Privacy Policy
NORTH Consulting takes data protection very seriously. We protect the personal data we handle and ensure that we comply with applicable data protection regulations.
This privacy policy describes how we handle personal data about clients, website visitors, suppliers and job seekers as well as the rights one has when registered.
In addition to the Privacy Policy, our Cookie Policy also applies.
1. Data processing company
NORTH Consulting Aps
Dampfærgevej 3, 3rd floor
2100 Copenhagen, Denmark
VAT no: 37506702
Phone: +45 3110 3376
Email: info@north.consulting
2. Categories of personal data
Personal data is all kinds of information that somehow relates to you. At NORTH Consulting, we receive information about our clients, website visitors, suppliers and job seekers. When you use our website, we collect and process a variety of such information. This happens e.g. in general use of our content, if you sign up for our events or fill out contact forms.
The data we process about you may include:
General personal data, including:
Identification data, including name, title, phone, email, company name, and address
Information included in our correspondence with you
Information about your behaviour on our digital services (e.g. IP address, geographic location, browser, operating system and the content you are looking at etc.)
Photos/video from events
Sensitive or semi-sensitive personal data (clients only):
In general, we do not process sensitive or semi-sensitive personal data about you. We recommend that you do not send or inform us about such information yourself.
3. How we use personal data for each purpose and the foundation for processing
3.1. Administration of potential and existing client relationships
Purpose 1:
When you become a client we process the necessary information about you in order to:
agree on our consultancy services to your company
ensure clear identification of you
Example: When you contact us to get more information, we use your name, address and other contact information to make an offer and contact you.
Foundation for processing: Data Protection Regulation, article 6, paragraph 1 (b and f). Our legitimate interests are:
to ensure that information is not provided to anyone other than you
to market services
to ensure compliance with current legislation
Purpose 2:
When you are a client with us on an existing agreement, we process your data to administer the agreement, including:
ensuring that services are delivered as agreed
receiving payment for our services
identifying you when you are contacting us
keeping your contact information up to date
meeting other obligations towards you or us, according to our agreement or legislation
Example: We provide services as agreed, send invoices for these as well as register your payment.
Foundation for processing: As above.
Purpose 3:
You are a client or none-client and participate in an event where we take photos/videos that can be used:
to market that type of event
to refer to events held
Participants can choose not to be in photos.
Example: You participate in a seminar or similar. Through pictures and video, we tell the good stories from client events and share knowledge and information about events and activities.
Foundation for processing: When attending NORTH Consulting events, we may take photos to be used for marketing purposes. Participants can choose not to be in photos for this purpose.
For any portrait images, we obtain consent.
3.2. Marketing, analyses, and segmentation
Purpose:
We use your personal data to send electronic marketing if we have your consent. Your consent may have been obtained when you have signed up for our events or via a form on our website. You can always unsubscribe from our electronic marketing.
We may also use your information for marketing via ordinary posts.
Example: We share information on commercial excellence topics relevant to you.
You have given us permission to send you this kind of information. In this case, we use your email and possible purchase history. We never use your email address etc. in conflict with marketing legislation and you can withdraw your consent at any time.
Foundation for processing: Data Protection Regulation, article 6 (a, b and f). Our legitimate interests are:
to develop and market our services
to sell our service
to position NORTH Consulting as a thought leader
3.3. Administration and improvement of our digital services
Purpose:
We are using tracking software to register the number of visits on www.north.consulting, including which domains the visitors are coming from and what content they are looking at. The information is only used to develop and improve our digital services and does not enable us to identify individual persons.
Example: You are using our digital services.
When you visit our website, we process your information in order to improve our digital services.
Foundation for processing: Data Protection Regulation, article 6 (f). Our legitimate interests are:
to improve the user experience
to develop and improve our digital services
3.4. Processing of job applications
Purpose:
All job applications (both specific and general) are registered and processed by our Recruiting staff and any leaders and interviewers involved.
Example: You send us a job application. We register and assess your application and keep the information received while processing. No later than 180 days after completing the process, we will delete all data and emails.
Foundation for processing: Data Protection Regulation, article 6, paragraph 1 (b). Our legitimate interests are:
Manage your application and communicate about any interview and contract/refusal.
If we process your data for other purposes than described above, we will inform you about the new purposes in advance of the actual processing if it falls under the data protection regulations.
4. Insight into your data (the right of access and the right to be forgotten)
You can get information about which personal data we have registered and processed about you. Contact us at info@north.consulting if you want the right to:
access to your personal data stored in our databases
have your personal data corrected/updated
be deleted/erased from our databases
limit your data with us
electronic transfer of your data
make objections
not have decisions made based on automatic handling, including profiling
We will respond to your question or request as soon as possible (and at least within one month of receiving your request, although this may be extended in difficult cases). If your question or request is comprehensive, it may be necessary to ask for additional information from you.
5. Our data processors/sub-data processors
We use a number of data processors and sub-data processors to handle personal data on our behalf. These third parties have been carefully selected and are all governed by data processing agreements (DPA) and sub-data processing agreements with us according to the legislation in EU’s General Data Protection Regulation 2018 (GDPR).
6. How long do we keep your personal data?
We will delete your personal data when it is no longer needed.
In general, NORTH Consulting complies with the filing period applicable to the current Bookkeeping Act in Denmark. To ensure correct handling of returning client relationships, potential complaints and warranty commitments and to be able to meet our obligations, we have determined that it is necessary to keep information for up to 10 years plus the current year effective from the business relationship or purpose has ended based on the law in the country where personal data is stored.
7. Violation of data
We will report every illegal violation of databases from any of our data processors or sub-data processors to all relevant persons or authorities within 72 hours after the breach if it appears clearly that personal data stored in an identifiable way has been compromised.
8. Contact regarding data protection or privacy policy
If you have further questions regarding our privacy policy or our data processing, please contact us via email info@north.consulting or at the address listed above.
Please note, that an ordinary email is NOT considered as secure communication. Thus, don’t include personal or sensitive information or other types of information that you think should be protected.
The privacy policy is effective from 1 January 2020.