Privacy policy
Contact details:
Fokus Nordic A/S
Østbanegade 123, blok 6, 2. sal
DK-2100 Copenhagen Ø
+45 7010 0075
Email: persondata@fokusnordic.com
Privacy policy
In our privacy policy, you will find help to understand how Fokus Nordic A/S (“we”, “us”,
“our”) processes your personal data in various situations.
When we process personal data, we comply with the EU General Data Protection Regulation
(GDPR) and the Danish personal data rules in force from time to time.
1. Controller
Fokus Nordic A/S, CVR no. 37527750, Østbanegade 123, DK-2100 Copenhagen Ø, pro-
cesses a number of personal data about you as data controller in various situations. You may read more about this below.
If you have any questions about our privacy policy and how we process your personal data or if you wish to exercise the rights set out in paragraph 7 below, you may contact us at
persondata@fokusnordic.com.
You may read more about how to contact us at the end of the privacy policy (see paragraph
9).
2. Information about collection and processing of personal data
We collect and process the personal data set out below only to the extent necessary to process your interests and suitability as a potential new customer or tenant in our vacant leased premises, to fulfil our obligations under existing customer relationships or lease agreements and the related services and to fulfil any obligations we may have under Danish law.
2.1. Private leased premises
If you are a residential tenant with us, we will collect general personal data about you. This includes your name, title, address, telephone number and email address, your use of leased premises, your rent level, information about your deposit, heating and water consumption and any other consumption information. We also process information about powers of attor- ney, powers to sign, registered easements, profits, restrictive covenants and rights relating to the lease, your bank account number, information about your household and cohabitant etc. and information about domestic animals. Moreover, we process information about your receipt of housing benefits, if relevant. We register whether we have provided access keys and cards to you, and we process information about the layout of leased premises and any subleases.
In the event of default or any other breach of the lease agreement, we will also process such information, including warnings, notices and any other information related to the termination of the lease agreement for breach or convenience. This also applies if the above circum- stances are caused by bankruptcy or death.
In special cases, we also process your civil registration (CPR) number. If so, we will inform you thereof specifically, and we will obtain your prior consent if necessary.
We collect and process the above information only if necessary and only for the purpose of managing and fulfilling the provisions of the lease agreement and the Danish residential lease acts.
Generally, we do not collect any special categories of personal data (sensitive data) about you.
If we need to collect additional personal data about you which are not covered by those set out above, we will inform you thereof unless you are already aware of the collection and processing or your interest in being informed thereof must yield to essential considerations for public or private interests.
Legal basis for processing:
Point (b) of article 6(1) of the GDPR (management and performance of the lease agreement) and point (f) of article 6(1) of the GDPR (our legitimate interest in processing data related to the lease of the leased premises, including household information, access cards, consump- tion data, etc.).
2.2. Commercial premises
If you are a commercial tenant with us, we will collect general personal data about you as the contact person of the commercial tenant represented by you. This includes your name, title, photo identification, address, telephone number and email address and your affiliation with the commercial tenant. We register whether we have provided access keys and cards to you.
If the commercial tenant is a sole proprietorship, we will also process personal data about the commercial use of the leased premises, rent level, deposit, revenue if the rent is reve- nue-based, heating and water consumption and any other consumption information. We also process information about industry knowledge, powers of attorney, powers to sign, reg- istered easements, profits, restrictive covenants and rights relating to the lease and bank account number. Moreover, we process information about the layout of leased premises, any subleases and rights of assignment and resumption. In the event of default or any other breach of the lease agreement, we will also process such information, including warnings, notices and any other information related to the termination of the lease agreement for breach or convenience. This also applies if the above circumstances are caused by restruc- turing, bankruptcy or death. In special cases, we also process civil registration (CPR) num- bers. If so, we will inform you thereof specifically, and we will obtain your prior consent if necessary.
We collect and process the above information only if necessary and only for the purpose of managing and fulfilling the provisions of the lease agreement, the Danish Contracts Act (af- taleloven) and the Danish Business Lease Act (erhvervslejeloven).
Generally, we do not collect any special categories of personal data (sensitive data) about you.
If we need to collect additional personal data which are not covered by those set out above, we will inform you thereof unless you are already aware of the collection and processing or your interest in being informed thereof must yield to essential considerations for public or private interests.
