2. CONTACT INFORMATION
2.2 Bodyologist has a so-called Joint Data Responsibility Arrangement with Facebook regarding the personal data, which is collected by the means of Facebook’s analyzing tool “Facebook Page Insights”, when you visit our Facebook page. Read more in section 3.4.
3. WHAT PERSONAL DATA IS COLLECTED AND WHAT ARE THE PURPOSE AND LEGAL BASIS FOR THE PROCESSING
3.1 Visit website:
3.1.2. The purpose is:
- to carry out statistics aimed to analyze our customers use and activities on our website allowing us to optimize the user experience and the websites functions,
- to suggest products on our website which we think you might be interested in, and
- to market our products and services to you, including via Facebook and Google, as well as
- to enhance the security on our website.
3.1.3 The legal basis for the processing is article 6 (2), letter f, of the GDPR and § 6 (1), of the Data Protection Act.
3.2 Purchasing products or communication on website:
3.2.1 When you purchase a product or communicate with us on the website, we collect the data that you provide, i.e. name, address, e-mail address, phone number, way of payment, time of the purchase, the products you buy and may return, delivery methods and the IP-address.
3.2.2 The purpose is:
- to ensure that we can create a customer account for you and deliver the products you have ordered as well as enable us to fulfil our agreement with you,
- to administrate your rights to return and complain,
- to prevent fraud, and
- to ensure that we comply with legal requirements, including requirements related to our book-keeping and accounting.
3.2.3 The legal basis for the processing is article 6 (1), letter b, letter c and letter f, of the GDPR and § 6 (1), of the Data Protection Act.
3.3 Subscribe to our newsletter:
3.3.1 When you subscribe to our newsletter, we collect your personal data such as name, e-mail address, IP-address and possibly your phone number. We also collect information about when you subscribed to the newsletter, when you unsubscribed as well as data about where and when you read the newsletter.
3.3.2 The purpose is:
- to supply you with newsletters, and
- to carry out statistics aimed to improve the newsletters and to market our products and services as well as
- to document your consent to receive our newsletter.
3.3.3 The legal basis for the processing is article 6 (1), letter f as well as article 6 (1) letter a, if we process the data with your consent, and § 6 (1), of the Data Protection.
3.4 Sign up for our customer club:
3.4.1 When you sign up for our customer club, you are asked to provide your name, address, birthday, e-mail address, phone number, preferences, and interests etc. Apart from your name and email address this data is voluntary. In addition to this, we collect data about your use of the customer club advantages, competitions you take part in etc. We compare this data with other data we have for you, including data about your purchases.
3.4.2 The purpose is:
- to manage your membership and provide the services to you and offer you the advantages related to the membership of the customer club, and
- to send out newsletters and offer you products that we think you might be interested in.
3.4.3 The legal basis for the processing is 6 (1), letter b and letter f, of the GDPR and § 6 (1), of the Data Protection Act. When signing up we will ask for your specific consent to electronic marketing. When the personal data is processed on the basis of your consent, the legal basis is article 6 (1), letter a, and § 6 (1), of the Data Protection Act.
4. SOCIAL MEDIA
4.1 When you visit our Instagram or Facebook page, please be aware that we use Facebook’s analysis tool ”Facebook Insight” for visitor statistics, including number of likes, who is liking, number of page viewed and interactions with the page, withdrawal of likes and reach etc.
4.2 In this regard we and Facebook collect data as joint controllers. When you visit our Facebook page you will access information on this processing. Please see https://www.facebook.com/legal/terms/information_about_ page_insights_data, for more information.
4.3 We have entered into an agreement with Facebook regulating our joint controllership. Please see https://www.facebook.com/legal/terms/page_controller_addendum, for details of the agreement.
5. LEGITIMATE INTERESTS BEING PURSUED IN THE PROCESSING
5.1 As mentioned above our processing of your personal data is partially based on the provisions regarding balancing of interests in the EU General Data Protection Regulation, article 6 (1), letter f. We have balanced our legitimate interests in marketing, improving the website and security and preventing fraud, against your interests in order to ensure that your interests or basic rights or civic rights do not exceed our interests. If you wish to know more about the balancing we have carried out, you are welcome to contact us at the address listed in section 2.
6. TRANSFER OF PERSONAL DATA
6.1 Data concerning your name, address, email, telephone number as well as order number and specific delivery requests is transferred to the carrier in charge of delivery of your purchases.
6.2 Personal data may be transferred to public authorities if we are obligated by law or to the police in case of suspected offences or as part of the investigation into specific offences. Data about a purchase, including data about the purchaser and the delivery address, may be transferred to the card issuer if the card holder informs us that the card has been abused in connection with the specific purchase.
6.3 Data may be transferred to external partners who process the data on our behalf. We make use of external partners for e.g. hosting, technical operations and website improvements, distribution of newsletters and targeted marketing, including retargeting as well as for your evaluation of our company and products. These companies are data processors under our instruction and process data for which we are data controllers. The data processors are not entitled to use the data for purposes other than fulfilment of their agreement with us and are subject to confidentiality clauses.
