is, seen in isolation, anonymised, but if you have a Facebook profile, Facebook will be able to compile the information with your profile, meaning that Facebook will be able to identify you. We therefore also refer you to the privacy policy for your Facebook profile and Facebook's other policies.

Your IP address and, in some cases, your order number are disclosed in connection with the transmission of the collected data about you to Adobe and Google, which is why your IT equipment, and thereby potentially you, can be identified. The IP address is used by Adobe and Google as a necessary part of the data transmission, and the IP address is therefore immediately deleted after its completion, whereupon the collected data about your behaviour is anonymised. Salling Group does not have access to your IP address as part of the use of Adobe Analytics and Google Analytics.

1.15.3 Particular info about Facebook Pixels

Our use of Facebook Pixels on one of our websites means that Facebook collects the following information:

  • HTTP headers – everything in the HTTP headers. HTTP headers are standard web protocols that are sent between a browser and a server on the internet. HTTP headers contain IP addresses, information about your web browser, page location, document, referrals and the device.
  • Pixel-specific data – includes Pixel-id and the Facebook cookie.
  • Data on click button – Includes all clicks on buttons from website visitors, the labels on the buttons and all visited pages that result from button clicks. Also includes field names in website forms; for example, 'email', 'address' and 'number' for the purchase of a product or a service. We do not record form field values unless you include them as part of an advanced search or optional values.
  • Website metadata – includes page descriptions, tags and search words. This is the same data that is most often used by search engines and other web services for the ranking of websites.

We also refer you here to www.facebook.com for further information about Facebook Pixel.

1.15.4 Transfer to recipients in third countries that does not take place via cookies

In some cases, we transfer information to suppliers, subcontractors or IT services outside the EU and EEA that is not gathered via cookies, e.g., when you shop via one of our online stores or participate in a contest or an event. You can find a list of the recipients of personal data from outside the EU and the EEA that is not gathered via cookies, as well as the basis for the transfer, in the purchasing terms and conditions for the individual web shop, in the conditions of the competitions and in the conditions for the relevant event.

In addition, we use the following suppliers of general IT support for our IT systems at Salling Group, and this may involve the transfer of personal data to suppliers:

  • International Business Machines Corporation (IBM) - data processor
  • Microsoft Corporation - data processor

As a result of this support, we transfer personal data to the following non-EU/EEA countries:

  • International Business Machines Corporation (IBM) - India
  • Microsoft Corporation - USA

The basis for the transfer is:

  • International Business Machines Corporation (IBM) – EU standard contractual regulations; cf. the general data protection regulation article 46.
  • Microsoft Corporation - certified under the EU-U.S. Privacy Shield; cf. the general data protection regulation article 45.

 

2. Specific privacy policies

2.1 Privacy policy for the sending of marketing material

In the following, we refer here to all types of marketing, including newsletters, collectively as ‘marketing material’.

For the websites and mobile apps where you can register to receive our marketing material, the personal data we collect and process can be divided into two types: ‘web shops’ and ‘physical stores’.

2.1.1 Privacy policy for the sending of marketing material from web shops

In this section, you can read about how we process your personal data in connection with our marketing material, which you can consent to receive in several of our web shops.

A link is directly embedded in the consent, so you can read about our processing and your rights before you give your consent.

2.1.2 Data controller and contact information
See section 1.3.

2.1.3 The purpose and legal basis of our processing of your personal data

We process your personal data for the following purposes:

  • Distribution of marketing material, for example via emails or SMS, with news, campaigns, promotions, offers and information about competitions and events
  • Administration of your relationship with us as a registered user
  • Distribution of service messages
  • Personalisation (profiling) of our marketing and websites to you, including on the basis of your click behaviour in relation to the received marketing material with the aid of cookies.
  • Statistical purposes to optimise our marketing and websites

The legal basis of our processing of your personal data consists of:

  • Your consent to the receipt of the marketing material; cf. the general data protection regulation article 6 (a)
  • Distribution of marketing material on the basis of your previous purchases with us where we choose to utilise this opportunity in marketing law; cf. the general data protection regulation article 6 (f). Here the request instead will simply include a link to this privacy policy.
  • Our legitimate interest in being able to administer your registration, cf. the general data protection regulation article 6 (f)
  • Our legitimate interest in collecting data for statistical purposes for the optimisation of our marketing and websites; cf. the general data protection regulation article 6 (f)
  • Your consent for profiling; cf. data protection law article 6 (a) and 22, section 2 (c)
  • Our legitimate interest in being able to collect and administer your information, including via your click behaviour in relation to distributed marketing material and via cookies on our websites, for the optimisation of our marketing material and websites for you; cf. the general data protection regulation article 6 (f). See also section 1.14 on cookies.
  • Our legitimate interest in collecting data for statistical purposes for the optimisation of our marketing and websites; cf. the general data protection regulation article 6 (f)

2.1.4 Categories of personal data

Data that can be collected and processed include:

  • Name
  • Telephone number
  • Email
  • Your click behaviour in relation to distributed marketing
  • Date of birth of your children in the case of marketing where the content follows your child's age
  • Purchase history from web shops

2.1.5 Recipients or categories of recipients

We disclose your personal data for processing with our suppliers of the IT systems that handle the distribution of our marketing.

