Data controller
We are the data controller for the processing of the personal data that we process about our customers and business partners. You can find our contact details below.
Højhuset Kulturhotel
Højskolevej 11
DK 7400 Herning
CVR-nr.: 37783803
It is not a requirement for our company to have a extern DPO, but if you have questions about the processing of your personal data, you can contact us via reception@hojhuset.com.
Processing activities
As the data controller under the GDPR, we have the following processing activities.
Website visit
When you visit our website, we use cookies to ensure the website functions properly, which you can read more about in our [cookie policy].
Communication with potential customers
If you have questions about our site or want to learn more about our services, you can contact us via:
- Contactform
- Phone
Through this, we will process your personoplysningerso that we can engage in a dialogue with you, for example, to answer questions about our services. We only process the information that you provide to us in connection with our communication.
We will typically process the following basic information: name, email, phone number.
Our legal basis for processing this personal data is Article 6(1)(f) of the General Data Protection Regulation.
We delete our communication with you once it is clear whether you want our services or not.
If, in a particular case, there is a need to retain your personal data for a longer period, this may be applicable.
Customers
We need to communicate with our customers to ensure that the service is delivered correctly. In this process, we may handle information such as name, address, services, special agreements, payment information, and similar data.
The legal basis for processing this personal data is Article 6(1)(b) of the General Data Protection Regulation.
Once the service has been delivered and any outstanding matters are resolved, we will promptly delete the personal data.
Newsletter
We have a newsletter that is voluntary to subscribe to – and you can always unsubscribe from it again.
The purpose of the newsletter is to send subscribed emails with new information from the company, which may include new content on the website or announcements of our services.
We will only send you emails if you have given your active consent to this. Initially, this requires that you provide your email address, to which we will then send a message so that you can confirm your subscription. In this way, we ensure that you have actively subscribed to the newsletter, i.e., given your active consent.
Our legal basis for processing your personal data (i.e., your email address) in connection with the newsletter is Article 6(1)(a) of the General Data Protection Regulation.
We will process your personal data as long as you are still subscribed to the newsletter. When you unsubscribe from the newsletter, we will also stop sending it to you. If we have not sent you a newsletter for 1 year, your consent will lapse due to our inactivity.
When unsubscribing from the newsletter, we store your former consent for 2 years after it was last used due to statute of limitations requirements, in accordance with section 11.3 of the Consumer Ombudsman's spam guidelines.
Accounting
We must retain all accounting records in accordance with the Accounting Act. This means that we store invoices and similar documents for accounting purposes. These may include ordinary personal data such as name, address, and description of services.
Our legal basis for processing personal data for accounting purposes is Article 6(1)(c) of the General Data Protection Regulation.
We store this information for a minimum of 5 years after the end of the current financial year.
Job applications
We gladly accept job applications in order to assess whether they match a hiring need in our company.
If you send your job application to us, our legal basis for processing your personal data is Article 6(1)(f) of the General Data Protection Regulation.
If you have submitted an unsolicited application, we will HR immediately assess whether your application is relevant, and then delete your information again if there is no match.
If you have submitted an application for a posted job, we will dispose of your application in the event that you are not hired, and immediately after the right candidate has been found for the position.
If you participate in a recruitment process and/or are hired for the job, we will provide you with separate information on how we process your personal data in this context.
Data processors
Few can manage everything on their own, and the same applies to us. Therefore, we have partners and use providers, some of whom may be data processors.
External providers can, for example, provide systems to organize our work, services, consulting, IT hosting, or marketing.
It is our responsibility to ensure that your personal data is processed properly. Therefore, we set high standards for our partners, and our partners must guarantee that your personal data is protected.
We therefore enter into agreements with companies (data processors) that handle personal data on our behalf to enhance the security of your personal data.
Disclosure of personal data
We do not share your personal data with third parties.
Profiling and automated decision-making
We do not carry out profiling or automated decision-making.
Transfers to third countries
As a rule, we use data processors within the EU/EEA, or who store data within the EU/EEA.
In some cases, this is not possible, and data processors outside the EU/EEA may be used if they can provide appropriate protection for your personal data.
Processing security
We keep the processing of personal data secure by implementing appropriate technical and organizational measures.
We have conducted risk assessments of our processing of personal data and have subsequently implemented appropriate technical and organizational measures to enhance the security of processing.
One of our most important measures is to keep our employees updated on the GDPR through ongoing awareness training, GDPR courses, and by reviewing our GDPR procedures with the employees.
Data subjects' rights
Under the General Data Protection Regulation, you have a number of rights regarding our processing of information about you.
If you want to exercise your rights, you must contact us so that we can assist you with this.
Right to access information (right of access)
You have the right to access the information we process about you, as well as a range of additional information.
Right to rectification (correction)
You have the right to have incorrect information about yourself corrected.
Right to erasure
In certain cases, you have the right to have information about you deleted before the time of our regular general deletion.
Right to restriction of processing
In certain cases, you have the right to have the processing of your personal data restricted. If you are entitled to have the processing restricted, we may only process the data in the future—apart from storage—with your consent, or for the purpose of establishing, asserting, or defending legal claims, or to protect a person or important public interests.
Right to object
In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You can also object to the processing of your data for direct marketing.
Right to transfer data (data portability)
In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, as well as to have these personal data transferred from one data controller to another without obstruction.
You can read more about your rights in the Danish Data Protection Agency's guide on data subjects' rights, which you can find at www.datatilsynet.dk.
Withdrawal of consent
When our processing of your personal data is based on your consent, you have the right to withdraw your consent.
Complaint to the Danish Data Protection Agency
You have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find the contact details for the Danish Data Protection Agency at www.datatilsynet.dk.
We generally encourage you to read more about the GDPR so that you are up to date on the regulations.