Privacy Policy for Employees

Employee Privacy Policy for Employees of the North-East Family Office Group

This policy applies to North-East Venture ApS (Danish business registration (CVR) no. 25 16 73 41), (”NEV”, ”we”, ”our” or ”us”).

At NEV, confidentiality and data protection are high priorities. This privacy policy (“Privacy Policy”) explains how we process (“Process/Processing/Processed”) your personal data (“Personal Data”) as an employee of NEV (an “Employee”). 

 

Changes may occur to this Privacy Policy from time to time and will be made available here. 

 

  1. Collection of Personal Data

At NEV, we Process Employee Personal Data about you and other of our Employees for Employee administration purposes in accordance with this Privacy Policy. 

 

The following Employee Personal Data may be Processed for such purpose:

(1) Name, address, phone number, e-mail address etc. 

(2) Details of employment such as employee ID, date of employment, CV, place of work, work e-mail address(es), work related phone number(s), title, position, information as to whether the employment is full time/part time, information on promotions etc. 

(3) Financial information such as information regarding salary/other compensation, bonuses, tax information, bank accounts, and other employment benefits etc. 

(4) Work-time records. 

(5) Information regarding absence due to illness (for statistical purposes). 

(6) Information regarding absence due to maternity leave or other leave etc. 

(7) Information regarding education and specialization. 

(8) Performance reviews.

(9) Photo(s).

(10) Reimbursement(s). 

(11) Information collected in connection with access control (access to buildings, IT systems, etc.).

(12) Passwords and usernames. 

(13) Information necessary to administer health care plans, pension schemes and other Employee benefits.

 

NEV only Processes Employee Personal Data to the extent necessary and/or required by law. 

 

The legal basis for the Processing, with respect to the majority of the Employee Personal Data that is being/will be Processed by NEV, is the employment contracts entered into between NEV and its Employees in accordance with Article 6(1)(b) of the General Data Protection Regulation (”GDPR”), or Sections 12(1) and (2) of the Danish Data Protection Act (in Danish: databeskyttelsesloven) (the “Data Protection Act”) if the obligation has its source in another law or as part of our legitimate interest.

 

In accordance with Section 11(2)(1) of the Data Protection Act NEV will Process the social security numbers of its Employees (in Danish “CPR no.”) to the extent required, including in connection with the payment of taxes as part of salary administration. 

 

NEV may also Process contact information related to its Employees’ family, friends, and/or other relatives. The Processing is based on NEV’s legitimate interest in being able to contact such family, friends and/or other relatives in the event that its Employees become ill or another emergency in accordance with Section 6(1)(f) of the GDPR. 

 

Under certain circumstances NEV may ask for a copy of its Employees’ criminal records. The Processing will be based (as a legal basis) on its Employees’ consent in accordance with Section 8(3) of the Data Protection Act. In other situations, NEV can also Process information on other criminal offences if this is necessary for the purpose of pursuing another legitimate interest and this interest clearly overrides the interests of the Employees as Data Subjects in accordance with Section 8(3), second sentence, of the Data Protection Act. Whether NEV relies on the consent or its own legitimate interest as a legal basis for such Processing depends on the situation in question, however, we will in all cases obtain your consent prior to the Processing of Personal Data contained in your criminal records.

 

Further, in some cases we may be required to collect and Process special categories of Personal Data, such as health data. Such Processing is only carried out if necessary for complying with the labour law obligations of NEV, including, but not limited to, the Danish Sickness Benefits Act (in Danish: Sygedagpengeloven) or the Danish Health Information Act (in Danish: Helbredsoplysningsloven) or if necessary, for the purpose of pursuing a legitimate interest in accordance with Sections 12(1) and (2) of the Data Protection Act.

 

Certain Processing activities require the Employees’ prior consent, e.g. the use of photos of the Employees  for marketing purposes. 

 

Employee Personal Data may also be Processed in order to comply with legal requirements or to establish or defend legal claims.

 

  1. Processing of Employee Personal Data

NEV may Process Employee Personal Data for the following purposes: 

 

(1) Employee administration, management and administration of compensation (salary, bonuses, benefits, etc.), training and other HR related Processing related to your employment with NEV.

(2) Planning and administration.

(3) Appointments, promotions and demotions. 

(4) Personal development records, performance management etc. 

(5) Analysis and management of Employee works skills, certifications, licenses and competencies.  

(6) Completion of Employee satisfaction surveys.

(7) Administration of Employee expenses.

(8) Facility management, work environment and related security.

(9) Provision and support of IT systems, user profiles, investigations, etc.

(10) Handling of claims and disputes.

(11) Compliance with legal, regulatory and other obligations.

(12) Other legitimate purposes.

 

  1. Transfer of Employee Personal Data

Employee Personal Data may be made available to third parties for such third parties’ provision of services to NEV pursuant to a separate contract. Such services may be, but are not limited to, administration of salary, expenses and other compensation, IT hosting and IT maintenance etc.

