search
menu

DATA PRIVACY POLICY

1. GENERAL

 

 

Nissens Automotive A/S including all other companies within the Nissens Group (hereafter Nissens) are committed to ensuring the confidentiality, integrity and protection of information from our employees, customers, suppliers and other business partners, including their personal data.

When the above and following paragraphs are referring to the “data subject”, it means the person whose personal data is involved.   
 

 

2. PERSONAL DATA COLLECTED AND PROCESSED BY NISSENS

 

 

Nissens is responsible as a data controller when collecting personal data. 

 

a. General

 

Nissens collects personal information, including information about names, titles, addresses, telephone numbers and e-mail addresses related to employees, job candidates, customers, suppliers, third parties, their owners and contact persons.

 

Nissens can collect and process data about customers and their customers’ vehicles and their registration numbers. Nissens can collect and process data about mechanics’ training sessions and certifications. 

 

Nissens can collect information about passports (copy of passports) and civil registration numbers, but limited to where necessary according to legislation or based on relevant purpose. This nature of sensitive information will be stored under intensified security and control.

 

b) On digital platforms

 

On Nissens’ website, in Nissens’ webshop and via newsletters (only with consent) a range of information is collected: 

 

  • Which sites the visitor has been looking at, when, and thereby the visitor’s electronic tracks
  • Which browser the visitor is using
  • Which IP address the visitor has
  • Which username is applied by the visitor
  • Cookies

 

No other information is collected, unless transparent notification is provided to the visitor.

 

For further information regarding cookies and cookie consent please see the cookie declaration available on all Nissens webpages.

                 

On Nissens social media

 

Nissens maintains accounts on Facebook, Instagram and LinkedIn, where registered users can leave messages, observe, recommend or ‘like’. Such activity may result in the transfer of personal data by the users themselves.

 

The ability to maintain an account on LinkedIn is provided to us by LinkedIn Ireland Unlimited Company. Wilton Place, Dublin 2, Ireland (LinkedIn).

 

Beside the account on the LinkedIn platform Nissens also use a marketing tool called LinkedIn Insight Tag. This tool link Nissens’ LinkedIn marketing account to the Nissens website. It allows Nissens to assess the effectiveness of the ads displayed on LinkedIn in relation to specific actions the user has taken on the site. Data where Nissens is the data controller, such as member pseudonym, IP addresses, time stamp, URL device and browser characteristics are entrusted to LinkedIn for processing or to share it with further processors, also in third countries.

 

In relation to such data Nissens and LinkedIn are acting independently as data controller and are not joint controllers.

 

Nissens and LinkedIn are however joint controllers of the personal data processed in connection with the statistics of our page on the platform. LinkedIn are responsible in terms of compliance with the obligations to fulfill its duty of information towards users and enabling them to exercise their rights. LinkedIn are also responsible for providing appropriate technical and organisational measures, You can find the co-management agreement with LinkedIn here: LinkedIn Joint Controller.

 

LinkedIn acts as a controller or co-data controller for the platform that processes data, or uses further processors, also in third countries.

 

For more information on the security measures used by LinkedIn LinkedIn Security

More on LinkedIn’s data processing: LinkedIn Privacy

 

The ability to maintain an account on Facebook and Instagram is managed by  Meta Platforms Ireland Limited,  4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (Meta).

 

Beside the accounts Nissens also use a marketing tool called Facebook Pixel. This tool link Nissens Facebook marketing account to the Nissens website. It allows Nissens to assess the effectiveness of the ads displayed on Facebook in relation to specific actions the user has taken on the site. No personally identifiable data are received from Facebook about individuals by using this tool. With regard to personally identifiable data, i.e.  names, e-mail addresses and telephone numbers Nissens are the data controller and entrust it to Meta for processing or to share it with further processors, also in third countries.

 

In relation to other data regarding individuals and their activities on the Nissens website, e.g. visits to the website or purchases of products – Nissens and Meta are joint controller of this data; the scope of joint processing includes the collection of the data and the transfer of the data to Meta,

 

The joint control of the data includes that each party are responsible for the tasks associated with the treatment they each undertake. In contrast, any other processing of personal data in connection with our Facebook/Instagram page for which there is no joint specification of purposes is carried out by Nissens or Meta Platforms separately, as independent controllers.

 

As part of the joint control, Meta Platforms is responsible for, among other things, the exercise of the rights the data subjects under Articles 15 to 21 of the GDPR by implementing appropriate technical and organisational measures to ensure the security of the processing in accordance with Article 32 GDPR, and carries out notifications in the event of a personal data breach in accordance with Articles 33 and 34 of the GDPR.

