1. Data Controller
We are the data controller for the processing of the personal data that we handle about our customers and partners. You can find our contact information below:
Mika Lunes Photography
Nivåhøj 62 st 5, 2990 Nivå
CVR No: 44265710
If you have questions about the processing of your personal data, you can contact us at
mikalunesphoto@gmail.com
2. Processing Activities
2.1. Website Visits
When you visit our website, we use cookies for the site to function properly. You can read more in our cookie policy linked on the site.
2.2. Communication with Potential Customers
If you have questions about our site or want to learn more about our services, you can contact us via:
Contact form
Email
Phone
Through this, we process your personal data to engage in a dialogue with you, e.g., to answer questions about our services. We only process the information you provide during communication.
We typically process the following common data: name, email, phone number, address.
Our legal basis for this processing is Article 6(1)(f) of the GDPR.
We delete the communication when it is clear whether or not you wish to use our services.
In special cases, we may need to store your personal data longer.
2.3. Customers
We need to communicate with our customers to ensure services are delivered correctly. We may process information such as name, address, services, specific agreements, payment information, and similar.
Our legal basis is Article 6(1)(b) of the GDPR.
Once the service is delivered and any outstanding matters resolved, we will delete the personal data shortly thereafter.
2.4. Newsletter
We offer a newsletter you can voluntarily subscribe to – and unsubscribe from at any time.
The purpose is to send subscribers emails with new information from the company, including new website content or announcements about our services.
We will only send emails if you have given your active consent. You first enter your email address, and we send a confirmation email to verify your subscription. This ensures the consent is valid.
Our legal basis is Article 6(1)(a) of the GDPR.
We process your data as long as you're subscribed. If you unsubscribe, we stop sending emails. If we haven't sent a newsletter for 1 year, your consent lapses due to inactivity.
Upon unsubscription, we store your prior consent for 2 years due to limitation requirements as per the Consumer Ombudsman’s spam guidelines section 11.3.
2.5. Accounting
We are required to retain all accounting records per the Bookkeeping Act. This includes invoices and similar documents which may contain ordinary personal data such as name, address, and service description.
Our legal basis is Article 6(1)(c) of the GDPR.
We store this data for a minimum of 5 years after the end of the current financial year.
2.6. Job Applications
We welcome job applications to assess whether they match any hiring needs.
If you send a job application, our legal basis for processing is Article 6(1)(f) of the GDPR.
If you send an unsolicited application, we will immediately assess relevance and delete your data if there is no match.
For advertised jobs, we will delete your application if you are not hired, immediately after the position is filled.
If you enter a recruitment process and/or are hired, we will provide you with separate information about how your personal data will be processed.
3. Data Processors
We can’t do everything ourselves, and the same goes for us. We therefore work with partners and suppliers, some of whom may be data processors.
External suppliers may provide systems for organizing our work, services, consultancy, IT hosting, or marketing.
It is our responsibility to ensure your personal data is handled properly. We place high demands on our partners, who must guarantee your personal data is protected.
We therefore enter into agreements with companies (data processors) that process personal data on our behalf to enhance the security of your data.
4. Disclosure of Personal Data
We do not share your personal data with third parties.
5. Profiling and Automated Decisions
We do not carry out profiling or automated decisions.
6. Transfers to Third Countries
As a rule, we use data processors located in the EU/EEA or who store data within the EU/EEA.
In some cases, this is not possible. If we use processors outside the EU/EEA, they must provide appropriate protection of your personal data.
7. Processing Security
We keep the processing of personal data secure by implementing appropriate technical and organizational measures.
We conduct risk assessments of our data processing and have implemented suitable technical and organizational safeguards accordingly.
One of our most important measures is to keep our staff informed about GDPR through ongoing awareness training, GDPR courses, and reviews of our procedures.
8. Rights of Data Subjects
According to the GDPR, you have several rights regarding how we process your personal data.
To exercise your rights, contact us so we can assist you.
8.1. Right of Access
You have the right to access the personal data we process about you, along with other supplementary information.
8.2. Right to Rectification
You have the right to have incorrect personal data corrected.
8.3. Right to Erasure
In certain cases, you have the right to have your personal data erased before our standard deletion policy applies.
8.4. Right to Restriction of Processing
In some cases, you can request the restriction of processing. If granted, we may only process your data (except for storage) with your consent or for legal claims, protection of a person, or significant public interest.
8.5. Right to Object
You may object to our otherwise lawful processing of your personal data. You may also object to data processing for direct marketing.
8.6. Right to Data Portability
You may have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have it transferred to another controller.
You can read more about your rights in the Danish Data Protection Agency’s guide on data subject rights at www.datatilsynet.dk.
8.7. Withdrawal of Consent
If our data processing is based on your consent, you have the right to withdraw it at any time.
9. Complaint to the Data Protection Agency
You have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with how we handle your personal data. Contact details are available at www.datatilsynet.dk.