2.1.6 Transfer to recipients in third countries, including international organisations

We use data processors in the form of suppliers of IT systems for administering the distribution of marketing. In this context, we will transfer some of your personal data collected in connection with our marketing distribution, including via cookies on our websites, to the following recipients in third countries:

  • Heroku, Inc (Salesforce) - USA
  • Google LLC - USA
  • Compose/International Business Machines Corporation (IBM) – USA

The transfer basis is certified under the EU-U.S. Privacy Shield; cf. the general data protection regulation article 45.

  • Gigya, Inc – USA

The basis of the transfer is EU standard contractual regulation; cf. the general data protection regulation article 46. 

In addition, we refer you to section 1.16.1 on the transfer to third countries via cookies.

2.1.7 Where your personal data is derived from:

The information you have submitted in connection with registering for marketing material, the information we have collected via your click behaviour in relation to distributed marketing material and via cookies based on your visits to one or more of our websites.

2.1.8 Storage of your personal data

We store your personal data, including information obtained via cookies, for as long as you are signed up for marketing material from us, and we will erase the information via anonymisation if it has been 1 year since you last read the received marketing material from us.

We also store your consent for documentation purposes in relation to data protection and marketing law for 5 years from the last time we have used your consent.

2.1.9 Profiling

We can use profiling to target our advertising when you have consented to this via your consent to receive marketing.

The profiling will not significantly affect individuals, but will confine itself to marketing use.

The profiling can take place by compiling the data about your behaviour on our websites with the information that you have submitted in connection with a purchase via our web shops, and with your registration to receive marketing.

We profile the products or product groups you are most interested in so we can adapt our advertising and offer you the most relevant offers, news and products.

You may, at any time, object against direct marketing, whereupon we will cease to process your personal data as indicated and erase the data collected about you. 

2.1.10 The right to withdraw consent

Your consent is voluntary and you may withdraw it at any time by contacting us. Please contact us if you have questions, or if you wish to withdraw your consent.

Please be aware that if you choose to withdraw your consent in relation to information submitted to us, we will not be able to further process your information, unless we are legally or contractually obliged to do so.

If you choose to withdraw your consent, this does not affect the legality of our processing of your personal data based on your previously given consent and up to the time of the withdrawal. If you withdraw your consent, it therefore only takes effect from that point.

2.1.11 Your rights

See section 3.

2.1.12 See also the privacy policy for newsletters and other marketing from physical stores

In the following, we refer to all types of newsletters and other marketing collectively as ‘marketing material’.

On the websites where you can register to receive marketing material, the personal data collected and processed can be divided into two types: ‘web shops’ and ‘physical stores’.

2.1.13 Data controller and contact information

See section 1.3.

2.1.14 The purpose and legal basis of our processing of your personal data

We process your personal data for the following purposes:

  • Distribution of marketing material, for example via emails or SMS, with news, campaigns, promotions, offers and information about competitions and events
  • Administration of your relationship with us as a registered user
  • Distribution of service messages
  • Personalisation (profiling) of our marketing and websites to you, including on the basis of your click behaviour in relation to the received marketing material with the aid of cookies.
  • Statistical purposes to optimise our marketing and websites

The legal basis of our processing of your personal data consists of:

  • Your consent to the receipt of the marketing materials; cf. the general data protection regulation article 6 (a)
  • Our legitimate interest in being able to administer your registration; cf. the general data protection regulation article 6 (f)
  • Our legitimate interest in collecting data for statistical purposes for the optimisation of our marketing and websites; cf. the general data protection regulation article 6 (f)
  • Your consent for profiling; cf. data protection law article 6 (a) and 22, section 2 (c)
  • Our legitimate interest in being able to collect and administer your information, including via your click behaviour in relation to distributed marketing material and via cookies on our websites, for the optimisation of our marketing material and websites for you; cf. the general data protection regulation article 6 (f). See also section 1.14 on cookies.
  • Our legitimate interest in collecting data for statistical purposes for the optimisation of our marketing and websites; cf. the general data protection regulation article 6 (f)


2.1.15 Categories of personal data

Data that can be collected and processed include:

  • Name
  • Telephone number
  • Email
  • Your click behaviour in relation to distributed marketing
  • Date of birth of your children in the case of marketing where the content follows your child's age


2.1.16 Recipients or categories of recipients

We disclose your personal data for processing with our supplier of the IT system that handles the distribution of our marketing material.

2.1.17 Transfer to recipients in third countries, including international organisations

We refer you here to the section on the transfer to third countries for marketing material distributed from web shops, which takes place in the same way as the distribution of marketing from our physical stores.

2.1.18 Where your personal data is derived from

The information you have submitted in connection with registering for marketing material, the information we have collected via your click behaviour in relation to distributed marketing material and via cookies based on your visits to one or more of our websites.

2.1.19 Storage of your personal data

We store your personal data, including information obtained through cookies, for as long as you are signed up for marketing material from us, and will erase the information via anonymisation if it has been 1 year since you last read a newsletter from us.

We also store your consent for documentation purposes in relation to data protection and marketing law for 5 years from the last time we have used your consent.

2.1.20 Profiling

We use profiling to adapt our marketing material to you on the basis of the information you have submitted in connection with your registration for one or more of our marketing materials, as well as your behaviour on our websites.

The profiling will not significantly affect individuals, but will confine itself to marketing use.

You may, at any time, object against direct marketing, whereupon we will cease to process your personal data as indicated and erase the data collected about you. 

2.1.21 The right to withdraw consent

Your consent is voluntary and you may withdraw it at any time by contacting us. Please contact us if you have questions, or if you wish to withdraw your consent.

Please be aware that if you choose to withdraw your consent in relation to information submitted to us, we will not be able to further process your information, unless we are legally or contractually obliged to do so.

