Privacy policy
In this privacy policy, you can learn more about how Globus Wine (“we”, “us”, “our”) processes your personal data in various situations. We provide you with this information as we are required to do so under the EU General Data Protection Regulation (the “GDPR”).
1. Data controller
1.1 The Globus Wine entity acting as controller may vary depending on the purpose of the processing. Below you can find information on the processing of your personal data in the following situations:
- when you visit our website (see section 2.1)
- when you communicate with us, including on behalf of a customer (see section 2.2), and
- when you represent a supplier, vendor or other third party (see section 2.3).
1.2 Below, you can read more about the various purposes of our processing of your personal data in the different situations. You can also see which data we process, what the legal basis for our processing is, for how long we store the personal data and who we share it with.
1.3 Further, in section “4.0 Your rights etc.” you can read about your rights and in section 6.0 how to contact us.
2. Personal data, purpose, and legal basis etc.
2.1 When you visit our website (cookies)
2.1.1 We only use necessary (technical) cookies. Necessary cookies, or technical cookies, are necessary in order to ensure the functionality and the security of the website. These cookies allow you to view the content and use all the functionalities of the website. Technical cookies do not register any information pertaining to your preferences or your search history on the website. However, the cookies may in some cases contain personal data, such as the type of browser you use or your IP address. The controller is Globus Wine A/S.
2.1.2 We collect the data in order to ensure a stable, secure and user-friendly experience on our website.
2.1.3 The legal bases for our processing in relation to the use of technical cookies is article 6(1)(f) as we are pursuing our legitimate interest in ensuring functionality and security of our website.
2.1.4 The technical cookies used on our website are so-called sessional cookies, and will be deleted as soon as the session expires (e.g. when you close your browser).
2.1.5 Globus Wine may show content from external third-party providers on our website to be able to offer features such as photos or videos from third parties like YouTube or Wistia. Such third parties often use cookies. Globus Wine can neither access nor control what cookies and what data is collected by such third parties when you interact with their features on our website. You can read more about the use of cookies by third parties and their processing of personal data on their respective websites, for YouTube: www.youtube.com/privacy and www.policies.google.com/technologies/cookies, and for Wistia: www.wistia.com/privacy.
2.2 Communications with us, including on behalf of a customer (B2B)
2.2.1 When you communicate with us (e.g., via email) your communication will contain personal data, e.g., your contact details (including name and email address) and other personal data you may provide us with. We may also process your contact details when organising and holding meetings and/or events. Further, if you make use of our B2B login at our website, we will process your username and access code.
2.2.2 The controller is the Globus Wine entity you contact or have a customer-relationship with, i.e. Globus Wine A/S or Globus Wine GmbH.
2.2.3 We process these personal data for the purpose of managing and answering your inquiries and purchasing orders on behalf of the customer. The legal basis for the processing is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in maintaining our customer relationship and managing general inquiries and/or B2B orders.
2.2.4 For crime prevention purposes, we have installed video surveillance in certain areas. The areas subject to video monitoring are marked with CCTV signs. If you visit our premises, personal data about you entering our premises and at what time will be processed as a consequence of the video surveillance. The legal basis is article 6(1)(f) of the GDPR as the processing is necessary in order for us to pursue the legitimate interests related to crime solving and/or for the establishment, exercise or defence of legal claims. Should the recordings reveal criminal activity, the legal basis for processing of such information is Section 8 of the Danish Data Protection Act.
2.2.5 We only keep your data for as long as they are of relevance to us and we have a legitimate purpose for keeping them. Your data will therefore be deleted in accordance with applicable data protection legislation. Personal data pertaining to our general communication with you (such as email inquiries) will be deleted 5 years after the end of the financial year where your last inquiry has been handled/concluded. If we have a business relationship with the contact person, personal data will generally be deleted 5 years after the end of the financial year in which the business relationship has ended. In specific situations, we may defer from our general retention periods (in case of e.g. complaints, objections or other specific situations).
2.2.6 Generally, all recordings from the video surveillance (CCTV) are deleted no later than 30 days after they have been recorded, unless the recordings are to be used in a specific case.
2.2.7 We disclose personal data included in our account records to the relevant public authorities, including the tax and customs authorities, in connection with our statutory bookkeeping etc. Further, we disclose your personal data to the service providers for the online payments company that we use. Finally, we make your personal data available to our processors who e.g. host, develop and support our IT systems.