 

 

Further information on the processing of data in connection with page statistics on the platforms, including the division of responsibilities between the joint controllers can be found here: Facebook terms.

 

More on data processing by Meta:

 

Facebook Privacy

Instagram Privacy

Facebook Business Tools Regulations

                 

c) HR

 

Nissens does not collect personal data, which has the character of highly sensitive personal information, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, biometric data, genetic data, sexual orientation, criminal record or social relationships. 

 

Nissens only collects personal information, which has the character of semi-sensitive personal information for clear, defined and transparent purposes, such as trade union memberships, health information and other strictly relevant information pertinent to the employer–employee relationship and responsibilities. 

 

Concerning job candidates  applying for or in consideration for job positions at Nissens  as well as retired employees, Nissens collects personal information, such as names, civil registration numbers, titles, addresses, telephone numbers, e-mail addresses, CVs, applications, education documentation, transcripts of records, statements/recommendations, personality tests, photos and movies (where the data subject is  featuring), summaries of performance reviews about the data subject (employees), salary and tax information (when required by legislation), information regarding pension, social security as well as travel information. In these cases, the data is under intensified confidentiality and control within Nissens’ HR and Finance Departments.

 

 

3. LEGAL BASIS

 

 

Nissens is only collecting and processing personal information on legal grounds. Depending on the specific circumstances, the processing of personal data is done on the following legal basis:


a) The processing is necessary for the performance of a contract to which the data subject is a party in accordance with GDPR, Article 6(1)(b), the first indent.
b) The processing is necessary in order to take steps at the request of the data subject prior to entering into a contract in accordance with GDPR, Article 6(1)(b), last indent.
c) The processing is necessary to comply with applicable legislation in accordance with GDPR, Article 6(1)(c).
d) The processing is necessary for the purposes of the legitimate interests where such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data in accordance with GDPR, Article 6(1)(f).
e) The legal basis for the processing of such personal data is consent, in accordance with GDPR, Article 6(1)(a). the data subject can withdraw the consent at any time by contacting Nissens via the contact details provided in this Policy. If the data subject withdraw the consent, the personal data processed will be deleted, unless it can or must be processed in order to comply with legal obligations.

 

When Nissens process personal data based on our legitimate interests herein, cf. section 4.1(d), our legitimate interests stem from our interest in handling and safeguarding our role as a professional and to create maximum value for our customers and users. Our legitimate interests pursued namely consist of our interest in operating efficient, relevant and correct marketing and sales activities and in delivery of our goods in a secure, professional and efficient way.


We ensure on an ongoing basis by conducting ad hoc assessments, that our processing under this legal basis is limited to what is necessary, proportionate and has the most limited privacy impact when taking the legitimate interests into account. If a data subject-irrespective of the reason - object to this assessment or wish not to have your data processed for our legitimate interests, please contact Nissens so we can accommodate such a request.


Consent
If a consent is necessary due to legislation, Nissens collects a clear and transparent consent from the (coming) data subject. The consent can be withdrawn as easily, as it is given. See also clause 9.

 

4. PURPOSE OF THE COLLECTED AND PROCESSED PERSONAL DATA

 

 

Nissens only collects and processes personal data, when there is a purpose for the collection to support the legitimate commercial interests of Nissens:

 

a) General

 

  • For the fulfilment of legislation and requirements of the public authorities, including bookkeeping acts and accounting acts, VAT and tax legislation.
  • The necessary information to fulfill Nissens’ agreements with customers, suppliers and third parties, including delivering and receiving the specified product and or services, invoices and quality control.
  • To control and strengthen the relationship to existing and potential customers, suppliers and third parties.
  • Develop Nissens’ business and services with an identification of customer needs and the desired improvements of our services.
  • Undertake statistical processing, business development and sales promotion under the compliance of applicable laws.
  • Administration and controlling of Nissens’ website, webshop, newsletters, systems and applications and via retrieving data from these channels to support the above purposes. 

 

b) HR

 

  • To the fulfilment of employment law, including contractual conditions and obligations.
  • The necessary information for Nissens to fulfill the employment agreement with the data subject.
  • The necessary information to appropriately and legally exercise the managerial rights.
  • The necessary information to support the employee’s employment at Nissens and the welfare and development of the employee, including the working environment in general.
  • The necessary information to judge whether a candidate is suitable for a job position at Nissens.
  • For the fulfilment of applicable legislation and the public authorities requirements of reporting.
  • Information for the use of recruitment and retention of employees at Nissens, including employer branding.
  • For the fulfilment of CSR reporting.

