Policy on protection of personal data

Crateit ApS – CVR: 42356786

– Updated on 01.05.2022

1. General

1.1 In this policy for the processing of personal data (Persondatapolitik) it is described how crateit.dk, Crateit Aps (Crateit, us, our, we) collects and processes information about you.

1.2 The personal data policy applies to personal information that you provide to us or that we collect via crateit.dk, e-mail, SMS and other electronic messages, conversations with customer service, printed and digital forms for e.g. competitions and events. Also generally available information from social networks.

1.3 Crateit is the data controller for your personal data. All inquiries to Crateit can be made via the contact information found under point 8.

2. What personal data do we collect, for what purpose and with what legal basis for the processing

2.1 When you visit crateit.dk we automatically collect information about your use of crateit.dk e.g. about which type of browser you use, which search criteria you use on crateit.dk, your IP address, including your network location, as well as information about your PC or mobile device, geographical location and similar data.

2.11 The purpose is to optimize the user experience and crateit.UK function as well as to target marketing including advertising via Facebook, Instagram, Youtube and Google. The purpose of this processing of personal information is that we can thereby improve crateit.dk and show you relevant assortments.

2.12 The legal basis for the processing is our "legitimate interest" in accordance with Article 6 of the Data Protection Regulation.

2.2 When you enter into an agreement or communicate with us on crateit.dk, we collect the information you provide yourself, for example name, address, e-mail address, telephone number, payment method, information about which products you buy and possibly returns, wishes regarding delivery as well as information about the IP address from which the order was made.

2.21 The purpose is for us to be able to deliver the products you have ordered and otherwise fulfill our agreement with you, including managing your rights in relation to returns and advertising. We can also process information about your purchases to meet legal requirements, including requirements regarding bookkeeping and accounting. When making a purchase, the IP address is collected for this purpose, as well as for us to prevent fraud

2.22 The legal basis for the processing is our "contractual obligation" in accordance with Article 6 of the Data Protection Regulation.

2.3 When you enter into an agreement, communicate with us or pick up products that you have ordered on crateit.dk, we collect the information you provide yourself, for example name, address, e-mail address, telephone number, payment method, information about which products you buy and any returns

2.31 The purpose is for us to be able to deliver the products you have ordered and otherwise fulfill our agreement with you, including managing your rights in relation to returns and advertising. We can also process information about your purchases to meet legal requirements, including requirements regarding bookkeeping and accounting. Handle your inquiries, answer questions, process any complaints and support inquiries (incl. technical support) and the like.

2.32 The legal basis for the processing is our "contractual obligation" in accordance with Article 6 of the Data Protection Regulation.

2.4 When you sign up for our newsletter, we collect information about your name and email address.

2.41 The purpose is for us to be able to fulfill our obligation and deliver the newsletter to you.

2.42 The legal basis for the processing is our "contractual obligation" in accordance with Article 6 of the Data Protection Regulation.

2.5 When you contact info@crateit.dk, we store the information you provide yourself, such as name, social security number and contact information such as address, e-mail address and telephone number. Your correspondence, information about the time of purchase, when you purchased goods, possibly error/complaint. Technical information about your equipment. Health information (e.g. allergies and other information you provide regarding health condition). Information about the use of My pages (members only).

Conversations with our Crateit ApS may be recorded in accordance with applicable legislation for local, operational needs (e.g. for quality or training purposes) and in certain cases for archiving as proof of consent to direct marketing and profiling. Credit card information is not recorded. If required by applicable law, you will be informed of the recording at the beginning of the interview and you will have the opportunity to opt out of the recording.

2.51 The purpose is to be able to handle your inquiries to Crateit ApS. Answer any questions, process any complaints and support inquiries (incl. technical support) and the like.

2.52 The legal basis for the processing is our "contractual obligation" as well as "legal obligation" according to Article 6 of the data protection regulation.

3. Recipients of personal data

3.1 Information about your name, address, e-mail address, telephone number, customer number, order and invoice number as well as separate requests regarding delivery is redistributed to the carrier who is responsible for delivering ordered goods to you.

3.2 Information may be passed on to external business partners who process the information on our behalf. We use external partners for e.g.a technical operation, improvements and shipping, sending newsletters and targeted marketing, including advertising, and for your evaluation of our company and our products. Among other things, information about your name and email address may be passed on to TrustPilot so that they can, on our behalf, send an invitation to evaluate us on the TrustPilot website. If you choose to register something, TrustPilot becomes the data controller for the information you have provided. These third parties are data processors who act solely on our instructions and process data for which we are the data controller. The data processors must not use the information for purposes other than fulfilling their contract with us and they are subject to confidentiality.

3.3 Two of these data processors, Google Analytics v/Google LLC and Facebook Inc. is based in the United States. Necessary guarantees regarding transfer of information to the USA is provided via the data processor's certification in accordance with the EU-U.p Privacy Shield, cf. EU General Data Protection Regulation, Article 45.

3.31 A copy of Google LLC's certification can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

3.32 A copy of Facebook Inc's certification can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

3.4 We also share personal data with certain companies that are independent data controllers. The fact that the company is an independent data controller means that it is not us who control how the information you have provided is processed. Independent data controllers with whom we share your personal data are.

  1. State authorities (police, tax administration or other authorities) to the extent that we are obliged to do so in accordance with applicable legislation, or upon suspicion of a crime.
  2. Companies that offer payment solutions (card issuing companies, banks and other providers of payment services).

When your personal data is shared with a company that is an independent data controller, the relevant company's Personal Data Policy and processing of personal data apply.

4. Your Rights

4.1 As data controller, we will inform you about your rights with the aim of creating transparency about how we process your information.

