Privacy policy
We look after your personal data 100% transparency provides peace of mind
It is important to us that you feel informed and confident about our data processing – that we protect your privacy and that you know your rights. At MinRefusion, we treat all data confidentially and in accordance with the law. We want to be transparent and inform you what data we process and why. If you want to hear more about how we protect your data, you can contact us at gdpr@minrefusion.dk.
What is GDPR?
GDPR (The General Data Protection Regulation 2016/679) is an EU / EEA legislation that aims to improve companies’ protection of customers, employees and other natural persons’ data. MinRefusion is continuously GDPR audited by Sixtus Compliance, which is your assurance that we process personal data securely and take good care of your information.
1. Introduction
The purpose of this privacy policy is to provide transparency and clarity about our registration and processing of personal data. We review this policy on an ongoing basis and will reassess and update it if we find reason to do so.
2. Background
New rules have been introduced in the EU/EEA and Denmark with “Regulation (EU) 2016/679 of the European Parliament and of the Council” for the handling of personal data. In many areas, the rules are a continuation of existing legislation, but in some areas the rules have been tightened significantly.
This personal data policy establishes the framework for the processing of personal data at MinRefusion ApS and sub-property MinRefusion.dk, hereinafter referred to as MinRefusion. Furthermore, the personal data policy ensures ongoing control of compliance with the requirements of applicable legislation.
3. We are the data processor - how to contact us?
We are the data processor for the data we process about you. You can find our contact details below:
MinRefusion
Roarsvej 24
2000 Frederiksberg
CVR number: 33746636
E-mail: gdpr@minrefusion.dk
Phone: 31 155 155
Questions about this privacy policy and GDPR in general should be sent to gdpr@minrefusion.dk. (Our Data Protection Consultant can be contacted at dpo@sixtus-compliance.dk).
4. Scope of application
This personal data policy applies throughout MinRefusion, as well as for partners who perform tasks on our behalf. The policy sets the framework for how we process personal data about both clients and their customers.
5. When you are a client of MinRefusion, the following personal data is processed
5.1 What types of personal data we process:
We process different data about you in different stages of engagement. As a starting point, the data we process will relate to the company you are acting on behalf of. We expect that your work contact details are not private, but belong to your employer/workplace. In addition, we will process your name, your contact information, your bank account information (for billing purposes) and possibly your address if this information appears in the CVR register and is associated with the company. We also process sensitive information such as health data and personal information data classifications.
5.2 Objectives
Prior to a client agreement, there may be various discussions by email, telephone or chat. MinRefusion processes your information in this contact and for the assessment of your needs and thus for the assessment of correct product selection. When entering into a cooperation agreement, MinRefusion processes a wide range of information about you to ensure that a correct service is provided and that all parties and their contact persons are correctly identified. During the cooperation period, your information will be registered, updated and used if and to the extent that they are relevant to the solution of applying for government reimbursements in the event of sick leave, parental leave etc.
Information is also used to ensure the adaptation of communication, for support and for the improvement and development of services. Your information may also be processed in connection with registration for MinRefusion.
5.3 The legal basis for our processing of your personal data follows from:
Our processing of your personal data is primarily based on our cooperation agreement and for the purpose of performing the task for which you have requested our assistance, cf. Article 6(1)(b) of the GDPR.
Processing of your personal data may also take place on the basis of the balancing of interests rule in Article 6(1)(f) of the General Data Protection Regulation. The legitimate interest justifying the processing will be our interest in being able to identify you uniquely as our client, for example in connection with (but not limited to) the possible recovery of a financial debt or the safeguarding of our own interests in the event of any complaints or compensation cases.
In addition, we may use your information in connection with your subscription to MinRefusion’s newsletter. The processing is based on your consent and in accordance with Article 4, no. 11, cf. Article 7, and Article 6(1)(a) of the General Data Protection Regulation. You can unsubscribe from the newsletter at any time.
Our processing of your personal data takes place within the framework of the General Data Protection Regulation, the Administration of Justice Act, the Debt Collection Act, the Bookkeeping Act and other legislation that regulates or provides a framework for our performance of the assigned task.
5.4 Where your personal data originates from:
We receive your personal data primarily from you in connection with the conclusion and maintenance of the contractual relationship. This may be in writing, during telephone conversations or in the course of any meetings.
We will collect information on your general basic data such as name and address from publicly available databases on an ongoing basis. In this way, we ensure that the information is up to date and correct for the purpose of securing government reimbursements.
In addition, we may collect your information in the following ways:
- when signing up to our newsletter
- via the CVR register
- via the CPR register
- via Payroll, EPR, HR and time/workforce management systems etc.
- via data verification agencies
- via social media, advertising and analytics providers and various publicly available databases/registers
- via browser cookies when using the website (read more about our cookie management policy at the following link: minrefusion.dk/data/cookies
5.5 Beneficiaries or categories of beneficiaries:
We may disclose your personal data to the following recipients:
Government entities to uphold the standards set by the governmental reimbursement programs including but not limited to Udbetaling Danmark, NemRefusion and the local municipality of the employee.