 

 

5. TRANSMISSION OF PERSONAL DATA

 

 

a) Sharing with the Nissens Group

 

Nissens is a Danish-owned group with its HQ in Horsens, Denmark, and constitutes a number of subsidiaries (individually legal units) inside and outside EU/EEA. 

 

Nissens in Denmark and the HQ (Nissens) share personal data with other Nissens companies, when it is necessary to fulfil the purposes mentioned in section 4.

 

As a result, personal data may be transferred to other countries inside as well as outside the EU/EEA. To be sharing data within the Nissens Group, agreements are made based on the European Commission’s standard contracts with the purpose of securing an adequate level of protection of personal data.

 

b) Sharing with third parties

 

Nissens is transmitting personal information to third parties:

 

  • For the fulfilment of agreements with customers, suppliers and third parties; for the fulfilment of Nissens’ agreements (for example distributors and carriers) and for the fulfilment of legislation and regulatory requirements.
  • Third parties, who as a service supplier assist Nissens with solutions (for example IT solutions) and suppliers providing consulting.
  • Nissens only enters into agreements with professional suppliers, whom Nissens continuously evaluates, securing that they can maintain and secure Nissens’ personal data to an adequate level of protection.
  • When a third party is processing data on behalf of Nissens as a data controller, a data processor agreement is made between Nissens and the data processor.

 

c) Sales of personal data

 

  • Nissens is not making personal data object to or available for sales to third parties.

 

 

6. SECURITY

 

 

Nissens has - and will continuously update and improve - implemented appropriate technical and organizational measures to ensure and to be able to demonstrate that the collecting, storing, processing and erasure of personal data are performed in accordance with the applicable legislation and this Data Privacy Policy. These measures are made to prevent personal data against accidental or illegal destruction, changes or deterioration and from unauthorized persons getting access to the personal data.

 

Only employees with an actual need of access to the stored personal data in accordance of their ability, responsibility and liability to fulfill their work obligations are getting this access. 

 

 

7. ERASURE OF PERSONAL DATA

 

 

Nissens is deleting personal data, when Nissens no longer has an occupational need for processing the personal data. The period of storage of the personal data is determined according to the obligations governed by existing legislation, and what is necessary to fulfil agreements with business partners as well as to document relevant information in potential complaint cases and other raised claims against or by Nissens. 

 

 

8. THE RIGHTS OF THE DATA SUBJECT

 

 

The data subject has certain rights, which Nissens as the data controller is obligated to fulfill.

 

The data subject can contact Nissens and get the desired insight into which personal information that Nissens is processing about the data subject, just as the data subject can get wrong personal information corrected. If the data subject wants the personal information deleted, to limit the processing or to make objections against the processing, the data subject can contact Nissens for a dialogue. The data subject can furthermore contact Nissens, if the data subject wishes to exploit the right of data portability.  

 

Questions to Nissens’ processing of personal data or to the Data Privacy Policy in general shall be directed to e-mail: databeskyttelse@nissens.com or dataprivacy@nissens.com

 

 

9. COMMUNICATION PREFERENCES

 

 

Data subjects registering a user account at one of the Nissens platforms:

 

  • Nissens Customer Portal – cp.nissens.com
  • Nissens Support  - support.nissens.com
  • Nissens Training Concept -  ntc.nissens.com

 

must by the first login register their preferences for the potential communication that may be distributed to the platform’s registered users. The preferences regard the following communication forms:

 

Marketing communication

 

Users can agree or disagree to receive marketing communication from Nissens about their product and services, product novelties, launches and updates as well as about special promotions, offers and/or events sent to users by email.

 

Direct contact

 

Users can agree or disagree be contacted by Nissens or/and their local subsidiary employees directly by phone in case they have provided their phone number during the registration process and in case of winning from games and contests published at the ntc.nissens.com platform.

 

Service communication

 

By creating an account at a Nissen platform users agree to receive service emails and to be contacted by other means regarding practical and technical aspects of their activity within the platform. The technical communication will specifically be related to subjects regarding: confirmation and changes in user account settings, passwords recovery, enrollment notifications to games, self-learning modules, live and webinar learning sessions as well as user’s certificates information.

 

 

10. CHANGES IN NISSENS’ DATA PRIVACY POLICY

 

 

Nissens acknowledges the responsibility of regularly reviewing and making improvements and adjustments to the present Data Privacy Policy, especially to continue to provide the necessary security with the development of the IT-environment. Nissens will regularly perform internal follow-ups and updates of this Data Privacy Policy to secure compliance with the applicable legislation.