If you choose to withdraw your consent, this does not affect the legality of our processing of your personal data based on your previously given consent and up to the time of the withdrawal. If you withdraw your consent, it therefore only takes effect from that point.

2.1.22 Your rights

See section 3.

 

 

2.2. Privacy policy for reservations with web shops (Click & Collect)

Salling Group is responsible for the processing of personal data that we have received about you in relation to your reservation

2.2.1 Data controller and contact information

See section 3. 

2.2.2 The purpose and legal basis for the processing of your personal data

We process your personal data for the following purposes:

  • Reservation of the selected item
  • Administration of your relationship with us

The legal basis of our processing of your personal data consists of:

  • Entering of an agreement for the reservation of products or services via our web shop; cf. the general data protection regulation article 6 (b)
  • Our legitimate interest in being able to administer your data as a customer; cf. the general data protection regulation article 6 (f)

2.2.3 Categories of personal data

We treat the following categories of personal data about you:

  • Name, phone number and email
  • Reserved product
  • IP-address

2.2.4 Recipients or categories of recipients

We distribute or entrust your personal data to the following recipients:

  • Data processors who provide services for internal data processing; for example, suppliers of software solutions that enable the maintenance and operation of the website
  • Data processors that process data externally; for example, the hosting of the platform on which the website is stored
  • Our business partners in the form of suppliers and subcontractors of goods and services
  • Accountants, lawyers and other advisors
  • Public authorities where required

2.2.5 Transfer to recipients in third countries, including international organisations

In some cases, we transfer information to suppliers, subcontractors or IT services outside the EU and EEA, e.g., when you make reservations for items via our web shop.

In addition, we use the following suppliers of general IT support for our IT systems at Salling Group, and this may involve the transfer of personal data to suppliers:

  • International Business Machines Corporation (IBM) - data processor
  • Microsoft Corporation - data processor

As a result of this support, we transfer personal data to the following non-EU/EEA countries:

  • International Business Machines Corporation (IBM) - India
  • Microsoft Corporation - USA

The basis for the transfer is:

  • International Business Machines Corporation (IBM) – EU standard contractual regulations; cf. the general data protection regulation article 46. 
  • Microsoft Corporation - certified under the EU-U.S. Privacy Shield; cf. the general data protection regulation article 45.

2.2.6 Where your personal data is derived from

The information you have submitted in connection with your reservation.

2.2.7 Storage of your personal data

We store your personal data for 2 hours from the time of your reservation.

2.2.8 Profiling

We do not use profiling with reservations. 

2.2.9 Your rights

See section 3.

2.3. Privacy policy for stock notifications from web shops

Salling Group is responsible for the processing of personal data that we have received about you in relation to your notification wishes

2.3.1 Data controller and contact information

See section 1.3.

2.3.2 The purpose and legal basis for the processing of your personal data

We process your personal data for the following purposes:

  • Notifying you when the item is in stock
  • Administration of your relationship with us

The legal basis of our processing of your personal data consists of:

  • The entering of an agreement for notification when the item is back in stock; cf. the general data protection regulation article 6 (b)
  • Our legitimate interest in being able to administer your data as a customer; cf. the general data protection regulation article 6 (f)

2.3.3 Categories of personal data

We treat the following categories of personal data about you:

  • Email
  • Product information
  • IP-address

2.3.4 Recipients or categories of recipients

We distribute or entrust your personal data to the following recipients:

  • Data processors who provide services for internal data processing; for example, suppliers of software solutions that enable the maintenance and operation of the website.
  • Data processors that process data externally; for example, the hosting of the platform on which the website is stored.
  • Our business partners in the form of suppliers and subcontractors of goods and services
  • Accountants, lawyers and other advisors
  • Public authorities where required

2.3.5 Transfer to recipients in third countries, including international organisations

In some cases, we transfer information to suppliers, subcontractors or IT services outside the EU and EEA, e.g., when you make register for notifications for items via our web shop.

In addition, we use the following suppliers of general IT support for our IT systems at Salling Group, and this may involve the transfer of personal data to suppliers:

  • International Business Machines Corporation (IBM) - data processor
  • Microsoft Corporation - data processor

As a result of this support, we transfer personal data to the following non-EU/EEA countries:

  • International Business Machines Corporation (IBM) - India
  • Microsoft Corporation - USA

The basis for the transfer is:

  • International Business Machines Corporation (IBM) – EU standard contractual regulations; cf. the general data protection regulation article 46.
  • Microsoft Corporation - certified under the EU-U.S. Privacy Shield; cf. the general data protection regulation article 45

2.3.6 Where your personal data is derived from

The information you have submitted in connection with your notification.

2.3.7 Storage of your personal data

We store your personal information until you have been notified.

2.3.8 Profiling

We do not use profiling for notification wishes. 

2.3.9 Your rights

See section 3.

 

2.4. Privacy policy for Sendoghent.dk

In this section, you can read about our processing of your personal data in connection with the use of the website sendoghent.dk.

When you use our web shop on the page for the purchase of parcel transportation, you will also be asked to accept our terms of use and associated privacy policy.

2.4.1 Data controller and contact information

We refer you to section 1.3.