Internally at MinRefusion, only those of our employees who have a work-related need to see your personal data have access to it.
Transfers to recipients in third countries, including international organizations:
We will not transfer your personal data to recipients outside Denmark, unless you yourself move abroad or it is necessary for the performance of the task.
We only transfer personal data to countries outside the EU and EEA (European Economic Area) if we have a lawful, reasonable and legitimate basis for doing so and we can ensure an adequate level of protection.
5.6 Storage of your personal data:
Your personal data will be kept for the duration of the cooperation agreement. Therefore, at this stage, we cannot say how long we will keep your personal data. Most of your personal data will be deleted 5 years after the collaboration has ended. However, personal data covered by, among other things, the Danish Bookkeeping Act will not be deleted until after the current financial year plus 5 subsequent years, as they may have accounting relevance.
6. Your rights as a data subject
We safeguard data subjects’ rights by, among other things, processing their personal data in an open and informed manner. This means informing you that we are processing your personal data and how, so that you have the opportunity to exercise your rights.
Under the General Data Protection Regulation, you have a number of rights in relation to our processing of your data.
- Right of access You have the right to access the data we process about you.
- Right of rectification If inaccurate information has been registered about you, you can have this information corrected.
- Right to erasure In special cases, you have the right to have data concerning you erased earlier than our normal deletion deadlines.
- Right to restriction The General Data Protection Regulation gives you the right to restrict the processing of your data in certain cases. As we only process relevant and reasonable personal data, and in accordance with our legal basis in Article 6(1)(f) of the General Data Protection Regulation and other legislation on debt collection, our processing of data cannot, as a rule, be further restricted.
- Right to object The General Data Protection Regulation gives you the right to object to our processing of your data. We will then assess whether the objection itself is justified.
- Right to data portability The conditions for this are not met in relation to your data at MinRefusion ApS.
If you want to exercise your rights, you should contact us. You are welcome to call us, but we encourage you to write to us as this will better ensure that there are no misunderstandings between us. We endeavor to reply to all enquiries within 1 month of receipt. Please note that for security reasons, you will need to verify your identity before your request can be processed. Deletion enquiries should be sent to gdpr@minrefusion.dk.
You can read more about your rights in the Danish Data Protection Agency’s guide on data subjects’ rights, available at www.datatilsynet.dk.
Where we take decisions that significantly affect the data subject, we ensure that such a decision is not excluded, made by automated processing or profiling.
If we have disclosed personal data to companies outside MinRefusion, we ensure that the companies are informed of any rectification, erasure or restriction measures taken.
7. GDPR groups
MinRefusion has chosen to appoint an internal GDPR Group, which has been given responsibility for ensuring that MinRefusion is aware of and complies with the applicable data protection rules at all times. The GDPR Group also has the overall responsibility for ensuring that the necessary policies, procedures and guidelines are prepared, implemented, updated and communicated in MinRefusion.
Employees who have any doubts about the content of this privacy policy or the guidelines on how to process personal data, how to respect the rights of data subjects or similar, should contact the GDPR Group at any time.
Contact details of the GDPR Group:
E-mail: gdpr@minrefusion.dk
Telephone number: 31 155 155
8. Data Protection Officer (DPO)
MinRefusion is not obliged to appoint a data protection officer under the applicable rules. As we take our responsibility in relation to the processing of personal data very seriously, we have voluntarily chosen to appoint an external data protection consultant who helps MinRefusion and the GDPR Group to comply with the applicable rules in this area.
Contact details of the Data Protection Consultancy:
Name: Sixtus Compliance ApS
E-mail: dpo@sixtus-compliance.dk
9. Contacting the Data Protection Authority
If the Data Inspectorate should conduct an inspection or contact MinRefusion, the GDPR Group, together with the top management level, ensures that the Data Inspectorate receives the requested information.
Furthermore, we ensure that we always comply with the deadlines that the Danish Data Protection Agency may set in connection with an inspection or an inquiry.
9.1 Where can you complain?
If you are not satisfied with the way we process your personal data, you are encouraged to contact us in the first instance so that we can find a solution together.
If, after talking to us, you are still not satisfied with our processing of your personal data, you have the right to lodge a complaint with the Danish Data Protection Agency. You can read more about how to complain to the Danish Data Protection Agency here: https://www.datatilsynet.dk/borger/klage/-saadan-klager-du
Contact details of the Data Protection Authority
Carl Jacobsens Vej 35
2500 Valby
Tel: 33 19 32 00
Secure e-mail: dt@datatilsynet.dk
10. Review of this policy
We will review this policy at least once a year and, if necessary, make updates if there are changes to the matters set out in the policy.
The policy was last reviewed on October 30, 2024.