Privacy Policy

Introduction

This Privacy and Data-Privacy Policy contains personal data management rules for websites and services hosted by data controller Cool Accounts IVS at https://accounts.cool and all of its subdomains with detailed privacy and data management information.
The Data Controller manages the data of people using the site in order to provide them with an appropriate service. Using the services of the website you are providing your own data, some of which are automatically recorded (IP address, browser type, country) and some of which are recorded by your consent (filling out a form, accepting cookies).
The Data Controller wishes to comply fully with the statutory provisions on the processing of personal data, in particular those contained in Regulation (EU) 2016/679 of the European Parliament and of the Council (EU). Your personal data are legally, fairly and ethically managed by the owner / Data Controller of the website in compliance with applicable legal requirements and in compliance with international data-protection standards.
This Privacy Policy is based on Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data of natural persons and on the free movement of data.
By using website https://accounts.cool users accept the terms of this Privacy Policy and its statements. This Privacy Policy is available in the footer of each page of https://accounts.cool .
The website does not contain a registration function, therefore registration is not possible and the personal data of registered persons are not managed or collected by the website provider.

The Data Controller’s (Cool Accounts IVS) and the website provider’s (https://accounts.cool) contact information:

Name: Cool Accounts IVS
Address: Kongelundsvej 44, st. tv., 2300 København S
CVR Number: 37946796
E-mail: [email protected]
Telephone: (+45) 26 50 66 80

Guidelines for data management

The Data Controller declares that it handles the processing of personal data as set out in this Privacy Policy and adheres to the requirements of applicable legislation with particular regard to:

  • Personal data are processed lawfully, fairly and ethically and in a transparent manner for the data subject.
  • Personal data is collected only for specified, explicit and legitimate purposes.
  • The purpose of processing personal data is appropriate and relevant.
  • The processing of personal data occurs only to the necessary level.
  • Personal data is stored in such a way as to allow identification of the data subject(s) only for the time necessary.
  • All personal data are handled in an appropriate, expectable manner using appropriate security and organizational measures.
  • The principles of data protection are applied to information / data relating to all identified or identifiable natural persons.

Information about data management

Browsing, opening, and downloading https://accounts.cool can be done without registration that is without giving any personal data.
However, in order to use some of the features described below, it is necessary to manage your personal data as with a message sent from the website to the provider.

Messaging function

In the use of the “Write a message” function the Data Controller gains a legal basis to process and store the following personal data:

  • Name
  • E-mail address
  • Phone number.

These data are handled by the Data Controller in accordance with statutory requirements, ethically and inaccessibly to any third parties (except the domain provider and the providers of the mailing systems).
Name of the activity: messaging.
Purpose for processing: optimizing work organization and providing personalized service.
Managed data: personal data provided by the person concerned such as name, email address and phone number.
Legal basis for data processing: consent of the user and statutory data management.

Appointment-booking function

In the use of the “Book an appointment” function the Data Controller gains a legal basis to process and store the following personal data:

  • Name
  • E-mail address
  • Phone number.

These data are handled by the Data Controller in accordance with statutory requirements, ethically and inaccessibly to any third parties (except the domain provider and providers of the mailing systems).
Name of the activity: appointment booking.
Purpose for processing: optimizing work organization and providing personalized service.
Managed data: personal data provided by the person concerned such as name, e-mail address and phone number.
Legal basis for data processing: consent of the user and statutory data management.

Live-chat function

In the use of the live-chat function the Data Controller gains a legal basis to process and store the following personal data:

  • Name

This is handled by the Data Controller in accordance with statutory requirements, ethically and inaccessibly to any third parties (except the domain provider and the providers of the mailing systems).
Name of the activity: live chat.
Purpose for processing: optimizing work organization and providing personalized service.
Managed data: personal data provided by the person concerned such as name.
Legal basis for data processing: consent of the user and statutory data management.

