Databeskyttelse

1. Our Commitment to Data Protection

At Ecoy (“we,” “us,” “our” or by the registered name “D.T. Solutions” ), we are committed to protecting your personal data and respecting your privacy rights. We comply with the General Data Protection Regulation (GDPR) and Danish data protection laws to ensure your data is handled securely and transparently.

2. Data Controller Information

D.T. Solutions is the data controller responsible for your personal data. Our contact details are:

• Company Name: D.T. Solutions
• Email: privacy@ecoy.dk
• Phone: +45 81 81 81 28
• Address: Gydevang 39, 3450 Allerød, Denmark
• CVR/VAT: DK44879484

3. GDPR Compliance

We comply with all requirements of the GDPR, including:

3.1 Lawful Processing

We only process your data when we have a legal basis:

• • Consent: You have given clear consent for us to process your data for specific purposes
  • Contract: Processing is necessary to fulfill our contractual obligations to you
  • Legal Obligation: Processing is required to comply with the law
  • Legitimate Interests: Processing is necessary for our legitimate business interests, provided these do not override your rights

3.2 Data Minimization

We only collect personal data that is necessary for the purposes we have identified. We do not collect excessive or irrelevant information.

3.3 Purpose Limitation

Personal data is collected for specified, explicit, and legitimate purposes. We do not process data in ways incompatible with these purposes.

3.4 Accuracy

We take reasonable steps to ensure personal data is accurate and up to date. You have the right to request corrections to inaccurate data.

3.5 Storage Limitation

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

3.6 Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or alteration.

3.7 Accountability

We maintain records of our data processing activities and can demonstrate our compliance with GDPR principles.

4. Your Rights Under GDPR

As a data subject, you have the following rights:

4.1 Right to Information

You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy.

4.2 Right of Access

You can request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.

4.3 Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to request that we correct or complete it.

4.4 Right to Erasure (“Right to be Forgotten”)

You can request deletion of your personal data when:

• • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

4.5 Right to Restriction of Processing

You can request that we restrict processing of your data in certain circumstances, such as when you contest the accuracy of the data.

4.6 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.

4.7 Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

4.8 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or significantly affect you.

5. How to Exercise Your Rights

To exercise any of your rights, please contact us at:

• Email: privacy@ecoy.dk
• Phone: +45 81 81 81 28
• Address: Gydevang 39, 3450 Allerød, Denmark
• CVR/VAT: DK44879484

We will respond to your request within one month. In complex cases, we may extend this period by two additional months, and we will inform you if this is necessary.

6. Data Security Measures

We implement robust security measures to protect your data:

6.1 Technical Measures

• • Encryption: All data transmitted to and from our website is encrypted using TLS/SSL
  • Secure Storage: Data at rest is stored in encrypted databases
  • Access Controls: Role-based access control ensures only authorized personnel can access data
  • Authentication: Strong password requirements and secure authentication methods
  • Regular Updates: Systems are regularly updated with security patches

6.2 Organizational Measures

• • Staff Training: Regular training on data protection and security
  • Privacy by Design: Data protection is considered in all system designs
  • Vendor Management: Third-party processors are carefully vetted for GDPR compliance
  • Incident Response: Procedures in place for handling data breaches
  • Data Protection Impact Assessments: Conducted for high-risk processing activities

7. Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the Danish Data Protection Agency (Datatilsynet) within 72 hours of becoming aware of the breach
• Inform affected individuals without undue delay if the breach poses a high risk
• Take immediate steps to contain and remediate the breach
• Document the breach and our response for regulatory purposes

8. International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure adequate safeguards are in place:

• Adequacy Decisions: Transfers to countries with adequacy decisions from the European Commission
• Standard Contractual Clauses: Use of EU-approved Standard Contractual Clauses with data processors
• Additional Safeguards: Supplementary measures where necessary to ensure adequate protection

9. Children’s Data

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without appropriate parental consent, we will delete it promptly.

10. Data Protection Officer

While we are not required to appoint a Data Protection Officer (DPO) under GDPR, we have designated a privacy contact person responsible for overseeing data protection matters. You can reach them at privacy@ecoy.dk.

11. Complaints and Supervisory Authority

If you believe we have not complied with data protection law, you have the right to lodge a complaint with the Danish Data Protection Agency:

• Name: Datatilsynet
• Address: Carl Jacobsens Vej 35, 2500 Valby, Denmark
• Phone: +45 33 19 32 00
• Email: dt@datatilsynet.dk
• Website: www.datatilsynet.dk

12. Updates to This Policy

We may update this Data Protection policy to reflect changes in our practices or legal requirements. We will notify you of significant changes and update the “Last Updated” date at the top of this page.

13. Contact Us

For questions about data protection or to exercise your rights, please contact us:

• Email: privacy@ecoy.dk
• Phone: +45 81 81 81 28
• Address: Gydevang 39, 3450 Allerød, Denmark
• CVR/VAT: DK44879484