Legal basis for processing:
If you represent a commercial tenant: Point (f) of article 6(1) of the GDPR as we are pursu- ing our legitimate interest in managing and performing the lease agreement with the com- mercial tenant represented by you.
If the commercial tenant is a sole proprietorship: Point (b) of article 6(1) of the GDPR (man- agement and performance of the lease agreement) and point (f) of article 6(1) of the GDPR (our legitimate interest in processing data related to the lease of the leased premises, in- cluding access cards, consumption data etc.).
2.3. Applicants for private leased premises
If you are a residential applicant for vacant leased premises, we will collect the following personal data about you: name, address, telephone number, email address and the type of leased premises for which you are applying. We only collect and process these data for the purpose of meeting your request for the right leased premises and for concluding a lease agreement.
However, in some cases, we do collect additional personal data. In that case, we will notify you thereof.
We do not collect any special categories of personal data (sensitive data) about you. Legal basis for processing:
Point (f) of article 6(1) of the GDPR as we have a legitimate interest in managing applica- tions and identifying the right leased premises on that basis.
2.4. Applicants for commercial premises
If you are affiliated with a commercial applicant for vacant leased premises, we will collect the following personal data about you: name, address, telephone number, email address and your affiliation with the commercial applicant. If the commercial tenant is a sole propri- etorship, we will also process personal data about the types of commercial leased prem- ises, occupation, position, industry knowledge, financial information and public financial statements.
We only collect and process these data for the purpose of meeting your request for the right leased premises and for concluding a lease agreement, if relevant. We do not collect any special categories of personal data (sensitive data).
Legal basis for processing:
Point (f) of article 6(1) of the GDPR as we have a legitimate interest in managing applica- tions and identifying the right leased premises on that basis.
2.5. House rules complaints
When dealing with house rules breaches, we process personal data about the complainant and any witnesses. These data include names, contact details, the date/time of the incident subject to complaint and any other information related to the incident subject to complaint, including information about noise nuisance.
When dealing with house rules breaches, we also process personal data about the tenant or persons belonging to the tenant’s household (the respondent), including names, contact details, the date/time of the incident subject to complaint and any other information related to the incident involved subject to complaint, including information about noise nuisance.
We will specifically notify the persons against whom the complaint is filed if this is possible based on the information received in the complaint. However, in certain cases, we may postpone or entirely omit such notification if required by essential considerations for public or private interests.
Legal basis for processing:
Processing of general personal data (e.g. information about name and address, noise nui- sance, time of the incident, information about the identity of witnesses, etc.): Point (f) of article 6(1) of the GDPR as we are pursuing our legitimate interest of the processing being necessary for determining whether we are able to establish, exercise or defend a legal claim based on our house rules and the provisions of Danish rent legislation.
Processing of information on criminal offences (e.g. incidents of violence) is based on sec- tion 8(5) of the Danish Data Protection Act (databeskyttelsesloven).
2.6. Job applicants
If you are a job applicant, we will collect the following personal data about you: name, address, telephone number, email address, work history and job interests in the form of your CV. We only collect and process these data for the purpose of meeting your request for employment and for concluding an employment contract, if relevant.
However, in some cases, we do collect additional personal data. In that case, we will notify you thereof on the date of collection.
We do not collect any special categories of personal data (sensitive data) about you.
Legal basis for processing:
Point (f) of article 6(1) of the GDPR as we have a legitimate interest in going through your application and your CV for the purpose of identifying the right candidate for the position.
Required processing of personal data
Under the data protection rules, you e.g. have the right to be informed of whether the provi- sion of personal data is a statutory requirement or a requirement necessary to conclude a contract and of whether you are obligated to provide the personal data and of the possible consequences of your failure to provide such data.
It should be noted in that respect that, under the Danish Health Information Act (helbred- soplysningsloven), an employee must state of their own motion or at the employer’s request whether they know that they suffer from an illness or show symptoms of an illness which will significantly affect their ability to carry out the work in question. Further, as a potential future employee, you are subject to the general duty of disclosure, which means that you must not knowingly withhold information that may be relevant to your opportunity of being employed. Moreover, it should be noted that, if you are offered a position, we will use certain personal data about you to draft your employment contract, including your name and address, see the provisions of the Danish Employment Contracts Act (ansættelsesbevisloven).