4.2 Right to access

4.21 You have the right to ask us at any time for information about e.g.a which information we have registered about you, for which purpose the registration has taken place, which categories of personal data and recipients of information exist and information about where the information originates.

4.22 You have the right to obtain a copy of the personal data about you that we process. If you want a copy of your personal data, you must send a written request to Crateit ApS, Att: GDPR, Rugaardsvej 276, Odense, 5000 DK. You may be asked to prove that you are who you say you are.

4.3 Right to corrections

4.31 You have the right to have erroneous personal data about yourself corrected by us. If you become aware that there are errors in the information we have registered about you, we encourage you to send us a written notification so that the information can be corrected.

4.4 Right to removal

4.41 In certain cases, you have the right to have all or part of your personal data removed by us, if, for example, you withdraw your consent and we have no legal basis for continuing the processing. To the extent that continued processing of your data is necessary, e.g. for us to fulfill our obligations under the law or for legal claims to be established, asserted or defended, we cannot comply with your wish to have your personal data removed .

4.5 Right to restrict processing to storage

4.51 In certain cases, you have the right to have the processing of your personal data limited to storage only, e.g. if you believe that the information we have about you and which we process is not correct.

4.6 Right to data portability

4.61 In certain cases, you have the right to have personal data that you have made available to us delivered in a structured, commonly used, machine-readable and compatible format and to have this transferred to another data controller.

4.7 Right to object

4.71 You have the right to object at any time to our processing of your personal data with regard to direct marketing, incl. the profiling that is carried out in order to be able to do the direct marketing.

4.72 You also have the right to object at any time to our processing of your personal data in accordance with the legal grounds for processing that appear in this policy. However, we cannot guarantee that we can meet your wishes in every respect. This may be because we have a duty to store personal data in accordance with the law or as a result of a contractual obligation towards you.

4.8 Right to complain

4.81 You have the right to lodge a complaint about our processing of your personal data at any time to the Norwegian Data Protection Authority, Borgergade 28, 5, 1300 København K. Complaints can, among other things,a submitted by email dt@datatilsynet.dk or telephone +45 33 19 32 00.

5. Deletion and relocation of personal data

5.1 We only store personal data for as long as is necessary to fulfill the purpose of the processing.

5.2 Information collected about your use of crateit.dk, cf. Point 2.1, is removed at the latest when you have not used crateit.dk for a period of 24 months.

5.3 Information collected in connection with your signing up for our newsletter is deleted when you withdraw your consent to the newsletter, unless we have other reasons for processing the information.

5.4 Information collected in connection with your purchasing goods on crateit.dk, is as a general rule deleted 2 years after the end of the calendar year in which the purchase took place. However, information may be stored for a longer period if we have a legitimate need for this, for example if it is required to establish legal claims, assert claims or defend legal claims, or if storage is required for us to fulfill legal requirements . In order to comply with the requirements of the Accounting Act, accounting material is stored for 5 years until the end of a financial year.

5.5 You have the right to request that your personal data be moved (data portability).

6. Security

6.1 We have taken appropriate technical and organizational measures to prevent personal data from being unintentionally or unjustifiably damaged, lost, changed or degraded, as well as to prevent unauthorized persons from gaining knowledge of them or their misuse.

6.2 Only employees who have a real need to access your personal data in order to perform their work have access to it.

7. Contact details

7.1 We do not resell personal information and do not pass on your personal information to others, it is only registered in our customer register. You can have your information deleted at any time.

7.2 In order for you to enter into an agreement with Crateit ApS, we need the following information:. Name. Address. Phone number. Email address

We register your personal data with the aim of being able to deliver the goods to you.

The personal information is registered with Crateit ApS and stored for up to five years, after which the information is deleted.

When personal data is collected via our website, we ensure that it always happens by giving your express consent, so that you are informed about exactly what information is collected and why.

7.3 The director and the employees of Crateit ApS have access to the information registered about you.

The data controller in Crateit ApS is: Tonny Kaagaard Olsen

We do not store and transmit customer information encrypted.

As registered with Crateit ApS, you always have the right to object to the registration. You also have the right to access what information is registered about you. You have these rights according to the Personal Data Act and inquiries in connection with this should be addressed to info@crateit.dk.

7.4 Cookies at https://www.crateit.dk/ cookies are used with the aim of optimizing the website and its functionality, thus making the visit as easy as possible for you.

You can delete cookies from your computer at any time, see the instructions at Webshop Cookies and Privacy Policy.

7.5 Log statistics: we use a log statistic on https://www.crateit.dk/, which means that a statistics system collects information that can give a statistical picture of how many visitors we have, where they come from and where on the website it is left, etc.

The log statistics are only used for the purpose of optimizing the Crateit ApS website.

8.Consumer Protection

Read more about your protection as a consumer when you buy via a PensoPay payment solution:https://pensopay.com/mere/forbrugerbeskyttelse/

8.1 Crateite.dk, Crateit ApS is the data controller for the personal data collected via Crateit.dk

8.2 If you have questions or comments about this Personal Data Policy, or if you want to make use of one or more of your rights, which are described under point 4, you can contact:

Crateit ApSGDPR

Seebladsgade 2, 5000, Odense C. Tel.: +45 61602772

Email: info@crateit.dk

9. Changes in the personal data policy

9.1 You will always find the latest version of Crateit's personal data policy on this page.

9.2 In the event of decisive changes (e.g. precautions regarding personal data processing or categories of personal data) you will receive information about this via email or on Crateit.dk

10. Versions

10.2 This is version 1 of the Crateit ApS Personal Data Policy, dated 01.05-2022