1. Generally

1.1 This policy on the processing of personal data (“Personal Data Policy”) describes how Eace ApS (“Eace”, “us”, “our”, “we”) collects and processes information about you.

1.2 The personal data policy applies to personal data that you submit to us or that we collect via Eace's website, www.eacegum.com (“Website”).

1.3 Eace is the data controller for your personal data. All inquiries to Eace can be made via the contact information listed under section 7.

2. What personal data do we collect, for what purposes and the legal basis for the processing

2.1 When you visit the Website, we automatically collect information about you and your use of the Website, e.g. what type of browser you use, what search terms you use on the Website, your IP address, including your network location, and information about your computer.

• 1.1 The purpose is to optimize the user experience and the function of the Website, as well as carry out targeted marketing, including retargeting via Facebook and Google. This processing of information is necessary so that we can safeguard our interests in improving the Website and showing you relevant offers.
• 1.2 The legal basis for the processing is the EU Personal Data Regulation, art. 6, subsection 1, letter f.

2.2 When you buy a product or communicate with us on the Website, we collect the information you provide yourself, e.g. name, address, e-mail address, phone number, payment method, information about which products you buy and possibly have returned, delivery requests, and information about the IP address from which the order was made.

• 2.1 The purpose is that we can deliver the products you have ordered and otherwise fulfill our agreement with you, including to be able to manage your rights to return and advertise. We can also process information about your purchases to comply with legal requirements, including for bookkeeping and accounting. When making a purchase, the IP address is collected for the purpose and to safeguard our interest in being able to prevent fraud.
• 2.2 The legal basis for the processing is the EU Personal Data Regulation, art. 6, subsection 1, letters b, c and f.

2.3 When you sign up for our newsletter, we collect information about your name, e-mail address and possibly mobile number.

• 3.1 The purpose is to safeguard our interest in being able to deliver newsletters to you.
• 3.1 The legal basis for the processing is the EU Personal Data Regulation, art. 6, subsection 1, letter f.

2.4 When you sign up for our subscription , you will be asked to provide e.g. name, address, date of birth, e-mail address, telephone number, your preferences and interests, etc. In addition to name, address and e-mail address, you choose which information you want to give us . In addition, we collect information during your membership about your use of the benefits of the subscription, competitions you participate in, etc. We compare this information with other information we have about you, including information about what you have purchased and possibly returned.

• 4.1 The purpose is to be able to administer your membership and provide you with the services and offer you the benefits associated with membership of the subscription, as well as to safeguard our interest in being able to send service emails and marketing via. newsletter and carry out targeted marketing.
• 4.2 The legal basis for the processing is the EU Personal Data Regulation, art. 6, subsection 1, letters b and f. Upon registration, you will be asked to give separate consent to electronic marketing.

3. Recipients of Personal Information

3.1 Information about your name, address, e-mail, telephone number as well as order number and specific delivery requests will be passed on to PostNord, GLS, DAO365 or a carrier responsible for the delivery of the purchased goods to you

3.2 Information may be entrusted to external business partners who process the information on our behalf. We use external partners for, among other things, technical operation and improvements of the Website, sending out newsletters, sending out questionnaires, analysis of website traffic, split testing of content on the website, as well as targeted marketing, including retargeting, as well as for your evaluation of our company and products. These companies are data processors and under our instructions and process data for which we are the data controller. The data processors may not use the information for any purpose other than fulfilling the agreement with us, and are subject to confidentiality regarding this. We have entered into written data processing agreements with all data processors who process personal data on our behalf.

3.3 Two of these data processors, Google Analytics v/Google LLC. And Facebook Inc. is established in the United States. The necessary guarantees for the transfer of information to the USA are secured through the data processor's certification under the EU-US Privacy Shield, cf. EU Personal Data Regulation art. 45.

• 3.1 copy of Google LLC's certification can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
• 3.2 A copy of Facebook Inc.'s certification can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
  
  

4. Your rights

4.1 In order to create transparency around the processing of your information, we, as data controller, must inform you of your rights.

4.2 The right of inspection

• 2.1 You are entitled at any time to request information from us about, among other things, what information we have registered about you, what purpose the registration serves, which categories of personal data and recipients of information may be may be, as well as information about where the information originates.
• 2.2 You have the right to receive a copy of the personal data that we process about you. If you want a copy of your personal data, you must send a written request to kundeservice@eace.dk. You may be asked to document that you are who you say you are.

