PanzerGlass™ Privacy Policy

At PanzerGlass A/S (”PG”, ”we”, ”us” or ”our”) confidentiality and data protection is a high priority. This privacy policy applies for our processing of personal data, including on the websites of the PanzerGlass Group and sets out the guidelines for PG’s processing of your personal data and provides you with the information you have the right to receive according to applicable data protection law. You must read the privacy policy before submitting your personal data to PG.

 

1. Data controller and contact information

The data controller of your personal data is:

PanzerGlass A/S

Delta 8, Søften

8382 Hinnerup

Denmark

Reg. no.: 34902380

Email: info@panzerglass.com

 

2. If you visit our websites

The following paragraph describes PG's processing of personal data about visitors of our websites.

 

2.1 Cookies

We use cookies on our websites to, among other things, optimize the user experience and the functions of the websites as well as to prevent abuse and downtime. You can read more about the use of cookies in our cookie banner, which appears on the front page when you visit our websites for the first time.

You can always change your cookie settings by clicking on the small cookie symbol in the lower left corner of the websites.

 

2.2 If you use the contact form or chat function on the website, contact our customer service department or otherwise communicate with us

Types of personal data

When you use the contact form or chat function on our websites, contact our customer service department or otherwise communicate with PG, we collect and process your personal data. PG can collect, process and store the following types of personal data about you:

  • Name, email address, telephone number, physical address (shipping address)
  • Your inquiry, e.g., order and payment information
  • Date of your inquiry
  • Other information provided by you in connection with your inquiry. We urge you not to provide us with sensitive personal data unless such sensitive personal data is strictly required for the processing of your inquiry. In such event, the sensitive personal data should be forwarded in highly encrypted format only if forwarded by email.

Purpose of processing

Your personal data may be processed for the following purposes:

  • Handling of your inquiry and potential orders
  • Administration of potential rights
  • General communication
  • Statistics and analytics

 

Legal basis

PG processes your personal data on the following legal bases. The basis for the processing depends on the nature of your inquiry.

  • Legitimate interests: We may process your personal data based on our legitimate interests in handling your inquiry, communicating with you and developing our products and services (Article 6(1)(f) of the GDPR).
  • Contractual obligations: If your inquiry pertains to any (potential) conclusion of a contract, we process your personal data in order to be able to implement measures prior to the conclusion of the contract (Article 6(1)(b) of the GDPR).

 

2.3 When you register as a user on My PanzerGlass

Types of personal data

When you create a personal profile on the websites at “My PanzerGlass”, PG processes your personal data. PG can collect, process and store the following types of personal data about you:

  • Name, email address, telephone number, address
  • Digital footprints
  • Password and username
  • Order history and receipts
  • Subscriptions to newsletters

 

Purpose of processing

Your personal data may be processed for the following purposes:

  • Management of user account/profile
  • Analytics and statistics
  • Marketing

 

Legal basis

PG processes your personal data on the following legal bases:

  • Legitimate interests: We may process your personal data on the basis of our legitimate interests in managing the created user accounts and our legitimate interest in working out statistics and performing analyses to improve the user experience (Article 6(1)(f) of the GDPR).
  • Consent: PG will use your personal data only for direct marketing purposes, including publication of newsletters if you have given your prior explicit consent to such purposes (Article 6(1)(a) of the GDPR).

2.4 If you use our webshop

Types of personal data

When you use our webshop, PG processes your personal data. PG can collect, process and store the following types of personal data about you:

  • Name, email address, telephone number and address
  • Your payment information
  • Information about your previous purchases
  • Information you provide when you complete a purchase or communicate with us in other ways
  • Use of discounts
  • Digital footprints (e.g., how you use PG’s webshop)

 

Purpose of processing

Your personal data may be processed for the following purposes:

  • Completion of orders in PG’s webshop
  • Management of shipment, complaints, and returns
  • Management of user accounts/profiles
  • Analytics and statistics
  • Prevention and investigation of suspected fraud

 

Legal basis

PG processes your personal data on the following legal bases:

  • Legitimate interests: We process your personal data on the basis of our legitimate interest in promoting our products and services to you in cases where consent is not required, as well as our legitimate interest in being able to conduct statistics and analysis in order to develop and improve our services (Article 6(1)(f) of the GDPR).
  • Contractual obligations: We process your personal data to fulfill the concluded agreement, including delivering of the ordered goods, handling of order confirmation, complaints, returns, etc. (Article 6(1)(b) of the GDPR).

