FineLines' Personal Data Policy - Customers & suppliers
Nov 2024 Version 1
Summary
1. Data controller – contact information
2. Where does the personal data come from?
3. What personal data do we process about Stakeholders?
4. Purpose of the processing and legal basis
5. Recipients of your personal data
6. Storage and erasure
7. Stakeholder’s rights
8. Right to complain
Introduction
When providing our services within healthcare marketing and communication, FineLines Studio (or “we”) processes personal data related to customers, suppliers, market research respondents and other stakeholders (collectively the “Stakeholders” or “you”)
Under Article 13 and 14 of the General Data Protection Regulation (“GDPR”), we are required to provide our Stakeholders with certain specific information on the collection and processing of their personal data.
With this Personal Data Policy, we intend to provide you with the required information and give a clear understanding of how your personal data is processed and the rights you have in relation to it.
1. Data controller – contact information
FineLines is data controller in connection with the processing of your personal data. You may contact us if you wish to exercise your rights described in section 7 below, if you wish to file a complaint about our processing of personal data, or if you have any other questions regarding our personal data policy.
Our contact details are:
FineLines ApS
Nadine Gordimers Vej 17
2300 København - Denmark
CVR number: 44092239
Phone.: + 45 50 11 73 98
E-mail: hello@finelines.studio
https://finelines.studio/
2. Where does the personal data come from?
FineLines collects personal data about our Stakeholders primarily from the Stakeholders themselves.
For example, when the Stakeholders fill up our contact form, send us an email or call us.
In most cases, our customers and suppliers are not physical individuals but rather legal persons and, in these cases, we process personal data on the employees of such entities.
3. What personal data do we process about Stakeholders?
In connection with our normal business operations, we may process the following information about customers, suppliers and their employees:
Identification and contact information, including name, address, e-mail, and phone number as well as information regarding job function, title and workplace.
3.b Analysis tools and third-party tools
When you visit this website, your surfing behaviour may be statistically evaluated. This is done primarily with so-called analysis programs.
Detailed information on these analysis programs can be found in the following privacy policy.
3.c. Hosting
We host the content of our website with the following provider:
WIX - The provider is Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (hereinafter "WIX").
WIX is a tool for creating and hosting websites. When you visit our website, WIX is used to analyse user behavior, visitor sources, the region of website visitors, and visitor numbers. WIX stores cookies on your browser that are necessary for displaying the website and ensuring security (essential cookies).
The data collected through WIX may be stored on various servers worldwide. WIX servers are located, among other places, in the United States. For details, please refer to WIX's privacy policy at https://www.wix.com/about/privacy.
According to WIX, data transfer to the US and other third countries is based on the EU Commission's standard contractual clauses or comparable guarantees according to Art. 46 of the GDPR. For details, see https://www.wix.com/about/privacy-dpa-users.
The use of WIX is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in a reliable presentation of our website. If appropriate consent has been requested, processing will be based exclusively on Art. 6 para. 1 lit. of the General Data Protection Regulation (“GDPR”) to the extent that the consent includes the storage of cookies or access to information on the user's terminal device. The consent can be revoked at any time.
Note on data transfer to the USA and other third countries
We use tools from companies based in the USA or other data protection-insecure third countries, among other things. If these tools are active, your personal data may be transferred to and processed in these third countries. We would like to point out that no data protection level comparable to that of the EU can be guaranteed in these countries. For example, US companies are obliged to disclose personal data to security authorities without you as the data subject being able to take legal action against this. Therefore, it cannot be ruled out that US authorities (e.g. intelligence services) may process, evaluate and permanently store your data located on US servers for surveillance purposes. We have no control over these processing activities.
We do not normally process special categories of personal data about customers, suppliers and their employees comprised by Article 9 of the GDPR.
_
When we conduct market research for our customers, we may process the following personal data on participants in the market research (the respondents):
-
Identification and contact information, including name, address, e-mail, and phone number
-
Bank information
-
Photos and video recordings from interviews
-
The respondents’ answers to questions and input to the themes covered by the market research, which may include information on personal preferences in relation to products etc. and previously or expected behaviour in certain situations.
