It is important for us to protect and respect your privacy when you have chosen to use Maki A/S as a business partner, have visited our website or otherwise have been in contact with us. It is therefore equally important that we process your personal data securely and appropriately so that you can feel confident in the cooperation or the dialogue with us.
What are our offerings
We strive to be among the leading distributors of toys in the Nordic countries. We source a number of well-known toy brands and distribute these to customers ranging from very small toy shops to large chain stores, supermarkets, bookshops etc. primarily in Denmark, Norway, Sweden and Finland. Our website (www.maki.dk) is primarily aimed at our customers (B2B).
What is personal data
Personal data can be many things. It can be a name, an address and a telephone number. It can also be a picture or an IP address. Personal data are all types of information that can be used to identify a person. Therefore, it is not the individual piece of information which determines if something can be called personal data. If a number of data may not individually, but in aggregate can identify a person, they are to be characterised as personal data.
We collect personal data in a number of ways
We collect personal data about you in the following ways:
- When we attend to you as a customer, supplier or partner
- When you are in contact with our employees, e.g. our sales staff or our sales and purchase departments
- When you contact us by e-mail, letter, fax etc.
- When you create a profile on our website
- When you visit our website, Facebook page, YouTube channel, Instagram and LinkedIn profiles, etc.
- When you subscribe to our newsletter
- When you participate in campaigns, competitions or surveys
- When you provide us with the personal data
- When you provide information to third parties with whom we cooperate
- When we buy services and data from other businesses
In the menu below you can see why we do it and on what basis we do it.
How we use your personal data
Here, we inform you further on the following:
- That we collect and use your personal data for specific purposes
- That we delete your personal data when it is no longer needed
- That we check and update your personal data on an ongoing basis
- That we disclose your personal data in certain cases
We collect and use your personal data for specific purposes
The purpose of collecting and using your personal data can be divided into the following categories:
1) The first category contains certain personal data we need to know about you in order to deliver our products and services to you. This could be your name, your address, your phone number and your e-mail address, i.e. necessary identification and contact information. This constitutes our lawful ‘processing basis’. If we cannot process such personal data, we cannot deliver our products and services to you. We may also have another processing basis, e.g. if the law requires us to register and keep certain personal data. That is, for example, personal data to be used for our compliance with tax legislation and the Danish Bookkeeping Act.
If we want to use your personal data for any purpose other than the one for which we collected them because it was necessary, we will inform you that the initial purpose is to be exceeded. We do so before we start and inform you of the reason for it.
2) The second category contains certain personal data which we would like to know about you to allow us to improve our products and services, tailor our communication and marketing to you and otherwise optimise your relation to us, so that we can offer you precisely the products and services you need. That includes also collection of personal data about your activities on our website, including IP addresses and placing of cookies on your computer. It may be necessary for our website to function properly.
We point out that under current Danish law, we have a right to contact you as a customer with offers for our own products like those you have previously purchased from us. This applies if we have received your e-mail address in connection with your purchase and whether or not you have given specific consent to this. If we contact you with such offers, we will clearly present you with the possibility of opting out of similar contacts in the future.
If we want to use your personal data in another way than for which we collected them based on your consent, we always ask for your renewed consent if the initial purpose is to be exceeded. We do so before we start and inform you of the reason for it.
3) The third category contains certain personal data that we keep in order for us to pursue our interests in the future if this is deemed necessary. In this case our processing basis is our ‘legitimate interests’ as understood in the current personal data legislation. It means, among other things, that based on a specific assessment, we keep your personal data for a period. The period and the extent of the personal data in this processing are determined based on the criteria you can see in the section ‘We delete your personal data when it is no longer needed’ below.
We delete your personal data when it is no longer needed
For the purpose of providing you with the best possible service, we estimate when we no longer need your personal data. When we no longer need the personal data according to the purpose for which we collected it, we delete it.
We attach importance to:
- How long time has passed since we had a permanent relation to you either as a customer, supplier or partner
- Whether there has been any dialogue or correspondence since then
- Whether we have experienced that you have contacted us regularly, e.g. every three months to order new products as we want to give you the best possible service
- Whether you have given us consent to store the personal data, for later sales promotion
We must store some personal data for at least five years for the purpose of legislation, i.e. the Danish Bookkeeping Act. This could be personal data for issuing invoices so that we can settle tax and VAT correctly and provide documentation to the authorities. We do so to safeguard our financial interests and legal position if someone would think that we have acted actionably. In such case we must be able to document what personal data we have received; which agreement was concluded with the customer and what we have done in relation to the customer so that we can safeguard our interests. We ‘clean’ the documents of the personal data which are not necessary for that purpose.