Server logs

When opening the website of the Data Controller the server logs the activity of the visitor.
Purpose for data processing: The Data Controller logs personal data such as IP address for providing reliable, personalized service and for preventing misuse.
The Data Controller and the host provider have a legitimate interest to provide a secure website and on this basis the personal data of the visitor(s) can be recorded as per GDPR article 6, first paragraph (f).
Managed personal data: reference number, date, time and domain name of the visited site.
Duration of data management: 30 days.
The Data Controller does not connect data from other sources with the analyzed log files and doesn`t seek to identify visitors personally.
The visited website address and the date data themselves are not sufficient to identify the concerned person, nevertheless other data, collected from other sources connected with these data can be sufficient to draw conclusions of the visitor / user.
The IP address is a series of numbers which is uniquely given to the visitor / user. The visitor / user can be identified by this unique IP address and even the geographical location of the visitor / user can be identified.

Data Processors:

I. Hosting provider

One.com
Kalvebod Brygge, 1560 Copenhagen, Denmark
The data shared by you is stored in servers provided by the hosting provider. Only our employees and the employees of the hosting provider can access these data.
The name of the activity: hosting, server providing.
Purpose for processing: making sure of the operation of the website and storage of data.
Managed data: personal data provided by the person concerned.
Legal basis for data processing: consent of the user and statutory data management.

II. External providers

The Data Controller uses and cooperates with external service providers.
The data stored in the systems of these external service providers are managed by the privacy policies of these entities. The data processor will do everything in its power to ensure that the external service providers manage the data shared with them according to the laws and to ensure that they use the shared data only in the way agreed upon by the visitor / user or stated in this Privacy Policy.
The Data Controller uses the following external service providers:
Dinero Regnskab ApS
Vesterbrogade 1L, 6. sal, 1620 Copenhagen V, Denmark.
The name of the activity: bookkeeping program.
Google LLC
1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
The name of the activity: e-mail platform.

III. External web-analytics providers

The website does not use any web-analytics tool.

IV. Other external providers

There are external providers that are not in contract with the Data Controller or the Data Controller does not cooperate with them for data management but they can access the data shared by the visitor / user – with or without the cooperation of the visitor / user – about the visitor’s / user’s activity on the website, which in some cases – independently or combined with data from other sources – can be used to identify the user.
Such external providers may be but are not limited to: Facebook Ireland Ltd, Google LLC, Instagram LLC, Twitter International Company, PayPal Holdings Inc., Pinterest Europe Ltd, Playbuzz Ltd.
The listed external providers use their own privacy policies to manage the shared data, which can be accessed in their products and services.

Managing website-traffic data

The users’ device information such as IP address can be logged by the hosting provider to identify the origin of the request (country) to work out website-traffic statistics and to ensure the quality of the service. After the identification of the request’s origin the hosting provider deletes the IP address from its systems. These data are personal data in some cases. The statistics worked out from these log files are stored for 30 days. The Data Controller doesn’t connect data collected from visitors / users to data from other sources, which would make identification of the visitor / user possible.

The use of cookies

In the use of some parts of the service the Data Controller installs small, text-based data files in the visitor’s / user’s browser to ensure the quality of the service, to provide personalized service and to simplify further visits of the visitor / user. The data files contain settings but do not contain or store any personal data. The data from these data files are not combined with identification data of the visitor / user.
The visitor / user has the following possibilities regarding to cookies in his / her browser:

  • Block all cookies
  • Delete all cookies

The visitor / user has the following possibilities regarding to cookies on the website:

  • Accept: on accepting the website stores the settings data in the cookie files
  • Decline: blocks the essential cookies of the website – in this case the website operates in a limited functionality
  • Other cookies may be installed on the visitor’s / user’s device from third parties.

Definition of cookies

HTTP-cookies (simply, cookies) are packages of information sent by the server to the browser then sent back by the browser to the server on every request. The cookies are created by the web server and the visitor’s / user’s browser on the visitor’s / user’s device where they are stored in a separate folder.
Use of web beacons
The Data Controller does not use this technology but third parties can insert this technology into the Data Controller’s website. The Data Controller never requested or asked this and the Data Controller has no way to change or block. Unlike cookies, this cannot be controlled or disabled by the user.