2.4.2 The purpose and legal basis of our processing of your personal data

We process your personal data for the following purposes:

  • Delivery of parcel transport services via SEND&HENT. We refer to the privacy policy in the trading conditions for SEND&HENT, which you can also find at sendoghent.dk.
  • Optimisation of the website
  • User satisfaction surveys

The legal basis of our processing of your personal data consists of:

  • Our legitimate interest in sending you user satisfaction surveys and optimising the website; cf. the general data protection regulation article 6 (f)
  • Your acceptance of our placement and the use of cookies that you generally accept when using the website, or the cookies that you, in the cookie policy on the website, state that we may use; cf. the general data protection regulation article 6(a). See the cookie policy on the website and section 14 in this privacy policy for a general description of our use of cookies.

2.4.3 Categories of personal data

Data that can be collected and processed via the website include:

  • Contact information in the form of name, email and phone number of sender and receiver
  • Geographical location in terms of the choice of the parcel box
  • Payment information
  • Order ID
  • IP addresses of the customers who buy codes via the web shop

We also refer to:

  • The privacy policy in the trading conditions for SEND&HENT, as applicable, where you use SEND&HENT for parcel transportation
  • Section 14.2 about cookies

2.4.5 Recipients or categories of recipients

We entrust or pass on your personal data for processing to the following:

  • Data processors that provide services for internal data processing; for example, suppliers of software solutions that enable the maintenance and operation of the website, including the web shop.
  • Data processors that process data externally; for example, the hosting of the platform on which the website is stored.
  • Our suppliers and subcontractors of goods and services, including our suppliers of parcel transportation between SEND&HENT boxes
  • Suppliers of services in the field of targeted marketing based on cookies
  • Accountants, lawyers and other advisors
  • Public authorities, where legislation prescribes it

2.4.6 Transfer to recipients in third countries, including international organisations

See section 1.16.

2.4.7 Where your personal data is derived from

The information you have submitted in connection with purchases via the website’s web shop and the information we have collected via cookies based on your visits to the website.

2.4.8 Storage of your personal data

See section 1.14 on cookies and the privacy policy in the trading conditions.

2.4.9 Profiling

We do not use profiling.

2.4.10 Your rights

See section 3.

2.5. Privacy policy for oekoplus.foetex.dk

In this section, you can read about our processing of your personal data when using the website oekoplus.foetex.dk.

There is a direct link here from oekoplus.foetex.dk.

When you use our web shop on the website for the purchase of the ØKO+ subscription, you will also be asked to accept our terms of use and associated privacy policy for the subscription.

2.5.1 Data controller and contact information

See section 1.3.

2.5.2 The purpose and legal basis of our processing of your personal data

We process your personal data for the following purposes:

  • Optimisation of the website
  • Personalisation of marketing and our websites for you, including through profiling based on cookies, if you consent to receiving marketing material from our web shops and/or our physical stores. See also sections 1.4 and 2.1.2.8 about profiling as a result of signing up for marketing material.

The legal basis of our processing of your personal data consists of:

  • Your consent to the receipt of marketing material; cf. the general data protection regulation article 6 (a). See also section 1 about marketing material.
  • Fulfilment of marketing law regulation, cf. the general data protection regulation article 6 (c) See also section 1 about marketing material.
  • Your acceptance of our placement and the use of cookies that you generally accept when using the website, or the cookies that you, in the cookie policy on the website, state that we may use; cf. the general data protection regulation article 6(a). See the cookie policy on the website and section 1.14 for a general description of our use of cookies.
  • Our legitimate interest in being able to collect and administer your information, including via cookies on our websites and the optimisation of our marketing material to you; cf. the general data protection regulation article 6 (f). See also section 14 on cookies.

2.5.3 Categories of personal data

Data that can be collected and processed via the website include:

  • Contact information and payment information submitted in connection with the purchase of a subscription via the website. We refer here to the privacy policy for the ØKO+ subscription, which you can find on the website where you purchase the subscription.
  • Personal data provided by you in connection with your creation and use of a Salling Group Profile. See section 7 on the privacy policy for Salling Group Profiles.

We also refer here to:

  • Section 14 on the collection of personal data via cookies
  • Section 1.1.3 and 2.1.2.3 on the personal data collected about you on the basis of your registration for marketing material


2.5.4 Recipients or categories of recipients

We pass on your personal data for processing to the following:

  • Data processors that provide services for internal data processing; for example, suppliers of software solutions that enable the maintenance and operation of the website.
  • Data processors that process data externally; for example, the hosting of the platform on which the website is stored.
  • Suppliers of services in the field of targeted marketing based on cookies
  • Accountants, lawyers and other advisors
  • Public authorities, where legislation prescribes it


2.5.5 Transfer to recipients in third countries, including international organisations

See section 1.16.

2.5.6 Where your personal data is derived from

The information you have submitted in connection with purchases via the website’s web shop and the information we have collected via cookies based on your visits to the website.

2.5.7 Storage of your personal data

We refer here to section 1.14 on cookies, and if you have registered to receive marketing material, section 2.1 on marketing material.

2.5.8 Profiling

We refer here to section 2.1.1.8 and 2.1.2.8 since we use profiling if you have subscribed to one or more of our newsletters or have otherwise consented to receiving marketing material.

We also use profiling if you have created a Salling Group profile, which you can read more about in section 2.7.

2.5.9 Your rights

See section 3.

2.6. Privacy policy for social media

We use social media (‘SoMe’) as shown in the subsections below.

2.6.1 Use of your profile on social media to log in on our websites

On some of our websites and mobile apps, you have the option to create a profile and thereafter log in without providing and using a username and password for that website, but instead by using your log-in from one or more SoMe's, e.g., Facebook or Google, where you might have a profile. 