If you do not wish to provide the information that you are required to provide under the provisions of the Danish Health Information Act and/or according to your duty of disclosure or the information necessary for drafting an employment contract, we will not be able to offer you a position.
2.7 Customers and investors
If you represent and/or are a customer/an investor (a “customer”) with us, we will collect the following personal data about you: name, address, telephone number, email address, civil registration (CPR) no., photo identification (for the customer’s beneficial owners and members of the executive board and board of directors of companies managed by us in accordance with the Danish Anti-Money Laundering Act (hvidvaskloven)), occupation, posi- tion, powers of attorney, powers to sign, directorships, executive board positions, ownership of properties covered by the customer relationship, ownership of companies covered by the customer relationship, insurances covered by the customer relationship, bank details cov- ered by the customer relationship and financial and tax information covered by the customer relationship as well as owners’ association contributions and heating and water consumption and the like if the owner is a member of an owners’ association.
However, we may need to collect additional personal data in connection with our manage- ment of the customer relationship. In that case, we will inform you thereof unless you are already aware of the collection and processing or your interest in being informed thereof must yield to essential considerations for public or private interests.
We only collect and process these data for the purpose of performing the agreement which we have concluded with you and/or the business represented by you and of fulfilling the obligations under the Danish Anti-Money Laundering Act to banks and public institutions.
Legal basis for processing:
If you represent the customer: Point (f) of article 6(1) of the GDPR as we have a legitimate interest in performing the agreement which we have concluded. If you are the customer (as a private individual): Point (b) of article 6(1) of the GDPR (necessary for the agreement).
As regards our obligations under the Danish Anti-Money Laundering Act: Point (c) of article 6(1) of the GDPR, cf. part 3 of the Danish Anti-Money Laundering Act.
Processing of your civil registration (CPR) no.: Section 11(2) of the Danish Data Protection Act.
3. Sharing personal data
Generally, we will share your personal data with our processors who, e.g., provide our IT systems, including hosting, backup and support services.
We will also share your data to the extent required, including to public authorities such as the Danish Tax Agency and the police.
If you are a residential tenant or a commercial tenant with us, we will share your personal data with the owner of the property and with the suppliers and business partners assisting us in fulfilling our obligations under new and existing lease agreements and the related ser- vices. These suppliers and business partners will be: caretaker businesses, heating busi- nesses, lawyers, brokers, etc. In some cases, we will share your personal data in connection with a transaction such as a merger or an asset sale.
If you are a customer and/or an investor with us, we will share your personal data with banks.
If we wish to use your personal data for a purpose other than the purpose for which they were originally collected, we will notify you thereof and obtain your prior consent if required. However, if we anonymise your personal data so that you will no longer be identifiable, we may use the data for other purposes without notifying you as it will no longer be personal data.
4. Sharing information with recipients outside the EU/EEA
We do not share personal data with recipients outside the EU/EEA.
5. Protection of personal data
Under the GDPR, we must store your personal data in a secure and confidential manner. We store your personal data on servers with restricted access, located in controlled facilities, and our security measures are continuously monitored to determine whether our user data are handled securely and with due consideration for your rights as a private individual.
We have implemented technical and organisational confidentiality and information security measures to protect your personal data from destruction, loss, alteration, unauthorised dis- closure, access or knowledge by unauthorised persons. If a security breach of your personal data would result in a likely high risk for you, such as discrimination, identity theft, financial loss, loss of reputation or any other significant disadvantage, we will notify you of the security breach as soon as possible.
6. Erasure of personal data
We erase or anonymise personal data continually as the purpose for which they were col- lected ceases to exist.
If you are a residential tenant with us, we will store your personal data for five years after the tenant’s vacation of the premises.
When we deal with house rules breaches and we find a complaint to be unfounded, we will immediately erase your personal data related to such house rules breach. Similarly, we will erase the complaint and the personal data collected when the complaint procedure has been completed without giving rise to any objectionable issues. If the complaint uncovers objectionable issues, we will erase the personal data collected on or before erasure of the personal data related to the specific lease agreement.
However, we will not erase data if we are required under law to store them or if they are necessary for legal claims etc., e.g. in connection with proceedings before the housing tri- bunal or due to outstanding accounts with the respondent.
