Data protection policy
Send an e-mail to:
We are under an obligation to protect the confidentiality, integrity and accessibility of our customers’, suppliers’, partners’ and employees’ data, including personal data. Protecting personal data is essential to us, and we are continuously working on ensuring compliance with applicable data protection legislation, including the General Data Protection Regulation (GDPR).
When Implement processes personal data in connection with the provision of consultancy services, we consider ourselves a data processor, as we process personal data on behalf of our customers and in accordance with customer instructions. The customer and Implement enter into a data processing agreement containing instructions, terms and conditions for Implement’s processing of personal data.
This data protection policy contains information on Implement’s processing of personal data, when we are the data controller. More information on this may be found below.
The data controller for Implement’s processing activities is the company within the Implement group of companies which determines the purposes and means of the processing of personal data.
The company details for all of the Implement group of companies may be found here.
You can read more on the categories of personal data that we process for which purposes and on which legal grounds in the table below:
Personal data may be disclosed to other Implement group companies in accordance with the terms laid down in Implement’s intragroup data processing agreement.
Personal data may also de disclosed to subcontractors who are directly involved in the project for the customer.
Implement Consulting Group P/S, CBR: 32767788 (Denmark).
Implement Consulting Group AG (Zurich, Switzerland) for marketing activities aimed at data subjects in Switzerland.
Persons reporting incidents through the whistleblower system.
Internal and external persons who have information on the reported incident.
Reports beyond the scope of the whistleblower system will be erased as soon as the investigation has been completed.
Reports giving rise to action will be erased five years after the matter has been finally resolved.
Implement may disclose personal data to external legal counsel. In case of criminal offences, personal data may be disclosed to the police. Finally, Implement will disclose to public authorities where we are under a legal obligation to do so.
Non-sensitive personal data, i.e. name, position, contact details, educational and professional background, any other personal data which the applicant provides, references.
Personal data about criminal offences, including the applicant’s criminal record.
Processing of non-sensitive personal data is necessary in order for Implement to pursue its legitimate interests in being able to recruit applicants to positions at Implement Consulting Group, GDPR, Article 6(1)(f).
Personal data is processed where necessary to take steps at the request of the applicants prior to entering into a contract, cf. GDPR, Article 6(1)(b).
We process personal data collected from references, provided that the applicant has consented to this, cf. GDPR, Article 6(1)(a).
We process personal data on criminal records if it is necessary for the purpose of a legitimate interest in ensuring that the applicant is suited for the position at Implement, cf. GDPR, Article 10, cf. Data Protection Act, Section 8(3).
Six months after the date on which the applicant was rejected.
If the applicant is employed by Implement, the processing of personal data will continue during the employment period.
We process personal data about visitors obtained from video surveillance for security purposes. The processing of personal data is necessary to pursue our legitimate interest in ensuring a high level of security, cf. GDPR, Article 6(1)(f) and GDPR, Article 10, cf. Data Protection Act, Section 8(3).
In case we process sensitive personal data, it is necessary for the establishment, exercise or defence of legal claims, cf. GDPR, Article 9(2)(f). In the areas where we use video surveillance, we inform visitors about such surveillance in accordance with the Danish TV Surveillance Act, Section 3(1). All recordings are stored securely and are only viewed if there are reasonable grounds for doing so, e.g. in case of an incident, and in such case only by selected persons. The recordings are automatically overwritten after five days, unless a problem is identified which requires investigation.
Personal data will only be disclosed to the police when an issue requiring investigation (e.g. theft) has occurred.
You can read more about the cookies we use here.
Data security is a high priority at Implement. We work seriously and professionally with information security, and we base our work on internationally recognised security standards. We have implemented security measures to ensure data protection of customer data, personal data and other confidential data. We conduct regular internal follow-ups in relation to the adequacy and compliance of policies and measures.
We occasionally use other third parties, such as subcontractors, in connection with the provision of our services. Such third parties may be granted access to personal data in order for them to be able to provide the agreed service. Implement enters into data protection agreements that are necessary in order to ensure that security is in place to protect data and comply with our data protection obligations.
Implement also uses sub-data processors as part of our day-to-day IT operations. This means that personal data are processed by Implement’s sub-data processors. These sub-data processors are located within the EU. There are data processing agreements in place between Implement and all sub-data processors to ensure that all processing takes place in accordance with Implement’s instructions and is subject to the necessary security requirements.
As a data subject, you have certain rights pursuant to the General Data Protection Regulation. Your rights may be summarised as follows:
For further information on your rights as a data subject, please refer to the Danish Data Protection Agency’s website (www.datatilsynet.dk), where you will find further guidelines.
When we process personal data based on your consent, you have the right to withdraw your consent at any time. Please contact us to withdraw consent for our processing of your personal data.
We acknowledge that transparency is an ongoing responsibility. Therefore, we will continually review and update this data protection policy in order to ensure our compliance with applicable personal data law from time to time.
The data protection policy was updated in November 2018.
Please contact us if you would like to exercise your rights as described above, or if you have questions about our processing of your personal data or this data protection policy.
Implement Consulting GroupCBR: 32767788Attn.: email@example.comStrandvejen 54, 2900 HellerupTel: +45 4586 7900
You may also get in touch with your contact person at Implement, who will be able to help you contact the right person.
If you wish to complain about our processing of personal data, please send an email with the details of your complaint to firstname.lastname@example.org. We will handle your complaint and get back to you.
You also have the right to lodge a complaint about your rights and Implement’s processing of your personal data to the Danish Data Protection Agency. For further information on how to lodge a complaint to the Danish Data Protection Agency, please consult their website: www.datatilsynet.dk.
The applicable statutory rules for Implement’s processing of your personal data may be found in:
Implement Consulting Group