Privacy Policy

1. Purpose

At FOSS we aim to be a responsible and trusted partner to our customers and business partners. Thus, we do our utmost to ensure that the data we are trusted to manage is processed as safely as possible, respecting the individual’s rights to privacy as well as applicable laws on data privacy, data protection and data security.

This Privacy Policy provides you with an overview of the principles that apply within our group of FOSS companies with regard to collection and processing of personal data. It is meant to inform you about our use of any personal data we collect from you directly, or indirectly via third party data providers.

2. Content

  1. Purpose
  2. Content
  3. Data controller
  4. How we obtain your personal data and how we use it
    • Personal data provided by you
    • Personal data provided to us by third parties
  5. How we protect your personal data and international transfers
  6. How long we will retain your personal data
  7. Managing and Control of Data
  8. Enforcement and Oversight
  9. Your right to lodge a complaint
  10. How to contact FOSS
  11. Changes to this Privacy Policy

3. Data controller

FOSS is a global company and has affiliates all over the world. A list of all FOSS entities and locations can be found here. This Privacy Policy is issued on behalf of the entire FOSS group. Thus, “FOSS”, “we”, “us” or “our” in this Privacy Policy is referring to the relevant company in the FOSS group responsible for processing your data. However, FOSS A/S, Nils Foss Allé 1, 3400 Hilleroed, Denmark, will generally be the data controller unless another FOSS company is stated on the contract and responsible for this Privacy Policy.

4. How we obtain your personal data and how we use it

We collect information about you, including your personal data, when you:

  • Visit our websites.
  • Use our products and services.
  • Contact us / register with us.
  • Attend or register to attend our events (including online events) or other events where FOSS participates.
  • Voluntarily complete customer surveys or participate in competitions.
  • Provide feedback.
  • Supply products or services to FOSS.
  • Have applied to work for FOSS, or are current or former employees of FOSS, or have contracted to work for or on behalf of FOSS.

We may process the following categories of personal data depending on your interaction, consents, and behavior with FOSS:

  • Identity Data: Which may include your first name, last name, username or similar identifier and your job title.
  • Contact Data: Which may include your email address, postal address and telephone number(s).
  • Technical Data: Which may include internet protocol (IP) address, user ID, search history, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites.
  • Usage Data: Which may include your use of our websites, applications, products and services, including data regarding service configurations and applications utilized in connection with the hosted service, support data, operational data, log data, logs of your usage and click activities, logs about your login history, identity confirmation, and the performance results for the hosted service.

5. Personal data provided by you

Use of our products and services as well as newsletters.

FOSS collects personal data from you (Identity Data, Contact Data and Usage Data) when you use our products or services or sign-up for our newsletters for the following purposes:

  • Contractual obligations: To carry out obligations arising from being a registered user of our product and services. The legal basis for processing your personal data for this purpose will be our legitimate interest in entering into a contract with the company you represent in accordance with Article 6(1)(f) of the General Data Protection Regulation (“GDPR”). In this regard, please note that FOSS uses third parties for credit card processing. This intermediary is solely a link in the distribution chain and the third parties are not permitted to store, retain, or use the information provided except for the sole purpose of credit card processing.
  • Improve products: To provide, maintain, protect, and improve our products and services, and to develop new ones. The legal basis for processing your personal data for this purpose will be “contractual need” cf. Article 6 (1) (b) of the GDPR or legitimate interest in being able to provide the best possible services to our customers cf. Article 6 (1) (f) of the GDPR.
  • Send service messages and marketing: To send you personalized communications, which you have requested or that may be of interest to you. This may include information about webinars, events, surveys, and industry news as well as product and service developments. The legal basis for processing your personal data for this purpose will be “legitimate interest” in being able to improve our products and services and to create awareness of our products and services cf. Article 6 (1) (f) of the GDPR. However, direct marketing e-mails will only be forwarded based on a prior marketing consent of the country in question where the recipient is established requires a consent. Please note that FOSS is strongly opposed to sending unsolicited email and that FOSS does not knowingly send out unsolicited email (UCE / Spam).
    • Ensure security as well as develop and improve products and services: Analyze usage trends, improve service and product functionality, detect, investigate, and combat security incidents, and other such deceptive, fraudulent, or malicious behavior against FOSS or its customers, including taking measures to improve FOSS' overall security posture; and detect, investigate, and combat fraud and cyber-attacks as well as develop and improve customers products and services. The legal basis for processing your personal data for this purpose will be “legitimate interest” in being able to ensure appropriate security, to provide the best possible services and develop new services and products as also agreed with your employer in the customer contract cf. Article 6 (1) (f) of the GDPR.
    • Invoicing: Ensure documentation of a purchase (invoices) in accordance with local bookkeeping acts cf. Article 6 (1) (c) of the GDPR.

