Data Privacy Policy

 

1. General

2. Personal Data Collected and Processed by Nissens

3. Consent

4. Purpose of the Collected and Processed Personal Data

5. Transmission of Personal Data

6. Security

7. Erasure of Personal Data

8. Your Rights

9. Changes in Nissens' Data Privacy Policy

 

1. GENERAL

Nissens is committed to ensuring the confidentiality, integrity and protection of information from our employees, customers, suppliers and other business partners, including their personal data (hereinafter referred to as “you”)

 

2. PERSONAL DATA COLLECTED AND PROCESSED BY NISSENS

Nissens is responsible as data controller when collecting personal data.  

a. General

Nissens collects personal information, including information about names, titles, addresses, telephone numbers, e-mail addresses and other identification data related to customers, suppliers, third parties, their owners and contact persons. Nissens collect sales- and purchase history and training records.

Nissens can collect information about financial characteristics such as account numbers and bank details,   passports (copy of passports) and civil registration numbers, but limited to where necessary according to legislation or based on relevant purpose. This nature of information will be stored under intensified security and control.

On digital platforms

On Nissens’ website, in Nissens’ webshop and via newsletters (only with consent) information is collected:  

  • Which sites the visitor has been looking at, when, and thereby the visitor’s tracks.
  • Which browser the visitor is using
  • Which IP address the visitor has
  • The username of the visitor

No other information is collected unless transparent notification is provided to the visitor.

b. HR

Nissens does not collect personal data, which has the character of highly sensitive personal information, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, biometric data, genetic data, sexual orientation, criminal record or social relationships. 

Nissens only collects personal information, which has the character of semi-sensitive personal information for clear, defined and transparent purposes, such as trade union memberships, health information and other strictly relevant information pertinent to the employer–employee relationship and responsibilities. 

Concerning employees, candidates applying for or in consideration for job positions at Nissens  as well as retired employees, Nissens collects personal information, such as names, civil registration numbers, titles, addresses, telephone numbers, e-mail addresses, CVs, applications, education documentation, transcripts of records, statements/recommendations, personality tests, photos and movies (where the person is  featuring), summaries of performance reviews about employees, salary and tax information (when required by legislation), information regarding pension, social security as well as travel information. In these cases, the data is under intensified confidentiality and control within Nissens’ relevant HR and Finance Departments. 

For more information about protection of your personal data in Nissens’ recruitment processes, click here.

 

3. CONSENT

Nissens is only collecting and processing personal information on relevant legal basis.

Personal information is collected without a consent from you, where a lawfulness of the processing is stated, hereunder with a balancing of the interests of the rights of yours and Nissens’ legitimate interest is made.    

If a consent is necessary due to legislation, Nissens collects a clear and transparent consent from you before (a coming) registration and processing. The consent can be withdrawn as easily as it is given.

 

4. PURPOSE OF THE COLLECTED AND PROCESSED PERSONAL DATA

Nissens only collects and processes personal data, when there is a purpose for the collection to support the legal and legitimate commercial interests of Nissens:

a. General

  • For the fulfilment of legislation and requirements of the public authorities, including bookkeeping acts and accounting acts, VAT and tax legislation.
  • The necessary information to fulfill Nissens’ agreements with customers, suppliers and third parties, including delivering and receiving the specified product and or services, invoices and quality control.
  • To control and strengthen the relationship to existing and potential customers, suppliers and third parties.
  • Develop Nissens’ business and services with an identification of customer needs and the desired improvements of our services.
  • Undertake statistical processing, business development and sales promotion under the compliance of applicable laws.
  • Administration and controlling of Nissens’ website, webshop, newsletters, systems and applications and via retrieving data from these channels to support the above purposes. 

b. HR

  • To the fulfilment of employment law, including contractual conditions and obligations.
  • The necessary information for Nissens to fulfill the employment agreement with the data subject (employee).
  • The necessary information to appropriately and legally exercise the managerial rights.
  • The necessary information to support the employee’s employment at Nissens and the welfare and development of the employee, including the working environment in general.
  • The necessary information to judge whether a candidate is suitable for a job position at Nissens.
  • For the fulfilment of applicable legislation and the public authorities requirements of reporting.
  • Information for the use of recruitment and retention of employees at Nissens, including employer branding.
  • For the fulfilment of CSR reporting.

 

5. TRANSMISSION OF PERSONAL DATA

a. Sharing with the Nissens Group

Nissens is a Danish owned group with its HQ in Horsens, Denmark, and constitutes a number of subsidiaries (individually legal units) inside and outside EU/EEA. 

Nissens in Denmark and the HQ share personal data with other Nissens companies, when it is necessary to fulfil the purposes mentioned in section 4.

As a result, personal data may be transferred to other countries inside as well as outside the EU/EEA. To be sharing data within the Nissens Group, agreements are made based on the European Commission’s standard contracts with the purpose of securing an adequate level of protection of personal data.

b. Sharing with third parties

Nissens is transmitting personal information to third parties:

  • For the fulfilment of agreements with customers, suppliers and third parties; for the fulfilment of Nissens’ agreements (for example distributors and carriers) and for the fulfilment of legislation and regulatory requirements.
  • Third parties, who as a service supplier assist Nissens with solutions (for example IT-solutions) and suppliers providing consulting.
  • Nissens only enters into agreements with professional suppliers, whom Nissens continuously evaluates, securing that they can maintain and secure Nissens’ personal data to an adequate level of protection.
  • When a third party is processing data om behalf of Nissens as a data controller, a data processor agreement is made between Nissens and the data processor.

c. Sales of personal data

  • Nissens is not making personal data object to or available for sale to third parties.

 

6. SECURITY

Nissens has and will continuously update and improve implemented appropriate technical and organizational measures to ensure and to be able to demonstrate that the collecting, storing, processing and erasure of personal data  are performed in accordance with the applicable legislation and this policy. These measures are made to prevent personal data against accidental or illegal destruction, changes or deterioration and from unauthorized persons getting access to the personal data.

Only employees with an actual need of access to the stored personal data in accordance of their ability and liability to fulfill their work obligations are getting this access.

 

7. ERASURE OF PERSONAL DATA

Nissens is deleting personal data, when Nissens no longer has an occupational need for processing the personal data. The period of storage of the personal data is determined according to the obligations governed by existing legislation and what is necessary to fulfil agreements with business partners as well as to document relevant information in potential complaint cases and other raised claims against or by Nissens.

 

8. YOUR RIGHTS

As individual, you have certain rights over your personal data.

You can contact Nissens and get the desired insight into which personal information that Nissens is processing about you, just as you are entitled to have any inaccurate or inadequate data rectified. If you want the personal information deleted, limit the processing or make objections against the processing, you can contact Nissens for a dialogue. You can furthermore contact Nissens, if you wishes to exploit the right of data portability. 

Questions to Nissens’ processing of personal data or to the privacy policy in general shall be directed to e-mail: databeskyttelse@nissens.com or dataprivacy@nissens.com

 

9. CHANGES IN NISSENS’ DATA PRIVACY POLICY

Nissens acknowledges the responsibility of regularly reviewing and making improvements and adjustments to the data privacy policy, especially to continue to provide the necessary security in line with the development of the IT-environment. Nissens will regularly perform internal follow-up and update of this data privacy policy to secure compliance with the applicable legislation.