6.4 Two of these data processors, Google Analytics represented by Google LLC. and Facebook Inc. are incorporated in the US. When we transfer personal data to a third country or an international organization based outside the EU/EEA, we ensure prior to a transfer of personal data that the transfer is carried out in a manner which provides sufficient guarantee for the protection of the personal data, e.g. by using the EU’s standard data protection contract provisions. In that connection we also evaluate prior to the transfer of the personal data whether supplementary provisions are required in order to ensure that the personal data remains protected at a level that reasonably corresponds to the same level as in the EU, including the provisions of the General Data Protection Regulation read with the EU charter on basic rights.
7. YOUR RIGHTS
7.1 With a view to ensuring transparency regarding the processing of your data, we hereby inform you of your rights in our capacity of data controllers. If you wish to exercise your rights, you are welcome to contact us at the addresses listed in section 2.
7.2 Right of access:
7.2.1 You are entitled to be informed of which personal data about you is being processed, the purposes of the processing, the categories of personal data and the recipients or categories of recipients to whom the personal data may be passed on to as well as information about where the personal data comes from. You are also entitled to receive a copy of this personal data.
7.3 Right of rectification:
7.3.1 You are entitled to have incorrect data about you corrected.
7.3.2 It is possible for you to edit the information we have obtained when you signed up for our customer club in your profile via log-in.
7.4 The right to be forgotten:
7.4.1 In certain circumstances you are entitled to have data about you deleted totally or partially, e.g. if you withdraw your consent and there is not another legal basis to continue the processing. You cannot require deletion if the processing is necessary to comply with a legal obligation, or for legal claims to be established, asserted, or defended.
7.5 The right to restrict processing activities:
7.5.1 In certain circumstances you are entitled to have the processing of personal data restricted. If the processing has been restricted, such personal data, with the exception of storage, may still be processed e.g. if you give consent to this, or if the processing is necessary for a legal claim to be established, asserted, or defended.
7.6 Data portability:
7.6.1 You have the right to receive a structured, commonly used, and machine-readable format of the personal data you have provided to us about yourself. You also have the right to transmit this information to another data controller.
7.7 Right to object:
7.7.1 You always have a right to object to our processing of your personal data for direct marketing purposes, including any profiling carried out in order for us to target our direct marketing. Furthermore, you have a right to object for personal reasons to the processing of your personal data carried out by us on the basis of our legitimate interests as mentioned in section 3 and 4.
7.8 Right to withdraw your consent:
7.8.1 You are at any time entitled to withdraw your consent to our processing of your personal data.
7.8.2 If you choose to withdraw your consent, it will not affect the legality of our processing of your personal data on the basis of your previous consent until the time of the withdrawal.
7.8.3 Your withdrawal does not affect our processing of your personal data based on another legal basis than consent.
7.9 Right of complaint:
7.9.1 You are at any time entitled to complain to Danish Data Protection Agency if you are unsatisfied with our processing of your personal data. You will find a complaint form and contact information on the Agency’s website: www.datatilsynet.dk/english/file-a-complaint
7.10 Deletion of personal data:
7.10.2 Data collected in connection with your subscription to our newsletter, cf. section 3.3. is deleted when your consent to receive the newsletter is withdrawn unless we have another basis for the processing of your personal data. However, we may store the documentation showing your consent for 2 years after the last electronic marketing sent to you in order for us to be able to prove that we had valid consent to the electronic marketing.
7.10.3 Data collection in connection with your purchases on the website, cf. section 3.2, will in general be deleted 2 years after the expiry of the calendar year in which you have made your purchase. However, this information may be stored for a longer period if we have a legitimate need for longer storage, e.g. if it is relevant to determine, maintain or defend a legal claim or if the storage is necessary for us to be able to comply with legal requirements. Bookkeeping materials are stored for 5 years until the expiry of an accounting year, cf. the provisions in the Danish Bookkeeping Act.
7.10.4 Data collected in connection with your enrolment in and membership of our customer club, cf. section 3.5, will be deleted automatically 3 years after your last login to your user profile or if you cancel your membership of our customer club.
8. SECURITY MEASURES
8.1 We have carried out suitable technical and organizational security measures to prevent the accidental or illegal destruction, loss, alteration, or deterioration of personal data and to prevent unauthorized access or abuse.
8.2 Only employees with a legitimate need to access your personal data to carry out their work have access to the data.
8.3 In connection with the completion of the payment transaction, your payment details will only be stored until the completion of each payment transaction. Your payment and card details are only stored with our external payment server where your data is encrypted.
8.4 We use an approved and PCI (Payment Card Industry - Data Security Standard) certified payment server which encrypts all your card details with an SSL (Secure Socket Layer) protocol which means that your data is not readable, and the data is thus stored in a safe, PCI-certified environment which complies with international security standards until the payment transactions have been completed. When you use your payment card on www.thebodyologists.com only our PCI-certified partner has access to your card details and not Bodyologist. Consequently, the processing of your card details is only a matter between you and our PCI-certified partner even though the processing takes place when you make a purchase on www.thebodyologist.com.
9.2 If you have enrolled in our customer club, you will be informed of the changes to the policy by notification sent to your registered email address.
10.1 Our data policy was last updated on the 1st of December 2021.