Security and confidentiality are a prerequisite of and an obligation of ours in our work at inforevision and we are continuously working to update our data protection guidelines, including for protection of personal data.
As a firm of auditors and consultants, we offer a wide range of services, including statutory audits and other assurance engagements as well as consultancy and advisory services. We regard ourselves as independent data controllers when we perform statutory audits and other assurance engagements for our customers and when we perform other services where inforevision determines the purposes and relevant means of processing.
When we perform consultancy and advisory services, including, for example, business services and payroll administration, hosting services, etc., we regard ourselves as a data processor as we process data on behalf of our customers and according to their instructions. In these situations, the customer must enter into a data processor agreement with us defining the instructions and terms of our processing of personal data.
The below data protection policy provides information on inforevision’s processing of personal data in a data controller capacity.
We use the data supplied to us by the customer in order for us to perform the agreed services and to manage, control and develop of our business and services.
Where necessary in order to perform the services, we may also use data about the customer’s financial, tax and business affairs, including, for example, data contained in the customer’s online tax folder, provided that access has been granted by the customer.
Where necessary in order to perform the agreed services, we may also use personal data about the customer’s employees, customers and contractors.
We only collect, process and store the personal data necessary for performing the agreed services. In principle, this means the Register of Marriage Contracts, the Register of Mortgages, the Danish Business Authority, the Central Business Register, the Danish Tax Agency and the Public Register of Shareholders.
Moreover, we may be required by law to collect and store specific data for business purposes, eg. under the Danish Bookkeeping Act (bogføringsloven) and the Danish Anti-Money Laundering Act (hvidvaskloven) (for more details, see the last paragraph below).
We erase personal data when they are no longer needed in relation to the purpose for which they were collected, which usually means after the customer relationship has ended. However, customer data used for accounting record purposes will be stored for at least five years due to the provisions of the Bookkeeping Act and the Anti-Money Laundering Act.
We disclose and make personal data available to business partners and other parties if necessary for the performance of the agreement entered into with the customer.
Sometimes we choose to use data processors, including providers of software, webhosting, backup, security and storage services. If data processors are used, we only do so for specific purposes, and it remains our responsibility to ensure that the customer’s information is processed in accordance with current legislation and this data protection policy.
We will not disclose personal data for purposes other than as provided under the agreement – eg. disclosure to third parties for their marketing use – unless otherwise agreed with the customer in connection with the collection or the customer’s consent is obtained after the customer has been informed about what his or her data will be used for. The customer may at any time ask us to stop the disclosure of personal data, regardless of any agreement to the contrary or consent in any other way from the customer.
However, we will not obtain the customer’s consent if we are legally obliged to disclose personal data, eg. as part of a statutory notification to the authorities.
The customer always has the right to know which of his or her personal data we process, where they come from and what we use them for. The customer may also be informed for how long we store personal data and who will receive data about the customer. However, this right may be subject to restrictions to protect the privacy, business secrets and IPR of others. To exercise his or her rights, the customer is requested to contact us.
If the customer believes that the personal data we process about the customer are inaccurate or incorrect, the customer is, of course, free to contact us and have the data rectified.
In some cases, we have a duty to erase personal data, eg. if the customer withdraws his or her consent. If the customer believes that data are no longer needed in relation to the purpose for which they were collected, the customer may request to have them erased. The customer may also contact us if the customer believes that personal data are being processed in violation of Danish legislation or other legal obligations.
The customer has the right to object to our processing of personal data. The customer may also object to our disclosure of data for marketing purposes. If the customer’s objection is justified, we will cease our processing and erase the customer’s data, unless we are required under the law to retain them.
If the customer wishes to exercise his or her right to data portability, the customer will receive personal data from us in a commonly used format.
The customer is entitled to receive the personal data made available by the customer to us and the data about the customer obtained by us from other parties on the basis of the customer’s consent.
If the customer requests access to data, rectification or erasure of data or objects to our data processing, we will look into whether this is possible and respond to the customer’s request as soon as possible and no later than one month after our receipt of the request.
The customer has the right to complain to the Danish Data Protection Agency if the customer does not believe that we process his or her personal data in accordance with the relevant statutory requirements.
We are obliged to collect information under the Anti-Money Laundering Act and in that connection:
Customers wishing to complain about our processing of their personal data can contact:
The Danish Data Protection Agency
Borgergade 28, 5th floor
DK – 2860 Søborg
Tel: +45 39 53 50 00
Fax: +45 39 53 50 99