Privacy policy


Last modified: 04.07.2022

 

At Systime IT-security and your privacy is prioritized and we take pride in processing your personal information with transparency and with respect. Therefore, we have created this privacy policy where you, as a user of MinKonto can see the types of processing we are doing, the aim of the processing, the legal basis for processing, with whom we share your information and how long we retain your personal data. Furthermore, you will be able to find information about how we test our IT-systems, the rights you have when using MinKonto according to GDPR and who you can direct a complaint to if you find that we do not process your personal data in accordance with the applicable legislation.

Data controller

The legal entity, who is responsible for the processing of your personal data is:

Systime v. Gyldendal A/S
Sonnesgade 11
8000, Århus C
CVR-nummer: 58 20 01 15
Phone: 70 12 11 00
E-mail: gdprmail@gyldendal.dk

(Hereafter ”we” or ”us”).

In the following it is described for which purposes your personal data is collected and processed.

 

Min Konto

To access iBøger® and other digital products provided by us, you will need to create a ‘MinKonto’ account and in this context we process personal information about you, to deliver our service(s), so that we can operate and develop our services and ensure that you get the best user experience.

Processed information

To fulfill the purpose listed above we collect and process the following categories of personal data:

  • First name
  • Last name
  • E-mail address
  • Institutional affiliation
  • Field of study
  • Professional interests
  • Permission according to our privacy policy
  • Whether you are at least 13 years of age

Please note that Systime in general is the Data Controller for the information stated below. However, if you have gained access to the product from an institution or municipality (Data Controller), Systime will be the Data Processor for the following information:

  • Answers to tasks
  • Statistics of users
  • IP-adresses
  • Unilogin-association
  • Googlelogin
  • DeviceID

Legal basis

When we process your personal data as stated above, the processing is based on the following legal basis:

  • The General Data Protection Regulation article 6, paragraph 1, litra b (to fulfill a contract with you)

Recipients of information

To fulfill the purpose we will share your personal data with the categories of recipients listed below. If the transfer results in a full or partial access or transfer of your personal information to a third country the transfer is based on the Commission's Standard Contractual Clauses according to The General Data Protection Regulation article 46, paragraph 2, litra C.

  • Vendors of IT-infrastructure and software
  • Vendors of digital marketing services
  • Public authorities - amongst others SKAT

Retention

We will retain your personal data as long as necessary for the purposes mentioned in this privacy policy.

  • Users who no longer hold an active license will be marked for deletion after being inactive for 450 days. Users who fulfill this requirement will be deleted from the platform in July. A user can also be deleted from the platform manually by a system worker on request.

 

Test and development

To improve and develop our IT-systems users information can be used in tests.

In this context we process the following categories of information:

  • First name
  • Last name
  • E-mail address
  • Institutional affiliation
  • Field of study
  • Professional interests
  • Permission according to our privacy policy
  • Whether you are at least 13 years of age
When we process your personal data as stated above, the processing is based on the following legal basis

  • The General Data Protection Regulation article 6, paragraph 1, litra f (to pursue a legitimate interest)
Our legitimate interest is to develop and improve our digital systems and products.

When fulfilling the stated purpose the following categories of recipients will process your personal data:

Providers of development tools. A few providers have branches outside of EU/EEA countries, in such cases we transfer data on the basis of the Commission’s Standard Contractual Clauses according to The General Data Protection Regulation article 46, paragraph 2, litra C.

We retain your personal data as long as necessary for the purposes mentioned in this privacy policy.

The personal data will be retained up to 3 months after a test is finished.

 

Your rights

You have the following rights when we process your personal data:

  • You have the right of access, rectification or erasure of your personal data
  • You have the right to restriction of the processing of your personal data and have the processing of your personal data limited
  • You have the right to object when your personal data is used for direct marketing
  • You have the right to withdraw your consent, if the processing of your personal data is based on your consent
  • You have the right to receive the personal data that you have provided in a structured, commonly used and machine readable format
There might be conditions or limitations to these rights. Therefore, it is not certain that you e.g. have the right to have your personal data erased immediately as this can depend on the circumstances and applicable legislation with reference to the processing activities.

To exercise your rights:

We ask you to send your request in writing to the address or e-mail address stated under “Data Controller” above.

In your request we ask you to provide your name, e-mail address and telephone number (if relevant) and to state as precisely as possible what your request relates to.

Please note that we can ask you to verify your identity prior to handling your request.

If you are displeased with the way we process your personal data, you can send a complaint to us to the address stated above.

If you are displeased with the outcome of your complaint to us you can submit a complaint to Datatilsynet at anytime on www.datatilsynet.dk or to:

Datatilsynet
Carl Jacobsens Vej 35
2500 Valby

 

Changes to this privacy policy

At the top of this privacy policy you can see the date for the latest update. We will periodically review the policy which might result in updates. In case of material changes we will notify you by posting a notice on our website.