Privacy policy

GDPR - Privacy Policy

1. Data processor
The scan is a data processor for the website
The data processor is responsible for:
• You do not process data in other ways than you have agreed with the data controller
Prepare a reporter of the treatment activities
• Implement appropriate technical and organizational security measures
• Inform the data controller in the event of data breaches - and without undue delay
• Appoint a DPO if required
• Comply with the rules for transferring data to countries outside the EU

Where is Data stored? All information about customers residing in the EU is stored in's data centers in Denmark and within the EU.

2. Data controller
The scanner acts as the data controller for and for any personal information.
BT Maskinteknik is Data Responsible to customers who trade with BT Maskinteknik.
BT Maskinteknik processes this personal information cf. The Personal Data Ordinance and BT Maskinteknik's own Compliance programs on PC. All used IT systems are protected with codes, ie. personal data can not be accessed in any other way.

As data controllers:
• We do not process personal information that we do not need - We only process name, address, telephone number, and email, which is needed to send the customer his goods.
• Any information we process is lawfully collected. The customer must i.a. read the terms and conditions and policies in which all this is stated, and give consent (consent requirement) before we receive data / order.
• We use encrypted protocols for web, mail and file transfers. Bl.a. SSL.
• We keep applications up to date.
• There is limited access to information.
• We do not store information longer than necessary, in relation to operations, financial and legal requirements.

3. Consent requirements
Any information we process is lawfully collected. The customer must give consent before we receive personal info / data. When collecting personal data, we inform the registered person about the collection, including about:
• The purpose of the collection,
• Contact information of the data controller
Recipients or categories of recipients of the information
• The data subject's rights to correct and delete data
• The legal basis for the treatment
• Rights to withdraw consent and
• Opportunities to complain to the national data protection authority (Datatilsynet)

4. Data portability
The data subject may request that personal data be transferred directly from one data controller to the other data controller, where technically possible.

5. Right to be forgotten
The regulation establishes a right for the data subjects (the customer) to be "forgotten". Registered persons have a right to be forgotten if:
• It is not necessary to process personal data in order to pursue the purpose
• The data subject withdraws his consent and there is no other legal basis on which to base the processing
• Data processing is illegal
• The deletion is necessary to meet a legal requirement
• Registered person is under 16 years old

BT Maskinteknik may continue to process personal data after the data subject has requested to be forgotten if the legal basis has been consent and another legal basis applies - or if the processing is necessary for one of the specific purposes described in Article 17 (3). , including freedom of expression or for reasons of public health
When a person demands that the data be deleted, this also applies in future to parties that the data controller may has passed on the personal data to - thus it is your company's responsibility to ensure that all partners are informed of the request to have personal data deleted.

6. Impact Assessment
To be able to access personal information about a customer and to; for example. perform BT Maskinteknik regarding. order. Should a two-step verification be used:
1. One personal code to access PC,
One personal code to be able to access the webshop.
Ie. The risks are minimal so that an outsider will be able to access the personal information from the webshop.
All webshops are encrypted with SSL security, as well as additional security programs so that hackers can not access data.
In the event of a data breach, we will notify all customers directly. See more under data breaches.

7. Duty to notify in the event of data breach
In the event of a data breach, BT Maskinteknik will within 72 hours notify all customers who have had personal information that has been leaked.

For further info about BT Maskinteknik GDPR, including all departments and not just our website - please contact us.