    3. If you sign up to our newsletter(s)

    Types of personal data

    PG can collect, process and store your personal data for marketing purposes when you sign up to our newsletter(s). PG may collect, process, and store the following types of personal data about you:

    • Name, email address, telephone number, address
    • Your consent
    • Your click behaviour in the distributed material
    • Information on your use of our website and services
    • Order history, including any previous correspondence

     

    Purpose of processing

    Your personal data may be processed for the following purposes:

    • Marketing
    • Analytics and statistics

     

    Legal basis

    PG processes your personal data on one or more of the following legal bases:

    • Consent: PG will use your personal data only for direct marketing purposes, including publication of newsletters if you have given your prior explicit consent to such purposes (Article 6(1)(a) of the GDPR).
    • Legitimate interests: The processing of your personal data for analytics and statistics purposes is based on our legitimate interests in being able to improve and develop our services (Article 6(1)(f) of the GDPR).

      4. If you use our whistle-blower service

      Types of personal data
      We may process the following personal data about the reported person, if the data is provided in relation to the report. In addition, a report may contain personal data about third parties:   

      • Name
      • Contact information
      • Job title
      • Reported information
      • Description of the alleged infringement
      • Potential criminal offenses

      When a reporting is made, we will process personal data about the data subjects who are part of the report (i.e., the sender of the report, the reported person, and other third parties involved) in order to handle and investigate the alleged infringement.

      If you report an alleged infringement, such reporting will remain confidential and, at your wish, anonymous. However, you should in any case provide an email address, as we may need to obtain further information about the violation in order to handle the case properly.

       

      Purpose of processing

      Your personal data may be processed for the following purposes:

      • Establishment and administration of the whistleblower service, where suspicion of unregulated conduct and violations of applicable law or internal guidelines can be reported
      • Administration of reported incidents, including clarification of potentially criminal matters

       

      Legal basis

      PG processes your personal data on one or more of the following legal bases:

      • Legitimate interests: We may process your personal data on the basis of our legitimate interest in investigating reported incidents (Article 6(1)(f) of the GDPR).
      • Legal obligation: We process your personal data in order to fulfil our legal obligation (Article 6(1)(c) of the GDPR).

       

      5. If you apply for a job with PG

      When you apply for a job with PG, we process your personal data in connection with the recruitment procedure. We recommend that you do not disclose your social security number or any sensitive personal data in your application, such as personal data revealing racial or ethnic origin, religion, trade union membership, sexual orientation, or health data.

       

      Types of personal data

      PG may collect, process and store the following types of personal data about you:

      • Contact details, such as name, email address and telephone number
      • Information appearing from applications, CVs, and any appendices, e.g., grade transcripts
      • Relevant information publicly available on the internet and social media (e.g., Facebook and LinkedIn), including particularly information on previous employment, activities, skills, performance, and general appearance
      • Outcome of personality and skills tests completed (if any)
      • References from former and/or current employers listed in your application or references you have consented us to contact
      • Health data if the position you have applied for imposes special health requirements
      • Other information provided to us by you in connection with the recruitment procedure

       

      Purpose of processing

      Your personal data will be used to assess whether we wish to offer you a position at PG.

       

      Legal basis

      PG processes your personal data on one or more of the following legal bases:

      • Legitimate interests: We may process your personal data on the basis of our legitimate interests in assessing whether we wish to offer you employment, including on the basis of the information you provide in your CV, application and any appendices, on the basis of relevant information which is publicly available on the internet and social media, outcome of personality and skills tests, references from persons you have listed in your application, as well as other information you may give us in connection with the recruitment procedure. The processing may also be necessary due to our legitimate interest in defending or exercising legal claims (Article 6(1)(f) of the GDPR).
      • Consent: If we intend to collect references from former and/or current employers whom you have not listed as references in your application, we will only do so if you have given your consent thereto (Article 6(1)(a) of the GDPR).

      If the position you have applied for, by way of exception, imposes special health requirements, we will – following a specific assessment and only where the collection of such data is lawful according to national legislation – ask for your explicit consent prior to the processing of such personal data (Article 9(2)(a) and Article 6(1)(a) of the GDPR).

