- If the Customer or a User has questions regarding Desupervised’s processing of personal data, Desupervised can be contacted, at:
Njalsgade 76, 3rd floor
DK-2300 Copenhagen S, Denmark
- When the Customer uses the Desupervised Service for operation of the AI-Code which has been created through the Service, and the Customer or its associated Users enters or uploads personal data into such AI-Code, Desupervised acts as a data processor for the Customer. In this regard please refer to the Desupervised Data Processor Agreement.
- Desupervised always processes personal data in accordance with the General Data Protection Regulation (“GDPR”) and Applicable Law.
- Personal data is defined in accordance with the GPDR, as any information relating to an identified or identifiable natural person. Information on businesses is not considered personal information unless such information is also information on a person.
3. Processing of personal data
- In order to offer the Desupervised Service to Customers and their associated Users, Desupervised processes personal data on the Users, and sometimes regarding the Customer.
- Whenever the Service is accessed by either Customer or a User, their ip-address, time of and details of log-in and log-out and use of the Service is logged.
- The purpose of such collection and processing is handling the Agreement with the Customer, for which the legal basis is GDPR, art. 6, sect. 1, lit. b), and for security-reasons and for documentation purposes in relation to abuse, for which the legal basis is GDPR, art. 6, sect. 1, lit. f). Desupervised, has a legitimate interest in being able to document possible abuse of the Service.
- Whenever a Customer or User send an inquiry to Desupervised, Desupervised process information registered regarding the Customer and the User making the inquiry, as well as possible personal data included in the inquiry. The purpose of this is to provide the Customer and/or User with support and/or other reply to the inquiry. The legal basis for such processing is GDPR, art. 6, sect. 1, lit. b) or lit. f) depending on the type of inquiry.
4. Payment information
- When entering into an Agreement with Desupervised, information on payment is processed in relation to the Customer. The purpose of this is handling the Agreement between the Customer and Desupervised and the legal basis for such processing is handling GDPR, art. 6, sect. 1, lit. b).
5. Transfer of personal data outside the EU/EEA
- Desupervised only transfer personal data of Customer or User outside of the EU/EEA, if this is requested by the Customer or the User, e.g. when a Customer or User accesses the Service from a location outside the EU/EEA. Otherwise the personal data processed by Desupervised is not transferred outside the EU/EEA.
- All personal data is stored on secure servers within the EU (Amazon Web Services, Germany).
- Desupervised have ensured that appropriate technical, organisational and physical measures are implemented in order to ensure an adequate level of protecting personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access in accordance with the GDPR and Applicable Law.
- In spite of Desupervised’s efforts to establish a secure environment for processing of data, the Customer should ensure, that the Customer and all associated Users themselves on access to the Service and when processing personal data have adequate security measure in place.
7. Retention of personal data
- Personal data regarding Customers is retained by Desupervised for as long, as an active Agreement is in place between the Customer and Desupervised and three years thereafter. Personal data regarding Users is retained for as long as the User is associated with a Customer having an active Agreement with Desupervised and three years thereafter.
- Personal data relating only to an inquiry is however only retained for 6 months after Desupervised’s reply to the inquiry.
- All personal data may be retained for longer if specifically necessary, e.g. for legal purposes, where personal data may be retained until such legal matter has been resolved.
8. Personal data rights
- All persons whose personal data is being processed by Desupervised (“Data Subjects”) have certain rights in accordance with the GDPR and Applicable Law. Such rights are specified below.
- If a Data Subject wish to exercise one or more of their personal data rights, please contact Desupervised at the address above, cf. section 1.3
- Data Subjects have the right to obtain access to personal data being processed by Desupervised. (right of access)
- Data Subjects have the right to rectification of their personal data if these are inaccurate or misleading. (right of rectification)
- In certain situations, Data Subjects have the right to have their personal data erased prior to Desupervised otherwise erasing such personal data. (right of erasure).
- In certain situations, Data Subjects have the right to have the processing of their personal data restricted. If the Data Subject have such right, Desupervised shall only store such data, and not process them otherwise without consent, except in special situations. (right of restriction)
- In certain situations, Data Subjects have the right object to otherwise legal processing of their personal data, this include objection against processing for marketing purposes. (right of objection).
- In certain situations, Data Subjects have the right to receive their personal data in a structured, commonly used and machine-readable format and to have those data transmitted from one data controller to another data controller. (right of data portability)
- To the extent that Desupervised process personal data based on the consent of a Data Subject, such Data Subject may always withdraw the consent in relation to any future processing. (right to withdraw consent).
- If a Data Subject is not satisfied with the way Desupervised processes the personal data of such Data Subject, please contact Desupervised, at the address above, cf. section 1.3
- A Data Subject may also lodge a complaint with the Danish Data Protection Agency on their website www.datatilsynet.dk, or by e-mail: firstname.lastname@example.org, or, if within the EEA, with their national data protection agency.