CYKOM ApS, VAT number: DK37366536 and GB369929918, Islevdalvej 100H, 2610 Rødovre, Denmark (hereinafter "we", "our" or "us") are data responsible for the personal information you leave or submit on our website www.shop.team-dsm.com.
We refer in the following to the General Data Protection Regulation, and the Danish implementation of the rules contained in the Data Protection Act (hereinafter “GDPR”).
COLLECTION OF YOUR PERSONAL INFORMATION
We collect and process your personal information in the following situations:
A) WHEN YOU BUY AT OUR WEBSHOP
When you purchase an item on our webshop, we need your name, address, e-mail address, telephone number, and payment information in order to complete and deliver your order (GDPR Article 6 (1) (b)).
When you create an account, we need your name, address and e-mail. The purpose of collecting your personal information is to create an account for you, whereby you can access your order history and - for future purchases on the website - get through checkout faster. The processing is based on your consent (GDPR Article 6 (1) (a)), which you can withdraw at any time.
When you sign up for our newsletter, we need your name and e-mail to send you our newsletter. The processing is based on your consent (GDPR Article 6 (1) (a)), which you can withdraw at any time by clicking on the unsubscribe link at the bottom of the newsletter.
When you contact us via the contact form on the website or via another platform, we process your personal information to accommodate your inquiry. The personal information may include contact information as well as other information that you choose to include in your inquiry (GDPR Article 6 (1) (f) or (GDPR Article 6 (1) (c)). If you provide personal information about anyone other than yourself, we encourage you to secure consent from these persons beforehand.
When you participate in competitions, we will process the personal information you provide to us in connection with the competition. Personal data is processed to find and contact the winner concerned (GDPR Article 6 (1) (b)).
We collect and process information about your behaviour on our website to analyze the use of our website, optimize the user experience and target our communication to you. We do not generally collect personal information via cookies.
However, if you - via our website - have requested or accepted that you will receive marketing, newsletters, or the like, we link this personal information (e.g. your name) with your behaviour on our website in order to target our communications and marketing.
You can always click on the small icon on the left side of your screen to see which cookies we use and which ones you have accepted.
SHARING YOUR PERSONAL INFORMATION
Disclosure of your personal information will only take place in compliance with the processing rules of the GDPR. We can, for example, pass on your personal information to our logistics partners, who deliver your goods to you as well as payment service providers.
We also pass on personal information to our data processors, e.g. providers of IT solutions and providers of analysis and marketing services. The processing of your personal data by the data processors is subject to our instructions (via data processing agreements) as well as the rules in the GDPR.
We are responsible for the processing of your personal data by the data processor and continuously strive to ensure that the data processor has taken the necessary technical and organizational security measures.
TRANSFER TO THIRD COUNTRIES
CYKOM ApS has four suppliers established in countries outside the EU/EEA: Google, Instagram, Facebook and Klaviyo. You can read more about the third parties' processing of personal data by clicking on the links.
If we transfer your personal data to countries outside the EU/EEA, we will always ensure that the necessary security measures protecting your personal data are in place. This means that we ensure that:
- the EU Commission has assessed that the third country/third party established in the third country has an adequate level of protection of personal data
- the relevant recipient/third party of your personal data have entered into standard data protection provisions adopted by the EU Commission
- the recipient/third party in question has implemented approved Binding Corporate Rules
You can contact us at any time and receive information about, or possibly a copy of, the necessary guarantees that form the basis for our transfer of your personal information to recipients outside the EU/EEA.
SECURITY AND PROTECTION
We have established and maintain appropriate organizational and technical measures so that your personal information is not accidentally or illegally deleted, degraded or lost, nor transferred to unauthorized third parties or is otherwise misused or used in violation of the GDPR.
If we are exposed to a security breach, where we believe that there is a risk that your personal information may be misused, we will notify you of the security breach without undue delay. We will also inform you of what we have done to reduce the risk of misuse of your information.
We delete your personal information when we no longer need to process it to fulfil one or more of the purposes set out above.
If you unsubscribe from our newsletter, we will delete your e-mail address from the contact list. We may have your information for other purposes, and these are not affected by an unsubscription from the newsletter. We may therefore continue to process such information with the consent or other processing authority that we have.
Personal information that we process in connection with your purchase in our webshop is stored for five years in accordance with the rules of the Bookkeeping Act.
The storage period for cookies can be found under the individual cookie in our cookie banner. You can access the cookie banner via the green icon at the bottom left of our website.
Under the GDPR, you have a number of rights in connection with our processing of your personal data, including the right to access your personal data, the right to have incorrect information changed, the right to have information deleted, the right to limit information, the right to data portability, the right to object to the processing of personal data, as well as the right not to be the subject to a decision based solely on automatic processing, including profiling, which has a legal effect or similarly significantly affects you. You can exercise your rights by contacting us here.
If all or part of the processing of your personal data is based on consent, you can withdraw your consent at any time. If you choose to withdraw your consent, it does not affect the legality of our processing of your personal data based on your previously given consent and up to the time of the withdrawal. Withdrawal of consent takes effect from the time of the withdrawal.
If you wish to exercise your rights or have any questions/complaints regarding our processing of your personal information, you can contact us at any time at firstname.lastname@example.org or +45 89 87 89 09. You can always gain insight into, change and delete your personal information by contacting us. You also have the opportunity to complain to the Danish Data Protection Agency, Carl Jacobsens Vej 36, 2500 Valby, telephone +45 33 19 32 00, e-mail: email@example.com.