Privacy policy

Data Controller

We are the data controller responsible for processing the personal data we handle regarding our customers and partners. You can find our contact information below:

Yum ApS
Alliancevej 22,
2450 Copenhagen SV
CVR No.: 39428865

Our company is not required to have an external DPO. However, if you have any questions about how we process your personal data, you can contact us via contact@yum.dk.

---

Processing Activities

As the data controller under GDPR, we carry out the following processing activities:

Website Visits

When you visit our website, we use cookies to ensure its functionality. You can read more about this in our cookie policy.

Communication with Potential Customers

If you have questions about our services or would like to learn more, you can contact us via:

• Contact form
• Email: contact@yum.dk
• Phone: +45 31100505

We process your personal data to engage in a dialogue with you, for example, to respond to questions about our services. We only process the information you provide during our communication, typically including:

• Name
• Email
• Phone number

Our legal basis for processing this data is GDPR Article 6(1)(f). We delete our communication with you once it is clear whether you wish to use our services or not. In special cases, we may retain your data for a longer period if necessary.

Customers

We need to communicate with our customers to ensure services are delivered correctly. This may involve processing data such as name, address, services, specific agreements, and payment information.

The legal basis for processing this data is GDPR Article 6(1)(b). Once the service is delivered and any outstanding matters are resolved, we will delete the data.

Newsletter

We offer an optional newsletter, which you can unsubscribe from at any time. The purpose of the newsletter is to send updates about our company, such as new website content or service announcements.

We only send emails with your explicit consent. You will need to provide your email address and confirm your subscription via a verification email. This ensures you have actively consented.

The legal basis for processing your email address is GDPR Article 6(1)(a). We will process your personal data as long as you remain subscribed. If you unsubscribe, we stop sending emails and retain your consent documentation for two years, per consumer ombudsman guidelines.

Accounting

We retain all accounting records, including invoices, for regulatory compliance. These may include personal data such as name, address, and service descriptions.

The legal basis for this is GDPR Article 6(1)(c). We keep these records for a minimum of five years after the current fiscal year ends.

Job Applications

We welcome job applications to evaluate potential candidates for employment.

If you submit an application, our legal basis for processing is GDPR Article 6(1)(f).

• Unsolicited applications: Reviewed promptly and deleted if no match is found.
• Applications for open positions: Retained until the right candidate is hired, then deleted.

If hired, we will provide specific details about how your personal data is processed as part of your employment.

---

Data Processors

We rely on partners and service providers (data processors) to support our work, such as:

• Simply: Web hosting
• Mindbody: Booking system

We ensure your personal data is handled securely by setting high standards for our partners and entering agreements that guarantee data protection.

---

Data Sharing

We do not share your personal data with third parties.

---

Profiling and Automated Decisions

We do not engage in profiling or automated decision-making.

---

Transfers Outside the EU/EEA

We primarily use data processors within the EU/EEA. If we use processors outside this area, we ensure they provide adequate protection for your personal data.

---

Data Security

We maintain secure processing of personal data through appropriate technical and organizational measures. These include risk assessments, employee GDPR training, and continuous updates to our procedures.

---

Your Rights

Under GDPR, you have several rights regarding your personal data:

1. Right to Access: Request details about the data we process about you.
2. Right to Rectification: Correct inaccurate or incomplete data.
3. Right to Erasure: Request deletion of your data in specific cases.
4. Right to Restriction: Limit the processing of your data under certain circumstances.
5. Right to Object: Object to data processing, including for direct marketing.
6. Right to Data Portability: Request a copy of your data in a portable format.

For more information, visit the Danish Data Protection Agency’s website at www.datatilsynet.dk.

---

Withdrawal of Consent

If we process your data based on consent, you can withdraw it at any time.

---

Complaints

You have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with how we handle your personal data. Contact details are available at www.datatilsynet.dk.