       

      6. If you are a supplier, distributor, business partner, etc.

      This paragraph includes the policy of PG’s processing of personal data about owners of sole proprietorship businesses or contact persons with suppliers, distributors and other business partners cooperating with PG.

       

      Collection of personal data

      PG may collect, process and store your personal data in the following events:

      • When your business or the business with which you are employed concludes a contract with PG
      • When you have shown an interest in PG’s products and services by, for example, giving PG your business card
      • When you cooperate and communicate with PG

       

      Types of personal data

      PG may collect, process and store the following types of personal data about you:

      • Name, email address, telephone number and similar contact details
      • Individual data, such as preferred language
      • Organisational data, such as the name and address of the business, job title, employment area, primary workplace, and country
      • Contractual data, such as orders, invoices, contracts, and other agreements between your business (or your employer) and PG, potentially including, for example, your contact details
      • Financial data, such as terms of payment and bank details (in the case of a sole proprietorship)

      We may receive such data directly from you (primarily by way of emails and other correspondence exchanged with you) or from third parties, such as your employer.

       

      Purpose of processing

      Your personal data may be processed for the following purposes:

      • General planning, execution, and administration of cooperation, including contracts
      • Administrative purposes, such as processing of payments, bookkeeping, audits as well as provision of support
      • Newsletters and other promotional communication
      • Handling of your inquiries
      • General communication
      • Development of products and services
      • Statistics and analytics
      • Compliance with applicable rules and regulations, such as fulfilment of our obligations to prevent illegal activities
      • Conflict management

       

      Legal basis

      PG processes your personal data on one or more of the following legal bases:

      • Contractual obligations: In certain cases, the processing of your personal data is necessary in order to be able to perform a contract (Article 6(1)(b) of the GDPR).
      • Legitimate interests: We may process your personal data on the basis of our legitimate interests in, for example, managing the day-to-day operations in accordance with lawful and fair business practices, including planning, execution, and administration of the cooperation or our legitimate interest in, for example, working out statistics, performing analyses, and marketing activities (not subject to consent), providing support as well as improving and developing our products and services. The processing may also be necessary due to our legitimate interests in preventing fraud or establishing, defending or exercising legal claims (Article 6(1)(f) of the GDPR).
      • Legal obligation: In some cases, the processing of your personal data will be necessary to comply with legal obligations, such as our obligation to prevent illegal activities (Article 6(1)(c) of the GDPR).

       

      7. If you visit our physical premises

      Types of personal data

      When you visit our office premises and other buildings, PG processes your personal data via video-surveillance and possible access control. PG may collect, process, and store the following types of personal data about you:

      • Licence plate
      • Date and time of your visit
      • Digital footprints, including information on where and when you have used access card (if you have been issued an access card)
      • Photo and video material in relation to video-surveillance

       

      Purpose of processing

      Your personal data may be processed for the following purposes:

      • To give you access to our office premises and other buildings
      • To manage your visit
      • To ensure the security of our office premises and other buildings
      • To prevent and solve criminal offenses on our office premises and other buildings

       

      Legal basis

      PG processes your personal data on the following legal basis:

      • Legitimate interests: Our processing of your personal data is based on our legitimate interests in being able to give you access to our office premises and other buildings and in protecting our physical premises (Article 6(1)(f) of the GDPR). We process personal data relating to criminal offenses collected via video-surveillance based on our legitimate interests in preventing and solving criminal offenses (Section 8(3) of the Danish Data Protection Act).

       

      8. If you visit our social media profiles

      This paragraph includes the policy governing PG’s processing of personal data collected via PG’s social media profiles or sites.

       

      PG and the social media providers are joint data controllers in respect of the processing of personal data collected in connection with your visit to PG’s individual social media profiles or sites. PG complies with the guidelines of the data protection authorities for joint data controllership and attempts, by using available tools and means, to ensure the best way possible that you receive information on the processing of your personal data when you visit PG’s social media profiles or sites.