If you are a commercial tenant with us, we will store your personal data for five years after the end of the lease agreement.
However, we will not erase data if we are required under law to store them or if they are necessary for legal claims etc., e.g. in connection with proceedings before the housing tri- bunal or due to outstanding accounts with the respondent.
If you are a residential applicant, we will store your personal data for a maximum of 12 months after receipt of your application unless you actively ask us to keep your application for an additional 12 months.
If you are a commercial applicant, we will store your personal data for a maximum of 12 months after receipt of your application unless you, on behalf of your business, actively ask us to keep your application for an additional 12 months.
If you are a job applicant, we will store your personal data for up to six months unless otherwise agreed.
If you are or represent a customer and/or an investor, we will store your personal data for up to five years after the end of the business relationship.
7. Your rights
Under the General Data Protection Regulation, you have several rights in relation to our processing of data about you. Please contact us if you wish to exercise your rights. Your data protection rights comprise the following:
- Right to access data (right of access): You have the right to access the data which we process about you and several other data.
- Right to rectification (correction): You have the right to have inaccurate data about you rectified.
- Right to erasure: In special cases, you have the right to have data about you erased before we are generally required to erase such data.
- Right to restriction of processing: In certain circumstances, you have the right to re- strict the processing of your personal data. If you have the right to restrict the pro- cessing, we will, in future, only be permitted to process the data – except for storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of a person or important public interests.
- Right to object: In certain circumstances, you have the right to object to our otherwise lawful processing of your personal data.
- Right to transmit data (data portability): In certain circumstances, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have such data transferred from one controller to another without hin-
You may read more about your rights in the Danish Data Protection Agency’s guidance on the data subjects’ rights, which is available on www.datatilsynet.dk.
You may withdraw your consent at any time if we are processing data based on your con- sent. You may contact us about this by using the contact details stated at the end of the privacy policy (see paragraph 9). If you decide to withdraw your consent, it will not affect the lawfulness of our processing of your personal data on the basis of the consent previously given by you up to the time of withdrawal. Therefore, if you withdraw your consent, the with- drawal will not become effective until such time.
8. Complaint to the Danish Data Protection Agency
You have the right to file a complaint with the Danish Data Protection Agency if you are not satisfied with our processing of your personal data. You will find the Danish Data Protection Agency’s contact details on www.datatilsynet.dk.
9. Contact details:
Fokus Nordic A/S
Østbanegade 123, blok 6, 2.
sal DK-2100 Copenhagen Ø
+45 7010 0075
Email: persondata@fokusnordic.com
1. Controller
Fokus Nordic A/S, CVR no. 37527750, Østbanegade 123, DK-2100 Copenhagen Ø, pro-
cesses a number of personal data about you as data controller in various situations. You may read more about this below.
If you have any questions about our privacy policy and how we process your personal data or if you wish to exercise the rights set out in paragraph 7 below, you may contact us at
persondata@fokusnordic.com.
You may read more about how to contact us at the end of the privacy policy (see paragraph
9).
2. Information about collection and processing of personal data
2.1. Private leased premises
If you are a residential tenant with us, we will collect general personal data about you. This includes your name, title, address, telephone number and email address, your use of leased premises, your rent level, information about your deposit, heating and water consumption and any other consumption information. We also process information about powers of attor- ney, powers to sign, registered easements, profits, restrictive covenants and rights relating to the lease, your bank account number, information about your household and cohabitant etc. and information about domestic animals. Moreover, we process information about your receipt of housing benefits, if relevant. We register whether we have provided access keys and cards to you, and we process information about the layout of leased premises and any subleases.
In the event of default or any other breach of the lease agreement, we will also process such information, including warnings, notices and any other information related to the termination of the lease agreement for breach or convenience. This also applies if the above circum- stances are caused by bankruptcy or death.
In special cases, we also process your civil registration (CPR) number. If so, we will inform you thereof specifically, and we will obtain your prior consent if necessary.
We collect and process the above information only if necessary and only for the purpose of managing and fulfilling the provisions of the lease agreement and the Danish residential lease acts.
Generally, we do not collect any special categories of personal data (sensitive data) about you.
If we need to collect additional personal data about you which are not covered by those set out above, we will inform you thereof unless you are already aware of the collection and processing or your interest in being informed thereof must yield to essential considerations for public or private interests.