If you choose to use your SoMe profile to log in to a profile on one of our websites or mobile apps, you will be prompted to accept that we may receive your name, gender, profile picture and email address from that SoMe.

The actual authentication of you via your SoMe profile does not imply sharing your password for your SoMe profile, but rather takes places via a unique identification number, your name and your email address associated with your SoMe profile, which your SoMe provider automatically sends to our website's login function just as if you had entered the information yourself.

To the extent that SoMe is used for logging in, you agree that we pass on behavioural information to the SoMe service provider in the form of calls to the SoMe service when you log in.

You can also read more about the general use of your SoMe profiles to log in to other websites on the SoMe providers' websites.

2.6.2 Privacy policy for Facebook and Instagram, Twitter and LinkedIn

In this section, you can read about the processing of your personal data in connection with the social media we use.

A direct link can be found from the relevant social media, so you can read about our processing and your rights in connection with your use of our websites etc. that is based on or uses the social media platform in question.

In relation to the processing of personal data as a result of the creation and use of a profile on SoMe, we refer you to the respective suppliers' terms and conditions.

2.6.3 Data controller and contact information

See section 1.3.

2.6.4 The purpose and legal basis of our processing of your personal data

We process your personal data for the following purposes:

  • To offer the use of your Facebook profile to log in to our websites and mobile apps.
  • To answer your enquiries to us via SoMe communications tools, such as private messages, including via our customer service.
  • To organise competitions and publicise user content via SoMe
  • To personalise marketing material and our websites for you, including profiling based on cookies. See also section 1.8.
  • Internal analysis and reporting of campaigns and communication activities, including compiling statistics

The legal basis of our processing of your personal data consists of:

  • Our legitimate interest in entrusting your username and your associated e-mail address on our websites and mobile apps to SoMe when you use SoMe to login; cf. the general data protection regulation 6(f)
  • Our legitimate interest in being able to respond to your enquiries to us through SoMe; cf. the general data protection regulation 6 (f)
  • Your consent for participating in one of our competitions via SoMe; cf. the general data protection regulation 6 (a)
  • Your consent to, and our legitimate interest in being able to collect and manage your information, including via cookies placed by Facebook and Instagram, to optimise our advertising, websites and e-mails with marketing material, news, etc. to you (profiling); cf. the general data protection regulation article 6 (a) (f) and article 22, section 2 (c).
  • Compliance with other legal obligations, e.g. as a result of requests from public authorities or courts; cf. the general data protection regulation article 6 (c)
  • Our legitimate interest in compiling internal analyses and reporting of campaigns and communication actions; cf. the general data protection regulation article 6 (f)

2.6.5 Categories of personal data

Data that can be collected and processed include:

  • Upon login via SoMe on our websites or mobile apps: the profile information you have made publicly available to us on the relevant SoMe, such as name, contact information, your friends/connections (depending on your privacy settings on the respective SoMe platform).
  • Your behaviour on our pages, groups and events, e.g. your interaction with us and others, including your comments, messages, postings and sharing of content, as well as your clicks on ads and functions (including 'likes’), choices of who to follow, choices of interests, sharing of pages, etc.
  • The information you place in your messages, comments or postings, either directly to us or publicly on the page, group, or event.
  • If you have signed up to receive marketing material, including one of our newsletters, we will send your e-mail to Facebook/Instagram in order to target marketing material on Facebook and Instagram. We also refer here to section 1.
  • Information about your specific purchases and orders via one of our stores or web shops where your inquiry to us via SoMe concerns this
  • The pictures and videos that contain personal data that you may send to us or share on our pages, groups or events on SoMe
  • Information about you that is shared by other users on our pages, groups and events on SoMe

2.6.6 Recipients or categories of recipients

We hand over your personal data for processing to our data processors in the form of suppliers of IT systems that we use to manage our SoMe pages, groups and events, and profiles.

2.6.7 Transfer to recipients in third countries, including international organisations

Disclosure that results from our use of SoMe:

  • We disclose your username and associated e-mail address to Facebook Inc. and LinkedIn, if you are using your Facebook or LinkedIn profile to log in to one of our websites or mobile apps. In this context, the respective SoMe provider processes the data for us.
  • Furthermore, the various providers collect personal data in the form of your behaviour on our SoMe pages, etc., and will be able to compile the information with your SoMe profile, whereby the respective SoMe providers will be able to identify you. In this context, the individual providers are independently responsible for certain data, and in others, the SoMe provider has a shared data responsibility with us. We therefore also refer to the privacy policy for the relevant SoMe provider for your profile and their other policies for the use of the platforms.

Transfer basis for SoMe platform providers:

  • Facebook Inc. – USA
    • Certification under the EU-U.S. Privacy Shield; cf. the general data protection regulation article 45.
  • LinkedIn Ireland Unlimited Company (Ireland) may, as appropriate, transfer the personal data they collect about your behaviour on our LinkedIn pages for the United States and Singapore upon the following transfer basis::
    • EU standard contractual regulation; cf. the general data protection regulation article 46.
    • Certification under the EU-U.S. Privacy Shield; cf. the general data protection regulation article 45
  • Twitter, Inc. – USA
    • Certification under the EU-U.S. Privacy Shield; cf. the general data protection regulation article 45.

Disclosure that takes place as a result of us using Falcon.io ApS as data processor, whose software we use for managing your communications with us via SoMe, including in connection with customer service:

Falcon.io ApS may, as appropriate, transfer your personal data to:

  • The USA - the transfer basis is certified under the EU-U.S. Privacy Shield; cf. the general data protection regulation article 45.