Visitors of our websites

FOSS collects personal data from you (Technical Data) when you visit our website for the following purposes:

    • Cookies, pixels, and social plugins: To carry out marketing, statistics, establish preferences and provide features through cookies, pixels, and social plug-ins if you have visited our websites. The processing of personal data in relation to necessary cookies takes place based on a contract to be able to use the functions of the website (Article 6 (1) (b) of the GDPR). The processing of personal data in relation to statistical and preference cookies takes place because of our legitimate interest in offering you the best possible products and services (Article 6 (1) (f) of the GDPR). The processing of personal data in relation to marketing cookies, including based on your preferences, takes place based on your prior consent (Article 6 (1) (a) of the GDPR). In addition, we always obtain a valid cookie consent before cookies are placed via your terminal equipment.

Individuals contacting us

FOSS collects personal data from you (Identity Data and Contact Data) when you contact us about our products or services, or provide feedback for the following purposes:

    • To help solve any issues you might be facing or to enter into a contract with you or your company. The legal basis for processing your personal data for this purpose will be “contractual need” cf. Article 6 (1) (b) of the GDPR and our “legitimate interest” in responding to your request and solving the problem of the company you represent in accordance with Article 6(1)(f) of the GDPR.

Attendees or registrants to attend our events (including online events), other events where FOSS participates, or competitions hosted by FOSS

FOSS collects personal data from you (Identity Data and Contact Data) when you attend or register to one of our events or other events in which FOSS participates as well as competitions hosted by FOSS for the following purposes:

    • To carry out obligations arising from being a registered attendee of our event or other events which FOSS participates as well as competitions. The legal basis for processing your personal data for this purpose will be “legitimate interest” as this will allow FOSS to manage and deliver events on topics requested by you and register you in a competition cf. Article 6 (1) (f) of the GDPR.
    • To send you personalized communications, which you have requested or that may be of interest to you. This may include information about webinars, events, surveys and industry news as well as product and service developments. The legal basis for processing your personal data for this purpose will be “legitimate interest” in being able to improve our products and services and to create awareness of our products and services cf. Article 6 (1) (f) of the GDPR. However, direct marketing e-mails will only be forwarded based on a prior marketing consent of the country in question where the recipient is established requires a consent.
    • To send you a prize if you have won a competition. The legal basis for processing your personal data for this purpose will be “legitimate interest” in being able to provide you with the promised prize cf. Article 6 (1) (f) of the GDPR.

Individuals who complete surveys FOSS has published

FOSS collects personal data from you (Identity Data and Contact Data) when you complete surveys we have published for the purpose of:

    • Improving our products and services. In addition, to generally ensure customer satisfaction. The legal basis for processing your personal data for this purpose will be “legitimate interest” in being able to keep statistics and analysis in order to develop and improve our products and services and to contact you if your response indicates that you have had a bad experience with us cf. Article 6 (1) (f) of the GDPR. Participation in the survey is voluntary.

Companies who supply products or services to FOSS

FOSS collects personal data from you (Identity Data and Contact Data) when you supply products or services to FOSS. We will use this personal data:

    • To carry out obligations arising from you providing us products or services. The lawful basis for processing your personal data for this purpose will be “contractual need” cf. Article 6 (1) (b) of the GDPR.
    • To comply with our legal obligations pursuant to special legislation cf. Article 6 (1) (c) of the GDPR.

Individuals who have applied to work for FOSS

We refer to our Privacy Policy that contains information to job applicants on the processing of personal data.

Individuals who are current or former employees of FOSS or have contracted to work for or on behalf of FOSS

FOSS collects personal data from you when you work for FOSS, including first name, last name, username, email address, postal address, telephone number, date of birth, employee identification number, bank details, national, insurance number, emergency contact details and children’s first name, last name and date of birth (for health cover purposes). Proper information has been given to you at the time of collection and can be found in the privacy policy for employees, your local version of the employee handbook and/or the like.

