Privacy policy

1. INTRODUCTION

1.1 This Privacy Notice is intended to provide you with information on how CXFacts Aps, CVR no. 42540641 (“CXFacts”, “we”, “us”, “our”) collect and process your personal data as a data controller when you use our Solution (“Solution”). Please note that for any personal data you submit to the Solution, e.g., your scores and comments as well as correspondence with other users, Buying Teams is only acting as a data processor for your employer. Please contact your employer for further information on how your employer process your personal data. For employees of companies using the Solution: When scores and ratings are submitted to a Bank please note that the Bank will be data controller for such data. The same applies to any correspondence with the bank.

1.2 We will only process your personal data in accordance with this Privacy Notice and applicable law to which we are subject, including the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”).

1.3 You can contact CXFacts with questions at any time, by using the contact information specified in Section 8.

2. THE DATA WE COLLECT, THE PURPOSE AND THE LEGAL BASIS FOR PROCESSING

2.1 When you create a User in the Solution and start using the Solution, we will collect your account data such as your name, job title, country of residence, profile picture and email address as well as technical- and analytical data. Information about technical- and analytical data can be found here: https://cxfacts.com/cookies

2.1.1 The purpose of our processing is to optimize your user experience and the Solution’s functionalities, including trouble shooting and detect possible misuse of the Solution This processing of personal data is necessary in order for us to pursue our legitimate interest in operating and improving our Solution (article 6(1) (f) of the GDPR).

2.2 When you sign up for our newsletter, we collect personal data about you, including your name and your email address.

2.2.1 The purpose of our processing is to send you newsletter on your request and for us to pursue our legitimate interest in marketing our services and will always be based on your consent (article 6(1) (a) of the GDPR).

2.3 To the extent that we refer to our legitimate interest as the legal basis for the processing of personal data specified above, we have conducted a balancing test for those interests to ensure that our interest is not overridden by your interests or fundamental rights and freedoms. Please contact us by using the email provided in Section 8 below if you wish to receive more information on the balancing test.

2.4 If CXFacts should wish to process your personal data for purposes other than those for which the personal data were originally collected, we will provide you with information on this new purpose prior to any further processing.

3. HOW IS YOUR PERSONAL DATA COLLECTED

3.1 We will collect the personal data about you directly from you, when you create a User and interact with the Solution. When you interact with the Solution, we also automatically collect technical data about your equipment, browser activity and patterns. We collect these personal data by using cookies and other similar technologies.

4. DISCLOSURE OF YOUR PERSONAL DATA

4.1 Your personal data is disclosed to third parties who process personal data on behalf of CXFacts, and therefore acts as our data processors. We use third parties to send out newsletters, to perform analytics and as hosting providers. We have entered into data processing agreements that comply with article 28 of the GDPR with all our data processors to ensure that such data processors implement appropriate organisational and technical security measures in such a way that the processing complies with the requirements of the GDPR and ensures the protection of your rights.

5. TRANSFER OF YOUR PERSONAL DATA TO THIRD COUNTRIES

5.1 We will not transfer your personal data to recipients outside EU or EEA unless we have ensured compliance with GDPR Chapter V.

5.2 Some of our third-party service providers are established outside the EEA, including but not limited to the US, which means their processing of your personal data will involve a transfer of data outside the EEA. However, to ensure that your personal information receive an adequate level of protection we have ascertained that sufficient safety measures have been implemented to allow for the transfer, including where the European Commission have deemed the country to provide an adequate level of protection for personal data; or by use of specific contracts approved by the European Commission (Standard Contractual Clauses) which give personal data essentially equivalent protection as it has in Europe.

5.3 If you require further information about our current data processors established outside the EEA and the safety measures in place to allow for the transfer of personal data, you can request it from us – please send your request to us by email: hello@cxfacts.com.

6. YOUR RIGHTS

6.1 Under certain circumstances, you have one or more of the following rights:

6.2 The right of access by the data subject

6.2.1 You have the right to request information from us regarding the personal data we are processing about you, which purposes the processing serves, what categories of personal data and recipients of personal data there might be, as well as information on where the personal data has been obtained.

6.2.2 You have the right to receive a copy of the personal data that we process about you and to check that we are lawfully processing it. If you want a copy of your personal data, you must submit a written request to us by using the contact information specified in Section 8. You may be asked to provide documentation for proof of identity.

6.3 The right to rectification

6.3.1 You have the right to request correction of your personal data that we hold about you. If you become aware that the personal data we process is inaccurate, we encourage you to contact us in writing which will enable you to have any incomplete or inaccurate information we hold about you corrected.

6.4 The right to erasure (“the right to be forgotten”)

6.4.1 You may have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. To the extent the continued processing of your personal data is necessary, for example in order for us to comply with our legal obligations or for legal requirements to be established, enforced or defended, we are not required to delete your personal data.

6.5 The right to restriction of processing

6.5.1 You may have the right to request the restriction of processing of your personal data to consist only of storage. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

6.6 The right to data portability

6.6.1 You may have the right to obtain personal data that you have provided us with, in a structured, commonly used, machine-readable format and have the right to request a transfer of that information to another data controller.

6.7 The right to object

6.7.1 You have the right to object to our processing of your personal data at any time when it relates to our direct marketing efforts towards you.

6.7.2 Furthermore, you have the right to object to our processing of your personal data at any time, for reasons relating to your personal life, where we are relying on a legitimate interest as legal basis for processing.

6.8 The right to withdraw your consent

6.8.1 You have the right to withdraw a consent you have provided us with for the purpose of processing your personal data. If you wish to withdraw your consent, please contact us by using the contact information specified in Section 8.

6.9 The right to lodge a complaint

6.9.1 You have the right to lodge a complaint with Datatilsynet regarding CXFacts’s processing of your personal data. A complaint can be lodged via email: dt@datatilsynet.dk or by phone + 45 33 19 32 00.

7. DATA RETENTION

7.1 The personal data about your use of our Solution will be deleted or anonymized at the latest, after 12 months of inactivity. Cookies will be deleted in accordance with our cookie policy that may be found here: https://cxfacts.com/cookies

7.2 Your account data is deleted when your account is closed. As a general rule your account will be closed when you have been inactive for 12 months.

7.3 Personal data about you collected when you signed up for our newsletter will be deleted when your consent to receive newsletters is withdrawn. However, we retain documentation on your consent two years after withdrawal in accordance with The Danish Statute of Limitations.

7.4 We do, however, reserve the right to retain your personal data for an extended period of time if deemed necessary to establish, exercise or defend a legal claim or in order to meet a legal obligation.

8. CONTACT INFORMATION

8.1 CXFacts is the data processor of the personal data collected about you, as described in this Privacy Notice.

8.2 If you have any questions regarding this Privacy Notice or wish to exercise your rights pursuant to Section 6, please use the contact information set out below:

CXFacts ApS

CVR no. 42540641

Lejrvej 19

3500 Værløse

hello@cxfacts.com / +45 69 17 30 01

9. CHANGES TO THIS PRIVACY NOTICE

9.1 We may make changes to this Privacy Notice. The latest version of this Privacy Notice will be available at any time on our website www.cxfacts.com/privacy.

Last updated: 18.02.2022