INTRODUCTION

Risika is one of the approved national credit reporting agencies. Our credit rating business is regulated by the Danish Data Protection Agency. We are also held accountable by various other laws and industry standards as well as your expectations. We are sensitive to your interest in privacy, and we are committed to letting you know what information is being collected, how the information is being used, and in providing you choices in the use of the information.

This privacy policy (“Privacy Policy“) describes how Risika ApS CVR-no. 37677892, located at Kronprinsessegade 26, 1306 København K (“Risika”) processes your personal data, and what your rights are in relation to Risika’s collection, processing and retention of your personal data. We have created this privacy policy as we remain firm on fulfilling our obligations in terms of securing personal data.

This website may contain links to other websites operated by third parties. Risika is not accountable for the privacy practices or the contents of such websites operated by third parties.

COLLECTION OF PERSONAL DATA

Risika collects personal data from you in various ways e.g.:

  • When applying for a job;
  • When using our platform;
  • If you approach Risika in order to initiate a business collaboration; or
  • When signing up for our newsletter

Following information may be gathered in relation to the above-mentioned collection of personal data:

  • Name, address, telephone-number, email address, birthday;
  • CPR-number; previous job history, professional career, spare time activities
  • Other specific information you may choose to provide us.

PURPOSE OF THE COLLECTION

Risika limits its collection, storing and processing of personal data to situations where a specific purpose exists, such as being able to process your job application, optimizing your experience on our platform, being able to deliver our newsletter to you, being a responsible business partner etc.

LEGAL BASIS FOR PROCESSING

When Risika as an approved national credit rating agency is processing and disclosing your information in our products and services as data controller, it is necessary if the processing is necessary for Risika or a third party to pursue a legitimate interest exceeding the registrant's interests or fundamental rights and freedoms, cf. Article 6 (1) of the General Data Protection Regulation. The legitimate interests justifying the treatment are to offer creditors who are Risika’s customers access to information for the purpose of assessing an entity's financial soundness and creditworthiness. At the same time, access to the information contributes to avoid excessive indebtedness and the negative consequences of such excessive indebtedness it may have for the parties concerned.

Risika may process your personal data based on the following legal basis:

  • Your freely given, specific, informed and unambiguous consent to the processing of the personal data regarding you. If sensitive personal data, such as health data, information about your ethnicity, sexuality or genetic data is collected from you, such consent will also be explicit.
  • In order to comply with a legal obligation.
  • In cases where the processing is necessary for research purposes.
  • In order to fulfil or protect a legitimate interest, unless your interests or fundamental rights and freedoms which require protection of your personal data override the interests of Risika. The interests Risika may pursue include the interests in relation to being able to process your job application, being able to deliver our newsletter to you.

RECIPIENTS OF YOUR PERSONAL DATA

Risika may disclose or transfer your personal data to the following recipients:

  • Affiliates of Risika;
  • Suppliers, business partners or other collaborators;
  • Public authorities;

Certain recipients process personal data on behalf of Risika and may only process your personal data in accordance with the instructions given by Risika. These third parties may not process your personal data for their own purposes.

To the extent Risika disclose or transfer your personal data to these third parties who may use your personal data for their own purposes, such disclosure or transfer will only take place if it is in accordance with applicable law or with prior consent obtained from you, where required.


TRANSFER OF YOUR PERSONAL DATA TO A THIRD COUNTRY (OUTSIDE OF EU/EEA)

In certain cases, your personal data may be transferred to an affiliate of Risika established outside of EU/EEA, e.g. United States. Risika ensures that such transfer will be carried out accordance with the applicable data protection laws. This entails that any party outside of EU/EEA that comes in possession of your personal data must ensure an adequate level of protection, for example, by adhering to the EU-US Privacy Shield or entering into the EU standard contractual clauses with Risika. If you have any inquiries in relation hereto, you are welcome to contact Risika – please see the contact information below.

STORAGE OF YOUR PERSONAL DATA

Risika will only store your personal data as long as necessary to fulfil the purpose for the processing of your data. However, special regulations may apply and within certain areas you may be given the option to an extendend time of storage of your personal data. For further information about the special regulation, please contact Risika – please see the contact information below.