Individuals visiting our social media pages

FOSS has profiles or pages on the following social media:

    • Facebook (Meta Platforms Ireland Ltd.)
      • Facebook’s privacy policy is available here
      • Meta and FOSS are joint data controllers of Facebook pixels, which you can accept via cookies as further described above. Meta’s privacy policy and the information in this section also apply to Facebook pixels, with the exception of the information relating solely to our profile on Facebook.
    • LinkedIn (LinkedIn Ireland Unlimited Company)
      • LinkedIn’s privacy policy is available here 
    • X (Twitter International Unlimited Company)
      • X’ privacy policy is available here (twitter.com).
    • Instagram (Meta Platforms Ireland Ltd.)
      • Instagram’s privacy policy is available here

For LinkedIn, Facebook, and Instagram, FOSS together with the social media providers are joint data controllers for the processing of personal data collected in connection with your interactions with the profiles, including the profiles’ postings.

FOSS and the providers of LinkedIn, Facebook, and Instagram have entered into an agreement on the distribution of the data protection tasks. According to these agreements, FOSS and the social media providers are each responsible for the tasks associated with the processing they each undertake. However, it has been agreed between FOSS and the provider of Facebook and Instagram that the provider is responsible for enabling you to exercise your rights as described in the ‘Your rights’ section below in connection with the use of Facebook and Instagram, and that it is FOSS that is responsible for providing you with the information described below. In addition, it is agreed between FOSS and LinkedIn that LinkedIn is responsible for responding to requests from you regarding the rights described in the ‘Your Rights’ section below.

Collection of personal data

When you visit or interact with our social media profiles, FOSS and the social media provider in question may collect, process and store the following types of personal data about you:

    • Information available on your profile, including your name, gender, marital status, workplace, interests, photo and city.
    • Whether you “like” or have used other reactions to our profile.
    • Comments you leave on our posts.
    • That you have visited our profile.
    • Your IP address.

Purposes of processing

FOSS processes your personal data for the following purposes:

    • Improving our products and services, including our social media profiles and pages.
    • Statistics and analysis.
    • To communicate with you if you comment on a post, leave a review or send us a message.
    • Marketing in general.

The social media providers process, among other things, your personal data for the following purposes:

    • Improving their ad system.
    • To provide FOSS with statistics that social media providers compile on the basis of, among other things, your visit to our profiles and pages.
    • Advertising and personalization of activities on the Site.

Basis for processing

The processing of your personal data is based on the following basis:

    • Legitimate interests: FOSS’ processing of your personal data is based on our legitimate interests in being able to communicate with and market ourselves to you on our social media profiles, as well as our legitimate interest in improving our products and services (Article 6 (1) (f) of the GDPR).

Storage period

Your personal data will be stored for 2 years or as long as publicly available on the page. However, the information may be stored longer in anonymized form. Please refer to the privacy policy of the individual social media providers for information on how long they keep your personal data.

Who do social media providers share your personal data with?

The social media providers may, among other things, share your personal data with the following categories of recipients:

    • Other entities within the group of which the social media provider is part of.
    • External partners providing analysis and survey services.
    • Advertisers.
    • Other individuals who visit our social media profile or page (to the extent your information is publicly available).
    • Researchers and other academics.

You can find more information about who the social media providers share your personal data within the privacy policy of the individual providers.

The social media providers may transfer your personal data to recipients outside the EU/EEA in accordance with applicable data protection legislation. You can read more in the privacy policies of the individual providers.

6. Personal data provided to us by third parties

Visitors to our websites

As you interact with our websites, we also automatically collect Technical Data about you from third-parties through cookies, pixels, server logs and other similar technologies. Please see our cookie pop-up window for further information. You may find the cookie pop-up window by clicking on the icon in the left corner of the website.

We use the websites’ traffic and visitor information to analyse trends, help diagnose problems with our servers, to monitor traffic / usage in order to provide better service and to improve our understanding of the use of the FOSS websites and in order to determine what FOSS services are the most popular. The data is also used to deliver customised content and advertising within the FOSS websites to individuals whose behaviour indicates that they are interested in a particular subject area. The legal bases are stated under “visitors of our websites” above.

7. How we protect your personal data and internal transfers

FOSS is committed to protecting the security of your personal data. Thus, we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed:

    • The personal data we process is stored in data centre certified in ISO27001 Information Security Management and ISO22301 Business Continuity Management. For personal data processed through US-based data centre, we retain full control of the data.
    • We use only recognized, industry-leading hosting partners and market-leading suppliers for software services such as email, CRM, industry surveys etc.
    • When we use consulting partners to support our business we ensure their contractual commitments include compliance with applicable data law(s) and that they maintain the safety and privacy of any client data they may access.
    • We do not share your data with anyone other than the suppliers described above. Hence, we never sell your data.

