1. Company information

 

Eleven flowers ApS 

CVR number: 45014606

Physical address: Eliasgade 10, 2300 København S

Legal address: Eliasgade 10, 2300 København S

Contact details for matters related to personal data safety: Helvijs Siubra, office@forestroom.dk 

​

​
2. Processing of personal data

 

We, Eleven flowers ApS, process your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, GDPR), as well as the Danish Data Protection Act (Databeskyttelsesloven) and other relevant laws and regulations.

​

This Privcacy Policy provides an overview of how we process your personal data, what rights you have in relation to data processing and how we ensure the protection of your data. We process personal data with the utmost care and security, in compliance with all applicable laws and regulations.

​

2.1 Personal data and the processing there of

• Personal data: Any information relating to an identified or identifiable natural person (data subject).

• Processing of personal data: Any action we take with personal data, including collection, recording, organisation, structuring, storage, access, alteration, erasure, disclosure, transfer, restriction and other actions.

2.2 Provision of data and its consequences

You provide us with your personal data voluntarily. If you do not provide the necessary information, we may not be able to provide some of the services or purposes set out in this policy.

​

2.3 Protection of personal data

We recognise that personal data is an asset and will treat it with the utmost confidentiality and care, ensuring its security and protection. We use appropriate technical and organisational measures to protect your personal data from unauthorised access, disclosure, loss, or destruction.

​

​

3. Legal basis

 

The purposes for which we process personal data are related to our business functions and activities. We mainly process personal data on the following legal grounds:

• Performance of a contract: Personal data is processed for the performance of a contractual obligation with you or for the preparation for entering into a contract.

• Legal obligations: We process data to comply with legal obligations to which we are subject, such as accounting or tax requirements.

• Legitimate interest: Personal data is processed for the pursuit of our legitimate interests, such as company security, service improvement, and customer relationship management.
   

In these cases, we need to obtain certain information in order to achieve the relevant purposes. Failure to provide the necessary information may affect the start of the business relationship, the performance of the contract, or the security of the company.

Where data is collected on a non-compulsory basis, but the provision of the data could help us improve our services or provide you with beneficial offers, we will indicate that the provision of data is voluntary.

​

We process personal data for the following purposes:

• Recruitment and management

• Ensuring an effective corporate governance process

• Preparation, conclusion, and administration of the contract

• Business planning and analytics

• Marketing activities (competitions, surveys)

• Ensuring security, preventing threats to property interests (video surveillance). We process your personal data to prevent, control and detect criminal offences against property and assets (theft, vandalism, etc.), as well as to protect the essential interests of individuals.
   

The lawful basis for processing personal data is one or a combination of the following:

• You, as the data subject, have given your consent to the processing of your personal data for one or more specific purposes.

• Data processing is necessary for the performance of a contract to which the data subject is a party or for the performance of measures at the request of the data subject before the conclusion of the contract.

• Data processing is necessary for compliance with a legally binding obligation.

• Data processing is necessary to protect the vital interests of the data subject or of another natural person.

• Data processing is necessary for the pursuit of our legitimate interests.

 

 

4. What personal data we process

 

Recruitment 

Information included in the CV you submit: name, surname, personal identification number, home address, work and study/training activities, language skills and their application, additional knowledge/skills, interests/hobbies, telephone number, email address, photograph or other information identifying you, as well as information obtained from persons who have provided references about you, if you have expressly authorised contact with those persons. In the event that you are invited to a job interview, the information provided during the job interview, as well as any tests completed shall be considered as your personal data.

Cooperation partners 

Information required for cooperation, conclusion of cooperation agreements: name, surname, contact details (email, telephone number, etc.), other information required by law.

Participants in marketing activities 

Information necessary for personal identification and communication in order to receive prizes (name, surname, contact details: email, telephone number), photographs, video recordings and other personal data, if required by the competition rules.

 

Visitors to the Company's websites 

The Company's websites use cookies, the terms of processing of which are set out separately on each website.
This Privacy Policy does not apply to third party websites. You will always be informed before we collect your personal data.
Personal data is collected on the company's websites under the “Booking” section of the form (name, surname, contact details: email, phone number and child's age)
Use of IP addresses
We do not store your IP addresses. These are only available to third party tracking tools such as Google Analytics. More information about Google Analytics here: https://support.google.com/analytics/answer/2763052

​

 

5. Where we process personal data 

 

We process personal data using state-of-the-art technology, taking into account the privacy risks involved and the organisational, financial, and technical resources reasonably available to us.
We do not transfer data to countries outside the European Union or the European Economic Area. 
We do not use your personal data for automated decision-making.