2.2.8 Please see below regarding transfer of your personal data to third countries.
2.3 When you are or represent a supplier, vendor or other third party
2.3.1 When you communicate with us (e.g., via email) as or on behalf of supplier, vendor or another third party, your communication may often contain personal data, e.g. your contact details (including name and email address), association with a certain company or other personal data you may provide us with. We may also receive such personal data from a third party, such as your employer. Further, we may process your contact details when organising and holding meetings and/or events.
2.3.2 We process these personal data for the purpose of managing and answering your inquiries and orders and to communicate with you/the company you represent.
2.3.3 The controller is the Globus Wine entity you deliver services etc. to, i.e. Globus Wine A/S or Globus Wine GmbH.
2.3.4 The legal basis for the processing is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in maintaining our relationship with the third party you represent, and managing general inquiries and fulfilling any agreement, we may have concluded with the company you represent.
2.3.5 For crime prevention purposes, we have installed video surveillance in certain areas. The areas subject to video monitoring are marked with CCTV signs. If you visit our premises, personal data about you entering our premises and at what time will be processed as a consequence of the video surveillance. The legal basis is article 6(1)(f) of the GDPR as the processing is necessary in order for us to pursue the legitimate interests related to crime solving and/or for the establishment, exercise or defence of legal claims. Should the recordings reveal criminal activity, the legal basis for processing of such information is Section 8 of the Danish Data Protection Act.
2.3.6 If you are not or do not represent a supplier etc., personal data pertaining to our general communication with you (such as email inquiries) will be deleted 5 years after the end of the financial year where your last inquiry has been handled/concluded. If you are or represent a supplier etc., personal data pertaining to our communication with you will generally be deleted 5 years after the end of the financial year in which the business relationship has ended. Generally, all recordings from the video surveillance (CCTV) are deleted no later than 30 days after they have been recorded, unless the recordings are to be used in a specific case.
2.3.7 We disclose personal data included in our account records to the relevant public authorities, including in connection with our statutory bookkeeping etc. We may also disclose your personal data to our relevant business partners, including external advisors. Finally, we make your personal data available to our processors who e.g., host, develop and support our IT systems.
2.3.8 Please see below regarding transfer of your personal data to third countries.
3. Transfer of your personal data to third countries
3.1 When using our “spamwall” services in relation to sending and receiving emails, we transfer personal data contained in the emails to USA via our processor.
3.2 The basis for such transfer is [the Commission Decision of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
3.3 If you want additional information about our transfer of personal data outside the EU and EEA, including a copy of the relevant security measures, etc., you may make a request for such additional information by contacting us (see contact information below).
4. Your rights etc.
4.1 You have special rights to help you control your personal data, and we wish to make it easy for you to exercise those rights:
- Right to withdraw consent
If you have given your consent for our processing of your personal data, you have the right to withdraw your consent at any time. You can withdraw your consent by contacting us, see below under “Contact”.
If you withdraw your consent, the withdrawal will not affect the lawfulness of processing that has already been carried out based on your consent.
- Right of access
You have the right to have confirmed whether we collect or process your personal data, and, if so, you have the right to request a copy of your personal data in a digital format.
- Right of rectification
You have the right to require that we correct any inaccurate personal data concerning you, and that we complete incomplete personal data.
- Right of erasure
In certain circumstances, you have the right to request that we erase personal data concerning you; for example, if it is no longer necessary for the purposes for which it was originally collected.
- Right to restrict processing
In certain circumstances, you have the right to request that we restrict the processing of your personal data, e.g. if you believe that the personal data is not accurate or lawfully processed.
- Right to object to the processing
In certain circumstances, you have the right to request that we stop processing your personal data.
- Right to data portability
In certain circumstances, you have the right to receive the personal data you have provided us with in a structured, commonly used, machine readable format, and the right to have us transmit the data to another entity, where technically feasible.
- Right to withdraw consent
5. Complaint to a supervisory authority
5.1 If you want to lodge a complaint with the relevant supervisory authority about our processing of your personal data, you can do so e.g. by contacting the Danish Data Protection Agency via their website, www.datatilsynet.dk.
5.2 You can read more about your rights in the Danish Data Protection Agency’s guidelines on data subjects’ rights, which is available at www.datatilsynet.dk (in Danish).
5.3 Please contact us if you wish to exercise your rights. The relevant contact details are stated below.
6. Contact details
6.1 If you have any questions about how we process personal data, please contact us.
Globus Wine A/S
CVR no. 27 36 69 88
Bragevej 1
DK-4600 Køge
DenmarkGlobus Wine GmbH
Company reg. no. HRB 5952 FL
Gewerbehof 3
D-24955 Harrislee
Germany