For market research respondents, we may also process health data comprised by GDPR art. 9 if relevant to the specific market research and provided by the respondent.
4. Purpose of the processing and legal basis
In relation to customers and suppliers (and their employees), FineLines processes personal data for the purpose of administrating customer and supplier relationships, delivering services to customers and acquiring goods and services from suppliers.
The legal basis for such processing of personal data is Article 6(1)(b) and (f) of the GDPR, which allows us to process personal data when it is necessary:
-
for the fulfilment of the contract between FineLines and the customer or supplier or in order to take steps at the request of the customer or supplier prior to entering into a contract; and
-
when it is necessary to pursue one of our legitimate interests, provided that your interests in preventing the processing of your personal data does not outweigh ours. Our legitimate interests may comprise our interest in fulfilling the tasks required by the customer, in developing our relationship with the customer or supplier and in developing our services.
_
In relation to market research respondents, FineLines may process personal data on respondents for the purpose of providing customers with requested market research.
The legal basis of such processing of personal data is Article 6(1)(a), (b) and (f) of the GDPR, which allows us to process personal data when:
-
the respondent has given consent to the processing of his/her personal data;
-
it is necessary for the fulfilment of the contract between FineLines and the respondent or in order to take steps at the request of the respondent prior to entering into a contract; and
-
it is necessary to pursue one of our legitimate interests, provided that your interests in preventing the processing of your personal data does not outweigh ours. Our legitimate interests may comprise our interest in performing the market research agreed with the customer, in ensuring proper documentation of the respondents’ input and the conclusions drawn here from and in developing our market research services.
Personal data regarding market research respondents’ sensitive personal data on health information is processed solely with the applicant's consent, based on Article 9(1)(a).
5. Recipients of your personal data
FineLines may disclose the Stakeholders’ personal data to business partners such as banks, external accounting firms and lawyers.
Also, personal data about the Stakeholders may be disclosed to FineLines’s IT-suppliers as part of FineLines’s use of services provided by such suppliers.
In general, we do not transfer your personal data to countries outside of the EU/EEA. Such transfers may, however, take place in connection with our use of software services provided by our IT-suppliers. If your personal data are transferred to countries outside the EU/EEA, we ensure that there is an adequate level of protection. Primarily, this is relevant for the USA where certain of our IT-suppliers are based and, in these situations, we have ensured that the recipients participate in the EU-U.S. Data Privacy Framework scheme.
6. Storage and erasure
In general, we will only retain the Stakeholders’ personal data for as long as is necessary to fulfil the purposes described above.
Personal data on customers and suppliers (and their employees) is deleted within three years after the relation with the customer or supplier has terminated or – if applicable – that later time when any guarantee period for good or services delivered or purchased has expired.
Personal data on market research respondent is deleted within five years after the market research has been finalised and reported to the customer.
If we have legitimate interest therein, e.g. if a legal dispute has arisen related to the customer, market research respondent etc., FineLines may retain personal data for an extended period.
7. Stakeholder’s rights
Under the GDPR, you have several rights concerning our processing of your personal data. These rights include:
a) Right of access: You have the right to access the data we process about you, as well as certain additional information hereon.
b) Right to rectification: You have the right to have incorrect information about yourself corrected.
c) Right to erasure: In certain cases, you have the right to have your data deleted before our general deletion practices take effect.
d) Right to restrict processing: In certain situations, you have the right to restrict our processing of your personal data.
e) Right to object: In certain cases, you have the right to object to our otherwise lawful processing of your personal data.
f) Right to data portability: In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have those data transferred from FineLines to another data controller.
_
Further, if FineLines is processing your personal data based on your consent, you are entitled to withdraw your consent at any time. This does not, however, affect the legitimacy of FineLines’s processing prior your withdrawal of your consent.
If you wish to exercise any of your rights or if have questions, you may contact us using the contact information set forth above under item 1.
8. Right to complain
If you find that FineLines’s processing of your personal data is not in compliance with applicable data protection rules, you may file a complaint with the Danish Data Protection Agency.
The Danish Data Protection Agency's contact details are available at https://www.datatilsynet.dk/kontakt.