 

6. Recipients of personal data

We take appropriate measures to process your personal data in accordance with applicable law and to ensure that your personal data is not accessed by third parties who do not have an adequate legal basis for processing your personal data.
Your personal data can be accessed (as necessary) by:

• Our employees or authorised persons who need it to carry out their work.

• Personal data processors who provide services to us and only to the extent necessary, such as auditors, financial management and legal consultants, database developers or technical maintainers, and other persons involved in the provision of our services.

• State and local authorities where required by law, e.g. law enforcement authorities, municipalities, tax authorities, bailiffs.

• Third parties, carefully assessing whether there is an appropriate legal basis for such transfers, such as debt collectors, courts, out-of-court dispute resolution bodies, bankruptcy or insolvency administrators, as well as third parties maintaining registers (e.g. population register, debtors' register, etc.).

​

​

7. How long we store personal data

Your personal data will be stored for as long as is necessary for the relevant purposes of processing your personal data and in accordance with the requirements of applicable law.
When assessing the duration of the retention of personal data, we take into account the applicable legal requirements, the performance of contractual obligations, your instructions (e.g. in the case of consent) and our legitimate interest. If your personal data is no longer necessary for the stated purposes, we will delete or destroy it.

 

Below we list the most common retention periods for personal data:

• Personal data necessary for the performance of contractual obligations – we will retain the data until the performance of the contract and until other retention periods are met.

• Personal data that must be stored to comply with the law – we will retain the data for the periods specified in the relevant laws and regulations. For example, the Law on Accounting requires that supporting documents must be retained for at least 5 years.

• Data to prove the performance of our obligations – we will retain the data for the general limitation period for claims in accordance with the limitation periods for claims set out in the laws and regulations.

 

8. What are the data subject's rights in relation to the processing of personal data

 

Updates of personal data 

If there are any changes to the personal data you have provided to us, such as changes to your name, surname, contact address, telephone number or email, etc., please contact us and provide us with the updated data so that we can meet the relevant purposes of processing your personal data.

Your right to access and rectify your personal data 

In accordance with the provisions of the General Data Protection Regulation, you have the right to request access to your personal data held by us, to request its rectification, erasure, restriction of processing, to object to the processing of your data, as well as the right to data portability in the cases and in the manner provided for in the General Data Protection Regulation.
The Company respects this right to access and control your personal data, therefore, if we receive your request, we will respond to it within the time limits set out in the laws and regulations (usually no later than one month, unless there is a specific request that requires more time to prepare a response) and, if possible, we will correct or delete your personal data accordingly.
 

You can obtain information about your personal data held by us or exercise your rights as a data subject in any of the following ways:
“Eleven Flowers” ApS

• by submitting a written application in person and identifying yourself at our address: Eliasgade 10, 2300 København S

• by submitting an application to our email address at office@forestroom.dk and signing it with a secure electronic signature.
   

 

9. Withdrawal of consent

 

If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. After withdrawal of consent, we will no longer process your personal data that we processed on the basis of consent for the relevant purpose. However, withdrawal of consent may not affect the processing of personal data necessary to comply with the law or processing based on a contract, our legitimate interests, or other legal grounds established by law.
 

You also have the right to object to the processing of your personal data if it is based on legitimate interests or is used for marketing purposes (e.g. for sending commercial communications or entering prize draws), unless such processing is deemed necessary by law or regulation.

If you have any questions or objections about our processing of your personal data, please contact us in the first instance.
 

If you believe that we are unable to resolve the problem and that your right to the protection of personal data has been violated, you have the right to lodge a complaint with the Data Protection Authority (Datatilsynet). You can find more information and application forms on the website of the Data Protection Authority (www.datatilsynet.dk).
 

 

10. Updating

 

This is the latest version of the Privacy Policy. We reserve the right to amend and, if necessary, update this policy. Any changes will be posted on our website at www.forestroom.dk and we encourage you to review this page regularly to be aware of any changes.