We check and update your personal data on an ongoing basis
We check on an ongoing basis that the personal data we process about you are not incorrect or misleading. We do that by regularly asking you to confirm the personal data we have registered. You can, and we encourage you to, always use the contact information at the bottom to notify us of your changes, so that we consistently have the correct data about you.
We disclose your personal data in these cases
We do not sell, publish or otherwise disclose your personal data to others, unless:
- it is necessary for us to sell our products or perform our service to you, or
- it is necessary for us to comply with the law, or
- you have given us your consent, or
- it is as part of our use of processors, both inside and outside the EU
If it is necessary. We cooperate with selected and trusted partners to deliver our products and services to you, i.e. our own companies in the group, partners, sub-suppliers and processors.
We disclose the necessary personal data to them so that in overall terms we can provide our services to you. This could be the delivery of products to your address, purchase of products or outsourcing of our IT systems. It may also be the Central Office of Civil Registration so that we can update any changes to names or addresses in databases about our customers.
If you have given your consent. We disclose personal data to businesses, organisations or individuals outside our business and group if we have your consent. Your consent and thus the disclosure to our partners mean that our partners may contact you for the purpose of sales and marketing.
You can always object to this form of disclosure, and you can also opt out of contacts for marketing purposes in the Central Office of Civil Registration.
If required by law, or in order to protect ourselves, a partner or a third party. In certain cases, the law allows us to disclose your personal data without your consent. Sometimes wemustdo it. Sometimes wecando it. To the extent permitted by law, we can disclose personal data for either protecting or enforcing our rights. The same applies to rights belonging to our partners and third parties. Examples where it can be relevant include the prevention of fraud or other criminal acts.
Our use of processors, both within and outside the EU. We obtain your consent before we disclose your personal data to partners in third countries unless the said partners serve as our processors. A third country can be e.g. certain countries in Africa. The US is not a third country due to what is known as the Privacy-Shield agreement between the US and the EU if the company in the US has acceded to the Privacy-Shield agreement.
If we disclose your personal data to third countries, we have ensured that their level of protection of personal data matches the requirements made by us in this policy and the requirements we are subject to in relation to the law.
You have many rights
In this section, you can read that you have a number of rights in connection with our processing of your personal data, among other things that you have:
- The right to have incorrect personal data rectified
- The right to access your personal data and receive a copy
- The right to have your personal data erased
- The right to request limitation
- The right to object to processing
- The right to withdraw consent
- The right to request information about transfer to countries and organizations outside the EU
- The right to avoid profiling
- The right to file a complaint about our processing of your personal data
If you want to know more, or exercise your rights, we ask you to contact us via the contact person data at the bottom.
The right to have incorrect personal data rectified
We check that the personal data we process about you are not incorrect or misleading. We do that by regularly asking you to confirm the personal data we have registered. You have the right to have rectified (corrected) your personal data which we hold.
The right to access your personal data and receive a copy
You always have the right to access the personal data we have registered about you and receive a copy of the personal data. You can also be informed of the purposes of the processing, for how long we keep your personal data, if we make automated decisions (including profiling), to whom we disclose the personal data and from where we have the personal data. However, this does not apply if you are already aware of the personal data.
We point out that the right to access may be limited by regard for the protection of the personal data of other persons and our trade secrets.
The right to have your personal data erased
You always have the right to require that your personal data kept by us be erased. If we no longer have a purpose for keeping the personal data, we will erase them as soon as possible after your request.
The right to request limitation of the processing
You are always entitled to request us to limit the processing of your personal data.
The right to object to processing
You are always entitled to object to our processing of your personal data. This covers the right to object to our use of the personal data for marketing purposes. We will consider your objection, as soon as possible.
The right to withdraw consent
You can always withdraw the consent(s) that you have given us.
The right to request information about transfer to countries and organisations outside the EU
Currently, we do not transfer personal data to a country outside the EU.
