We provide services to businesses, private businesses and individuals and are, as a rule, data controller for the personal data that we receive from customers, business partners, counterparties, authorities, etc.
Collection of personal data
We typically receive information about individuals from our customers, business partners, counterparties, authorities, other advisors, etc. as a basis for our services.
Types of personal data
We collect, among others, the following personal data:
name, address, telephone number, email address, dates of birth and other general personal data,
bank details, any information about family relationships and relationships with other closely associated persons; and information about financial circumstances. Contact details of our business clients are processed as personal data.
In some cases, we process so-called sensitive personal data, such as information on religious affiliation, criminal matters and health conditions.
Purpose of data collection
We only collect personal data that is relevant (or required) for the provision of our services to our clients.Legal basis for processing
As a general rule, the contract we enter into with customers for the provision of services constitutes the basis for our collection and processing of personal data. In certain cases, the collection and processing of personal data will be based on legal and administrative provisions.
Disclosure of personal information
We may disclose personal information to third parties if this is relevant and objectively justified in the task that we have undertaken to perform.
Transfer to third countries outside the EU/EEA
In special cases, we may need to transfer personal data to countries outside the EU/EEA. If we need to transfer data to so called “third countries”, we follow the Data Protection Authority’s guidance on transfer of personal data to third countries.
Right of data subjects
Under the GDPR, individuals for whom we process data have a number of rights including (i) the right to know what personal data we process about them, (ii) the right to rectify and update such personal data, (iii) the right to obtain, upon request, the erasure of such personal data if we are not entitled or obliged by law or for other legitimate purposes to keep the data, and (iv) the right to withdraw consent to the processing of sensitive personal data that may have been given to us.The above rights may be limited as a result of specific obligations and rights imposed on us by law to process and retain certain personal data. Access to personal data may also be restricted for reasons of privacy, confidentiality or similar reasons.
It is possible at any time to ask us for a printout of the personal data stored, to update the personal data recorded, to object to the processing of personal data or to request the erasure of personal data. However, the extent to which we can provide such material may be limited as mentioned above. The request must be in writing and must include name, address, telephone number and e-mail address. The request must also be signed by the person to whom the personal information relates. The request can be sent by post or e-mail. Our contact details are available on our website at www.brightbird.com.
If the objection is justified, we will stop processing and delete the data concerned, unless we are obliged to keep them by law or by the nature of the services to which the personal data relates.
Complaints about our processing of personal data may be submitted to the Danish Data Protection Authority.
To protect you from unauthorised access to your personal data, we use IT solutions that automatically ensure that all data is only accessible to relevant persons. In addition, we have internal procedures and policies relating to information security. These procedures and policies contain instructions and actions that protect your data from being destroyed, lost, altered, disclosed and from unauthorized access or sharing.