This data protection policy applies to OnRobot.
The purpose of the policy is to ensure and document that OnRobot protects personal data in accordance with the rules for processing of personal data. The policy will also contribute to OnRobot providing information about its processing and use of registered personal data.
The policy will be reviewed each year.
Record of the processing of personal data
OnRobot processes personal data about:
OnRobot has prepared a record of the processing of personal data. The record provides an overview of the processing for which OnRobot is responsible.
The personal data must be provided in order for OnRobot to enter into employment, customer and supplier contracts.
Purpose and lawfulness of the processing
Personal data are processed and archived in connection with:
HR management, including recruitment, hiring, dismissal and payment of salary
Master data for customers as well as orders and sales
Master data for suppliers as well as requisition forms and purchases
Processing is legal by the authority specified in the appended record.
OnRobot does not use the personal data for purposes other than those listed. OnRobot does not collect more personal data than necessary to meet the purpose.
Storage and erasure
OnRobot has introduced the following overall guidelines for storage and erasure of personal data:
Personal data are stored in physical folders.
Personal data are stored in IT systems and on server drives.
Personal data are not stored for longer than necessary to meet the purpose of the processing.
Personal data for employees are erased five years after employment has ended, and personal data about applicants are erased after six months.
Based on the appended risk assessment, OnRobot has implemented security measures to protect personal data:
Only employees with a work-related need to access the registered personal data have access to the data, either physically or via IT systems with rights management.
All computers are password protected and employees may not disclose their passwords to others.
Computers must have firewall and antivirus software installed, which must be updated regularly.
Personal data are erased securely in connection with phasing-out and repair of IT equipment.
USB flash drives, external hard disks, etc. containing personal data must be stored in a locked drawer or cabinet.
Physical folders are placed in a locked office or in locked cabinets.
Personal data in physical folders are erased by shredding.
All employees must be instructed in what to do with personal data and how to protect personal data.
Website and Cookie
The Personal Data Regulation allows you to treat personal data only legally for the purpose for which they have been collected. If you want to use data for purposes other than the original, you must always have the consent of the registrant.
Upon receipt of a business card from a customer you have his consent. If you write his information you need his signature on this paper to have a formal requirement for consent if you want to use his information. Then the customer allows OnRobot to use his data for purposes other than communication, upcoming promotions, product updates or further news including upcoming promotions, product updates and further news.
According to the Cookie Act, OnRobot must have the user’s consent to use this software on the user’s equipment. On The company’s intranet or similar closed group, the rules in the E-data protection directive do not apply.
Personal data about employees may be disclosed to public authorities such as the Danish Customs and Tax Administration and pension companies.
OnRobot only uses processors if they are able to provide the required guarantees that they will implement appropriate technical and organisational security measures to comply with personal data law. All processors must sign a processor agreement before processing commences.
OnRobot safeguards the rights of data subjects, including the right to access, withdrawal of consent, rectification and erasure and will inform the data subjects of OnRobot’s processing of personal data. Data subjects are also entitled to appeal to the Danish Data Protection Agency.
Personal data breach
In case of personal data breach, OnRobot will report the breach to the Danish Data Protection Agency as soon as possible and within 72 hours. The manager is responsible for this reporting taking place. The report will outline the breach, the groups of persons affected and the impact the breach may have on these persons and how OnRobot has remedied or intends to remedy the breach. If the breach entails a high risk for the persons about whom OnRobot processes personal data, OnRobot will also notify these persons. OnRobot s will document any personal data breach on an access-controlled drive.
Erasure of data
The customer should assess when personal data need to be erased by asking the question:
When is it no longer necessary to store the personal data?
OnRobot follows the practice of the Danish Data Protection Agency:
||Are erased after 6 months in connection with job interviews. Unsolicited applications are erased immediately.
||Are erased 5 years after termination of employment.
||Is erased after 30 days.
||Are erased immediately or after up to 3 months.
||Must be stored for 5 years from the end of the financial year.