Last updated: 05.02.2021
This site may make full use of passively collected anonymous information, including without limitation the right to use such information to provide better service to site visitors, customize the site based on your preferences, compile and analyze statistics and trends, and otherwise administer and improve this site for your use. We reserve the right to share this anonymous, passive information in aggregated form.
4. Collection of Personal Information
2021.AI collects personal data when you visit our website (through automated cookies); interact with us through the contact forms on the website, by email, social media, or telephone, at the online or in-person events, etc.; use our products, services, and platform.
Personal information that 2021.AI collects may vary, and it may include:
- Name, email address, phone number, username and other contact information
- Billing information
- Name and website of company you are working for, your job title, etc.
- Job application information
- Records of your correspondence with us
- Additional information that can be provided through conferences, events, chatbots, social media, or other types of interaction with us
4.1. Personal Information Access and Retention
Personal data shall be processed by 2021.AI in accordance with the rights of data subjects. When acting as a data processor, 2021.AI shall have no direct relationship with the data subjects whose personal data we process and no authority to grant direct access to that data. In cases where 2021.AI handles customers’ personal information and a client seeks access to correct, amend, or delete inaccurate data, such client should direct his/her query to 2021.AI. If 2021.AI is requested to remove data, we will respond within a reasonable timeframe, or according to the terms in the data processing agreement with data controller.
4.2. Use of Personal Information
2021.AI may use Personal Information for responding to and processing inquiries, orders and service requests or generally for any other purpose related to the original purpose for which the Operational Personal Information was collected. 2021.AI also may use Operational Personal Information for supporting your relationship with 2021.AI by designing services that are suitable to your needs, general Product support and updates, marketing, alerting you to new Product offerings as they become available, continuing existing service and support, and other similar purposes. This Information may also be used to provide you with notices about your purchases, your use of the Products, and to carry out 2021.AI’s obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
4.3. Personal Information in Content
We treat all Content that is backed up, stored or hosted using our Products in the same manner, described below, regardless of whether or not it contains Personal Information.
4.4. Share Personal Information and Content
2021.AI will not give, sell, share, or trade any Operational Personal Information or any Personal Information in Content to any party outside of 2021.AI except as outlined in this Policy or with appropriate consent. We may disclose Personal Information to a third party in the following limited circumstances:
- when we have a good faith belief that the disclosure is necessary to prevent or respond to fraud, defend our Websites or Products against possible attacks, or protect the property and safety of 2021.AI, our Customers or the public;
- as required by law, such as to comply with a subpoena, warrant, regulatory oversight or similar legal process;
- in connection with any potential sale, transfer, merger, consolidation or other transaction involving all or part of our company.
In addition, 2021.AI may disclose Operational Personal Information (but not Content), as needed, in the following circumstances:
- to companies that provide services that help us with our business activities such as processing Customer payments. These companies are authorized to use Personal Information only as necessary to provide these services to us; and
- to companies that work with 2021.AI on various projects; for example, 2021.AI may share Operational Personal Information for customer relationship management purposes, email marketing purposes, to our reselling Partners, or with other companies whose products or services we think may be of interest to our Customers in joint marketing and support efforts.
5. Using and Sharing of Personal Information: General Policy and Exceptions
Our general policy is that we will use your personal information only for the performance of the services or transaction for which it was given, and we will not share, sell, or rent your personal information to others. The only exceptions to this general policy: (i) are described in the subsections below, and (ii) if you explicitly approve through our site. We may at times combine your personal information with passively collected information in order to personalize this site and offers we may present to you, but we will only do so where and to the extent explicitly approved by you.
In the course of providing Product support requested by a Customer, 2021.AI may have incidental access to Content. Any Customer request for Product support will be deemed express permission for us to access Content as needed for the limited purposes of providing the requested Product support. Customer, as the data controller, is responsible for furnishing any notices or obtaining any consents required by law from the relevant individuals. Product support may be provided by any 2021.AI entity on behalf of another.
5.1. Affiliates and Service Providers
5.2. Acquisition; Bankruptcy
In the event that we are acquired by or merged with a third party entity, we reserve the right to transfer such information as part of such merger, acquisition, sale, or other change of control. In the unlikely event of our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we reserve the right to transfer such information to protect our rights or as required by law. You will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
5.3. Enforcement; Legal Process
2021.AI reserves the right to transfer such information if we have a strong belief that access, usage, preservation or disclosure of such information is reasonably necessary (i) to satisfy any applicable law, regulation, legal process or enforceable governmental request,(ii) to investigate or enforce violations of our rights or the security of this site, or (iii) to protect your safety or the safety of others.
6. Onward Transfer of Personal Information Outside Your Country of Residence
Any personal information which we may collect on this site will be stored and processed in our servers located primarily in Denmark, and in other countries under the General Data Protection Regulation (GDPR) (EU) 2016/679. By using this site, if you reside outside Denmark, you consent to the transfer of personal information outside your country of residence to Denmark.