4.3 The right to rectification

• 3.1 You have the right to have incorrect personal data about yourself corrected by us. If you become aware that there are errors in the information we have registered about you, you are encouraged to contact us in writing so that the information can be corrected.
• 3.2 Information that we have collected in connection with your registration for our subscription , you have the opportunity to correct yourself via log-in to your user profile.

4.4 The right to deletion

• 4.1 In certain cases, you have the right to have all or some of your personal data deleted by us, e.g. if you revoke your consent and we have no other legal basis for continuing the processing. To the extent that continued processing of your information is necessary, e.g. for us to comply with our legal obligations, or for legal claims to be established, asserted or defended, we are not obliged to delete your personal data.

4.5 The right to limit processing to storage

• 5.1 In certain cases, you have the right to have the processing of your personal data restricted to storage only, for example if you believe that the information we process about you is incorrect.

4.6 The right to data portability

• 6.1 In certain cases, you have the right to have personal data that you yourself have given us delivered in a structured, commonly used and machine-readable format and you have the right to transfer this data to another data controller.

4.7 The right to object

• 7.1 You have the right at any time to object to our processing of your personal data for the purpose of direct marketing, including the profiling carried out in order to target our direct marketing.
• 7.2 You also have the right at any time, for reasons relating to your personal situation, to object to the processing of your personal data that we carry out on the basis of our legitimate interests, cf. pt. 2.1 and 2.3.
  
  

4.8 The right to withdraw consent

• 8.1 You have the right at any time to revoke a consent you have given us for a given processing of personal data, including for the profiling carried out by you as a subscription. If you wish to revoke your consent, please contact us at kundeservice@eace.dk .
• 8.2 You can revoke your consent to cookies that are not necessary for the functionality of the website at any time
• 8.3 You can revoke your subscription to news emails at any time by selecting "unsubscribe" at the bottom of emails or contacting us at kundeservice@eace.dk
• 8.4 It is not possible to revoke consent in relation to Necessary service emails ifb. your subscription with Eace. We use service emails to notify you about changes in your membership or inform you about your account status.
  
  

4.9 The right to complain

• 9.1 You have the right at any time to lodge a complaint with the Data Protection Authority, Borgergade 28, 5, 1300 København K about our processing of your personal data. Complaints can be lodged, among other things, by email dt@datatilsynet.dk or telephone +45 33 19 32 00.
  
  

5. Deletion of personal data

5.1 Information collected about your use of the Website cf. pt. 2.1. deleted at the latest when you have not used the Website for 1 year.

5.2 Information collected in connection with your registration for our newsletter is deleted when your consent to the newsletter is withdrawn, unless we have another basis for processing the information.

5.3 Information collected in connection with purchases you have made on the Website cf. pt. 2.2 will basically be deleted 5 years after the end of the calendar year in which you made your purchase. However, information can be stored for a longer period of time if we have a legitimate need for longer storage, e.g. if it is necessary for legal claims to be established, asserted or defended, or if storage is necessary for us to fulfill legal requirements. Accounting material is stored for 5 years until the end of a financial year in order to meet the requirements of the Accounting Act.

5.4 Information that we have collected in connection with your registration for and during your membership of our subscription cf. pt. 2.4, we will automatically delete: a) if you have not logged into your user profile for 5 years, b) if you terminate (suspend) your membership to our subscription and do not reactivate it within the next 5 years, or c) if you unsubscribe you your membership to our subscription.

6. Security

6.1 We have implemented appropriate technical and organizational security measures against personal data being accidentally or illegally destroyed, lost, changed or degraded, as well as against it coming to the knowledge of unauthorized persons or being misused.

6.2 Only employees who have a real need to access your personal data in order to perform their work have access to it.

7. Contact information

7.1 Eace Aps is the data controller for the personal data collected via the Website.

7.2 If you have questions or comments about this Personal Data Policy or wish to make use of one or more of your rights described in section 4, you can contact:

Eace Aps

ATT: Personal data controller

Sølvgade 101, 5.

1307, Copenhagen K

E-mail: kundeservice@eace.dk

8. Changes to the Personal Data Policy

8.1 If we make changes to the Personal Data Policy, you will be informed about this on your next visit to the Website.

8.2 If you have signed up for our membership/subscription, you will be informed of the changes in the policy by sending information to your registered e-mail address.

9. Versions

9.1 This is version 1.0 of Eace ApS's personal data policy dated 18.09.2019.