Privacy policy

Here is an introduction to our privacy policy. 

INTRODUCTION

Risika A/S, CVR no. 37677892, with offices at Sortedam Dossering 55, 2100 Copenhagen Ø ("Risika", "we", "our", "us") is a credit reference agency authorised by the Danish Data Protection Authority to carry out credit reference activities. 

As a company, we process personal data as a natural part of our business. This means that we are data controllers for our processing of information about website visitors, employees, business partners, visitors to our company page on social media and in connection with our activities as a credit reference agency. 

We are held accountable by various legal and industry standards, but also by your expectations as a data subject. This means that we are sensitive to your privacy wishes and we are obliged to inform you about what information we process. You can read more in this privacy policy in the following sections:

- Special provisions:

  • Visit our website
  • Customer relations
  • Newsletter
  • Feedback
  • Credit information
  • Social media
  • Job applications

    - General provisions:

    • Contact details for Risika and our DPO
    • Recipients of personal data
    • Your rights
    • Complaints guide
    • Changes to the privacy policy

        SPECIAL PROVISIONS

        VISIT OUR WEBSITE

        All information related to our use of cookies can be found in our Cookie Policy. 

        In addition, you can contact us via our contact form. 

        When you send us an enquiry through our contact form, we process the following information in order to respond to you:

        Name
        E-mail
        Telephone number
        Message

        Our legal basis for processing your personal data is GDPR, Article 6(1)(f) on processing based on a legitimate interest, where your interests are not overridden because we only process what is absolutely necessary to respond to your request.

        If you wish to become a customer or are already a customer of ours, our processing basis will be GDPR Article 6(1)(b) for processing necessary for the performance of a contract, including pre-contractual correspondence, which takes place at your request. 

        We keep the correspondence until 6 months after the last contact.

        NEWSLETTER

        We will use your email to send you marketing if you have signed up to our newsletter.

        Our legal basis for processing your personal data is GDPR, Article 6(1)(a), which deals with processing based on consent, cf. Marketing Act Section 10.

        CUSTOMER INFORMATION

        You may create a profile ("Profile") with us by providing your name, address, email and business affiliation.

        To create a Profile, you must agree to our Terms and Privacy Policy, after which our processing of your personal data will take place as part of an agreement between you and us.

        Our legal basis for processing your personal data is GDPR Article 6(1)(b) on processing necessary for the performance of a contract, including correspondence prior to the conclusion of a contract, which takes place at your request.

        The same goes for our "Book ademo" feature, where we ask for your email.

        Your Profile Information is kept until 3 months after you have chosen to close your Profile or have been inactive for 3 years and have not responded to our requests to delete your Profile due to inactivity.

        FEEDBACK

        We will occasionally, with your consent, collect relevant feedback to ensure that the services we offer meet your requirements. We will do this through surveys, customer satisfaction analysis or market research. Any feedback you give us will be used solely for the purpose of improving our services and will not be made public. 

        Our legal basis for processing your personal data in the context of feedback is GDPR Article 6(1)(a) on consent. 

        Information on feedback is kept for up to 5 years after receipt. Where possible, we store your feedback anonymously and have a long retention period to measure our own performance over time.

        CREDIT INFORMATION

        About credit reference agencies

        Anyone wishing to engage in the business of processing information for the purpose of assessing financial soundness and creditworthiness with a view to disclosure (credit information business) is obliged to comply with Chapter 5 of the Data Protection Act and the Data Protection Regulation, regardless of whether the credit information relates to companies or individuals.

        We process credit data in accordance with our authorisation from the Data Protection Authority dated 17 May 2018 for the purpose of commercial disclosure of information for assessing financial soundness and creditworthiness.

        The purpose of credit information services is to improve the overall conditions for businesses to contract with other businesses, including fraudulent businesses or businesses that have built up excessive debt. Access to such important information counteracts the negative consequences that can arise for the parties involved and society.

        Fulfilment of the obligation to provide information

        Our fulfilment of the disclosure obligation is done by notification via e-mail, e-box or regular mail with clear and explicit reference to the Privacy Policy, which is always available on our website.

        You will not always be directly notified of our activities, as we apply an exception to the information obligation in GDPR Article 14(5)(b), which may be applied if compliance with the information obligation proves impossible or would require a disproportionate effort on Risika's part. 

        Due to the fact that Risika collects information on many thousands of companies and associated persons, it would require a disproportionate effort to send letters/notices to all data subjects.

        Information processed

        Our processing of data takes place via collection from public databases such as cvr.dk, tinglysning.dk and statstidende.dk. We also obtain information from companies to the extent that the information is publicly available, for example on the company's website.

        This means that we process the following categories of data:

        a. Identifying information, including, but not limited to, name, address and CVR number.
        b. Financial information, including tax, debt and other information to the extent publicly available, including bankruptcy history, if any.

        Our processing of the data for the purpose of disclosure to our customers is a statistical modelling of the data, comparing active and inactive companies and obtaining:

        a. anonymised payment data
        b. geographical data
        c. statistical banks and
        d. historical accounting information

        Purpose and basis for treatment

        The purpose of the processing is to assess the financial soundness and creditworthiness of the company, including to secure our customers in the field of trade with new and existing customers.

