Refurb's IT Security Policy
A data-safe environmental footprint on our common earth
Refurb’s task in this world is to create business profit while reducing environmental impact through product life extension and value recovery on used IT equipment. Our vision is to be in the forefront of opinionmaking when it comes to green circular economy in the IT industry. Refurb wants to be an attractive company for employees, partners and customers. This must be achieved, among other things, through our work with efficiency and quality in our IT security: An important prerequisite for our employees, partners and customers to find us attractive is that we constantly ensure that we have a suitable and sufficiently high level of IT- security. The level of IT security must live up to the requirements of the legislation, including the requirements of the Danish Personal Data Act and the European Personal Data Regulation.
Field of application.
The IT security policy applies to electronic data processing (collection, storage and deletion) of goods, company information and personal data in Refurb
Personal data and responsibilities
Only employees who have a work-related need for access to electronic data processing, including registered personal data, have access to it either physically or through IT systems with rights management. This is ensured via Refurb's internal IT system, which only the management and IT administrators have access to make changes to - and thus only the management and IT administrators are scheduled to assign responsibilities to the relevant employees.
In addition, the following safety measures have been introduced in daily work:
- All computers have a password and these must not be left to others
- Refurb has a "clear desk policy", ie. that unattended personal sensitive data must not be left on desks or elsewhere and employees must lock their computers when they are left
- Computers are only delivered after having installed a firewall and antivirus program in advance
- Firewall, antivirus programs and operating systems on both computers and servers are continuously updated via the internal IT system
- Personal information is deleted in a responsible manner by phasing out and repairing IT equipment
- Backup: Refurb backs up servers located in the EU
- Monitoring: Refurb continuously monitors the IT infrastructure to act on potential illegal intrusions
- External electronic storage media are never used in connection with. with personal information
- Physical folders are located in a locked office or in locked cabinets
- Personal information in physical folders is deleted by shredding
All employees are instructed in the processing and protection of personal data - both during employment and continuously throughout the employment.
Awareness of IT security
A high level of IT security awareness and appropriate behavior among all Refurb employees are among the most important security measures. It is thus Refurb's goal that there is a high awareness of safety throughout the company.
Therefore, upon employment and continuously through the employment relationship, employees are trained and made aware of matters related to maintaining an appropriate and sufficiently high level of IT security and proper processing of personal data.
Refurb prepares, maintains and tests ongoing contingency plans that ensure emergency operation, escalation, re-establishment and resumption of normal operation in the event of major breakdowns in our IT systems.
Refurb will contact the Danish Data Protection Agency as soon as possible and within 72 hours if a security breach occurs in the company's personal data security. If the security breach involves a high risk for the data subjects, they will also be informed as soon as possible and within 72 hours. The IT security policy was last revised on 15 May 2018
The IT security policy was last revised on 15 May 2018
Refurb A / S is data responsible for the processing of the personal information we receive about you.
What personal information do we collect?
We process personal information about you of the nature "ordinary personal information" - ie. name, address, telephone number and e-mail.
We only collect personal information that you have given consent for according to legal basis, which will most often be consent, contract conclusion and / or balancing of interests.
Why do we collect your personal information?
We collect personal information to:
- Fulfill accounting obligations, cf. accounting legislation
- Comply with our contractual conditions and carry out the trade we have entered into - and to be able to carry out any follow-up on the basis of our trade (eg in connection with complaints)
- Develop relevant marketing that suits you
The processing of your personal data takes place (in part) on the basis of the balance of interests rule in Article 6 (1) of the Personal Data Regulation. The legitimate interests which justify the treatment are:
The collection is necessary for the implementation of the agreement with you (and/or the company you represent)
Who can we share your personal information with?
As a rule, we only share your personal information after a serious balancing of interests. We may use third party vendors to perform services for us such as providing infrastructure and IT services (including but not limited to data storage), processing credit and debit card transactions, providing customer service, collecting debt analysis and improving data, processing customer inquiries and performing other forms of statistical analysis. In performing these services, third party providers may have access to your personal data but are only authorized to process it solely on our behalf and in accordance with our instructions.
How long do we store your personal information?
We store your personal information for a minimum of five years from the end of the financial year in which your last transaction took place, cf. the Accounting Act.
How do we protect your personal information?