Legal basis for processing:
Point (b) of article 6(1) of the GDPR (management and performance of the lease agreement) and point (f) of article 6(1) of the GDPR (our legitimate interest in processing data related to the lease of the leased premises, including household information, access cards, consump- tion data, etc.).
2.2. Commercial premises
If you are a commercial tenant with us, we will collect general personal data about you as the contact person of the commercial tenant represented by you. This includes your name, title, photo identification, address, telephone number and email address and your affiliation with the commercial tenant. We register whether we have provided access keys and cards to you.
If the commercial tenant is a sole proprietorship, we will also process personal data about the commercial use of the leased premises, rent level, deposit, revenue if the rent is reve- nue-based, heating and water consumption and any other consumption information. We also process information about industry knowledge, powers of attorney, powers to sign, reg- istered easements, profits, restrictive covenants and rights relating to the lease and bank account number. Moreover, we process information about the layout of leased premises, any subleases and rights of assignment and resumption. In the event of default or any other breach of the lease agreement, we will also process such information, including warnings, notices and any other information related to the termination of the lease agreement for breach or convenience. This also applies if the above circumstances are caused by restruc- turing, bankruptcy or death. In special cases, we also process civil registration (CPR) num- bers. If so, we will inform you thereof specifically, and we will obtain your prior consent if necessary.
We collect and process the above information only if necessary and only for the purpose of managing and fulfilling the provisions of the lease agreement, the Danish Contracts Act (af- taleloven) and the Danish Business Lease Act (erhvervslejeloven).
Generally, we do not collect any special categories of personal data (sensitive data) about you.
If we need to collect additional personal data which are not covered by those set out above, we will inform you thereof unless you are already aware of the collection and processing or your interest in being informed thereof must yield to essential considerations for public or private interests.
Legal basis for processing:
If you represent a commercial tenant: Point (f) of article 6(1) of the GDPR as we are pursu- ing our legitimate interest in managing and performing the lease agreement with the com- mercial tenant represented by you.
If the commercial tenant is a sole proprietorship: Point (b) of article 6(1) of the GDPR (man- agement and performance of the lease agreement) and point (f) of article 6(1) of the GDPR (our legitimate interest in processing data related to the lease of the leased premises, in- cluding access cards, consumption data etc.).
2.3. Applicants for private leased premises
If you are a residential applicant for vacant leased premises, we will collect the following personal data about you: name, address, telephone number, email address and the type of leased premises for which you are applying. We only collect and process these data for the purpose of meeting your request for the right leased premises and for concluding a lease agreement.
However, in some cases, we do collect additional personal data. In that case, we will notify you thereof.
We do not collect any special categories of personal data (sensitive data) about you. Legal basis for processing:
Point (f) of article 6(1) of the GDPR as we have a legitimate interest in managing applica- tions and identifying the right leased premises on that basis.
2.4. Applicants for commercial premises
If you are affiliated with a commercial applicant for vacant leased premises, we will collect the following personal data about you: name, address, telephone number, email address and your affiliation with the commercial applicant. If the commercial tenant is a sole propri- etorship, we will also process personal data about the types of commercial leased prem- ises, occupation, position, industry knowledge, financial information and public financial statements.
We only collect and process these data for the purpose of meeting your request for the right leased premises and for concluding a lease agreement, if relevant. We do not collect any special categories of personal data (sensitive data).
Legal basis for processing:
Point (f) of article 6(1) of the GDPR as we have a legitimate interest in managing applica- tions and identifying the right leased premises on that basis.
2.5. House rules complaints
When dealing with house rules breaches, we process personal data about the complainant and any witnesses. These data include names, contact details, the date/time of the incident subject to complaint and any other information related to the incident subject to complaint, including information about noise nuisance.
When dealing with house rules breaches, we also process personal data about the tenant or persons belonging to the tenant’s household (the respondent), including names, contact details, the date/time of the incident subject to complaint and any other information related to the incident involved subject to complaint, including information about noise nuisance.
We will specifically notify the persons against whom the complaint is filed if this is possible based on the information received in the complaint. However, in certain cases, we may postpone or entirely omit such notification if required by essential considerations for public or private interests.