Some of your personal data must be stored for accounting purposes or for defence of legal claims. This personal data will be stored until the expiration of the statutory limitation period which for instance is 5 years for retention of accounting material.


YOUR RIGHTS AS A DATA SUBJECT

Risika has taken all necessary and adequate steps in order to protect your personal data and ensure your rights as a data subject.

You have certain rights, which are described below. Please note that certain exceptions may apply, e.g. if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims. If you have any questions to your rights as a data subject, please contact Risika – please see the contact information below.

RIGHT OF ACCESS

  • You have the right to request access to the personal data Risika has stored concerning you. Risika must provide you with the following information:
    • the purposes of the processing,
    • the categories of the personal data concerned,
    • the recipients or categories of recipients, including recipients in third countries,
    • the retention period or the criteria for the determination of the retention period,
    • the specific data subject’s rights regarding rectification, erasure or restriction of processing of personal data as well as the right to object to such processing,
    • the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet),
    • where the personal data are not collected from the data subject, any available information as to their source; and,
    • the existence of automated decision-making, including profiling and meaningful information on the logic behind and the envisaged consequences of such processing for the data subject.

Risika must provide a copy of the personal data undergoing processing free of charge and by electronic means, if the request has been submitted in a commonly used electronic form.


RIGHT TO RECTIFICATION

  • You have the right to rectify inaccurate personal data concerning you, including completion of incomplete personal data.

RIGHT TO ERASURE (RIGHT TO BE FORGOTTEN)

  • Under certain circumstances, you have the right to erasure; meaning upon your request, Risika must erase the personal data stored concerning you. Please note that the right to erasure is not absolute, thus one of the following conditions must apply:
    • the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed,
    • you withdraw your consent and there is no other legal ground for processing (such as legitimate interests pursued by Risika),
    • you object to the processing and there are no overriding legitimate grounds for processing,
    • the personal data have been unlawfully processed, or
    • the personal data must be erased for compliance with a legal obligation in accordance with EU or Danish law.

RIGHT TO RESTRICTION

  • If one of the following circumstances applies, you have the right to restrict Risika’s processing of personal data concerning you.
    • the accuracy of the personal data is contested by you – however, only for a period enabling Risika to verify the accuracy of such personal data,
    • the processing is unlawful and you request restriction of use of personal data instead of erasure,
    • Risika no longer needs the personal data for the purposes of processing but the personal data is required by you for the establishment, exercise or defence of claims, for example, as documentation or evidence,
    • you have objected to processing, on grounds related to his or her particular situation, and is pending the verification whether legitimate grounds of Risika override those of the data subject.

RIGHT TO DATA PORTABILITY

  • You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format. Where processing is based on a consent or a contract and the processing is carried out by automated means format, you have the right to transmit this personal data to a third party without hindrance from Risika.

THE RIGHT TO OBJECT

  • Under certain circumstances, you have the right to object at any time to Risika’s processing of personal data concerning you.

WITHDRAWAL OF CONSENT

  • When processing of your personal data is based on your consent, you may withdraw your consent at any time. Please note that this does not affect Risika’s processing of your personal data prior to withdrawal of your consent.

FILING OF COMPLAINT

If you wish to file a complaint regarding Risika’s processing of your personal data, you can contact Risika. If your complaint is not resolved, please feel free to contact the Danish Data Protection Agency.


Risika ApS

CVR-no. 37 67 78 92
Kronprinsessegade 26
DK-1306 København K
Tel +45 4290 5757
contact@Risika.dk


Danish Data Protection Agency (Datatilsynet)

Borgergade 28, 5. DK-1300 København K Telephone number: +45 33 19 32 00 Email address: dt@datatilsynet.dk Website: www.datatilsynet.dk


COOKIE POLICY

Lastly, we recommend you to read our policy on Cookies, which can be found here.

CHANGES TO THE PRIVACY POLICY

This Privacy Policy will be updated on a regular basis and when necessary due to changes in applicable law. The Privacy Policy will always include information on the effective date of the most recent version. To the extent, the changes of the Privacy Policy are regarded as material and significant, you will be expressly informed hereof, for example, on Risika’s website. In certain cases, you may receive a request from Risika to accept the changes prior to their entry into force.

EFFECTIVE DATE OF THE RECENT UPDATE OF THE PRIVACY POLICY

August 22, 2018