Privacy Policy
Harbour Family Governance’s Personal Data Policy (hereafter the policy) describes the guiding principles for how Harbour Family Governance (hereafter HFG) processes personal data in accordance with the European Parliament and Council Regulation (EU) 2016/679 on the processing of personal data.
The policy explains what personal data is, what types of personal data we collect, the purposes for which the data is collected, how it is processed, and what rights you have in this regard. Your personal data is handled with care and in accordance with applicable principles.
1.1 Purpose
The purpose of the policy is to establish the framework for how we process personal data for our clients, employees, partners and others.
1.2 Target Audience
The policy is applicable to all employees as well as to partners who perform tasks on our behalf. If the policy conflicts with local requirements and desires, it is up to the data protection officer to approve any deviations and inform relevant parties.
2. What is personal data?
Personal data is any type of information about an identified or identifiable physical person, such as your contact information.
3. General Principles for Processing Personal Data at HFG
At HFG, we have eight guiding principles for processing personal data:
- Our clients and employees are confident in our treatment of their personal data.
- We only process personal data when we have a clear purpose for it.
- We comply with the data protection regulation.
- Our employees are trained in safely handling personal data.
- We handle personal data securely in our IT systems.
- We strive to keep personal data up-to-date and only store it for as long as necessary for the purpose and/or compliance with relevant legislation.
- We ensure that our partners comply with the data protection regulation.
- We are well-prepared to handle a data breach, should one occur.
Ad. 1: Our clients and employees are confident in our treatment of their personal data
This means that:
We are a trustworthy partner for clients and employees.
Our clients and employees can trust that we process personal data in accordance with the data protection regulation and only when we have a clear purpose for it.
Ad 2: We only process personal data when we have a clear purpose for it
This means that:
All processing of personal data has a clearly defined and documented purpose.
Everyone who works with personal data at HFG is aware of the purpose of the processing.
If data is to be used for a new purpose, it is ensured that the processing complies with the data protection regulation.
Ad 3: We comply with the data protection regulation
This means that:
We can demonstrate to clients, employees, partners that we comply with the requirements for processing personal data.
We have a complete overview of what personal data we process and for what purpose.
We have clear guidelines for the storage of our documentation.
Ad 4: Our employees are trained in safely handling personal data
This means that:
We ensure that our employees are aware of and constantly conscious of their responsibility in relation to personal data.
We provide tools and training so that they can fulfill their responsibility for the correct processing of personal data.
If we discover an error in personal data or in its processing, we take responsibility for correcting the error.
Ad 5: We handle personal data securely in our IT systems
This means that:
Sufficient access control has been established in relation to IT systems, and we have particular focus on the IT systems in which sensitive personal data is processed.
We strive to minimize the number of systems in which personal data is processed, and these are protected against unauthorized access.
Ad 6: We strive to keep personal data up-to-date and only store it for as long as necessary for the purpose and/or compliance with relevant legislation.
Processes and controls have been established to ensure that personal data is continuously updated and consistent across IT systems. Personal data is deleted according to established deletion rules, which are based on legal retention limitations.
For employees, personal information is stored as long as there is a legitimate need for it, including if it is necessary to fulfill obligations (such as payment of salary in accordance with the employment contract) or relevant legislation.
In relation to external partners, we store personal data as long as the contract is valid and/or there is a legitimate need for it.
Ad 7: We ensure that our partners comply with the data protection regulation.
This means that:
Our partners meet our requirements and expectations as data processors.
New partners are evaluated based on their ability to handle personal data securely and demonstrate this.
We regularly follow up on whether our partners comply with the data protection regulation.
Ad 8: We are well-prepared to handle a data breach, should it occur.
This means that:
Your personal data is protected by us, and we follow an internal IT security policy.
Each employee knows how to handle a breach of IT security or suspicion thereof.
We ensure quick and effective communication with clients and employees during a possible breach and immediately notify the Data Protection Agency about it.
4. Your rights
A. Information obligation
You have the right to receive information about what personal data we process about you.
B. Right of access
You have the right to access and receive the personal data about you that you have provided to HFG.
You have the right to receive a range of information about the processing of your personal data that HFG carries out.
C. Right to rectification and erasure
You have the right to have incorrect information about yourself corrected.
In special cases, you have the right to have information about yourself deleted before the time of our general deletion occurs.
If your personal data has been disclosed to third parties, they will be informed of the rectification or erasure.
D. Right to withdraw your consent
Some of HFG’s processing activities may be based on your consent. In that case, you have the right to withdraw your consent at any time.
Withdrawal of your consent does not affect the lawfulness of the processing carried out before such withdrawal.
If you withdraw your consent, HFG and third parties involved in the processing of personal data will cease processing your personal data unless and to the extent that the continued processing or storage is permitted or required under the GDPR or other applicable laws and regulations.
E. Right to lodge a complaint
If you wish to lodge a complaint about the processing of your personal data, please contact HFG by sending your complaint to hr@hildebrandtbrandi.com.
You also have the right to lodge a complaint with the Danish Data Protection Agency regarding the processing of your personal data. You can find the Danish Data Protection Agency’s contact details at datatilsynet.dk.
All of the above rights are handled by contacting the contact person at HFG listed below.
Contact information and data controller
Responsible for personal data
HFG is responsible for personal data and can be contacted using the following information:
Harbour Family Governance
Frichsparken | Søren Frichs Vej 42L | DK-8230 Åbyhøj
www.harbourfg.com
CVR. 43 86 36 06
Contact
If you have any questions regarding this privacy policy or HFG’s processing of your personal data, you can contact Anne-Sofie van den Born Rehfeld by sending an email to asr@harbourfg.com.