        The processing is based on Article 20(1) of the Data Protection Act, which provides that credit reference agencies may process information which, by its nature, is relevant for the assessment of financial soundness and creditworthiness.

        We do not use personal data for other purposes.

        Recipients of credit information

        Our customers who are subscribers to our database are sent the company information registered on the companies considered as data subjects under the Data Protection Act. The information is provided only in writing, as provided for in Article 21 of the Data Protection Act, and is provided only orally and summarily, provided that the name and address of the enquirer/customer are recorded and kept for at least 6 months, as provided for in Article 21, second indent, of the Data Protection Act.

        Personal data is not included in our publications, and our publications otherwise only contain company data in summary form, cf. the Data Protection Act, Section 21.

        To the extent we are required by law, we disclose credit information to public authorities or other third parties. Any disclosure will therefore be justified by specific circumstances and only relevant and necessary information will be disclosed. When disclosing information, full confidentiality will be imposed on the recipient.

        We use our own data processors, who act on our behalf. The database is hosted by Amazon Webservices, Frankfurt, Germany. We do not transfer your credit information to third parties outside the EU.

        Storage time

        We process credit information data for as long as it is necessary to fulfil the purpose of the processing. As a rule, we process all data for as long as the company is registered in our database. Information on circumstances that militate against creditworthiness and that are more than 5 years old are deleted unless the circumstances are of decisive importance for the assessment of the financial soundness and creditworthiness of the person concerned, cf. the Data Protection Act, Article 20(3).

           

        SOCIAL MEDIA

        We use social media to promote our business. 

        You should be aware that social media also process information about you. You can read about how they process your information in their privacy policies. This is also where you can read about where your data is stored and whether it is transferred outside the EU.
        Facebook, Instagram, LinkedIn

        In addition, we process social media information to interact with you when you ask questions or otherwise give us reason to respond to your posts. We do not use information about you from social media for direct marketing or statistical purposes. Remember that comments on our social media posts can be seen by other users. Therefore, you should never share information that you do not wish to be made public.

        Our legal basis for processing your personal data is GDPR Article 6(1)(f) on the basis of a legitimate interest, which does not override your interests, because we only process what is strictly necessary to respond to your request and because your participation on social media is voluntary for you on the terms and conditions applicable on social media.

        We reserve the right to delete and retain comments and inquiries with offensive or illegal content if the information is to be used in connection with a legal dispute. The information will be deleted at the latest at the end of the case.

        We will keep your data until it is no longer necessary for us to process. As a rule, we delete postings and enquiries after 1 year.

        You can always edit or delete listings you have made on our company page. To the extent that you wish to access, delete or exercise any other right relating to your information on our Company Page, please use the deletion and editing options provided by the social media in the first instance. If this does not satisfy your request, please contact us at contact@risika.dk.

        JOB APPLICATIONS

        If you wish to apply for a position with us, please keep an eye on the relevant job advert and send us your CV and application, together with any references we can contact. 

        We will then process your name, e-mail and the other information provided in your application. All processing is confidential and for recruitment purposes only. Your data will not be disclosed without your consent.

        Our legal basis for processing your personal data is GDPR Article 6(1)(b) on processing necessary for the performance of a contract, including correspondence prior to the conclusion of a contract, which takes place at your request.

        The retention period is 6 months after receipt in accordance with the Data Protection Authority's guidelines on the retention period for job applications. If we wish to keep your application for more than 6 months, we will send you an email asking you to reply in the affirmative to the email if you can accept an extension of the retention period. 

        GENERAL PROVISIONS

        CONTACT DETAILS

        If you wish to us about our processing of your personal data, please contact us at contact@Risika.dk.

        We are also subject to the law on the appointment of a Data Protection Officer (DPO), which in our case is an external lawyer specialising in data protection law. The DPO can also be contacted via contact@Risika.dk.

        RECIPIENTS OF PERSONAL DATA

        We do not disclose your personal data unless it is to a lawyer, accountant or as a result of separate legislation or a request from the authorities. However, we do disclose information on financial soundness and creditworthiness in summary form to our customers when it relates to information processed in the course of our credit reference activities. You can read more about this in the section on credit information.

        We use security accredited data processors who assist us with IT or other services.

        YOUR RIGHTS AS A DATA SUBJECT

        You are welcome to inspect the personal data we process about you, and to have your personal data updated, corrected, deleted or provided.

        All such requests must be made in writing to contact@risika.dk.

        COMPLAINTS PROCEDURE

        If you wish to complain about our processing of your data, please first contact us at contact@risika.dk. If we cannot help you, you can complain to the Data Protection Authority:

        Data Protection Authority
        Borgergade 28, 5. 
        DK-1300 Købehavn K, 
        Telephone: +45 33 19 32 00
        E-mail: dr@datatilsynet.dk 

        Website: www.datatilsynet.dk

        CHANGES TO THE PRIVACY POLICY

        This Privacy Policy will be updated periodically and when necessary due to changes in applicable law. The Privacy Policy will always include information on the date of the latest version. In exceptional cases, you may receive a request from Risika to accept the changes prior to their entry into force.

        Last updated: 19/08-2021