Privacy Policy

Vitec DocuBizz ApS
Hoerskaetten 18,
DK 2630 Taastrup
CVR 10102626

Please note that this is the applicable Privacy policy for applicants and recruitment processes at Vitec DocuBizz ApS and for Customers, Suppliers and Collaborators (website visitors included) unless you have specific agreement(s) with us which differs from this policy.

1. Introduction

This data protection and privacy policy (the “Policy”) describes how Vitec DocuBizz ApS (“us”, ”we” or ”our”) collects and processes personal data relating to the purchase of services, products or general use of our website.

The Policy is prepared and made available to comply with the (EU) General Data Protection. Regulation (2016/679 of 27 April 2016) (the ”GDPR”) and the rules included herein on information to be provided to you.

2. Types of personal data processed

Specific for Customers, Suppliers and Collaborators
We process personal data about you when this is necessary and in accordance with the applicable legislation. Depending on the specific circumstances, the processed personal data include the following types of personal data: name, address, telephone number, email, username, purchasing history, invoicing and bookkeeping data and documentation, account status (customer points, payments etc.), Facebook data, LinkedIn data, Google data, IP addresses.

  • We process the following types of personal data about website visitors if provided in one of the website forms by you: Name, company of employment, email and phone number.

  • We process the following types of personal data about potential and existing customers: Company name, address, phone number, email, name, information about your employment at the company and any other potential data provided by you.

  • We process the following types of personal data about suppliers and trusted third parties: Company name, address, phone number, email, name, information about your employment at the company and any other potential data provided by you.

  • We process the following types of personal data about subscribers to our newsletter: Name, company of employment, and email.

When it is relevant, personal data is collected directly from you or from external sources. When personal data are not collected directly from data subjects, the data is provided to Vitec DocuBizz as a data processor, where securing legal basis for processing is the data controller’s responsibility.

If we need to collect more personal data than what is specified above, we will inform about this. Such information may be provided by our updating of this Policy.

Specific for Applicants
We process personal data about you when this is necessary and in accordance with the applicable legislation. Depending on the specific circumstances, the processed personal data include the following types of personal data: name, address, phone number, email address, social security number, CV, profile picture, educational documents, references from former employers, date of birth, nationality, personality tests.

We do not process sensitive personal data, i.e. the special category of personal data defined in article 9(1) of the GDPR.

We may process your criminal records in connection with the recruiting process. In such cases, we do this in accordance with applicable laws, such as section 8(3) of the Danish data protection law requiring explicit consent.

As a general rule, we only collect personal data about you from you. If specific circumstances allow or require us to collect personal data about you from someone else than you, we will inform you hereof, which may be done by updating this Policy.

If we need to collect more personal data than what is specified above, we will inform about this. Such information may be provided by our updating of this Policy.

3. Purposes for processing the personal data

Specific for Customers, Suppliers and Collaborators
We only process personal data for legitimate purposes in accordance with the GDPR. Depending on the circumstances, the personal data is processed for the following purposes:

  1. To deliver products or services to a user, customer or member.
  2. To provide service messages and information to users, customers or members.
  3. To store personal data to comply with applicable legislation requirements such as bookkeeping acts.
  4. To send newsletters on e-mail.
  5. To improve our products, services or website.
  6. To facilitate a sales process.
  7. To prevent fraudulent behavior or misuse of the IT System.
  8. To communicate and exchange data with public authorities when required by law.
  9. To give support and service messages, including answering questions and complaints and send updates about our products and services.

Profiling is used in rare cases to predict preferences. If profiling in some ways will be relevant for you, you are always informed prior to the profiling, where you have the chance to refuse or give consent. If you consent to profiling, there will always be at least one of our employees evaluating your potential preferences.

Specific for Applicants
Your personal data collected and processed by us will be processed for the following purposes:

  1. To process job applications and to recruit the relevant persons.
  2. To store and process personal data to the extent that it is a requirement under applicable law, including bookkeeping in accordance with applicable law.

4. Legal basis for processing personal data

Specific for Customers, Suppliers and Collaborators
We only process your personal data when we have a legal basis to do so in accordance with the GDPR. Depending on the specific circumstances, the processing of personal data is done on the following legal basis:

  1. If we have asked for a consent for the processing of specific personal data, the legal basis for such personal data is a consent, cf. article 6(1)(a) of the GDPR, as the consent can always be withdrawn by contacting us via the contact details provided at the end of this Policy, and, if the consent is withdrawn, the personal data processed on the basis of consent is deleted, unless it can or must be processed, for example, in order to comply with legal obligations.
  2. The processing is necessary for the performance of a contract to which the data subject is party, cf. the GDPR, article 6(1)(b), the first indent.
  3. The processing is necessary in order to take steps at the request of the data subject prior to entering into a contract, cf. the GDPR, article 6(1)(b), last indent.
  4. The processing is necessary for compliance with applicable legislation, cf. the GDPR, article 6(1).
  5. The processing is necessary for the purposes of the legitimate interests where such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, cf. the GDPR, article 6(1)(f).

In addition to the above, in some instances we process social security number or other identification number (CPR in Denmark). Before we perform such processing, we will collect a consent hereto. We perform this processing activity to provide support for our AP flow system DocuBizz. However, the processing of these data will only occur if it is strictly necessary for the purpose. Most support is solved by the customer providing pseudonymised or anonymized data, for us to perform the support, where it in rare cases is strictly necessary to process raw data. Vitec DocuBizz has organizational and technical measures in place to keep the integrity, confidentiality and availability of the data as well as processing the data for the shortest period possible.

