Privacy Policy

Purpose of this policy 

At FOSS we aim to be a responsible and trusted partner to our customers and business partners. Thus, we do our utmost to ensure that the data we are trusted to manage is processed as safely as possible, respecting the individual’s rights to privacy as well as applicable laws on data privacy, data protection and data security.  
 
This policy provides you with an overview of the principles that apply within our group of FOSS companies regarding collection and processing of personal data. It is meant to inform you about our use of any personal data we collect from you directly, or indirectly via third party data providers. 

Content 

  • How we obtain your personal data and how we use it
    • Personal data provided by you
    • Personal data provided to us by third parties
  • How we protect your personal data and international transfers
  • How long we will retain your personal data
  • Managing and Control of Data
  • Enforcement and Oversight
  • Your right to lodge a complaint
  • How to contact FOSS
  • Changes to this Privacy Policy 

How we obtain your personal data and how we use it 

We collect information about you, including your personal data, when you: 

  • Visit our websites
  • Use our products and services
  • Contact us/register with us
  • Attend or register to attend our events (including online events) or other events where FOSS participates
  • Voluntarily complete customer surveys or participate in competitions
  • Provide feedback
  • Supply products or services to FOSS, have applied to work for FOSS, or are current or former employees of FOSS, or have contracted to work for or on behalf of FOSS 

The personal data fall within the following groups of information: 

Identity Data, which may include your first name, last name, username or similar identifier and your job title. 

Contact Data, which may include your email address, postal address, and telephone number(s). 

Technical Data, which may include internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites. 

Personal data provided by you 

Use of our products and services

FOSS collects personal data from you (Identity Data and Contact Data) when you use our products or services. We will use this personal data: 

To carry out obligations arising from being a registered user of our product and services. The legal basis for processing your personal data for this purpose will be our legitimate interest in entering into a contract with the company you represent in accordance with Article 6(1)(f) of the General Data Protection Regulation (“GDPR”). In this regard, please note that FOSS uses third parties for credit card processing. This intermediary is solely a link in the distribution chain and the third parties are not permitted to store, retain or use the information provided except for the sole purpose of credit card processing. 

To provide, maintain, protect, and improve our products and services, and to develop new ones in accordance with Article 6(1)(f) of the GDPR. 

To send you personalized communications, which you have requested or that may be of interest to you. This may include information about webinars, events, surveys, and industry news as well as product and service developments. The legal basis for processing your personal data for this purpose will be “legitimate interest” in accordance with Article 6(1)(f) of the GDPR. 

Individuals contacting us 

FOSS collects personal data from you (Identity Data and Contact Data) when you contact us about our products or services, register for our newsletter, participate in competitions, or provide feedback. We will use this personal data:  
 
To help solve any issues you might be facing. The legal basis for processing your personal data for this purpose will be our “legitimate interest” in responding to your request and solving the problem of the company you represent in accordance with Article 6(1)(f) of the GDPR.  
 
To send you personalized communications, which you have requested or that may be of interest to you. This may include information about webinars, events, surveys, and industry news as well as product and service developments. The legal basis for processing your personal data for this purpose will be your “consent” in accordance with Article 6(1)(a) of the GDPR.  
 
Please note that FOSS is strongly opposed to sending unsolicited email and that FOSS does not knowingly send out unsolicited email (UCE / Spam). 

Attendees or registrants to attend our events (including online events) or other events where FOSS participates 

FOSS collects personal data from you (Identity Data and Contact Data) when you attend or register to one of our events or other events in which FOSS participates. We will use this personal data: 

To carry out obligations arising from being a registered attendee of our event or other events which FOSS participates. The legal basis for processing your personal data for this purpose will be “legitimate interest” as this will allow FOSS to manage and deliver events on topics requested by you in accordance with Article 6(1)(f) of the GDPR. 

To send you personalized communications, which you have requested or that may be of interest to you. This may include information about webinars, events, surveys, and industry news as well as product and service developments. The legal basis for processing your personal data for this purpose will be “consent” in accordance with Article 6(1)(a) of the GDPR. 

Individuals who complete surveys or participate in competitions FOSS has published 

FOSS collects personal data from you (Identity Data and Contact Data) when you complete surveys we have published. We will use this personal data: 


To send you personalized communications, which you have requested or that may be of interest to you. This may include information about webinars, events, surveys and industry news as well as product and service developments. The legal basis for processing your personal data for this purpose will be “consent” in accordance with Article 6(1)(a) of the GDPR. 

Companies who supply products or services to FOSS

FOSS collects personal data from you (Identity Data and Contact Data) when you supply products or services to FOSS. We will use this personal data: 

To carry out obligations arising from you providing us products or services. The legal basis for processing your personal data for this purpose will be “contractual need” in accordance with Article 6(1)(b) of the GDPR. 

Individuals who have applied to work for FOSS 

We refer to our privacy policy that contains information to job applicants on the processing of personal data. 

Individuals who are current or former employees of FOSS or have contracted to work for or on behalf of FOSS

FOSS collects personal data from you when you work for FOSS, including first name, last name, username, email address, postal address, telephone number, date of birth, employee identification number, bank details, national insurance number, emergency contact details and children’s first name, last name, and date of birth (for health cover purposes). Proper information has been given to you at the time of collection and can be found in the privacy policy for employees, your local version of the employee handbook and/or the like.  