Legal basis for processing:
Processing of general personal data (e.g. information about name and address, noise nui- sance, time of the incident, information about the identity of witnesses, etc.): Point (f) of article 6(1) of the GDPR as we are pursuing our legitimate interest of the processing being necessary for determining whether we are able to establish, exercise or defend a legal claim based on our house rules and the provisions of Danish rent legislation.
Processing of information on criminal offences (e.g. incidents of violence) is based on sec- tion 8(5) of the Danish Data Protection Act (databeskyttelsesloven).
2.6. Job applicants
If you are a job applicant, we will collect the following personal data about you: name, address, telephone number, email address, work history and job interests in the form of your CV. We only collect and process these data for the purpose of meeting your request for employment and for concluding an employment contract, if relevant.
However, in some cases, we do collect additional personal data. In that case, we will notify you thereof on the date of collection.
We do not collect any special categories of personal data (sensitive data) about you.
Legal basis for processing:
Point (f) of article 6(1) of the GDPR as we have a legitimate interest in going through your application and your CV for the purpose of identifying the right candidate for the position.
Required processing of personal data
Under the data protection rules, you e.g. have the right to be informed of whether the provi- sion of personal data is a statutory requirement or a requirement necessary to conclude a contract and of whether you are obligated to provide the personal data and of the possible consequences of your failure to provide such data.
It should be noted in that respect that, under the Danish Health Information Act (helbred- soplysningsloven), an employee must state of their own motion or at the employer’s request whether they know that they suffer from an illness or show symptoms of an illness which will significantly affect their ability to carry out the work in question. Further, as a potential future employee, you are subject to the general duty of disclosure, which means that you must not knowingly withhold information that may be relevant to your opportunity of being employed. Moreover, it should be noted that, if you are offered a position, we will use certain personal data about you to draft your employment contract, including your name and address, see the provisions of the Danish Employment Contracts Act (ansættelsesbevisloven).
If you do not wish to provide the information that you are required to provide under the provisions of the Danish Health Information Act and/or according to your duty of disclosure or the information necessary for drafting an employment contract, we will not be able to offer you a position.
2.7 Customers and investors
If you represent and/or are a customer/an investor (a “customer”) with us, we will collect the following personal data about you: name, address, telephone number, email address, civil registration (CPR) no., photo identification (for the customer’s beneficial owners and members of the executive board and board of directors of companies managed by us in accordance with the Danish Anti-Money Laundering Act (hvidvaskloven)), occupation, posi- tion, powers of attorney, powers to sign, directorships, executive board positions, ownership of properties covered by the customer relationship, ownership of companies covered by the customer relationship, insurances covered by the customer relationship, bank details cov- ered by the customer relationship and financial and tax information covered by the customer relationship as well as owners’ association contributions and heating and water consumption and the like if the owner is a member of an owners’ association.
However, we may need to collect additional personal data in connection with our manage- ment of the customer relationship. In that case, we will inform you thereof unless you are already aware of the collection and processing or your interest in being informed thereof must yield to essential considerations for public or private interests.
We only collect and process these data for the purpose of performing the agreement which we have concluded with you and/or the business represented by you and of fulfilling the obligations under the Danish Anti-Money Laundering Act to banks and public institutions.
Legal basis for processing:
If you represent the customer: Point (f) of article 6(1) of the GDPR as we have a legitimate interest in performing the agreement which we have concluded. If you are the customer (as a private individual): Point (b) of article 6(1) of the GDPR (necessary for the agreement).
As regards our obligations under the Danish Anti-Money Laundering Act: Point (c) of article 6(1) of the GDPR, cf. part 3 of the Danish Anti-Money Laundering Act.
Processing of your civil registration (CPR) no.: Section 11(2) of the Danish Data Protection Act.
3. Sharing personal data
Generally, we will share your personal data with our processors who, e.g., provide our IT systems, including hosting, backup and support services.
We will also share your data to the extent required, including to public authorities such as the Danish Tax Agency and the police.
If you are a residential tenant or a commercial tenant with us, we will share your personal data with the owner of the property and with the suppliers and business partners assisting us in fulfilling our obligations under new and existing lease agreements and the related ser- vices. These suppliers and business partners will be: caretaker businesses, heating busi- nesses, lawyers, brokers, etc. In some cases, we will share your personal data in connection with a transaction such as a merger or an asset sale.
If you are a customer and/or an investor with us, we will share your personal data with banks.
