The policy must help to ensure and document that Danitech Group protects all personal data in accordance with the terms of the Personal Data Regulation. The policy also provides information on the processing and use of the registered personal data.

1. Record of the processing of personal data

Danitech Group processes personal data about:

• Employees
• Customers
• Suppliers

We have prepared a record of the processing of personal data. The list provides an overview of the treatments for which the company is responsible.

Personal information is a prerequisite for the Danitech Group to enter into employment, customer and supplier contracts.

2. Purpose and legality of the processing

The personal data is processed and archived in connection with:

• Personnel administration, including recruitment, employment, resignation and payment of wages
• Master data for customers as well as marketing, orders and sales
• Master data for suppliers as well as requisitions and purchases

We only use the personal data for the stated purposes, and we only collect the information that is necessary to fulfill the purpose.

3. Storage and deletion

Danitech Group has introduced the following general guidelines for the storage and deletion of personal data:

• Personal information is stored in physical folders
• Personal information is stored in IT systems and on server drives
• Personal information is only stored as long as it is necessary for the purpose of the processing
• Personal data for employees is deleted five years after the end of employment, and personal data about applicants is deleted after six months

4. Data security

Danitech Group has implemented the following security measures for the protection of personal data:

• Only employees who have a work-related need for access to the registered personal data have access either physically or through IT systems with rights management
• All computers have passwords and employees must not give their passwords to others
• Computers must have a firewall and antivirus program installed that are regularly updated
• Personal information is deleted in a responsible manner when phasing out and repairing IT equipment
• USB keys, external hard drives, etc. with personal data must be kept in a locked drawer or cabinet
• Physical folders are located in a locked office or in locked cabinets
• Personal information in physical folders is deleted by shredding
• Personal information that is to be sent by e-mail to an external recipient is sent as secure mail
• All employees must be instructed in the processing and protection of personal data

5. Disclosure

Personal information about employees may be passed on to public authorities, e.g. TAX and pension companies.

6. Data processors

Danitech Group only uses data processors who can guarantee that they will implement the appropriate technical and organizational security measures to meet the requirements of the Personal Data Act.

7. Rights

Danitech Group safeguards the data subject's rights, including the right to access, withdrawal of consent, rectification and deletion, and informs the data subject about the company's processing of personal data. Data subjects have the right to complain to the Data Protection Authority.

8. Breach of personal data security

In the event of a breach of personal data security, Danitech Group reports the breach to the Data Protection Authority as soon as possible and within 72 hours. The company's CFO is responsible for this happening. The notification describes the breach, which groups of persons it concerns, and what consequences the breach may have for these persons, as well as how Danitech Group has remedied or will remedy the breach. In cases where the breach entails a high risk for the persons about whom Danitech Group processes personal data, we will notify them.

Danitech Group documents all breaches of personal data security.

Privacy Policy and Cookies

Policy for the processing and protection of personal data collected on websites. In the following, it is explained how Danitech Group uses the personal information that you leave behind and/or provide when you visit our websites and use the various services on the websites.

1. Collection of personal information

You will always be informed prior to the collection of personal information about you. The personal information we collect may include, for example, your name, email address, home address and similar identifying information.

2. Use of personal data

Personal information is collected and used in connection with:

• Registration for newsletters
• Administration of user accounts/profiles
• Participation in competitions or other events
• Sending other marketing material, including invitations to events
• Statistics
• Other marketing initiatives

We point out that the above-mentioned use will only take place if you have previously given your express consent, unless the law allows us to contact you without prior consent.

Your information will be deleted when we no longer need to process it for the fulfillment of one or more of the above purposes. The information may be processed and stored longer in anonymized form.

Registration for newsletters is communicated to a third party (ActiveCampaign), which provides services on behalf of Danitech Group. Danitech is not responsible for the personal data security of 3rd party suppliers. In the event that data is passed on, it is ActiveCampaign that must secure this.

3. Cookies

We use cookies on our websites so that we can offer user-friendly websites with information that is relevant to you. A cookie is a small text file that is stored in your browser. In practice, this means that our websites can recognize you when you visit the websites again, and that we can keep statistics that tell how you and other users use the websites. The first time you visit our websites, you will be informed that we use cookies.

We use cookies from Google Analytics and Google Tag Manager.

You have the option to block all cookies, delete existing cookies from your computer or receive a warning before a cookie is saved. You can get more information about how to avoid cookies at minecookies.org.

You should be aware that if you link on from Danitech Group's website to a third party website, new cookies may be set which Danitech Group has no influence on. Here you must ensure that you familiarize yourself with the website's cookie policy.

4. Security

We have implemented security measures to ensure that our internal procedures meet our high security policy standards. We therefore do our best to protect the quality and integrity of your personal information.

5. Access to your personal information etc.

You are entitled at any time to gain insight into the information that we process about you, subject to certain statutory exceptions. You also have the right to object to the collection and to the further processing of your personal information, just as you have the right to have your personal information corrected, deleted or blocked.

6. Links to other websites etc.

Our websites may contain links to other websites or to integrated sites. We are not responsible for the content of other companies' websites or their practices in connection with the collection of personal information. When you visit other websites, you are encouraged to read the owners' privacy policy and other relevant policies.

7. Change of information etc.

If you want us to update, change or delete personal information that we have registered about you, want to access the personal data that is processed about you, or do not want to receive further communications from us, or if you have any questions about above guidelines, you can contact us at infodk@danitech.com

You can also write to us at the following address:

Danitech A/S
Bredholm 4
6100 Haderslev
Denmark

The current privacy policy can be found at any time on our website.

Any changes, adjustments, revisions, etc. will be valid from the time of publication on websites. This also concerns the previously registered personal data.

Date: 24/05/2018