Privacy Policy

1. Introduction

    1. When the Customer and/or a User makes use of the Desupervised Service, this Privacy Policy apply, and is part of the Agreement with the Customer. The defined terms used in this Privacy Policy, shall have the same meaning as in the Desupervised Terms.

    2. Desupervised collects and processes personal data when providing its Service to Customers, this policy (”Privacy Policy”) explains which data, how and why Desupervised processes such personal data. In regard of such personal data, Desupervised is the data controller.

    3. If the Customer or a User has questions regarding Desupervised’s processing of personal data, Desupervised can be contacted, at:

        Desupervised ApS
        c/o Univate
        Njalsgade 76, 3rd floor
        DK-2300 Copenhagen S
        Denmark
        info@desupervised.io
    4. When the Customer uses the Desupervised Service for operation of the AI-Code which has been created through the Service, and the Customer or its associated Users enters or uploads personal data into such AI-Code, Desupervised acts as a data processor for the Customer. In this regard please refer to the Desupervised Data Processor Agreement.

2. Legislation

    1. Desupervised always processes personal data in accordance with the General Data Protection Regulation (“GDPR”) and Applicable Law.

    2. Personal data is defined in accordance with the GPDR, as any information relating to an identified or identifiable natural person. Information on businesses is not considered personal information unless such information is also information on a person.

3. Processing of personal data

    1. In order to offer the Desupervised Service to Customers and their associated Users, Desupervised processes personal data on the Users, and sometimes regarding the Customer.

    2. When entering into an Agreement on the use of the Service, the Customer need to provide information on; name of business entity, address, business register number, name of contact person and e-mail-address of contact person. Also, information on acceptance of the Terms as well as this Privacy Policy and the Data Processor Agreement (if relevant) is registered. The purpose of collecting and processing such information, is to handle the Agreement and the relationship between Desupervised and the Customer. The legal basis for such processing is GDPR, art. 6, sect. 1, lit. b).

    3. When signing up as a User, information on name, e-mail-address, Customer to which the User is associated, username and password is collected and processed. Such information may be entered by a representative of the Customer. Also, information on the User’s acceptance of the Terms as well as this Privacy Policy is registered. The purpose of the collecting and processing of such information, is to handle the relationship between Desupervised and the User, as well as the User’s association with the Customer and the relationship between Desupervised and the Customer. The legal basis for such processing is GDPR, art. 6, sect. 1, lit. b).

    4. Whenever the Service is accessed by either Customer or a User, their ip-address, time of and details of log-in and log-out and use of the Service is logged. The purpose of such collection and processing is handling the Agreement with the Customer, for which the legal basis is GDPR, art. 6, sect. 1, lit. b), and for security-reasons and for documentation purposes in relation to abuse, for which the legal basis is GDPR, art. 6, sect. 1, lit. f). Desupervised, has a legitimate interest in being able to document possible abuse of the Service.

    5. Whenever a Customer or User send an inquiry to Desupervised, Desupervised process information registered regarding the Customer and the User making the inquiry, as well as possible personal data included in the inquiry. The purpose of this is to provide the Customer and/or User with support and/or other reply to the inquiry. The legal basis for such processing is GDPR, art. 6, sect. 1, lit. b) or lit. f) depending on the type of inquiry.  

4. Payment information

    1. When entering into an Agreement with Desupervised, information on payment is processed in relation to the Customer. The purpose of this is handling the Agreement between the Customer and Desupervised and the legal basis for such processing is handling GDPR, art. 6, sect. 1, lit. b).

    2. Further, payment card information is collected when the Customer makes a payment. Desupervised uses a secure third-party to manage payment card information and transactions. The privacy policy of such third-party payment services provider can be found here: https://reepay.com/terms-of-service/

5. Transfer of personal data outside the EU/EEA

    1. Desupervised only transfer personal data of Customer or User outside of the EU/EEA, if this is requested by the Customer or the User, e.g. when a Customer or User accesses the Service from a location outside the EU/EEA. Otherwise the personal data processed by Desupervised is not transferred outside the EU/EEA.

6. Security

    1. All personal data is stored on secure servers within the EU (Amazon Web Services, Germany).

    2. Desupervised have ensured that appropriate technical, organisational and physical measures are implemented in order to ensure an adequate level of protecting personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access in accordance with the GDPR and Applicable Law.

    3. In spite of Desupervised’s efforts to establish a secure environment for processing of data, the Customer should ensure, that the Customer and all associated Users themselves on access to the Service and when processing personal data have adequate security measure in place.

7. Retention of personal data

    1. Personal data regarding Customers is retained by Desupervised for as long, as an active Agreement is in place between the Customer and Desupervised and three years thereafter. Personal data regarding Users is retained for as long as the User is associated with a Customer having an active Agreement with Desupervised and three years thereafter. 

    2. Personal data relating only to an inquiry is however only retained for 6 months after Desupervised’s reply to the inquiry.

    3. All personal data may be retained for longer if specifically necessary, e.g. for legal purposes, where personal data may be retained until such legal matter has been resolved.

8. Personal data rights

    1. All persons whose personal data is being processed by Desupervised (“Data Subjects”) have certain rights in accordance with the GDPR and Applicable Law. Such rights are specified below.

    2. If a Data Subject wish to exercise one or more of their personal data rights, please contact Desupervised at the address above, cf. section 1.3

    3. Data Subjects have the right to obtain access to personal data being processed by Desupervised. (right of access)

    4. Data Subjects have the right to rectification of their personal data if these are inaccurate or misleading. (right of rectification)

    5. In certain situations, Data Subjects have the right to have their personal data erased prior to Desupervised otherwise erasing such personal data. (right of erasure).

    6. In certain situations, Data Subjects have the right to have the processing of their personal data restricted. If the Data Subject have such right, Desupervised shall only store such data, and not process them otherwise without consent, except in special situations. (right of restriction)

    7. In certain situations, Data Subjects have the right object to otherwise legal processing of their personal data, this include objection against processing for marketing purposes. (right of objection).

    8. In certain situations, Data Subjects have the right to receive their personal data in a structured, commonly used and machine-readable format and to have those data transmitted from one data controller to another data controller. (right of data portability)

    9. To the extent that Desupervised process personal data based on the consent of a Data Subject, such Data Subject may always withdraw the consent in relation to any future processing. (right to withdraw consent).

9. Complaints

    1. If a Data Subject is not satisfied with the way Desupervised processes the personal data of such Data Subject, please contact Desupervised, at the address above, cf. section 1.3

    2. A Data Subject may also lodge a complaint with the Danish Data Protection Agency on their website www.datatilsynet.dk, or by e-mail: dt@datatilsynet.dk, or, if within the EEA, with their national data protection agency.

10. Amendments to this Privacy Policy

    1. Desupervised may at any time amend or make changes to this Privacy Policy. If amendments or changes to the terms are made, the Customer and Users will be informed about this by e-mail to the address provided by the Customer, and a message about such amendments or changes will be posted on the Desupervised website. 

    2. An updated or amended version of the Privacy Policy will enter into force as of the commencement of the calendar month following the month in which the notification of the amended or changed Privacy Policy is provided.

    3. Continued use of the Service after the commencement date of the amended or changed Privacy Policy, cf. section 10.2, is deemed acceptance of the new Privacy Policy. If the Customer does not wish to accept the amended or changed Privacy Policy, the Customer may at any time terminate the agreement, cf. section 12.4 of the Terms. Any User not wishing to accept the amended or changed Privacy Policy, shall cease the use of the Service.