If we wish to use your personal data for a purpose other than the purpose for which they were originally collected, we will notify you thereof and obtain your prior consent if required. However, if we anonymise your personal data so that you will no longer be identifiable, we may use the data for other purposes without notifying you as it will no longer be personal data.
4. Sharing information with recipients outside the EU/EEA
We do not share personal data with recipients outside the EU/EEA.
5. Protection of personal data
Under the GDPR, we must store your personal data in a secure and confidential manner. We store your personal data on servers with restricted access, located in controlled facilities, and our security measures are continuously monitored to determine whether our user data are handled securely and with due consideration for your rights as a private individual.
We have implemented technical and organisational confidentiality and information security measures to protect your personal data from destruction, loss, alteration, unauthorised dis- closure, access or knowledge by unauthorised persons. If a security breach of your personal data would result in a likely high risk for you, such as discrimination, identity theft, financial loss, loss of reputation or any other significant disadvantage, we will notify you of the security breach as soon as possible.
6. Erasure of personal data
We erase or anonymise personal data continually as the purpose for which they were col- lected ceases to exist.
If you are a residential tenant with us, we will store your personal data for five years after the tenant’s vacation of the premises.
When we deal with house rules breaches and we find a complaint to be unfounded, we will immediately erase your personal data related to such house rules breach. Similarly, we will erase the complaint and the personal data collected when the complaint procedure has been completed without giving rise to any objectionable issues. If the complaint uncovers objectionable issues, we will erase the personal data collected on or before erasure of the personal data related to the specific lease agreement.
However, we will not erase data if we are required under law to store them or if they are necessary for legal claims etc., e.g. in connection with proceedings before the housing tri- bunal or due to outstanding accounts with the respondent.
If you are a commercial tenant with us, we will store your personal data for five years after the end of the lease agreement.
However, we will not erase data if we are required under law to store them or if they are necessary for legal claims etc., e.g. in connection with proceedings before the housing tri- bunal or due to outstanding accounts with the respondent.
If you are a residential applicant, we will store your personal data for a maximum of 12 months after receipt of your application unless you actively ask us to keep your application for an additional 12 months.
If you are a commercial applicant, we will store your personal data for a maximum of 12 months after receipt of your application unless you, on behalf of your business, actively ask us to keep your application for an additional 12 months.
If you are a job applicant, we will store your personal data for up to six months unless otherwise agreed.
If you are or represent a customer and/or an investor, we will store your personal data for up to five years after the end of the business relationship.
7. Your rights
Under the General Data Protection Regulation, you have several rights in relation to our processing of data about you. Please contact us if you wish to exercise your rights. Your data protection rights comprise the following:
- Right to access data (right of access): You have the right to access the data which we process about you and several other data.
- Right to rectification (correction): You have the right to have inaccurate data about you rectified.
- Right to erasure: In special cases, you have the right to have data about you erased before we are generally required to erase such data.
- Right to restriction of processing: In certain circumstances, you have the right to re- strict the processing of your personal data. If you have the right to restrict the pro- cessing, we will, in future, only be permitted to process the data – except for storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of a person or important public interests.
- Right to object: In certain circumstances, you have the right to object to our otherwise lawful processing of your personal data.
- Right to transmit data (data portability): In certain circumstances, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have such data transferred from one controller to another without hin-
You may read more about your rights in the Danish Data Protection Agency’s guidance on the data subjects’ rights, which is available on www.datatilsynet.dk.
You may withdraw your consent at any time if we are processing data based on your con- sent. You may contact us about this by using the contact details stated at the end of the privacy policy (see paragraph 9). If you decide to withdraw your consent, it will not affect the lawfulness of our processing of your personal data on the basis of the consent previously given by you up to the time of withdrawal. Therefore, if you withdraw your consent, the with- drawal will not become effective until such time.
8. Complaint to the Danish Data Protection Agency
You have the right to file a complaint with the Danish Data Protection Agency if you are not satisfied with our processing of your personal data. You will find the Danish Data Protection Agency’s contact details on www.datatilsynet.dk.
9. Contact details:
Fokus Nordic A/S
Østbanegade 123, blok 6, 2.
sal DK-2100 Copenhagen Ø
+45 7010 0075
Email: persondata@fokusnordic.com