STARK Group take the obligation to process personal data in an orderly and secure manner very seriously. The protection of personal data and the rights and integrity of individuals is of paramount importance to the STARK Group.
Compliance throughout the whole group
It is important to the STARK Group that personal data is processed in accordance with applicable data protection legislation at all times.
Personal data and application
The term personal data covers any information relating to an identified or identifiable natural person. Such information may be information on name, contact information, payroll information etc.
The general principles applied
To ensure a high standard for processing personal data, the STARK Group will adhere to the following general principles in relation to the processing of personal data:
Lawfulness and fairness
Personal data will be processed in a lawful and fair manner and in accordance with the data subjects’ rights.
Personal data will only be collected for specified, explicit and legitimate purposes. Further, personal data will solely be used for the purposes for which the data was originally collected.
When collecting personal data from data subjects or via third parties, it will be ensured that the data subject(s) in question will be provided with the information required by applicable law. Furthermore, data subjects are at all times entitled to request information on what personal data is collected about them.
Any personal data shall be adequate, relevant and limited to what is necessary for relation to the purposes for which they are processed.
Any personal data processed shall be accurate and, where necessary, kept up to date.
Storage limitation and retention
Personal data will only be processed in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are collected and processed. STARK Group have in place retention procedures and policies to ensure personal data is deleted in a correct manner.
Any personal data that is processed is regarded as confidential information. STARK Group undertakes confidentiality by ensuring its employees are aware of the confidential nature of personal data and by educating its employees on how personal data may be processed.
STARK Group have implemented the processes and procedures necessary to demonstrate compliance with the applicable data protection legislation.
High security standards
STARK Group have in place technical and organisational security measures to protect personal data against accidental or unlawful destruction, loss or alteration and against unauthorized disclosure, abuse or other processing in violation of applicable law.
Personal Data must only be transferred to a third party who has adequate technical and organizational security measures in place to protect personal data.
The transfer of data
STARK Group will only transfer personal data to a country not governed by the EU/EEA data protection rules provided appropriate and documented safeguards are in place.
The use of data processors and joint controllers
STARK Group sets a high standard for the processing obligations of suppliers. Therefore, STARK Group will assess the supplier to ensure the supplier can ensure compliance and must ensure that all required data processing agreements are in place with any processors and/or sub-processors used.
If STARK Group enters into a new contract with a supplier that will be processing personal data jointly with STARK Group a joint processing agreement must be entered into with the supplier determining their respective responsibilities for compliance with applicable data protection legislation.
Data subject rights
Data protection incidents (personal data breach)
In the event STARK Group identify processing of personal data has been compromised or is likely to be compromised, or there in any other way has been an unauthorised or accidental disclosure of or access to personal data, STARK Group will immediately take action and assess if a supervisory authority or the affected data subjects must be notified in accordance with applicable law.
Furthermore, STARK Group has in place specific procedures for how to handle a personal data breach incident, including how to notify the supervisory authorities, as well as relevant service continuity plans.
Data Protection Manager
To ensure compliance with data protection regulation, STARK Group has appointed a Data Protection Manager.
Right to appeal
We recommend that you contact the Danish Data Protection Agency (Datatilsynet) if you are dissatisfied with our handling of your complaint. The Danish Data Protection Agency's contact information can be found here: https://www.datatilsynet.dk/kontakt/
Carl Jacobsens Vej 35, 2500 Valby, Tel. 3319 3200