Refurb® is part of Egiss A/S.
At Egiss A/S ("Egiss, "Refurb", "our", or "we"), we prioritise data security and confidentiality. This personal data policy establishes clear guidelines for Refurb's processing of your personal data. The following explains how we use the personal information you leave and/or provide when you visit our websites, www.refurb.eu and www.webshop.refurb.eu, or interact with us in other relevant ways.
1. Data controller and contact information
Egiss A/S - Hinnerup
VAT: DK-3505 6297
P-number: 10 2400 5468
2. The purpose and legal basis for the processing of your personal data
Refurb is the data controller for processing the personal data we receive about you.
2.1. Collection of personal data
Generally, you can access our websites without telling us who you are or providing any personal information about yourself. However, we need certain personal information to do business with you and provide you with news and other services. Refurb only collects the personal data that is necessary.
The personal data we collect may include, for example, your name, e-mail address, private address, telephone number and similar identification information, information about an online purchase and your navigation on our websites.
We only collect personal data you have consented to according to law, which will most often be consent, entering into a contract and/or balance of interests.
2.2. Purpose of data collection
Collection, as well as the purpose and legal basis for processing your personal data, takes place in one or more of the following cases:
- Fulfil accounting obligations, cf. accounting legislation.
- Comply with our contractual conditions and carry out the trade we have entered - and be able to conduct any follow-up based on our trade (e.g., concerning complaints).
- Develop relevant marketing that suits you.
Processing of your personal data takes place (partially) based on the balancing of interests rule in the Danish Personal Data Regulation, Article 6, subsection 1, letter f. The legitimate interests that justify the processing are:
The collection is necessary to implement the agreement with you (and/or the company you represent).
2.3. To whom do we pass on personal data?
As a starting point, we only share your personal data after a severe balancing of interests. We may use third-party vendors to perform services for us, such as providing infrastructure and IT services (including but not limited to data storage), processing credit and debit card transactions, providing customer service, collecting debt analysis, and improving data, processing customer inquiries, and performing other forms of statistical analyses.
In performing these services, third-party suppliers may have access to your personal data but are only authorised to process it solely on our behalf and per our instructions.
We keep statistics on how you use the websites to develop further and improve www.refurb.eu and www.webshop.refurb.eu.
Deletion of personal data
Unless otherwise required by law, we store your information for as long as necessary to fulfil the purposes described in section 2.2.
Accounting material is stored for five years from the end of the calendar year in which the purchase was completed, cf. the Accounting Act.
If you unsubscribe from newsletters, you will be unsubscribed immediately, but documentation of the original consent will be stored for two years.
2.5. Protection of your personal data
The protection of your personal data is important to us. All personal information you provide to us is stored on secure servers, and we have strict procedures to protect against the loss, misuse, unauthorised access, alteration, disclosure, or destruction of your personal information. Any payment transactions will be encrypted by industry-standard technology and subject to PCI security standards.
Although we work hard to protect your personal data, we cannot guarantee that our security measures will prevent any unauthorised attempt to access, use or disclose personal data. However, we maintain security and incident plans, including plans for handling any data security breach, in the event of a physical or technical incident, to deal with this in a timely manner and limit any negative impact of such an incident.
4. IT security
We have implemented security measures to ensure our internal procedures meet our high security policy standards. We do our best to protect the quality and integrity of your personal information. Read more about it here.
5. The right to withdraw consent
You always have the opportunity to be told what information we have registered about you and the right to withdraw your consent at any time. You can do this by contacting us via the contact details provided below. If you wish to withdraw your consent, this does not affect the lawfulness of our processing of your personal data based on your previously communicated consent and up to the time of withdrawal. If you withdraw your consent, it only takes effect from this point.
You can always have incorrect information corrected.
6. Your rights
According to the Personal Data Regulation, you have several rights concerning our processing of information about you.
6.1. Right to see information (right of access)
You have the right to gain insight into the information we process about you. Inquiries about this must be made in writing to the data controller at Egiss. The request must be processed no later than one month after receipt. In addition to the insight into which data is processed, the purpose of the processing must also be given.
You will find the contact details of our data controller below.
6.2. Right to rectification
You have the right to have incorrect information about you corrected.
6.3. Right to erasure
In some instances, you have the right to have information about you deleted before the time for our general deletion occurs - for example, if there is no longer a legitimate purpose for processing or storing the information.
6.4. Right to restriction of processing
In some instances, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we may subsequently only process the information - apart from storage - with your consent, or for the purpose of establishing, asserting, or defending legal claims, or to protect a person or vital public interests.
6.5. Right to object
In some instances, you have the right to object to our lawful processing of your personal data. You can also object to the processing of your information for direct marketing.
6.6. Right to transmit information
In some instances, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have this personal data transferred from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Authority's guidance on the rights of data subjects, which you can find at www.datatilsynet.dk.
7. Obligation to provide information
We must provide the registered information about the processing carried out, regardless of whether the personal data has been obtained from you/the registered person or acquired from a third party. In addition to Egiss as the data controller having to provide you/the registered person with the information, you can also demand insight at any time. Our obligation to provide information includes the following:
- The identity and contact information of the data controller
- The processing purpose and legal basis
- Legitimate interest of the data controller whose processing is based on balancing of interests
- The categories of the personal data
- The categories of recipients of personal data
- Possible transfer to third countries
- The period of processing (incl. storage)
- The right to access, correct or delete personal data, limit processing, object to processing and the right to data portability
- The possibility of withdrawing consent
- The possibility to complain to the Data Protection Authority
- The source of the personal data
- The personal information is processed as part of a contract
- Use of the personal data for a new purpose
8. Links to other websites
9. Contact for changes to information etc.
If you want us to update, change or delete the personal information we have registered about you, access the personal data that is processed about you, or have questions about the above guidelines, you can contact the data controller at firstname.lastname@example.org. You can also write to us at the following address:
10. Access to complaints
If you wish to complain about the processing of your personal information, you can contact us via e-mail or letter as indicated above. You can also contact the Danish Data Protection Authority. See contact information at www.datatilsynet.dk.