 

The transfer of Employee Data will always be subject to the following conditions: 

(1) third parties will only Process Employee Personal Data on the basis of a data processing agreement; and 

(2) such Processing will only take place in accordance with North-East’s instructions. 

 

Certain Employee Personal Data will be disclosed to companies within NEV for administration purposes.

 

Certain Employee Personal Data will also be reported to government authorities where required by law, e.g. for tax reporting or to private organizations, e.g. pension or insurance providers, travel agencies, airline companies, leasing bureaus and financial institutions. The legal basis for such disclosure is Article 6(1)(b) and (c) of the GDPR and Sections 12(1) and (2) of the Data Protection Act. Employee Personal Data Processed as part of the employment with North-East may be disclosed to third parties as required by law or if the Employees provide their consent to the disclosure of their Employee Personal Data.

 

NEV may disclose Employee Personal Data to external lawyers, accountants etc., if the Processing is necessary for the establishment, exercise or defense of legal claims in accordance with Article 6(1)(f) and Article 9(2)(f) of the GDPR.

 

All transfers and Processing of Personal Data within NEV are subject to an Intra Group Data Processing and Transfer Agreement, which ensures compliance with the Data Protection Legislation.    

 

  1. Transfer of Employee Data to third parties, transfer to third countries

Employee Personal Data may be shared with other entities within the North-East Group and other third parties

 

  1. Video surveillance

North-East Venture is located in Office Club at August Bournonvilles Passage 1, 1055 Copenhagen, which has video surveillance installed by the entrances. The purpose of the video surveillance is to ensure safety and prevent crimes in accordance with Article 6(1)(f) of the GDPR and Section 8(3) of the Data Protection Act. 

 

Video recordings are only be accessed and reviewed in the event of the suspicion of criminal behavior, violation of Office Clubs internal guidelines or through internal/external auditing. The recordings may be disclosed to the police for criminal investigations, if the recordings are disclosed for the purpose of safeguarding public or private interests which clearly override the interests of secrecy in accordance with Section 8(4) of the Data Protection Act or if the disclosure is otherwise required by law. Should it be necessary to disclose the recordings for other purposes than mentioned, the prior consent of the subjects of such recordings will be obtained before disclosing the recording. 

 

The video recordings are stored on a server that only a limited number of employees within Office Club have access to and can only be accessed with a password. 

 

Video recordings which have been recorded for the purposes of preventing crime will be deleted or anonymized no later than 30 days after the recording has taken place, unless it is necessary for Office Club to keep the recordings for the purpose of solving a breach of law. Recordings from video surveillance which has been conducted for other purposes will be deleted when it no longer serves a purpose to store the information.

 

  1. Retention of Employee Personal Data

As a general rule, Employee Personal Data will be kept for a period of five years following the termination of the relevant Employee to which such Employee Personal Data relates, unless NEV is required to store such Employee Personal Data for a longer period due to legal requirements or, if necessary, for the purpose of defending a specific legal claim or dispute.

 

Bookkeeping material (including Employee Personal Data such as salary information) must be retained for five years following the end of the financial year that the data relates to in accordance with the Danish Bookkeeping Act (in Danish: bogføringsloven).

 

NEV may Process and store Employee Personal Data for a longer period than set out above in an anonymized form which means that NEV will no longer be able to refer the Employee Personal Data back to the individual Employee.

 

  1. Security

We have implemented security measures to protect your Personal Data in the best possible way. This includes the use of encryption and pseudonymization (where possible), access restriction, etc.

 

  1. Rights of Employees as data subjects

Subject to certain statutory exceptions, Employees have the right to access their Employee Personal Data that is being Processed and stored about them by NEV, Furthermore, each individual Employee has the right to object to the Processing (and request the restriction of) the Processing of their Employee Personal Data. In addition, each individual Employee also has the right to request rectification (including completion or deletion) of their Employee Personal Data to the extent it is incomplete or incorrect. 

 

Under certain circumstances, the Employees may also request that NEV provides them with a copy of their Employee Personal Data in a structured, commonly used, and machine-readable format and request NEV to transfer such Employee Personal Data to another data controller.

 

  1. Data controller, contact and complaints

For Employees employed with NEV, NEV is data controller and responsible for the Processing of the Employees’ Personal Data. 

 

The contact information of North-East ApS is stated below: 

 

North-East Venture ApS

Danish business registration (CVR) no. 25 16 73 41

August Bournonvilles Passage 1

1052 København K

Denmark

 

If you wish to exercise any of your rights, if you have any questions regarding this Privacy Policy or the Processing of your Personal Data or you wish to make a complaint you can contact nev@info.nu. You are also entitled to file a complaint with the Danish Data Protection Agency (in Danish: Datatilsynet), Carl Jacobsens Vej 35, 2500 Valby, telephone number +45 33 19 32 00, e-mail dt@datatilsynet.dk.