Privacy policy - Mediac Agency

**Mediac Agency Privacy Policy**

**Data Controller**

We are the data controller for the processing of personal data that we handle regarding our customers and partners. You can find our contact information below:

Mediac Agency ApS
Ravnsøvej 7, 1.
8240 Risskov
CVR no.: 41712538

It is not a requirement for our company to have an external DPO, but if you have questions about the processing of your personal data, you can contact us via: info@mediacagency.com

**Processing Activities**

As the data controller under the GDPR, we engage in the following processing activities:

**Website Visits**

When you visit our website, we use cookies to ensure the site functions properly.

**Communication with Potential Customers**

If you have questions about our site or want to learn more about our services, you can contact us via:

– Email
– Phone

We will process your personal data to engage in dialogue with you, such as responding to questions about our services. We only process the information you provide us in connection with our communication.

We typically process the following general information: name, email, phone number.

Our legal basis for processing this personal data is Article 6(1)(f) of the GDPR.

We delete our communication with you once it is clear whether you wish to use our services.

In special cases, if there is a need to retain your personal data for a longer period, this may occur.

**Customers**

We need to communicate with our customers to ensure the service is delivered correctly. This may involve processing information such as name, address, services, special agreements, payment information, and similar.

The legal basis for processing this personal data is Article 6(1)(b) of the GDPR.

Once the service is delivered and any outstanding matters are resolved, we will delete the personal data shortly thereafter.

**Newsletter**

We have a newsletter that you can voluntarily subscribe to, and you can unsubscribe at any time.

The purpose of the newsletter is to send subscribers emails with new information from the company, which may include new content on the website or announcements about our services.

We will only send you emails if you have given your active consent. Initially, you provide your email address, to which we will send a confirmation email to ensure you have actively subscribed.

Our legal basis for processing your personal data (i.e., your email address) in connection with the newsletter is Article 6(1)(a) of the GDPR.

We will process your personal data as long as you remain subscribed to the newsletter. Upon unsubscribing, we will stop sending it to you. If we have not sent you a newsletter within one year, your consent will expire due to our inactivity.

Upon unsubscribing from the newsletter, we retain your previous consent for two years after it was last used due to statute of limitations in accordance with the Consumer Ombudsman’s spam guidelines, section 11.3.

**Accounting**

We are required to keep all accounting records in accordance with the Accounting Act. This means we retain invoices and similar records for accounting purposes, which may include general personal data such as name, address, and service description.

Our legal basis for processing personal data for accounting purposes is Article 6(1)(c) of the GDPR.

We retain these records for at least five years after the current financial year ends.

**Job Applications**

We gladly accept job applications to assess whether they match a hiring need within our company.

If you send your job application to us, our legal basis for processing your personal data is Article 6(1)(f) of the GDPR.

If you send an unsolicited application, HR will immediately assess its relevance, and if there is no match, your information will be deleted.

If you apply for an advertised job, we will dispose of your application if you are not hired, shortly after the right candidate is found.

If you are part of a recruitment process and/or are hired for the job, we will provide you with separate information on how we process your personal data in this context.

**Data Processors**

Few can handle everything themselves, and the same applies to us. Therefore, we have partners and use suppliers, some of whom may be data processors.

External suppliers may provide systems to organize our work, services, advice, IT hosting, or marketing.

It is our responsibility to ensure that your personal data is processed properly. Therefore, we place high demands on our partners, who must guarantee that your personal data is protected.

We enter into agreements with companies (data processors) that handle personal data on our behalf to enhance the security of your personal data.

**Disclosure of Personal Data**

We do not disclose your personal data to third parties.

**Profiling and Automated Decisions**

We do not engage in profiling or automated decisions.

**Transfers to Third Countries**

We primarily use data processors in the EU/EEA or those storing data within the EU/EEA.

In some cases, this may not be possible, and in such cases, data processors outside the EU/EEA may be used if they can provide adequate protection for your personal data.

**Processing Security**

We keep the processing of personal data secure by implementing appropriate technical and organizational measures.

We have conducted risk assessments of our personal data processing and have implemented suitable technical and organizational measures to enhance processing security.

One of our key measures is keeping our employees updated on GDPR through ongoing awareness training, GDPR courses, and reviewing our GDPR procedures with employees.

**Rights of the Data Subject**

Under the GDPR, you have several rights regarding our processing of your personal data.

If you wish to exercise your rights, you should contact us so we can assist you.

**Right to Access Information**

You have the right to access the information we process about you, along with several additional details.

**Right to Rectification**

You have the right to have inaccurate information about you corrected.

**Right to Erasure**

In certain cases, you have the right to have your data deleted before the time of our general deletion.

**Right to Restriction of Processing**

In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to restriction, we may only process the data — apart from storage — with your consent, or to establish, exercise, or defend legal claims, or to protect a person or important public interests.

**Right to Object**

In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You can also object to processing your data for direct marketing purposes.

**Right to Data Portability**

In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have these personal data transferred from one data controller to another without hindrance.

You can read more about your rights in the Data Protection Authority’s guidance on data subjects’ rights, available at www.datatilsynet.dk.

**Withdrawal of Consent**

When our processing of your personal data is based on your consent, you have the right to withdraw your consent.

**Complaint to the Data Protection Authority**

You have the right to file a complaint with the Data Protection Authority if you are dissatisfied with how we process your personal data. You can find the Data Protection Authority’s contact information at www.datatilsynet.dk.

We generally encourage you to read more about GDPR to stay updated on the rules.