Who we are


Our website address is: https://thorsenteknik.dk


What personal data we collect and why we collect it


Comments


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.


An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.


Media


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


Contact forms


Cookies


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.


If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.


When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.


If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.


Embedded content from other websites


Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.


These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


How long we retain your data


If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.


For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.


What rights you have over your data


If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.


Where we send your data


Visitor comments may be checked through an automated spam detection service.


General Data Protection Regulation

Ways of Work – Personal data – All employees

As you may have heard in the media, new legislation regarding the protection of physical persons personal data – the GDPR – has come into effect. As this will have an impact on all of us, we have made this guidance regarding your future handling of personal data.

More information can be found here: https://www.eugdpr.org/

What is personal data?

Personal data is: any information related to an identified physical person (like you).

A few examples of personal data are listed in the below:

– The information we have on you related to your employment: your name, address, bank account etc. Information needed by the company to e.g. pay out your salary.

– Information related to employees at our customers and suppliers (counterparties) like their personal e-mail and address and other personal information like their family relations and personal habits.

Remember! It is only data related to physical persons – not data related to companies (it must be personal)!

The basic new rights and obligations:

This new legislation is made to protect you (and your counterparties) as individual(s). As such it provides new rights and protections to persons and thereby obligations to companies like ours when processing personal data.

First of all – it is important to emphasize that you can continue to process personal data in the future!

However, you can only process personal data if you do this for a specific purpose and have legal basis for it.

By processing we mean the registration, collection, storing, using and forwarding etc. of a persons personal data.

The requirement of a specific purpose could e.g. be when we, as a company, need your bank account information (the personal data) to be able to pay you your salary = purpose.

The requirement of legal basis would be obtained if the processing is either necessary …

… for the performance of a contract (e.g. we need to include your personal data in your employment contract),

… for compliance with a legal obligation (e.g. the disclose of your income information to tax authorities),

… in order to protect the vital interests of a person,

… for the performance of a task carried out in the public interest or official authority, or

… for the purposes of the legitimate interests pursued by the controller (e.g. us as a company).

If you do not have a specific purpose or legal basis you cannot process the personal data unless you receive written consent from the person(s) to process their personal data!

If you do not receive the consent you cannot process their personal data!

You need to be aware, that when you as an employee (and thereby us as a company) is processing personal data of a person, that person now has some new rights, hereunder the right to:

1) receive insight (be informed) of what personal data we have processed,

2) the purpose of our processing,

3) the person can require the processed data corrected or even deleted entirely.

This is the basic principles of the GDPR!

So how is the GDPR changing your ways of working?

The GDPR should not have a major effect on your daily working. However, some departments like HR, Treasury, and IT (departments processing personal data) will face new procedures and requirements. For these departments separate “ways of working” have been made.


Where do I “face” personal data in my working day?

Normally you would face personal data when you are communicating with your counterparties. Maybe your counterparty is giving you his/her private address, mail or phone number (personal data). Maybe he/her is telling you about family relations and their health situations (personal data).

Maybe you are receiving a passport copy (personal data) of the management of your counterparty as part of your credit or KYC assessment or maybe your long-lasting competitor is sending you his/her personal CV (personal data) giving up the battle.


So how should you process this information if received?

Remember! You can only process (e.g. type in and store in CRM) personal data if you have:

1) a specific purpose and

2) legal basis for doing it.

If you e.g. want to store personal information on a person of your counterparties in our CRM system you can do this as this would be of a legitimate interest (our interest in serving in a best manner) pursued by us.


Are there any difference in what kind of personal data I can process?

Yes. There are two types of personal data. Sensitive and non-sensitive (normal) personal data. Sensitive personal data is information about (exhaustive listed): race – ethnic origin – political opinions – religious belief – philosophical beliefs – trade union membership – genetic data – biometric data – health information – sexual orientation. All other information is normal personal data.

Normal personal data you must process in accordance to this guidance – sensitive personal data you should never process.


Unsolicited information received – what do I do?

If you receive a CV or an Application from a person and you have no purpose of having such (meaning that you are not the right channel/department/person), you MUST inform the sender that you are not right person and that you will delete the mail containing the CV/Application

and refer to the right channel or ask for consent to forward the mail to the right person/department.

If you in e.g. a chat program receive unsolicited sensitive personal data information you should delete this from the chat in the best possible way.


Know where you have you processed personal data?

As we have an obligation to inform persons about our processing we always need to know what we have pro-cessed, the purpose of this and e.g. where the information (personal data) is stored.

As such always know what, where and why and always delete personal data you have without a purpose!

We have a uniformed Data Protection Policy in Thorsen-Teknik A/S, applying to all employees, depart-ments and companies.

GDPR Best Practice instruction in handling personal data.

Below are best practice instructions in how you must handle personal data in the future:

  • Go through your inbox and folders (physical and digital) and delete personal data stored without a purpose.
  • You need to develop a habit of cleaning up in your inbox and never store, forward etc. any personal data without a purpose or legal basis – such as consent from sender.
  • All personal data which is just “nice to have” and not “need to have”, must be deleted.
  • Do not process sensitive personal data without contacting legal department and CEO.
  • Minimize the inclusion of personal data in the CRM system to the minimal.
  • Minimize personal data to absolute minimum. That means, don’t store same documents in both local drive and physical folder or briefcase.
  • Keep in mind you need to inform the person and maybe ask for consent for/about the processing.
  • A person could ask to see what you have noted down about him/her.

If you have any questions, please do not hesitate to contact kontor@thorsen-teknik.dk, or

CEO Torben Thorsen at +4529104029.

Read more here about the regulation on the official EU web: https://www.eugdpr.org/

Best regards

Thorsen-Teknik A/S.