Data Privacy & Security
Introduction: It is important to us that you feel safe in using our services. To this end, it is important that you understand what personal information (“Data”) we collect, store and process when you use our Services. Therefore, we have this clear and fair privacy policy (“Policy”).
Consent. By using our software/website/app and connected services (jointly the “Services”), you are entering into a binding contract with Leapcraft ApS, (Danish company reg. no. 35472762), a Danish limited liability company having its registered offices in Denmark (“Company”). As part of the agreement, you consent to this Policy and its terms.
Your Age. Guardianship. As part of consenting to this Policy, you warrant that you are at least sixteen (16) years old and not under guardianship or that you have ensured your custodians’ or guardians’ express consent to this Policy.
Responsible Data. To protect your Data, Company will responsibly and continuously evaluate and monitor for risks to your fundamental rights connected to Company’s collection, storage and processing of your Data. Company will especially take into account any risks that you could be discriminated against, become the victim of identity theft, suffer economic or reputational losses and breach of data confidentiality.
Later Changes to Policy. Company may, at its sole discretion, make changes to the Policy. If any such changes are considered material by Company, you will receive prior notice of such changes and may need to accept such changes for continued use of the Services.
Data Controller. Company is the data controller, and it is Company who collects, stores and processes the Data. Company is also responsible for addressing any questions that you might have in connection with Data relating to you.
Contact information for Company:
Leapcraft ApS, Strandgade 54, 1401, Copenhagen K. Denmark.
Purpose of Data. The purpose of collecting, storing and processing your Data is (i) to identify you as the user, (ii) to optimize and improve the Services and the Company’s business, (iii) to better service you and other users, (iv) to abide applicable law and regulations, (v) to enforce the agreement between you and Company, (vi) to protect the rights, safety and property of Company, the users and others, and (vii) to create statistics, reports and conduct data mining.
Legal Basis. The Data is collected, stored and processed pursuant to EU Regulation 2016/679 article 6, meaning that the legal basis for the Data processing is (a) your express consent and (b) the necessity for fulfillment of our mutual contractual obligations.
Legitimate Interests. Company’s legitimate interests in your Data consists of: air quality, meteorology, occupancy, thermal, acoustics, building data & traffic flow.
Data Collected and Processed. Company collects and processes the following types of Data in connection with your use of the Services:
- Personal information that you provide via the Services. This can for example be name, contact information, email address, geo location, IP address
- Information about use of the Services. This can for example be data from sensors, building & city infrastructure.
- Information from interactions with other third-party services. Company receives data on the interaction between the Services and certain other third-party services (including mapping services, weather services), such information can include data on geo location, meteorological conditions, energy use, traffic flow etc.
Other Sources of Data. Company may also receive such Data pertaining to you from other sources, in particular from: building management systems, traffic management systems etc. When Company receives Data from other sources, Company will ensure that the Company’s intended use of such Data is in accordance with the purposes for which they were collected by the other source(s) and, if this is not the case or cannot reasonably be determined, firstly provide you with necessary information and the opportunity to object.
Excluded Data. Company will not collect Data on race, ethnicity, political views, religious views, philosophical views, union relations, sexual relations or preferences, biometry, genetics, health records, criminal records or severe social problems, unless you choose to actively provide such Data via the Services, in which case Company will not make use of or transfer such Data.
Storage Time. The Data mentioned will generally be stored for five (5) years or as prescribed by applicable law. If Data is relevant or necessary for purposes of your ongoing use of the Services, the Data will generally be stored for five (5) years after your last use of the Services. No later than at the end of the said period, Company will delete or make your Data anonymous. Company may also do so at an earlier time if Company deems that retaining the Data in a non-anonymous form no longer complies with the purpose(s) for which it was collected.
Anonymous Data. The Policy does not cover Data rendered anonymous. If Data rendered anonymous become no longer anonymous (i.e. individuals are again identifiable), then this Policy shall apply.
