Privacy policy

This is version 6, which was last updated the 13.03.2025.

Vitec Aloc A/S
Cortex Park Vest 3
5230 Odense M
CVR-nr.: 1478 8484
(hereafter ”the Company, us, we or our”)

Please note that this is the applicable Privacy Notice for Vitec Aloc A/S. Other policies may apply.


 

1.  Introduction

1.1.   

This Privacy Notice (the “Notice”) describes how Vitec Aloc A/S (“us”, ”we” or ”our”) collects and processes personal data when you interact with us, including in relation  to  our online services, such as website, social media, emails, subscription forms and similar, as well as during a recruitment/job application process. The aim of this Privacy Notice is to provide information in accordance with articles 12, 13 and 14 of the GDPR to parties and people interacting with us prior to collecting and/or processing personal data.

In addition to this Privacy Notice, please see our Cookie Policy and Cookie Declaration for more information on our use of cookies and personal data processed in that context.
 

2.  Types of personal data processed

Specific for Customers, Suppliers and other Third Parties

Depending on the specific circumstances, the processed personal data may include the following types of personal data: name, address, telephone number, email, username, IP addresses or information made expressly public by you on social media. 

We may process the following types of personal data about users of online services if provided in one of the website forms by you: Name, company of employment, email and phone number.

We may process the following types of personal data about employees of potential and existing customers: Company name, address, phone number, email, name, information about your employment at the company and any other potential data provided by you.

We may process the following types of personal data about employees of suppliers and other third parties: Company name, address, phone number, email, name, information about your employment at the company and any other potential data provided by you.

We process the following types of personal data about subscribers to our newsletter: Name, company of employment, and email.

As relevant, personal data may be collected directly from you or from external sources. 

Information on collection and processing of personal data is provided and updated via this Privacy Notice.

 

Specific for Job Applicants: 

We process personal data about you when this is necessary and in accordance with the applicable legislation. Depending on the specific circumstances, the processed personal data may include the following types of personal data provided by you: name, address, phone number, email address, CV, profile picture, educational documents, references from former employers, date of birth, nationality, personality tests or information made expressly public by you on social media.

Providing us with your social security number in a job application is not necessary. It will only be necessary for us to receive your social security number if you gain employment with us.

Providing us with personal data that falls within any of the special categories of sensitive personal data as defined in article 9(1) of the GDPR is not necessary. Providing us with information relating to health may, however, become necessary if you gain employment with us.  Please only disclose special/sensitive types of personal data as defined in article 9(1) of the GDPR to us if we request it (mainly data concerning health) or if you have a need or interest in doing so.

We may have an interest in processing your criminal record during a recruitment process. Please provide this, only if we request it, and as we request it. In such cases, we will do this in accordance with applicable laws.

As a general rule, we only collect personal data about you from you. If specific circumstances allow or require us to collect personal data about you from someone other than yourself, we will inform you appropriately.

If we collect other personal data than as specified above, we will inform you. Such information may be provided by our updating of this Policy.

 

3.  Purposes for processing the personal data

Specific for Customers, Suppliers and other Third Parties:

We only process personal data for legitimate purposes in accordance with the GDPR.
Depending on the circumstances, the personal data is processed for the following purposes:

a) Providing products or services to a user of online services.

b) Providing service messages and information to users of online services.

c) Compliance with applicable legislation.

d) Sending newsletters on e-mail.

e) Maintaining, enhancing and providing our products, services or online services.

f) Facilitating sales and promotion of products.

g) Detecting and preventing fraudulent behavior or misuse of our online services

h) Communicating and exchanging data with public authorities when required by law.

We may use your email address to provide marketing information, including email marketing on products, webinars, events, latest announcements etc. To the extent that your consent is needed to allow us to send you such information, this will be collected prior to sending you any marketing information. Your personal information, such as job title and company name may be used to ensure we provide the most relevant content.

 

Specific for Job Applicants

Your personal data collected and processed by us will be processed for the following purposes:

 

a) Processing job applications and recruitment.

 

4.  Legal basis for processing personal data

4.1.   

Specific for Customers, Suppliers and other Third Parties:
We only process your personal data when we have a legal basis to do so in accordance

with the GDPR. Depending on the specific circumstances, the processing of personal

data is done on the following legal basis:

 

a) If we have asked for a consent for the processing of specific personal data, the

legal basis for such personal data is a consent, cf. article 6(1)(a) of the GDPR, as

the consent can always be withdrawn by contacting us via the contact details

provided at the end of this Notice, and, if the consent is withdrawn, the personal

data processed on the basis of consent is deleted, unless it can or must be

processed, for example, in order to comply with legal obligations.

 

b) The processing is necessary for the performance of a contract to which the data

subject is party or in order to take steps at the request of the data subject prior to entering into a contract, cf. GDPR, article 6(1)(b).

 

c) The processing is necessary for compliance with applicable legislation, cf. GDPR, article 6(1)(c).

 

d) The processing is necessary for the purposes of our legitimate interests where

such interests are not overridden by the interests or fundamental rights and

freedoms of the data subject which require protection of personal data, cf. GDPR,

article 6(1)(f).

 

Specific for Job Applicants:

We only process your personal data when we have a legal basis to do so in accordance

with the GDPR. Depending on the specific circumstances, the processing of personal

data is done on the following legal basis:

 

a) If we have asked for your consent for the processing of specific personal data, the

legal basis for the processing of such personal data is your consent, cf. article

6(1)(a) of the GDPR, as the consent can always be withdrawn by contacting us via

the contact details provided in section 9 of this Notice, and, if the consent is

withdrawn, the personal data processed on the basis of consent is deleted, unless

it can or must be processed, for example, in order to comply with legal

obligations.