The right to avoid profiling and that we make automated decisions
You always have the right to avoid that we make profiles of you and your personal data or make automated decisions.
We make every effort to ensure that your personal data are processed safely and that your rights are protected optimally, and we regularly review our procedures and the handling of personal data.
If, against expectation, you think that we do not process your inquiry and your rights in compliance with the law, we ask you to contact us, either by e-mail with the text ‘complaint’ in the subject field. You can write to us at firstname.lastname@example.org. We will then pass on your inquiry to a senior employee in our company, so that any misunderstandings and misconceptions can be clarified.
If you still think that we do not process your inquiry and your rights in compliance with the law, you can complain to the Danish Data Protection Agency:
Datatilsynet (the Danish Data Protection Agency)
DK-1300 Copenhagen K
Telephone: + 45 33 19 32 00
Even though we are indeed very fond of children at Maki A/S, our business is aimed at businesses and adults. We do not intentionally collect personal data from and about children.
We realise that e.g. children’s use of electronic devices can never mean with 100% certainty that we do not receive personal data about children. We have attempted to design our systems in the best possible way, so that we cannot receive personal data from children, and we erase the personal data immediately if we become aware that we have unintentionally received personal data about children.
If you are a parent or guardian and believe that your child has given personal data to us intentionally or unintentionally, we ask you to contact us as soon as possible via our contact person data at the bottom.
How we store your personal data?
We are obliged to protect your personal data. Both because it follows from legislation, but also because our own internal ethical rules require us to take proper care of your personal data. We use relevant and adequate technical and organisational security measures to ensure that no unauthorised access is created for the personal data which we keep. The purpose is to ensure that the personal data is not used, destroyed, changed, published or is otherwise misused.
In this section you can read that:
- We have internal rules on data security relating to personal data
- We have implemented IT technical measures
- User conduct is important to ensure an adequately high security level
- We inform affected persons if a risk occurs of one or more actual personal data breaches
We have internal rules on data security that contain guidelines and procedures
That includes that personal data is only accessible to employees who need it. We also ensure ongoing information and training of our employees in relation to correct handling of personal data and make sure that the employees adhere to the rules. All our employees are covered by a general duty of non-disclosure, that extends to personal data, in our contracts of employment.
In terms of IT, we have implemented the following measures:
- Installed anti-virus programs on all IT systems that process personal data
- Installed passwords on computers with a demand for regular renewal
- Ongoing backup of all IT systems that process personal data
- Limitation of the access to personal data, so that only employees who need it have access, and only to the extent necessary
- An investigation into whether the personal data which we use can be used in an anonymised or pseudonymised form. We will do that if it does not adversely affect our service and obligations to you
- Entered into data processing agreements with suppliers who process personal data on our behalf, so that we ensure that the processing is made in compliance with the law and our own rules and ethical standards
Risks and disclaimer
The greatest risk of misuse of personal data is people’s own conduct. It is up to the individual person to take proper care of its own personal data (e.g. never disclose passwords to others), and it is up to our company to take into account human intervention. Although we have taken the above measures to limit risks of processing personal data, it cannot be a 100% guarantee that unintended events do not occur.
Therefore, we disclaim liability for any loss resulting from unintended events relating to our use and processing of your personal data to the extent we can do so under current legislation. Thus, we will not accept liability for losses of any kind that occur in relation to the use of our business, our products and services, our website, systems, apps and other software to the extent that we can do so under current legislation.
We recommend that you also initiate measures to protect your personal data. You can do that by closing your browser after use, by logging out of all accounts after use, by installing anti-virus and anti-malware and other software that may improve the security on your computer.
We recommend that you update software, the apps you use, your computer and mobile devices on an ongoing basis and never disclose your password to others.
As mentioned, we have taken many measures to ensure the processing of your personal data. Should our IT systems and other security measures nevertheless be compromised, we will inform you without undue delay if the compromising entails a high risk relating to your rights and freedoms.
Links to other service providers
On our website and in other communication from us, there may be links to the websites of other businesses that do not belong to our company. We are not responsible for the contents of these websites, and our personal data policy does not apply to the websites of these businesses.
Our company is the controller and ensures that your personal data are processed in compliance with the law:
CVR no. 18 72 23 99
Haarupvej 22 D
Telephone number: +45 4447 6603