       

      PG has the following social media profiles or sites:

      • Facebook (Facebook Ireland Ltd.)
        • Facebook's privacy policy is available her
        • You may adjust your privacy settings for Facebook her
      • YouTube (Google LLC)
        • Google’s privacy policy is available here
        • You may adjust your privacy settings for YouTube here
      • LinkedIn (LinkedIn Ireland Unlimited Company)
        • LinkedIn's privacy policy is available here
        • You may adjust your privacy settings for LinkedIn here
      • Instagram (Instagram, Inc.)
        • Instagram's privacy policy is available here
        • You may adjust your privacy settings for Instagram here
      • Vimeo
        • Vimeo privacy policy is available here
      • Pinterest (not used actively but not deactivated)
      • TikTok (no longer used actively but not deactivated)


      Collection of personal data

      When you visit or interact with our social media profiles, PG and the relevant social media provider may collect, process, and store the following types of personal data about you:

      • Information available on your profile, including your name, gender, marital status, workplace, interests, and your town
      • Your "likes" or other reactions expressed on our profile
      • Comments left by you to our postings
      • Your visit to our profile

       

      Purpose of processing

      PG processes your personal data for the following purposes:

      • To improve our products and services, including our social media profiles and sites
      • To work out statistics and perform analyses
      • To be able to communicate with you if you comment on a posting, make a review, or send us a message
      • To perform promotional marketing in general
      • Recruitment

       

      The social media providers process your personal data, among other things, for the following purposes:

      • To improve their advertising system
      • To provide PG with statistics, among other things, worked out by such social media providers based on your visit to our profiles and sites
      • To advertise and adapt the activities on the site.

       

      Please go to the privacy policy of the individual social media providers for information describing for how long they store your personal data.

       

      Legal basis

      PG processes your personal data on the following legal bases:

      • Legitimate interests: Our processing of your personal data is based on our legitimate interests in being able to communicate with you and market ourselves vis-à-vis you on our social media profiles as well as our legitimate interest in improving our products and services (Article 6(1)(f) of the GDPR).

        The social media providers base their processing of your personal data on their legitimate interests, including their interests in improving their advertising system and delivering statistics to PG, that the social media providers, for example, work out on the basis of your visit to PG’s social media profile or site. In addition, the social media providers have a legitimate interest in delivering innovative, individually adapted, secure and profitable services (Article 6(1)(f) of the GDPR).
      • Consent: The social media providers process some of your personal data in accordance with your consent which you are entitled to withdraw at any point in time via your social media privacy settings (Article 6(1)(a) of the GDPR).

       

      With whom do social media providers share your personal data?

      Social media providers may, among other things, share your personal data with the following categories of recipients:

      • Other entities within the group of which the social media provider is a part
      • External business partners providing analytical and investigative services
      • Advertisers
      • Other individuals visiting our social media profile or site (to the extent that your information is publicly available)
      • Researchers and other academics
        • Please go to the privacy policy of the individual social media providers for more details on the parties with whom the social media providers share your personal data.
        • The social media providers may transfer your personal data to recipients outside the EU/EEA in accordance with applicable data protection legislation. Please go to the privacy policies of the individual providers for more details.
        • For more information on the parties with whom PG shares your personal data, please go to the paragraph Disclosure to other data controllers and outsourcing to data processors

       

      9. How long to we store your personal data?

      We will delete your personal data when we no longer need to process them in relation to one or more of the purposes set out above. However, the data may be processed and stored for a longer period in anonymized form, or if we are required to do so by law.

      Personal data that is necessary to document your customer relationship is stored for as long as the customer relationship lasts. After termination of the customer relationship PG stores your data as long as the data is necessary to document PG's legal position vis-à-vis you, e.g., in connection with a dispute or collection of arrears.

      Book-keeping material, including personal data, which we are obliged to store in accordance with the Danish Consolidated Bookkeeping Act (Bogføringsloven), is deleted no earlier than 5 years after the end of the financial year to which the data relates.

       

      My PanzerGlass

      Your personal data will generally be stored for 2 years from the last registered activity on your customer profile, or until you terminate your membership.

       

      Purchases in webshop:

      We will generally store your personal data for 2 years from your most recent purchase. If you have purchased products that are covered by a warranty, we will delete your personal data at the earliest at the end of the warranty period.

       

      Newsletters:

      Your personal data will be stored as long as your consent to receiving newsletters is active.

      You may withdraw your consent at any time by using the unsubscribe link at the bottom of each email or by contacting us as described below. Withdrawal of your consent does not, however, affect the legality of the processing that took place prior to such withdrawal.