Falcon.io ApS may, as appropriate, transfer or entrust your personal data to suppliers of IT and software services upon the following transfer basis:

  • USA
    • EU standard contractual regulation; cf. the general data protection regulation article 46.
    • Certification under the EU-U.S. Privacy Shield; cf. the general data protection regulation article 45, and
    • Binding corporate rules; cf. the general data protection regulation article 47
  • Canada
    • Sufficient level of protection; cf. the general data protection regulation article 45
  • The Philippines, Singapore, Brazil
    • Binding corporate rules; cf. the general data protection regulation article 47
  • India
    • EU standard contractual regulation; cf. the general data protection regulation article 46.
  • Australia
    • EU standard contractual regulation; cf. the general data protection regulation article 46.
    • Binding corporate rules; cf. the general data protection regulation article 47
  • Japan
    • EU standard contractual regulation; cf. the general data protection regulation article 46.
    • Binding corporate rules; cf. the general data protection regulation article 47
  • In relation to Falcon’s use of Google solutions, you can find a list of data processors here:

You can read more about the EU-U.S. Privacy Shield at www.privacyshield.gov

You can read more about the basis of the transfer on the Danish Data Protection Agency website.

2.6.8 Where your personal data is derived from

The information you have submitted in connection with your use of our pages, groups and events on Facebook and LinkedIn, and the information we have collected via cookies placed by SoMe providers. In relation to Facebook's and Instagram’s placement of cookies, please refer to the individual platforms’ personal data policies, cookie policies etc.

See also section 1.14 on our placement of cookies related to SoMe and section 2.6.3.8 on profiling.

2.6.9 Storage of your personal data

We store your personal data in the form of posts, messages, photos and the like via our SoMe websites or via one of our postings, until you choose to delete these. Private messages are kept as long as there is a purpose to do so, e.g., in connection with customer service.

In relation to our obtaining of behavioural information about your use of our Facebook and Instagram pages via cookies, including on the basis of your registration to receive marketing material, we refer to section 1.14 on cookies and section 2 on marketing material.

2.6.10 Profiling

We use profiling for targeting our advertising and marketing to you based on your behaviour on our Facebook and Instagram pages, groups and events, in conjunction with the information that you have submitted in connection with a purchase via our web shops, including your purchase history, use of our mobile apps and our websites outside of Facebook and Instagram, and through your registration to one of our newsletters, other receival of other marketing material or one of our customer clubs.

In relation to our gathering of behavioural information about your use of our Facebook and Instagram pages via cookies, including on the basis of your registration to receive marketing material, including newsletters, we refer to section 2 on marketing material.

In relation to the collection of information in connection with your purchase via our web shops, we refer you to the trading conditions for the relevant web shop, as well as the cookie policy for the web shop's website.

The profiling will not significantly affect individuals, but will confine itself to marketing use.

We profile you in order to be able to target our advertising to offer you the most relevant offers, news and products on Facebook, our other social media, mobile apps, newsletters and websites.

You may at any time object against profiling, whereupon we will cease doing so and erase the data collected about you.

2.6.11 Your rights

See section 3.

2.7. Privacy policy for Salling Group Profiles

In this section, you can read about our processing of your personal data in connection with your creation and use of a profile on one of our websites or mobile apps (hereafter "Salling Group Profile", "Profile" or "the Profile").

A direct link can be found from the website in question or in the mobile app where you can create a profile, so you can read about our processing of personal data and your rights before you give your consent.

2.7.1 Data controller and contact information

See section 1.3.

2.7.1 The purpose and legal basis of our processing of your personal data

We process your personal data for the following purposes:

  • Creating and managing your Profile
  • Information on and administration of any benefits, subscriptions or registrations for loyalty programs connected to the Profile.
  • Compilation of summaries of your purchase/orders across Salling Group shops and web shops
  • Targeting of marketing to you via profiling by compiling other data that we have collected about you through cookies (prior consent is obtained for the transmission, if required by law)
  • The development of Salling Group shops’ product range, services and offers on the basis of the purchase history collected via the Profile
  • The compilation and sharing with business partners of market analyses, and other information that is not attributable to individual persons (anonymised data).
  • Your activation of the mobile app features, such as sharing and monitoring of content

The legal basis of our processing of your personal data consists of:

  • Your consent to the creation of the Profile; cf. the general data protection regulation article 6 (a).
  • Your consent to the effects of the activation of features in mobile apps; cf. the general data protection regulation article 6 (a).
  • Our legitimate interest in being able to administer the Profile; cf. the general data protection regulation article 6 (f)
  • Your consent to profiling based on the purchase history collected via the Profile; cf. the general data protection regulation article 6 (a)
  • Our legitimate interest in being able to collect and manage the Profile and develop Salling Group shops etc.; cf. the general data protection regulation article 6 (f)

2.7.2 Categories of personal data

Data that can be collected and processed include:

  • Contact information: name, phone number, email address
  • Household information
  • Order and purchase history across Salling Group shops and web shops
  • User authentication via your profile ID in connection with the use of registered services

In connection with the entering of personal information, it will be stated whether the information in question is necessary for the creation of the Profile or an associated subscription or benefit.

You also have the possibility of creating a login from social media or other web/app services, such as your Facebook profile, whereby it is your Facebook login that gives you access to your profile. In this case, your name and your email address associated with your Facebook profile are shared. Read more about this in section 2.6 on our use of social media.