Data processors: In addition to the above, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such as providers of hosting, satisfaction surveys, marketing tools, cookies, and newsletters. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. In addition, we have put in place procedures to deal with any suspected personal data breach and will, when applicable, notify you and any applicable regulator of a breach.

Independent data controllers: In some special cases, we transfer your personal data to independent data controllers:

    • Lawyers, insurance companies, authorities, police, and courts based on our legitimate interest in being able to establish and defend legal claims cf. Article 6 (1) (f) of the GDPR and in some cases to comply with legal obligations cf. Article 6 (1) (c) of the GDPR.
    • Suppliers of gifts in connection with competitions based on our legitimate interest in being able to provide the promised prize cf. Article 6 (1) (f) of the GDPR.

We also note that your personal data may also be transferred with your prior consent, including to third parties via the cookie consent.

We share your personal data within the FOSS group companies and with third-party service providers both within and outside the EU / EEA. Whenever we transfer your personal data out of the EU / EEA, we ensure a similar degree of protection is afforded to it by ensuring relevant safeguards is implemented. Any transfer of your data outside the EU / EEA will be based on the EU Commission’s Standard Contractual Clauses, or other valid legal basis for such transfer. Transfer of personal data to the USA may also take place based on the EU-US Data Privacy Framework if the company in question is certified. If you have any questions about the basis for transfers to countries outside the EU/EEA, please contact us.

8. How long we will retain your personal data

We will generally retain and process your personal data as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements under applicable law(s). After this period, your personal data will be deleted from all systems. FOSS has additionally established the following specific retention periods:

    • Information regarding employees of customers will generally be stored 5 years after end of termination with customer.
    • Accounting material, including personal data, which we are obliged to store in accordance with is generally stored for up to 6 years.
    • Personal data obtained through cookies and pixels will be stored as long as stated in the cookie pop-up banner (click on the icon in the left corner of the website).
    • If you have consented to receive marketing, you may opt-out at a later date and your data will thus be deleted.

9. Managing and Control of Data

We are committed to ensure that you are in control on how your personal data is used and processed. You can review, edit or delete your personal data free of charge by contacting us directly via your local contact person or FOSS office.

At any time, your rights concerning your personal data are:

    • Request access: You can ask about the personal data we hold about you and we will inform you, free of charge.
    • Request correction: You can request that your personal data is corrected, and we will update the details and inform you when completed, free of charge.
    • Object to processing: You can object to your personal data being processed and we will stop processing your personal data, once no longer required for performance of contract or legal obligations, free of charge.
    • Withdraw consent: You can object to receiving direct marketing communications from us and we will stop all communications, free of charge. Our newsletter can be unsubscribed by clicking on the link at the bottom of the newsletter. Withdrawal of consent will have effect on the future processing of your personal data. Withdrawal of your consent does not affect the lawfulness of the processing we carried out based on the consent before the withdrawal.
    • Request erasure: You can ask for your personal data to be erased, once no longer required for performance of contract or legal obligations, free of charge.
    • Data portability: In certain circumstances, you can request to receive a copy of your personal data as well as to transmit the personal data you have provided to us to another data controller (data portability).

10. Enforcement and Oversight

We have established policies and procedures for compliance with this Privacy Policy and we conduct an annual self-assessment to verify that the attestations and assertions we make about our privacy practices are true and that our privacy practices have been implemented as intended.

11. Your right to lodge a complaint

You have the right to lodge a complaint with your local data protection agency. In Denmark, this is the Danish Data Protection Agency: https://www.datatilsynet.dk/kontakt/.

12. How to contact FOSS

We welcome your comments and questions regarding this Privacy Policy or about FOSS’s privacy practices. Please do not hesitate to contact us via your local contact person or FOSS office to be found here or:

Email: gdpr@foss.dk
Write to: FOSS
Niels FOSS Allé 1
DK-3400 Hilleroed Denmark
Call: Phone: +45 7010 3370

13. Changes to this Privacy Policy

This Privacy Policy does not constitute an agreement between FOSS and you, but instead forms the basis of our duty of disclosure under data protection rules. We reserve the right to make changes to this Privacy Policy from time to time in accordance with applicable data protection laws. In case of changes, the date and version number at the top of the Privacy Policy will be changed. The Privacy Policy in force at any time will always be available via the website. In case of material changes to the Privacy Policy, you will receive an email or other notification with reference to the updated Privacy Policy.

Revision 2.0 (11. June 2024)