General Data Protection Regulation.

Policy on Processing and Protection of Personal Data

This Personal Data Protection Policy applies to Dano Mast A/S.

The Policy is intended to help ensure and document that Dano Mast A/S protects its personal data in accordance with the rules for processing of personal data. The Policy in addition serves to ensure that the company provides information about the processing and use of registered personal data.

The Policy is reviewed annually.

Overview of the processing of personal data
Dano Mast A/S processes personal data pertaining to:

·         Applicants

·         Employees

·         Customers

·         Suppliers / Consultants

Dano Mast A/S has prepared an overview of the processing of personal data. The overview sets out the types of processing for which the company is responsible.
Personal data are a prerequisite for Dano Mast A/S to be able to enter into contracts with employees, customers, and suppliers.

Purpose of and legal basis for the processing
Personal data are processed and filed in the course of activities such as:

·         Human resources management including recruitment, employment, termination of employment, and payment of compensation

·         Master data for customers as well as orders and sales transactions

·         Master data for suppliers as well as requisitions and purchases

·         Contracts

The processing is legal in accordance with the authorization for data processors in force at any given time, including, as of 25 May 2018: The General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data).

Dano Mast A/S does not use the personal data for any other purposes than those indicated. Dano Mast A/S does not collect more personal data than necessary for achieving the intended purpose.
Sensitive information such as details on race or ethnic origin, political, religious or philosophical convictions, trade union affiliations, health information, information about sexual relationships and orientation, genetic data, and information about criminal offences or related security matters is not kept by the company.

Storage and deletion

The company has introduced the following overall guidelines for storage and deletion of personal data:

Applicants and Employees:
During the process of recruitment and management of unsolicited applications:
Applications are submitted directly to the company. These are received by email/mail and are shared with relevant parties. Emails are deleted, and applications are saved on a file server with access restrictions. Hard copy applications are placed in a folder in a locked cabinet until the recruitment process is complete, whereupon the electronic and hard copy versions are deleted.

During employment:
The new employee signs a contract. The employment contract is filed electronically on a file server with access restrictions and physically in a folder in a locked cabinet. The employee is set up in the payroll system used by the company with master data including the names and contact details of relatives and a contact person in case of an accident. We do not record sensitive personal data such as race or ethnic origin, political or religious opinions, or trade union affiliations, nor information about sexual relationships and orientation.

Other employee data are stored on a file server with access control or in locked cabinets: Internal employee interviews, written warnings, bonus schemes, compensation adjustments, educational certificates, records of absence, etc. Records of absences, documentation for refunds from public authorities, medical certificates, and reports on health and occupational injuries are likewise stored on a file server with access control or in locked cabinets.

Upon termination of employment:
In case of termination by the employee or the employer, the relevant document is stored on a file server with access restrictions or in locked cabinets. Resumes, application related materials, and materials that are not relevant as payroll documentation are deleted immediately after termination, while documentation relevant for payroll is stored for a period of time, in accordance with the provisions of the Danish Bookkeeping Act, in locked cabinets, and electronic files are stored on PCs with access control.

Customers:

Setup and maintenance:
Customers’ data pertaining to individual purchases. Customers are companies, sole proprietorships, public institutions, and private individuals. Names, addresses, CVR numbers, email addresses, telephone numbers, and where relevant EAN numbers are collected and registered in a standard financial management system for the purpose of payment. Image documentation related to delivery of orders is kept on file. Sensitive personal data are not recorded. There is a data processing agreement with the third party companies that store the data belonging to Dano Mast A/S.

Deletion:
Dano Mast A/S stores data in accordance with the provisions of the Danish Bookkeeping Act and with liability for products.

Suppliers:

The company registers the name, address, CVR number, and email address of contact persons for business use in connection with purchase and payment. If a supplier is no longer being used for business purposes, such data are stored as prescribed by the provisions of the Danish Bookkeeping Act and are disposed of in accordance therewith.

Consultants:

If the company engages consultants as subcontractors, a contract will be signed. These contracts will be managed in the same manner as contracts with customers. Data are stored in the same manner as data for other suppliers.

Hovborg, 25 May 2018

Dano Mast A/S