2.7.3 Recipients or categories of recipients

We can, as appropriate, disclose or pass on your personal data to the following categories of beneficiaries:

  • Data processors, such as IT suppliers as part of the operation and support of our websites and systems.
  • Group companies
  • Our business partners in the form of suppliers and subcontractors of goods and services to you on our behalf, e.g., the transportation and delivery of goods from web shops
  • Suppliers of services to target marketing based on cookies (3rd-party cookies). You can read more about our disclosure of personal data to third parties on the basis of cookies in the cookie policies on the specific websites, in the subsections of this policy for specific websites and in section 16.1.
  • Accountants, lawyers and other advisors
  • Public authorities, where legislation prescribes it

Anonymised data may be disclosed to third parties (companies outside Salling Group) with the aim of optimising the Salling Group concern's product range, prices and marketing. The disclosure will always happen in an anonymised form so that it is not possible to identify the individuals behind the information.

Personal information may be disclosed to third parties to a wider extent if this is required by mandatory legal requirements or regulatory requirements.

2.7.4 Transfer to recipients in third countries, including international organisations

See section 1.16.

2.7.5 Household sharing

For certain solutions and services, it is possible to link the Profile and any benefits the Profile has with members of your household who have also created a Profile so that any benefits may be shared within the household.

If you sign up for the household sharing of the Profile, you agree that the following information about you will be available for the registered persons in your household: e-mail address and name.

If you subsequently cancel household sharing of your Profile, your personal information will no longer be available for members of your household.

2.7.6 Storage of your personal data

Your personal data is held on secure servers within the European Union. Necessary technical and organisational measures have been established to safeguard the information.

Personal data will be erased or made anonymous when no longer needed in relation to the purposes for which they are processed, or if it follows from legislation that the information should be kept for a longer period.

We store your personal data for 72 months from the date of your purchase, which follows documentation requirements in accordance with accounting law.

The Profile information is stored until you revoke your consent.

Consent is kept for 5 years from the revocation in accordance with data protection legislation.

2.7.7 Profiling

We can use profiling to target our advertising when you have consented to this via your consent to receive marketing material and when creating a Profile.

The profiling will not significantly affect individuals, but will confine itself to marketing use.

The profiling can take place by compiling the data about your behaviour on our websites with the information that you have submitted in connection with a purchase via our web shops, and with your registration to receive marketing, including one or more of our newsletters.

Where you have a payment card linked to your Profile, e.g., in connection with the association of a subscription to the Profile, we collect data on your purchases in all our physical stores.

We profile the products or product groups you are most interested in so we can adapt our advertising and offer you the most relevant offers, news and products.

You may, at any time, object against direct marketing, whereupon we will cease to process your personal data as indicated and erase the data collected about you. 

2.7.8 Cookies

You can find information about our use of cookies and our processing of personal data on the basis of the cookies in section 1.14, as well as in the cookie policy and privacy policy for that website or mobile app.

2.7.9 The right to withdraw consent

You may at any time revoke your consent to the processing of your personal data. This is done by closing the Profile, whereupon your personal data will be deleted or anonymised, unless Salling Group has the right to process the personal data on a different basis than named above.

Withdrawing consent means that you can no longer use the Profile or receive the Profile’s associated benefits etc.

2.7.10 Your rights

See section 3.

2.8. Privacy policy for CCTV in Salling Group stores
2.8.1 Data controller and contact information

See section 1.3.

The purpose and legal basis for the processing of your personal data

We process your personal data for the following purposes:

  • The purpose of preventing criminality and safeguarding the company's employees, customers, values and assets. The recordings can also be used to clear up any customer complaints and disputes, etc., as well as for operational optimisation.

The legal basis for our processing of your personal data consists of:

  • The legal basis for our CCTV surveillance: CCTV surveillance law. We refer to the law on CCTV surveillance; cf. Act no. 788 of 12 August 2005, with the changes imposed by section 4 in Act no. 542 on 8 June 2006 and section 1 of Act no. 519 of 6 June 2007.
  • The general data protection regulation articles 6 (d) and (f), and article 9 (f).

2.8.2 Categories of personal data

We process the following categories of personal data about you:

  • General information in the form of images and video sequences without audio recorded in our shops, stores, central warehouses etc.
  • In special cases, sensitive personal data may be processed in connection with specific events that occur in the monitored areas.

2.8.3 Recipients or categories of recipients

We can, as appropriate, entrust your personal data to the following categories of beneficiaries:

  • Data processors, such as the security firms that conduct surveillance, as well as external IT suppliers as part of operations and support.
  • Lawyers and other advisors
  • Public authorities, where legislation prescribes it (including the police).

2.8.4 Transfer to recipients in third countries, including international organisations

The data is not physically transferred to third countries, but in some cases, personal data is accessible to data processors outside the EU and the EEA in connection with the support of IT systems.

The basis of the transfer is EU standard contractual regulation; cf. the general data protection regulation article 46. 

2.8.5 Where your personal data is derived from

CCTV surveillance from our shops, stores, central warehouses, administration buildings, etc., where the business is operated and where we control the area.

2.8.6 Storage of your personal data

If the area is monitored, video footage is stored in accordance with the law on CCTV surveillance. The footage is stored by default for a maximum of 21-30 days, and is automatically deleted in a timely manner.

In connection with specific requests and cases, the data are kept for as long as it is necessary to fulfil the request, or as long as it is necessary for the specific case.

2.8.7 Automated decision-making, including profiling

There is no automated decision-making or profiling in connection with CCTV surveillance.

2.8.8 Your rights

See section 3.