Definition of web beacons

Web beacons track the user’s activity on the website in an invisible way. Usually they work by placing small-sized picture files that help tracking the user activity.

Data transfers and third-party data management

The Data Controller, unless obliged by law, may only transfer personal-identification data to third parties with the consent of the user. This includes the data collected from data files in the Data Controller’s system. The disclosure of certain personal data to third parties may occur in the following cases:

  • Legal obligation of the Data Controller to cooperate with investigating bodies and courts in order to detect infringements committed within the framework of the service and to comply with the statutory requests for information.
  • In case of suspicious or infringing activities detected within the framework of the service the Data Controller has the legal basis to send or publish invitations or announcements even using data from individual users.
  • Some parts of the service (working out visitor statistics) may be performed by the Data Controller’s contractual partners.

Rights related to data management

I. Right to be informed

You can request information from the Data Controller at any time via the contact details provided about what data, for what purpose, on what legal basis, from what source and for how long are processed or stored. Within 15 days of the date of submission of the application the Data Controller shall examine the application and make a decision on its merits. Information will be sent to the email address provided by you as soon as possible but not later than in 30 days.

II. Right to erasure

You can ask the Data Controller at any time to delete any or even all of your data. Within 15 days of the date of submission of the application the Data Controller shall examine the application and make a decision on its merits. Information about this will be sent to the email address provided by you as soon as possible but not later than in 30 days.

III. Right to rectification

You can request the Data Controller to rectify any of your data at any time via the contact details provided. Within 15 days of the date of submission of the application the Data Controller shall examine the application and make a decision on its merits. Information about this will be sent to the email address provided by you as soon as possible but not later than in 30 days.

IV. Right to object

You can object to data management at any time via the contact details provided by the Data Controller. Within 15 days of the date of submission of the objection the Data Controller shall examine it and make a decision on its merits. Information about this will be sent to the email address provided by you as soon as possible but not later than in 30 days.

V. Right to restrict processing

You can ask the Data Controller to lock your data at any time via the contact details provided. The duration of the locking may vary depending on the reason you specify. Within 15 days of the date of submission of the application the Data Controller shall examine the application and make a decision on its merits. Information about this will be sent to the email address provided by you as soon as possible but not later than in 30 days.

VI. Right to remedy

Inform the Data Controller, if there is a presumption of unlawful data processing so the Data Controller will have the opportunity to review the submitted comment and make appropriate changes to eliminate the infringement, if necessary. The Data Controller shall use his / her best efforts to eliminate the infringement.
The user is entitled to file a complaint with the supervisory authority (right to complain) and entitled to legal remedy.
If you consider that a lawful state can’t be restored please notify the authorities via the following contact details:
Datatilsynet
Address: Borgergade 28, 5, 1300 København K, Denmark
Telephone: (+45) 72 26 84 00
Fax: (+45) 33 19 32 00
E-mail: [email protected]
URL: http://www.datatilsynet.dk/
The user may exercise his / her right of appeal before the court of the Member State where the supervisory authority has its seat against the decision of the supervisory authority. Both the user and the Data Controller can exercise their right of appeal.
The data subject is entitled to apply directly to the court if he / she considers that his / her personal-data rights have been violated.

Modification

The Data Controller of https://accounts.cool reserves the right to amend this Privacy Policy.

Responsibility

The Data Controller disclaims all liability for any information or data that is available and / or published within the framework of the Service.
If the Data Controller becomes aware that the user violates the rights of a third party within the framework of the service, uses the personal data of a third party or uses personal data obtained from the service or other sources in an unlawful manner, the necessary steps will be taken to comply with the legal obligations of the Data Controller for the purpose of eliminating an infringement or seeking legal redress.

Copenhagen , 1 February 2019
Cool Accounts IVS
Data Controller