Protection of your personal information is important to Refurb A / S. All personal information you provide to us is stored on secure servers and we have strict procedures in place to protect against the loss, misuse, unauthorized access, alteration, disclosure or destruction of your personal information. Any payment transactions will be encrypted by industry standard technology and subject to PCI security standards.
While we work hard to protect your personal data, we cannot guarantee that our security measures will prevent any unauthorized attempt to access, use or disclose personal information. However, we maintain safety and incident plans, including plans for handling any. breach of data security, in the event of a physical or technical incident, in order to deal with it in a timely manner and to limit any adverse effects of such incident.
You have the right to withdraw your consent at any time. You can do this by contacting us at the contact information provided under Contact. If you choose to withdraw your consent, it does not affect the legality of our processing of your personal data on the basis of your previously given consent and up to the time of the withdrawal. Therefore, if you withdraw your consent, it will only take effect from this time.
According to the Personal Data Ordinance, you have a number of rights in relation to our processing of information about you:
* Right to see information (right of access): You have the right to access the information we process about you. Inquiries about this must be made in writing to the data controller at Refurb A / S, who must respond to the inquiry no later than one month after receipt. In addition to the insight into what data is being processed, the purpose of the processing must also be given.
* Right to rectification (correction): You have the right to have incorrect information about yourself corrected.
* Right to delete or restrict processing: In special cases, you have the right to have information about you deleted before the time of our general general deletion occurs - eg if there is no longer a legitimate purpose for the processing or storage of the information.
* Right to delete or restrict processing: In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we may in future only process the information - apart from storage - with your consent, or for the purpose of establishing, enforcing or defending legal claims, or to protect a person or important public interests.
* Right of objection: In certain cases, you have the right to object to our lawful processing of your personal data. You can also object to the processing of your information for direct marketing.
* Right to transmit information (data portability): In certain cases, you have the right to receive your personal information in a structured, commonly used and machine-readable format and to have this personal information transferred from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency's guide on the data subjects' rights, which you will find at www.datatilsynet.dk. Here you can also lodge a complaint if you are dissatisfied with the way we process your personal information. If you want to make use of your rights, please contact us - see contact information under 'Contact' at the bottom of the page.
Refurb A/S ’duty to provide information
Refurb A / S must provide the registered information about the processing that is carried out, regardless of whether the personal information has been obtained from you / the registered person or acquired from a third party. In addition to Refurb A / S as data controller having to provide you / the registered information, you can also demand insight at any time. Refurb A / S ’disclosure obligation includes:
- The data controller's identity and contact information
- The purpose of the treatment and the legal basis
- Legitimate interest of the data controller whose processing is based on balancing of interests
- The categories of personal data
- The categories of recipients of personal data
- Possibly. transfer to third countries
- The period of treatment (incl. Storage)
- The right to access, correct or delete personal data, restrict processing, object to processing and the right to data portability
- Possibility to withdraw consent
- The opportunity to complain to the Danish Data Protection Agency
- The source of the personal information
- The personal data is processed as part of a contract
- Use of personal data for a new purpose
There are two types of cookies:
- A cookie that most people know is a text file that is stored locally on your computer, mobile phone or tablet - this type of file will exist on your computer until they expire and your browser thus deletes the cookie or you actively select to delete it.
- In addition, Refurb also uses "session" cookies, which are basically reminiscent of cookies, but are only active when you visit the website in question, and will be removed as soon as you close down Refurb.dk.
Third Party Cookies
We also use a number of third-party cookies as part of our services. These cookies are subject to the respective third parties and are not controlled by us. We have set out the third-party cookies we use below, some of which can be disabled via the general browser settings, whereas in the case of others you will have to visit the respective websites and follow the instructions there.
We use these cookies for analysis purposes to ensure that we offer a website that works, loads quickly and is always optimized for the device you are sitting on. These cookies are completely anonymized and you will see that they often contain a random text string - this is composed of encrypted data so you can never be identified.
We use various software to ensure that there are no errors and security holes on our website - and in order for these to compare previous data with current data, they place a - again completely anonymised - cookie on your PC with an encrypted text string.
If you have questions about Refurb's IT security policy, please feel free to contact us at email@example.com.
The data controller undertakes to respond to queries without undue delay, however, no later than one month after receipt of the request. Refurb reserves the right to request a written inquiry if it is deemed essential in relation to case documentation. If the request is complicated, this can be extended to two months. Refurb reserves the right to require identification to validate a given request.