      Any documentation of your consent under marketing law will be stored by us for two years as from the date when you withdrew your consent to receiving direct marketing material. The storage period has been determined on the basis of PG's legitimate interest in being able to document that direct marketing took place in accordance with applicable law (Article 6(1)(f) of the GDPR).

       

      Whistleblower system:

      PG stores the personal data for as long as is necessary to handle the specific reports.

       

      Job applications:

      If you are offered a job at PG, your application and other relevant personal data collected in connection with the recruitment procedure will be stored in your employee file, and as long as it is necessary in relation to your employment.

      If you are not offered a job, we will store your application and any additional personal data collected in connection with the recruitment procedure for a period of six months following our rejection of your application, unless you have consented to storage of such personal data for a longer period of time.

      You may at all times withdraw any consent you may have given as part of our recruitment procedure. Withdrawing your consent will affect the future processing of your personal data, but it will not affect the legitimacy of the processing that took place based on your consent given prior to such withdrawal. If you wish to withdraw your consent, please contact us, using the details below.

       

      Video-surveillance:

      Recordings for the purpose of crime prevention will be deleted or anonymized within 30 days from the date of the recording, unless it is necessary for PG to store the recordings for the purpose of handling a specific dispute, e.g., in connection with solving an offense.

       

      10. Disclosure to other data controllers and outsourcing to data processors

      In order to comply with the aforesaid purposes, we may grant access to your personal data to third parties, delivering relevant services based on a contractual relationship with PG. Such third parties may, for example, be IT suppliers, email services providers and suppliers of IT solutions. Such service suppliers will process your personal data only in accordance with our instructions according to data processing agreements entered into.

      We also disclose your personal data to certain partners in relation to, e.g., payment solutions on our website and with regard to the delivery of your order. In addition, we may provide your IP address and information about your order to our affiliate marketing partners for the purpose of clearing referrals to our webshop.

      In connection with PG’s development, the company structure may change, for example by way of a full or partial sale of the business. In the event of a partial transfer of assets including personal data, the basis of processing incidental to the disclosure of personal data in question is, as a general rule, Article 6(1)(f) of the GDPR, since PG has a legitimate interest in transferring parts of its assets as well as making commercial changes.

      As a general rule, your personal data will not be disclosed to any third parties without your consent other than in events as described above. However, in certain circumstances and according to law, it may become necessary to disclose your personal data to:

      • The police
      • Lawyers
      • Accountants
      • Courts
      • Public authorities
      • Potential buyers
      • Affiliated companies

       

      If your personal data is transferred to data processors or data controllers established in countries outside the EU/EEA, which have not implemented an adequate level of protection, such transfer will be based on the European Commission’s Standard Contractual Clauses, Binding Corporate Rules, or another legal basis for transfer in accordance with Chapter V in the Regulation (GDPR).

       

      11. Your rights

      • You have a right of access to the personal data we process about you
      • You have a right to object to our collection and further processing of your personal data
      • You have a right of rectification and erasure of your personal data subject, however, to certain statutory exceptions, including the provisions of the Danish Consolidated Bookkeeping Act (bogføringsloven)
      • You have a right to request us to restrict the processing of your personal data
      • In some circumstances, you may also request to receive a copy of your personal data and request for transmission of your personal data given to us to another data controller (data portability)
      • You may always withdraw any consent you may have given. We will then delete your personal data unless we are able to continue the processing on another basis. You may unsubscribe from our newsletter by clicking the link at the bottom of the newsletter.

       

      12. Questions and complaints

      If you have any questions as to this privacy policy or if you wish to file a complaint against our processing of your personal data, please do not hesitate to contact us at:

       

      PanzerGlass A/S

      Delta 8, Søften

      8382 Hinnerup

      Email: GDPR@panzerglass.com

      Telephone number: +45 89 87 39 21

       

      If your complaint is not dealt with by us, and you wish to proceed with the matter, you may file a complaint with the supervisory authority in your country. You may find a list of supervisory authorities here.

       

      The Danish supervisory authority (Datatilsynet)

      Carl Jacobsens Vej 35

      2500 Valby

      Email: dt@datatilsynet.dk

      Telephone number: +45 33 19 32 00