7. Security of Personal Information
2021.AI takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We use encrypted transmission of your information behind the login with socket secure layer technology (SSL), the 256-bit AES encryption mechanism for stored Content and Personal Information and the password-free login method as well as the classic password-based login method. Therefore, even with the robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures, including SSL, access controls, password policy, encryptions, pseudonymisation, practices, restriction, IT, authentication etc., we cannot ensure or warrant the absolute 100% security of any information you transmit to us or archive at this site.
8. Recommendation for Content Storing
We highly recommend all account owners including 2021.AI’s Staff members to not store within their accounts in any form, be it via a table, script, function, file, pdf, image or any other means: Social Security Numbers (SSNs), Credit Card Numbers, Passport Numbers, Bank Account numbers or Bank Account Routing numbers.
9. Data Subject Rights
In addition to the policies and procedures mentioned above that ensure that you can enforce your data protection rights, we provide easy to access information via our website, in the office, during induction etc. of your right to access any personal information that 2021.AI processes about you and to request information about:
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for no longer than 6 months
- If we did not collect the data directly from you, information about the source
- The right to have incomplete or inaccurate data about you corrected or completed and the process for requesting this
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
- Upon request, we will permit you to request or make changes or updates or delete your personal information for legitimate purposes. We request identification prior to approving such requests. We reserve the right to decline any requests that are unreasonably repetitive or systematic, require unreasonable time or effort of our technical or administrative personnel, or undermine the privacy rights of others. We reserve the right to permit you to access your personal information in any account you establish with our site for purposes of making your own changes or updates, and in such case, instructions for making such changes, deletions or updates will be provided where necessary. You may send us your request by contacting us at email@example.com. Please note that some information may remain in our records after deletion, in which case we will let you know.
- The right to opt out of receiving periodic messages from us with marketing related information by following the instructions on the email. Please note that you generally cannot opt out of the product-, service- and platform related communications required for the normal functioning of the product, services and platform provided by us.
- The right to lodge a complaint or seek judicial remedy and who to contact in such instances
10. Data Retention
We will retain your information for as long as your account is active or as long as it is needed to provide you the services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
11. GDPR Compliance
2021.AI has been taking all endeavours required to achieve consistent level of data protection and security across our organisation, however it is our aim to meet all GDPR compliance requirements by 25th May 2018.
11.1. Information Audit
Carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
11.2. Policies and Procedures
Implementing new data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:
- Data Protection – our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
- Data Retention and Erasure – we have updated our retention policy and schedule to ensure that we meet the ‘data minimization’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
- Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. Our procedures are robust and have been disseminated to all employees, making them aware of the reporting lines and steps to follow.
- International Data Transfers and Third-Party Disclosures – where 2021.AI stores or transfers personal information outside the EU, we have robust procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data. Our procedures include a continual review of the countries with sufficient adequacy decisions, as well as provisions for binding corporate rules; standard data protection clauses or approved codes of conduct for those countries without. We carry out strict due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
- Subject Access Request (SAR) – we have revised our SAR procedures to accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge. Our new procedures detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.
11.3. Legal Basis for Processing
We are reviewing all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR and Schedule 1 of the Data Protection Bill are met.
11.4. Privacy Notice/Policy
We have revised our Privacy Notice(s) to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
11.5. Obtaining Consent
We have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.
11.6. Direct Marketing
We have revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
11.7. Data Protection Impact Assessments (DPIA)
Where we process personal information that is considered high risk, involves large scale processing or includes special category/criminal conviction data; we have developed stringent procedures and assessment templates for carrying out impact assessments that comply fully with the GDPR’s Article 35 requirements. We have implemented documentation processes that record each assessment, allow us to rate the risk posed by the processing activity and implement mitigating measures to reduce the risk posed to the data subject(s).
11.8. Processor Agreements
Where we use any third-party to process personal information on our behalf (i.e. Payroll, Recruitment, Hosting etc), we have drafted compliant Processor Agreements and due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the technical and organisational measures in place and compliance with the GDPR.
11.9. Special Categories Data
Where we obtain and process any special category information, we do so in complete compliance with the Article 9 requirements and have high-level encryptions and protections on all such data. Special category data is only processed where necessary and is only processed where we have first identified the appropriate Article 9(2) basis or the Data Protection Bill Schedule 1 condition. Where we rely on consent for processing, this is explicit and is verified by a signature, with the right to modify or remove consent being clearly signposted.
12. GDPR Roles and Employees
2021.AI have designated Christian Villumsen as our Data Protection Officer (DPO) and have appointed a data privacy team to develop and implement our roadmap for complying with the new data protection Regulation. The team are responsible for promoting awareness of the GDPR across the organisation, assessing our GDPR readiness, identifying any gap areas and implementing the new policies, procedures and measures.
2021.AI understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our preparation plans. We aim to implement GDPR compliance program prior to May 25th, 2018, and are continuously developing it as part of our induction/termination process and annual employee training.
Ryesgade 3F, Copenhagen 2200 Denmark
+45 93 91 20 21