Privacy Policy

Data controller

We are the data controller for the processing of the personal data we process about our customers and partners. You can find our contact details below.

Ifish Travel

XXX road 10

xxxx xxby

CVR no.: 12345678

Our company is not required to have an external DPO, but if you have any questions about the processing of your personal data, you can contact us via info@ifish-travel.dk.

Treatment activities

As data controller cf. GDPR, we have the following processing activities.

Visiting the website

When you visit our website, we use cookies to make the website work, which you can read more about in our [cookiepolitik].

Communication with potential customers

If you have any questions about our site or want to find out more about our services, you can contact us via

  • Email
  • Phone

In doing so, we will process your personal data so that we can engage in a dialog with you, e.g. answer questions about our services. We only process the information you give us in the context of our communications.

We will typically process the following general information: name, email, phone number.

Our legal basis for processing this personal data is Article 6(1)(f) of the GDPR.

We will delete our communication with you when it is clear whether you want our services or not.

Should the need arise in a particular case to keep your personal data for a longer period of time, this may be the case.

Customers

We need to communicate with our customers to make sure that the service is delivered correctly. This allows us to process information on name, address, services, special agreements, payment information and the like.

The legal basis for processing this personal data is Article 6(1)(b) of the GDPR.

Once the service has been provided and any outstanding issues have been resolved, we will delete the personal data immediately afterwards.

Newsletters

We have a newsletter that is optional to sign up for – and you can unsubscribe at any time.

The purpose of the newsletter is to send the subscribers emails with new information from the company, which may include new content on the website, advertising of our services.

We will only send you emails if you have given your active consent to this. In the first instance, you will need to provide your email address, to which we will send an email to confirm your registration. In this way, we ensure that you have actually subscribed to the newsletter yourself, i.e. given active consent.

Our legal basis for processing your personal data (i.e. the email address) in connection with the newsletter will be Article 6(1)(a) of the General Data Protection Regulation.

We will process your personal data as long as you are still subscribed to the newsletter. If you unsubscribe from the newsletter, we will also stop sending it to you. If we have not sent you a newsletter for 1 year, your consent lapses as a result of our inaction.

By unsubscribing from the newsletter, we will store your now previous consent for 2 years after it was last used due to statute of limitations requirements cf. The Consumer Ombudsman’s spam guide section 11.3.

Bookkeeping

We must keep all accounting records in accordance with the Bookkeeping Act. This means that we keep invoices and similar documents for accounting purposes. This may include general personal data such as name, address, description of services.

Our legal basis for processing personal data for accounting purposes is Article 6(1)(1) of the General Data Protection Regulation.

We keep this information for a minimum of 5 years after the end of the current financial year.

Job applications

We welcome job applications to assess whether they match a recruitment need in our company.

If you send your job application to us, our legal basis for processing your personal data is Article 6(1)(f) of the General Data Protection Regulation.

If you have sent an unsolicited application, HR will immediately assess whether your application is relevant and then delete your data again if there is no match.

If you have submitted an application for an advertised job, we will dispose of your application in the event that you are not hired and immediately after the right candidate has been found for the job.

If you are part of a recruitment process and/or are hired for the job, we will provide you with separate information on how we process your personal data in this context.

Data processors

Few can do everything by themselves, and the same goes for us. We therefore have partners and use suppliers, some of whom may be data processors.

External suppliers may, for example, provide systems to organize our work, services, consultancy, IT hosting or marketing.

  • STRIPE – Stripe operates the payment gateway we use for card payments on our website.
  • Simply.com – Simply is responsible for hosting our website.
  • RC Turismo – Brazilian travel agency we work with.

It is our responsibility to ensure that your personal data is processed properly. This is why we set high standards for our partners, and our partners must guarantee that your personal data is protected.

We therefore enter into agreements with companies (data processors) that handle personal data on our behalf to ensure the security of your personal data.

Disclosure of personal data

We only disclose the personal data that is necessary for you to complete your purchase with us. This will only be information that you have provided to us yourself. In some cases, we share your name, phone number and email address with accommodation providers and day trip organizers. This is to ensure that you can check in to a booked accommodation or participate in a booked day activity. In addition, we do not disclose your personal data to third parties.

Profiling and automated decisions

We do not carry out profiling or automated decision-making.

Transfers from third countries

We generally use data processors in the EU/EEA or who store data in the EU/EEA. Excluded therefore are our Brazilian partners mentioned in the section on data processors.

In some cases, this is not possible and data processors outside the EU/EEA may be used if they can provide adequate protection for your personal data.

Security of treatment

We keep the processing of personal data secure by putting in place appropriate technical and organizational measures.

We have carried out risk assessments of our processing of personal data and have subsequently put in place appropriate technical and organizational measures to enhance the security of processing.

One of our most important measures is to keep our employees up to date on GDPR through ongoing awareness training, GDPR training courses, as well as by reviewing our GDPR procedures with employees.

Rights of data subjects

Under the General Data Protection Regulation, you have a number of rights in relation to our processing of your data.

If you want to exercise your rights, please contact us so that we can help you with this.

Right to see data (right of access)

You have the right to access the data we process about you, as well as a range of additional information.

Right of rectification (correction)

You have the right to have inaccurate information about yourself corrected.

Right to erasure

In exceptional cases, you have the right to have data concerning you erased before the time of our regular general erasure.

Right to restriction of processing

In certain cases, you have the right to restrict the processing of your personal data. If you have the right to restrict processing, we may in future only process the data – except for storage – with your consent, or for the establishment, exercise or defense of legal claims, or for the protection of a person or important public interests.

Right to object

In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You can also object to the processing of your data for direct marketing purposes.

Right to transmit data (data portability)

In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have those personal data transmitted from one controller to another without hindrance.

You can read more about your rights in the Danish Data Protection Agency’s guide on data subjects’ rights, available at
www.datatilsynet.dk
.

Withdrawal of consent

When our processing of your personal data is based on your consent, you have the right to withdraw your consent.

Complaint to the Data Protection Authority

You have the right to lodge a complaint with the Data Protection Authority if you are dissatisfied with the way we process your personal data. You can find the contact details of the Data Protection Authority at
www.datatilsynet.dk
.

In general, we encourage you to read more about the GDPR so that you are up to date with the rules.

Call for more information

+45 20485045