Personal data provided to us by third parties 

Visitors to our websites: 

As you interact with our websites, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookie Policy. 

We use the websites’ traffic and visitor information to analyze trends, help diagnose problems with our servers, to monitor traffic / usage to provide better service and to improve our understanding of the use of the FOSS websites and in order to determine what FOSS services are the most popular. The data is also used to deliver customized content and advertising within the FOSS websites to individuals whose behavior indicates that they are interested in a particular subject area. The legal basis for processing your personal data for this purpose will be our “legitimate interest” in accordance with Article 6(1)(f) of the GDPR, however, depending on the cookies placed it may also be your “consent” in accordance with Article 6(1)(a) of the GDPR. 

How we protect your personal data and international transfers 

FOSS is committed to protecting the security of your personal data. Thus, we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered or disclosed:  
 
The personal data we process is stored in data center certified in ISO27001 Information Security Management and ISO22301 Business Continuity Management. For personal data processed through US-based data center, we retain full control of the data.  
 
We use only recognized, industry-leading hosting partners and market-leading suppliers for software services such as email, CRM, industry surveys etc.  
 
When we use consulting partners to support our business, we ensure their contractual commitments include compliance with applicable data law(s) and that they maintain the safety and privacy of any client data they may access  
 
We do not share your data with anyone other than the suppliers described above. Hence, we never sell your data.  
 
In addition to the above, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. In addition, we have put in place procedures to deal with any suspected personal data breach and will, when applicable, notify you and any applicable regulator of a breach.  
 
We share your personal data within the FOSS group and with third-party service providers both within and outside the EU / EEA. Whenever we transfer your personal data out of the EU/EEA, we ensure a similar degree of protection is afforded to it by ensuring relevant safeguards is implemented. Any transfer of your data outside the EU/EEA will be based on the EU Commission’s Standard Contractual Clauses or other valid legal basis for such transfer.  

Video surveillance 

FOSS has installed video surveillance in certain targeted areas of its business premises such as parking lots, productions sites, stairways, foyer, etc. The surveillance areas are clearly marked with signs. 

The purpose of video surveillance is to ensure safety and compliance with applicable requirements, cf. Article 6(1)(f) of the GDPR and Section 8(3) of the Danish Data Protection Act. 

Recordings will only be accessed in case of suspicion of criminal actions, violations of internal guidelines or internal/external audits. The recordings may be disclosed to the Police for criminal investigations if the personal data are processed for the purpose of safeguarding public or private interests which clearly override the interests of secrecy, cf. Section 8(4) of the Danish Data Protection Act or if the disclosure is otherwise required by law. If disclosure is necessary for other purposes than the above mentioned, we will ask you to consent to such disclosure if you are part of the recordings. 

Recordings from video surveillance which has been conducted for the purposes of preventing crime are deleted or anonymized no later than after the recording has taken place, unless is it necessary for FOSS to keep the recordings for the purpose of dealing with a specific dispute, e.g. in relation to solving crime. Recordings from video surveillance which has been conducted for other purposes will be deleted when it no longer serves a purpose to store the information. 

How long we will retain your personal data 

We will retain and process your personal data as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements under applicable law(s). After this period, your personal data will be deleted from all systems. 

If you have consented to receive marketing, you may opt-out at a later date and your data will thus be deleted. 

Managing and Control of Data 

We are committed to ensure that you are in control on how your personal data is used and processed. You can review, edit or delete your personal data free of charge by contacting us directly via your local contact person or FOSS office. 

At any time your rights concerning your personal data are: 

Request access. You can ask about the personal data we hold about you and we will inform you, free of charge. 

Request correction. You can request that your personal data is corrected, and we will update the details and inform you when completed, free of charge. 

Object to processing. You can object to your personal data being processed and we will stop processing your personal data, once no longer required for performance of contract or legal obligations, free of charge. 

Withdraw consent. You can object to receiving direct marketing communications from us and we will stop all communications, free of charge. 

Request erasure. You can ask for your personal data to be erased, once no longer required for performance of contract or legal obligations, free of charge. 

Enforcement and Oversight 

We have established policies and procedures for compliance with this policy and we conduct an annual self-assessment to verify that the attestations and assertions we make about our privacy practices are true and that our privacy practices have been implemented as intended. 

Your right to lodge a complaint 

You have the right to lodge a complaint with your local data protection agency. In Denmark, this is the Danish Data Protection Agency: https://www.datatilsynet.dk/kontakt/ 

How to Contact FOSS

We welcome your comments and questions regarding this Privacy Policy or about FOSS’s privacy practices. Please do not hesitate to contact us via your local contact person or FOSS office to be found here or: 

Email: gdpr@foss.dk 

Write to: FOSS 

Nils Foss Allé 1 
DK-3400 Hilleroed Denmark 
Call: Phone: +45 7010 3370 

Changes to this Privacy Policy 

We keep our Privacy Policy under regularly review and we will place any updates on this webpage. Our Privacy Policy was last updated on 28 April 2022 and historic versions can be obtained by contacting us.