2.9. Privacy policy for customer service

 2.9.1 Data controller and contact information

See section 1.3.

2.9.2 The purpose and legal basis for the processing of your personal data

We process your personal data for the following purposes:

  • Customer service, including but not limited to answering enquiries about purchasing, claims, complaints, service messages, assortment, activities and products.
  • Answering requests in relation to general data protection regulation (GDPR) and ensuring that you get the opportunity to exercise your rights in relation to general data protection regulation (GDPR), and for our administration and documentation thereof.

The legal basis of our processing of your personal data consists of:

  • The processing is necessary for compliance with a legal obligation that is incumbent upon the data controller; cf. the general data protection regulation article 6 (c), e.g., the general data protection regulation, purchasing or accounting law
  • The processing is necessary for the sake of fulfilling a contract and that which leads up to it; cf. the general data protection regulation 6 (b), e.g., your purchase via web shops
  • Your consent where this is required; cf. the general data protection regulation article 6 (a)
  • Salling Group's legitimate interest in, for example, offering customer service to customers and collecting statistical information to improve our customer solutions; cf. the general data protection regulation article 6 (f)

2.9.3 Categories of personal data

We can, among other things, process the following categories of personal information about you, depending on the specific request:

General personal data in the form of:

  • Name, address,
  • E-mail, telephone number,
  • Customer complaints, claims, praise,
  • Order data, profile information, payment information
  • Preferences, information about behaviour,
  • Customer service case number, customer service case,
  • Personal data from Salling Group’s systems in relation to concrete GDPR queries, depending on the data we have recorded about the specific consumer

2.9.4 Recipients or categories of recipients

Salling Group shares your personal information in connection with customer service and GDPR requests with our data processors, including:

  • Group companies
  • External IT suppliers, e.g. as part of operations and support in relation to our websites
  • Our business partners in the form of suppliers and subcontractors of goods and services to you on our behalf, e.g. the transportation and delivery of goods from web shops
  • Suppliers of cookie services for websites (3rd-party cookies). You can read more about our disclosure of personal data from cookies to third parties on our websites in the cookie policies on the individual websites
  • Accountants, lawyers and other advisors
  • Public authorities, where legislation prescribes it

Salling Group will not disclose your personal information to others in connection with the processing of your request in relation to GDPR.

2.9.5 Transfer to recipients in third countries, including international organisations

We transfer your personal data to recipients outside the EU and EEA.

This occurs through our data processing and customer service platform Zendesk, which is located in the United States. Zendesk is covered by the Privacy Shield agreement and the transfer is thus regarded as secure. The transfer is provided covered by the general data protection regulation article 45

2.9.6 Where your personal data is derived from

Your personal data is processed in connection with your request to us.

The personal data you receive return in connection with a GDPR request can come from someone other than yourself. If this is the case, you will be advised. 

2.9.7 Storage of GDPR enquiries

We store data about your GDPR request until it is dealt with, and we will delete your request 14 days after the request is processed and completed. 

If you do not verify your e-mail address within 7 days from the date you received the request for verification, your request will be deleted.

2.9.8 Storage of enquiries to customer service

We have a general deletion policy whereby employees must delete or anonymise personal data when there is no longer a purpose for retention.

The retention period may depend on the nature of the enquiry, including whether the information is stored as part of a claim, the use of a product warranty, or on another legal or contractual basis.

2.9.9 Automated decisions, including profiling

We do not use automated decisions, including profiling, in connection with your request. 

3. Your rights

The general data protection regulation secures you a number of rights in relation to our processing of personal data about you.  

If you wish to exercise your rights, and you are a customer, you may contact us. If you are an employee, former employee, job applicant or candidate, and you would like to exercise your rights concerning employee related personal data, you may contact us.

3.1 The right to view information (access right)

You have the right to access information that we process about you, as well as a range of further information. 

3.2 Right of correction (amendments)

You have the right to have inaccurate information about yourself corrected. 

If relevant changes occur related to the personal data we have collected about you, please contact us here if you are a customer to get the information changed. Contact us here if you are an employee, former employee, applicant or candidate.

3.3 Right to deletion and withdrawal of consent

In special cases, you have the right to have information about you erased before our normal erasure occurs. 

Your consent is voluntary and you may withdraw it at any time by contacting us.

Please be aware that if you choose to request the deletion of your information, or withdraw your consent in relation to information submitted to us, we will not be able to further process your information, unless we are legally or contractual obliged to do so.

If you choose to withdraw your consent, this does not affect the legality of our processing of your personal data based on your previously given consent and up to the time of the withdrawal. If you withdraw your consent, it therefore only takes effect from that point.

3.4 The right to limit processing

In some cases, you have the right to limit the processing of your personal data. If you have the right to receive limited processing, in future we can only process the data – apart from storage – with your consent, or in preparation for legal claims being imposed, asserted or defended, or to protect a person or important public interest. 

3.5 Right of objection

You have, in some cases, the right to object to our otherwise lawful processing of your personal data. You can also object to the processing of your data for direct marketing purposes. 

3.6 The right to transmit data (data portability)

You have, in some cases, the right to receive your personal data in a structured, commonly used and machine readable format, as well as to have your personal data transferred from one data controller to another without impediment.
You can read more about your rights in the Danish Data Protection Agency guidance at www.datatilsynet.dk.

3.7 Complaints to the Danish Data Protection Agency

You have the right to lodge a complaint to the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find the Danish Data Protection Agency’s contact information at www.datatilsynet.dk.