Data Protection Policy

Your market access partner from strategy to implementation

Introduction

We are under an obligation to protect the confidentiality, integrity and accessibility of our customers’, suppliers’, partners’ and employees’ data, including personal data. Protecting personal data is essential to us, and we are continuously working on ensuring compliance with applicable data protection legislation, including the General Data Protection Regulation (GDPR).

Data Controller

When NHTA processes personal data in connection with the provision of consultancy services, we consider ourselves a data processor, as we process personal data on behalf of our customers and in accordance with customer instructions. The customer and NHTA enter into a data processing agreement containing instructions, terms and conditions for NHTA’s processing of personal data.

This data protection policy contains information on NHTA’s processing of personal data, when we are the data controller. More information on this may be found below.

Our processing activities

Data controller
The company which has entered into a contract or an engagement letter with the client.

Purpose
Management of customer relations, including financial and contract administration.

Data subjects
Clients and customers, including their employees.

Category of personal data
Non-sensitive personal data, i.e. name, position, contact details.

Legal basis
The company which has entered into a contract or an engagement letter with the client Management of customer relations, including financial and contract administration Clients and customers, including their employees Non-sensitive personal data, i.e. name, position, contact details Processing of personal data is necessary for the performance of contracts with the customer, cf. GPDR, Article 6(1)(b). Processing is also necessary in order for NHTA to pursue its legitimate interests in being able to manage contracts, invoice and evaluate the customer relationship, manage and maintain IT systems, administer and manage our website, systems and applications, statistics and business development, cf. GDPR, Article 6(1)(f). The data subjects Five years after the latest project for the customer has been completed. Personal data may be disclosed to subcontractors who are directly involved in the project for the customer.

Source
The data subjects.

Retention period
Five years after the latest project for the customer has been completed.

Disclosure to third parties
Personal data may be disclosed to subcontractors who are directly involved in the project for the customer.

Use of cookies on our websites

We use cookies on our websites in order to optimise the user experience. Read more here.

Security of processing

Data security is a high priority at NHTA. We work seriously and professionally with information security, and we base our work on internationally recognised security standards. We have implemented security measures to ensure data protection of customer data, personal data and other confidential data. We conduct regular internal follow-ups in relation to the adequacy and compliance of policies and measures.

We occasionally use other third parties, such as subcontractors, in connection with the provision of our services. Such third parties may be granted access to personal data in order for them to be able to provide the agreed service. NHTA enters into data protection agreements that are necessary in order to ensure that security is in place to protect data and comply with our data protection obligations.

NHTA also uses sub-data processors as part of our day-to-day IT operations. This means that personal data are processed by NHTA’s sub-data processors. These sub-data processors are located within the EU. There are data processing agreements in place between NHTA and all sub-data processors to ensure that all processing takes place in accordance with NHTA’s instructions and is subject to the necessary security requirements.

Your rights as a data subject

As a data subject, you have certain rights pursuant to the General Data Protection Regulation. Your rights may be summarised as follows:

  • The right of access by the data subject. You have the right to gain access to the personal data concerning you that we process.
  • The right to have incorrect personal data rectified. You have the right to have incorrect personal data about yourself rectified without undue delay.
  • The right to have personal data erased. You have the right to have your personal data erased at an earlier point in time than when our ordinary erasure takes place, where appropriate.
  • The right to restriction of data processing. You have the right to restrict our processing of your personal data, where appropriate. In such cases, we may only process your data with your consent or in some very specific situations as outlined in the General Data Protection Regulation.
  • The right to object to personal data processing, if our processing is based on Article 6(1)(e) and (f). In such cases, we may only process your personal data if we are able to demonstrate compelling legitimate grounds for doing so.
  • The right to data portability. You have the right to receive your personal data in a structured, commonly used and machine-readable format. You may also request that we transmit your personal data to another data controller without hindrance.

For further information on your rights as a data subject, please refer to the Danish Data Protection Agency’s website (www.datatilsynet.dk), where you will find further guidelines.

When we process personal data based on your consent, you have the right to withdraw your consent at any time. Please contact us to withdraw consent for our processing of your personal data.

Changes to this data protection policy

We acknowledge that transparency is an ongoing responsibility. Therefore, we will continually review and update this data protection policy in order to ensure our compliance with applicable personal data law from time to time.

The data protection policy was updated in November 2021.

Contact

Please contact us if you would like to exercise your rights as described above, or if you have questions about our processing of your personal data or this data protection policy.

NHTA
CVR: 39842882
Attn.: contact@nhta.com
Tømmergravsgade 6, 2450 København SV
Tel: +45 44 222 777

You may also get in touch with your contact person at NHTA, who will be able to help you contact the right person.

Complaints

If you wish to complain about our processing of personal data, please send an email with the details of your complaint to contact@nhta.com. We will handle your complaint and get back to you.

You also have the right to lodge a complaint about your rights and NHTA’s processing of your personal data to the Danish Data Protection Agency. For further information on how to lodge a complaint to the Danish Data Protection Agency, please consult their website: www.datatilsynet.dk.

Statutory rules

The applicable statutory rules for NHTAs processing of your personal data may be found in:

  • The General Data Protection Regulation (GDPR)
  • The Danish Data Protection Act