 

b) The processing is necessary for a performance of a contract to which the data   subject is party or in order to take steps at the request of the data subject prior to      entering into a contract, cf. GDPR article 6 (1) (b).

 

c)The processing is necessary for compliance with applicable legislation, cf.

GDPR, article 6(1)(c), including any specific rules on the processing of personal

data in the employment context as provided in article 88 of the GDPR such as

section 12(1) of the Danish data protection law.

 

d) The processing is necessary for the purposes of legitimate interests pursued by us
                        where such interests are not overridden by the interests or fundamental rights and
                        freedoms of the data subject which require protection of personal data, cf. the GDPR,
                        article 6(1)(f), including any specific rules on the processing of personal data in the
                        employment context as provided in article 88 of the GDPR such as section 12(2) of the
                        Danish data protection law.

If we request and/or process special categories of sensitive personal data (mainly data concerning health) during a recruitment process we will do so based on one of the applicable exceptions, cf. GDPR article 9 (2) as applicable.  

 

5.  Disclosure and transfer of personal data

5.1.   

We only pass on personal data to others when the law allows it or requires it. Our

company is part of the Vitec Software Group where personal data may be shared between

some group companies.

We may also share your personal data with certain third-party suppliers who help us with our marketing and recruitment activities. As relevant we always enter into data processing agreements with our suppliers that define how personal data may be processed, what kind of security measures must be established by the supplier, and confidentiality obligations imposed on the supplier. 

5.2.   

We may transfer personal data to relevant data processors within the field of recruitment or marketing who are situated inside the EU/EEA.

5.3.   

As relevant, we maintain and ensure that our data processors maintain appropriate technical and organizational measures to meet the requirements of the GDPR and ensure protection of your rights under the GDPR.

5.4.   

If personal data is transferred out of the EU/EEA, we will ensure that appropriate measures are in place to protect personal data in accordance with applicable data protection laws. This will commonly be in the form of EU standard contractual clauses or an adequacy decision.  

6.  Erasure and retention of personal data

Specific for Customers, Suppliers and other Third Parties:
We ensure that personal data is deleted when it is no longer relevant for the processing purposes as described above or if deletion is a consequence of the exercise of your rights under the GDPR. We retain personal data to the extent required or mandated by applicable law. If you have any questions about our retention of personal data, please contact the email mentioned in section 9 of this Notice.

Specific for Job Applicants

We ensure that the personal data is deleted when it is no longer relevant for the processing purposes as described above or if deletion is a consequence of your exercise of your rights under the GDPR. We retain personal data to the extent required or mandated by applicable law.

If an applicant becomes an employee, the applicant’s personal data from the application process is transferred to our regular HR management. If an applicant does not become an employee, the general rule is that the personal data is erased after 6 months in accordance with applicable law. We may decide to keep an application for the purpose of contacting you if a similar position opens. In that case we base this storage of your application (6 months) on your consent. Notwithstanding the above, specific reasons related to employment law may necessitate the continuous processing of the personal data. For example, we may process the applications for a longer period to prove that there has been no unlawful discrimination in the application or selection process when we consider this necessary. Similarly, it may be relevant to process the personal data for a limited period if another existing candidate opts out of the application process.

If you have any questions about our retention of personal data, please contact the email mentioned at the bottom of this Notice.

 

7.  Data subject rights

7.1.   

Data subjects (people) have a number of rights that we can assist with. If a data subject wants

to make use of his or her rights, he or she can contact us. (As an applicant, you can help yourself here) The rights include the following:

7.1.1.   

The right of access: Data subjects have a right to ask for copies of the information that we process about them, including relevant additional information.

7.1.2.   

The right to rectification: Data subjects have a right to ask for rectification of inaccurate personal data concerning him or her.

7.1.3.   

The right to erasure: In certain circumstances data subjects have a right to obtain the erasure of personal data concerning him or her before the time when erasure would normally occur.

7.1.4.   

The right to restrict processing: Data subjects have, in certain situations, a right to have the processing of his or her personal data restricted. If a data subject has the right to have the processing of his or her personal data restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for

reasons of important public interest in the European Union or of a European member state.

7.1.5.   

The right to object: Data subjects have, in certain situations, a right to object to the processing of his or her personal data.

7.1.6.   

The right to data portability: Data subjects have, in certain situations, a right to receive his or her personal data in a structured, commonly used and machinereadable format and have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data has been provided.

7.2.   

More information about data subject rights can be found in the guidelines of the national data protection authorities. Please visit www.datatilsynet.dk for further details.

If a data subject wishes to make use of his or her rights as described above, the data subject is asked to use the contact details provided at the end of this Notice.

We strive to do everything to meet wishes regarding our processing of personal data and the rights of data subjects. If you or others despite our endeavours wish to file a complaint, this can be done by contacting the national data protection authorities – see below.

8.  Changes to this Notice

We reserve the right to update and amend this Notice. If we do, we correct the date and the version at the top of this Notice. In case of significant changes, we will provide notification in the form of a visible notice, for example on our website or by direct message.

9.  Data Controller, contact information and complaints

Vitec Aloc A/S, Cortex Park Vest 3, 5230 Odense M, CVR-nr.: 1478 8484, is the data controller in relation to personal data processed as described in this Notice. 

You are entitled to exercise your rights as a data subject by contacting Vitec Aloc A/S.

Any questions to this Privacy Notice or exercise of your data subject rights may be addressed to: GDPR.vac@vitecsoftware.com.

You are also entitled to lodge a complaint about Vitec Aloc's processing of personal data as well as any decision by us regarding the exercise of your rights as data subject. A complaint may be addressed to the Danish supervisory authority: Datatilsynet. Please visit www.datatilsynet.dk for further details.