In addition to the above, in some instances we analyze individual customers' or users' personal preferences and/or behavior with the purpose of using such analyses for marketing, sales or similar commercial activities. Before we perform such processing, we will collect a consent hereto. We perform this processing activity for the following purposes: To provide you as a potential customer the best service possible. However, please note that this will only occur if you give your consent to this and you will be notified prior to receiving our interactive presentations, where this analysis is possible for us. Refusal of giving consent to this processing, does not mean that we will not make these presentations available to you, even though we are not allowed and able to collect data for such analysis.

Specific for Applicants
We only process your personal data when we have a legal basis to do so in accordance with the GDPR. Depending on the specific circumstances, the processing of personal data is done on the following legal basis:

  1. If we have asked for your consent for the processing of specific personal data, the legal basis for the processing of such personal data is your consent, cf. article 6(1)(a) of the GDPR, as the consent can always be withdrawn by contacting us via the contact details provided in section 9 of this Policy, and, if the consent is withdrawn, the personal data processed on the basis of consent is deleted, unless it can or must be processed, for example, in order to comply with legal obligations.
  2. The processing is necessary for compliance with applicable legislation, cf. the GDPR, article 6(1)(c), including any specific rules on the processing of personal data in the employment context as provided in article 88 of the GDPR such as section 12(1) of the Danish data protection law.
  3. The processing is necessary for the purposes of the legitimate interests where such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, cf. the GDPR, article 6(1)(f), including any specific rules on the processing of personal data in the employment context as provided in article 88 of the GDPR such as section 12(2) of the Danish data protection law.
  4. The processing is necessary in order to protect the vital interests of the data subject or of another natural person, cf. the GDPR, article 6(1)(d).

5. Disclosure and transfer of personal data

5.1. We only pass on personal data to others when the law allows it or requires it. Our company is part of a concern/company group where personal data is shared between some group companies depending on the circumstances.

5.2. We transfer personal data to the following recipients from the EU/EEA:

  • Data processors
  • Vitec Software Group

5.3. Prior to selecting sub-data processors, Vitec DocuBizz ApS makes sure, that these sub-data processors are following GDPR and has relevant certifications (such as ISO 27001), or making sure that our sub-data processors are legally bound to complying with terms provided by us, that are following GDPR, relevant certifications and any potential additional requirements in the agreement between Vitec DocuBizz and our customers.

5.4. From time to time we use external companies as suppliers to assist us in delivering our services. The external suppliers will not receive or process personal data unless the applicable law allows for such transfer and processing. Where the external parties are data processors, the processing is always performed on the basis of a data processor agreement in accordance with the requirements hereto under GDPR. Where the external parties are data controllers, the processing of personal data will be performed based on said external parties’ own data privacy policy and legal basis which the external parties are obligated to inform about unless the applicable legislation allows otherwise.

5.5. We do not transfer personal data to countries or international organisations outside the EU/EEA unless it is necessary on your specific request.

6. Erasure and retention of personal data

Specific for Customers, Suppliers and Collaborators
We ensure that the personal data is deleted when it is no longer relevant for the processing purposes as described above. We also retain personal data to the extent that it is an obligation from applicable law, as is the case with for example accounting and bookkeeping materials and records. If you have any questions about our retention of personal data, please contact the email mentioned in section 9 of this Policy.

Specific for Applicants
We ensure that the personal data is deleted when it is no longer relevant for the processing purposes as described above. We always retain personal data to the extent that it is an obligations from applicable law, as is the case with for example accounting and bookkeeping materials and records.

When the candidate becomes an employee, the employee’s personal data from the application process are transferred/moved to regular HR management. If the candidate does not become an employee, the general rule is that the personal data is erased after 6 months in accordance with applicable law. Notwithstanding the above, specific reasons related to employment law may necessitate the continuous processing of the personal data. This may have different implications. For example, we may process the applications for a longer period to prove that there has been no unlawful discrimination in the selection process, when we consider this necessary. Similarly, it may be relevant to process the personal data for a limited period if a similar relevant position may become available during this period, or if another existing candidate opts out of the application process.

If you have any questions about our retention of personal data, please contact the email mentioned at the bottom of this Policy.

7. Data subject rights

7.1. Data subjects have a number of rights that we can assist with. If a data subject wants to make use of his or her rights, he or she can contact us. The rights include the following:

  • The right of access: Data subjects have a right to ask for copies of the information that we process about them, including relevant additional information.

  • The right to rectification: Data subjects have a right to ask for rectification of inaccurate personal data concerning him or her.

  • The right to erasure: In certain circumstances data subjects have a right to obtain the erasure of personal data concerning him or her before the time when erasure would normally occur.

  • The right to restrict processing: Data subjects have, in certain situations, a right to have the processing of his or her personal data restricted. If a data subject has the right to have the processing of his or her personal data restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest in the European Union or of a European member state.

  • The right to object: Data subjects have, in certain situations, a right to object to the legal processing of his or her personal data.

  • The right to data portability: Data subjects have, in certain situations, a right to receive his or her personal data in a structured, commonly used and machine readable format and have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data has been provided.

7.2. More information about data subject rights can be found in the guidelines of the national data protection authorities.

If a data subject wishes to make use of his or her rights as described above, the data subject is asked to use the contact details provided at the end of this Policy.

We strive to do everything to meet wishes regarding our processing of personal data and the rights of data subjects. If you or others despite our endeavours wish to file a complaint, this can be done by contacting the national data protection authorities.

8. Changes to this Policy

We reserve the right to update and amend this Policy. If we do, we correct the date and the version at the bottom of this Policy. In case of significant changes, we will provide notification in the form of a visible notice, for example on our website or by direct message.

9. Contact

If you have questions or comments to this Policy or if you would like to invoke one or more data subject rights, please contact us at info@docubizz.com