Incorrect Data. If Company becomes aware that Data is incorrect or misleading, Company will delete or amend the Data.
Cookies. Company may use “cookies” or similar technology to store data on your computer, mobile device or other connected device. Company gathers certain information automatically by the use of cookies and tracking technologies such as Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, the files viewed on our site (e.g. HTML pages, graphics), operating system, date/time stamp, and/or clickstream data to analyse trends in the aggregate and administer site. Company may also link information stored on your device in cookies with data stored on our servers. If you set up your web browser or device so that cookies and similar are not allowed, you might not be able to use some or all of the features of the Services.
Reports. Statistics. Data Mining. You should be aware that Company may choose to use your Data and other users’ Data to generate reports, statistics and data mining results with the purpose of utilizing it for the purposes stated herein or selling or otherwise transferring such results to third parties. In such case, your Data will, as far as possible, be made anonymous.
Direct Marketing. Company will not use your Data for direct marketing purposes unless you have actively requested that Company use the Data for such purposes. Also, Company will not disclose your Data to third parties for the purpose of allowing them to market their products or services to you.
Automated Decision-Making. Profiling. Company will not use your Data for automated decision-making (including profiling) unless you have actively requested that Company use the Data for such purposes. Also, Company will not disclose your Data to third parties for the purpose of allowing them to conduct automated decision-making (including profiling).
Your Rights. You have all the rights afforded to you under the law, including:
- Insight. You are entitled to be informed of what Data the Company collects in relation to you as well as access to such Data. However, access to the Data may be limited due to other persons’ privacy rights and due to confidentiality concerning intellectual property rights (including trade secrets).
- Correction. You are entitled to demand amendments or deletion of Data pertaining to you that is gathered by Company and found to be incorrect or misleading.
- Objection. You can object to Company gathering Data pertaining to you and you can withdraw your consent pursuant to this Policy if consent is the basis for the collection and processing.
- Deletion. You can demand that your Data is deleted without undue delay if the purpose for which the Data is being processed is no longer legal or appropriate.
- Objection to transfer. You are entitled to object against your Data being transferred to third parties.
- Receipt and transmission. You are entitled to receive your Data in a structured, commonly used and machine-readable format and have the right to transmit that Data to another controller. If technically feasible, you can ask that the Data be transferred directly to another data controller.
- Compensation. You are entitled to be compensated for damages or losses caused due to violation of applicable law, in particular of EU Regulation no. 679/2016.
Use of Rights. You may use your rights by contacting Company as provided herein. However, use of the Services and provision of Data to Company is voluntary, and if you object to Company gathering and processing your Data or demand deletion of all or substantially all of your Data, Company might not be able to, or may refuse to, continue providing the Services to you.
Recipients of Data. In accordance with this Policy and applicable law, Company may transfer and disclose Data to the following recipients within the European Union: Public authorities, Company’s business partners and associates, other companies in the Company group, Company’s customers, suppliers and contractors. If and before Company transfers any Data pertaining to you, Company will check whether you have asked that your Data not be transferred to any third party. Company will also ensure that necessary safety requirements are in place for such transfers.
Transfer of Data to Third Countries. Data will not be transferred to such recipients as listed in the previous clause, residing in countries outside of the European Union.
Security Measures. Company provides physical, electronic, and procedural safeguards to protect Data that Company collects and processes. When communicating Data electronically, Company will encrypt such Data.
Complaints. Apart from complaining directly to Company, you are also entitled to complain to the Danish Data Protection Agency (“Datatilsynet”). You can do so online via its homepage (www.datatilsynet.dk) or you can write the Agency:
Datatilsynet, Borgergade 28, 5., 1300 Copenhagen K, Denmark
If you are residing or working in another EU member state or believe that a violation of your rights has taken place outside of Denmark, you may also file complaint with the local data protection agency at such place.
Notice to persons outside of Denmark. Company’s operations are located primarily in Denmark. If you provide Data to us, the Data will be transferred out of your country to Denmark.