Toppen af Danmark is the data controller with regard to the information collected by us and ensures that personal data are processed in accordance with the law. We collect information about guests, visitors to our websites, providers, business partners, employees, job applicants as well as employees from public authorities.
If you wish to contact us in relation to our processing of personal data, please do so on: firstname.lastname@example.org.
When do we process your personal data?
When you visit our websites, book accommodation, package tours and activities or contact us for service, we need to collect your personal data in order to be able to provide our services.
Which information can we collect?
Toppen af Danmark F.M.B.A. processes the personal data you give us. Personal data being processed include, but are not limited to:
- Date of birth
- Address, email address and telephone number
- Payment information.
We can also process information recorded in connection with ordering:
- Special dietary requests.
You submit the personal data yourself when placing your order/booking, creating an account or other services on the web or via telephone.
Please note that submitting your personal data is optional. In many cases, however, we will be unable to provide you with the services and/or products ordered unless you provide us with your personal data.
How do we use the information and what are the purposes of our processing of personal data?
- We process your personal data with the purpose of being able fulfil our obligations towards you. The fulfilment might consist of the delivery of the event or other services ordered by you.
- Your personal data are processed for the purpose of facilitating customer service in general.
- Your personal data are processed in order to provide you with information via mail, email, SMS and telephone.
- Processing of your personal data might also occur in order enable us to fulfil our obligations under the Danish Financial Statements Act as well as other rules and regulations.
- The processing might also involve information about any dialogue between you and Toppen af Danmark, such as remarks to questions and complaints.
- In addition to the purposes stated above, your personal data might be used for our market and customer analyses, risk management and statistics in order to provide you with improved travel offers and better service.
When you as a guest make a purchase or a booking with us, you automatically consent to our use of your personal data for the purpose of fulfilling our contractual obligations, including the targeting of our communication in this context. A user profile will also be created for you to stay informed about your purchases with us. You can access your user profile by signing in to our website.
At our website, you will also have the option to give your explicit consent to the following:
- Storage of cookies – consent can be withdrawn via https://www.toppenafdanmark.dk/dataprotection
- Sign-up for newsletter – consent can be withdrawn by unsubscribing to newsletter via link in any of our newsletters
- Use of personal data for marketing purposes.
Consent can be withdrawn by contacting us (see top of this policy).
What are our legal grounds for the collection of personal data and information?
- Legal obligation: The storage of your personal data is required by law. If the information is not provided, our legal obligation cannot be fulfilled, and thus we would be forced to decline your purchase.
- Legitimate interest: The processing is necessary in order to cater to our own as well as your legitimate interest in the handling of customer service matters. The processing is necessary in order to cater to both our own as well as our customers’ legitimate interests in evaluating, developing and improving our services, products and systems.
- Fulfilment of the service agreement / booking / purchase: This collection of personal data is required in order for us to be able to fulfil our obligations under the terms of the service agreement / booking / purchase. If the information is not provided, our obligations cannot be fulfilled, and thus we would be forced to decline delivery of the service to you.
- Fulfilment of any legal obligation or legitimate interest: If no legal obligation exists, the processing is necessary in order to cater to our legitimate interest in preventing the abuse of a service or in guarding against, preventing and investigating crimes against our business.
For how long will we store personal data and information?
We will only store personal data for as long as it is necessary in order to fulfil the purposes for which the data were collected, as stated above. Your personal data will be stored by Toppen af Danmark in the number of years required by law. In case of complaints, some information may be stored in the number of years required in order to fulfil the requirements under the terms of Toppen af Danmarks liability insurances. We are required by law to store certain personal data for a minimum of 5 years, for example according to the Danish Bookkeeping Act. Examples of such data are personal data for the use of issuing invoices, for the correct reporting and payment of taxes and VAT as well as to provide the associated documentation to the authorities.
When you use a cancellation insurance, we will handle your information by sending documents via email. When the case is closed, the data will be stored for the number of years required in order to comply with the Danish Bookkeeping Act and Toppen af Danmarks liability insurances. Only authorised individuals will have access to this information after a such case has been processed and closed.
Who we disclose personal data to and who may process the personal data
Your personal data can be disclosed to our data processors and our business partners.
To allow for the fulfilment of the agreement, Toppen af Danmark will disclose your contact information in the form of name and address to the provider with whom an agreement for the delivery of services has been made. The provider’s processing of this information is necessary for the fulfilment of the contract, and there will be no processing of personal data for purposes beyond this purpose. Providers will most often be:
- Toppen af Danmarks members and partners in the tourist industry, for example:
- Hotels and local partners
- Coach tour operators, guides
- Restaurants, museums and event providers.
A data processor is a business which processes personal data on our behalf. We have data processors helping us, for example:
- Toppen af Danmarksprovider of administrative services, system services and other systems
- Businesses handling the operation, technical support and maintenance of our IT solutions
- Providers of payment services, such as banks and payment card acquirers / payment service providers
- Providers of marketing services
- Auditors and accountants.
The data controller
Toppen af Danmark F.M.B.A., Sct. Laurentii Vej 6B, 9900 Skagen, Denmark, company registration number (CVR): 25450388 is responsible for ensuring that the storage and processing of personal data occurs in accordance with applicable legislation.
How do we protect your personal data?
We make use of IT systems for the protection of privacy and the access to personal data. We have adopted precautionary measures to protect your personal data against unlawful or unauthorised processing. Only the individuals who in fact need to process your personal data in order for us to fulfil our declared purpose will have access to them.
Toppen af Danmark is responsible for ensuring that your personal data are processed in accordance with applicable legislation.
The data subject has additional rights pursuant to the regulations:
- The right to rectification of inaccurate personal data collected about the data subject
- The right of access to your personal data and to be provided with a copy thereof
- The right to have your personal data erased
- The right to object to the processing of your personal data
- The right to withdraw consent, if any
- The right to be informed upon request about the transfer of personal data to countries and organisations outside of the EU
- The right to avoid profiling
- The right object to our processing of your personal data.
Any request for the above must be made in writing. Upon your request or on our own initiative, we will rectify or erase all inaccurate information or restrict the processing of this information. You also have the right to request that your information will not be processed for direct marketing purposes. Please note that we have the right to reject a request for e.g. erasure, restriction of processing or other requests if we are under legal obligation to store such information, for example pursuant to the Danish Financial Statements Act, etc.
If you are dissatisfied with our processing you can submit a complaint to a supervisory authority, which for Denmark would be the Danish Data Protection Agency, “Datatilsynet” (https://www.datatilsynet.dk).