CIMCO A/S takes your privacy seriously and is committed to protecting your privacy rights. We want you to know why we collect your personal information, what we collect, how we use it, and for how long we store it. We also want you to know how you can access, amend, correct, and in some cases delete your information.
1. Who we are
When we speak of CIMCO, we mean CIMCO A/S and all subsidiaries.
2. Why we collect information
- We collect personal information when you request our content marketing assets, in order to provide useful content and follow up on its effectiveness for marketing purposes.
- We collect information when you contact us to respond to your request, question, or issue, and to follow up on the resolution.
- Our advertising partners collect information about your behaviour on our websites in order to deliver interest-based advertising on our behalf. We do not share any personal information with these partners, but you may have shared information with them if you have signed up for any of their services (such as LinkedIn).
- We collect information when you buy and/or use our software or services. We do this to be able to deliver our services, to send you important operational information, for contractual reasons, to process financial transactions, and for legal and regulatory reasons.
- If you are a CIMCO partner, we collect information to enable you to resell and provide services around our software and services, and to fulfil our contractual obligations to you as a partner.
- We may also collect information to prevent and detect crime, fraud or corruption.
3. What we collect
- Most often, we collect name, email, phone, address, job title, company.
- If you are CIMCO customer, we may collect which products and services you use.
- If you sign a contract with CIMCO, we may collect further details such as your signature or other proof of identity, the IP address (if signing a contract digitally).
- We collect other data you have provided while contacting us, especially when using forms for booking a demo, downloading documents or signing up for newsletters on our website.
- We collect data that you have sent to us through an online survey, event attendance application, support ticket, or job application.
- We collect anonymous information sent by your browser when you visit our websites, including IP address, operating system, and browser version. If you identify yourself by filling out a form, some data (such as what pages you view on our websites) will be connected to your personal information.
- In case we offer publicly accessible message boards, blogs, and community forums, you should keep in mind that if you directly disclose any information in these, this information may be collected and used by others.
3.1 Information we and partners collect when you browse our website:
- We cannot tell who you are unless you willingly identify yourself on our websites.
- If you at some point have identified yourself by filling out a form on our websites, pages you view on our websites may be connected to your personal information. We do this to understand the effectiveness of our website.
- We set a cookie and use local storage in your browser that contains information that we use to identify you between visits. In particular, we set an identifier that identifies you for the functional site features described below:
- Google Analytics: We use Google Analytics to analyse the performance of our websites and follow up on the effectiveness of our marketing efforts.
- YouTube: We use YouTube to store videos that we show on our website. YouTube uses a cookie to collect anonymous viewing information that we use to find out how videos are being viewed.
- LinkedIn: for you to easily share articles from our website to linkedIn.
- Sharpspring: Opt-in forms that visitor fills out to be contacted and to obtain access to content such as white papers. The registered user email will be linked to the IP address, that Sharpspring uses to recognize the user during their next visit to our website.
- Microsoft Dynamics 365 for Marketing: Opt-in forms that visitor fills out to be contacted and to obtain access to content such as white papers. The registered user email will be linked to the IP address, that Microsoft Dynamics 365 for Marketing uses to recognize the user during their next visit to our website.
- Google Adwords, Doubleclick and Google’s display ads.
- LinkedIn Ads.
- Also see the section on opting out of marketing and web tracking.
3.2 Information we collect when you fill out a form on our websites
- When you submit a form on our websites, we collect the information that is listed in the form – typically your name, email address, company name, phone number, and survey questions about the nature of your company. If you are based in a country within the European Union, you may also get the option to opt in to our email newsletter. If you are a non-EU individual, you will receive our newsletter if you sign up for an asset, demo, or webinar.
- If you have filled out a form on our websites, we may collect the URLs of any pages viewed or links clicked on our websites and connect them to your profile. We do this to better understand your needs.
- If you open or click a link in an email we have sent you in response to you filling out a form, including email newsletter, that information will be connected to your profile. We may do this to either verify your email address to prevent spam and misuse, or to follow up on the usefulness of our email marketing.
- If you use any of our discussion forums or similar, the information you enter will be stored for the purpose of publishing it to the discussion forum or similar.
- As a way to prevent spam and fraudulent input, we make use of the reCAPTCHA service from Google to protect forms. This service captures data about the visitor in order to figure out if it is a real person or a bot. We do not send any personal data to Google, but they may see information that your browser sends, such as your hardware and software configuration or your IP address.
3.3 Information we collect when you participate at a CIMCO event
- When you register for an event, we may direct you to the website of our event registration vendor. In that case, the information you enter in the form is shared with us for managing and following up on the event.
- Even if you sign up on an external website, your data will be processed by us for the purpose of managing the event and for following up on your participation. You may also have the option to opt in to our newsletter or other marketing communication.
3.4 Information we collect when you register with us at a trade show or industry event
- If you meet us at a trade show or industry event, you may leave your contact details in order for us to follow up with you, to enter a competition or a game, or to subscribe to our newsletter. We will collect the information that is available on e.g. a business card, or in a form we may provide to you.
- Please note that when you register for an industry event, you might have consented to sharing your personal information with us when signing up for the event.
4. How we use information
- We never sell or rent your personal information to third parties. If you are an individual based in the EU and have given us your express permission, we may share your personal information to select partners that you decide. If you are an individual not based in the EU, we may share your personal information to select partners that are clearly labeled when you sign up. We always make clear when we share that information – as an example when we provide an event or an asset in collaboration with a partner of ours.
- If you have requested a marketing asset or have participated in a marketing event, we use your personal information to follow up on the effectiveness of the marketing activity.
- If you are an individual based in the EU and you have requested to be added to one of our newsletters, we may use your address to send you marketing communications. If you are an individual not based in the EU and you have registered to access one of our content marketing assets or a webinar, we may use your address to send you marketing communications.
- If you are a customer or a partner of ours, we may use your contact information to send you product or services updates and information that is relevant to your use of the products and services.
- Your information may be processed by vendors that act on our behalf, such as services we use to maintain our contact records, provide webinar services, or provide back office services such as email. These vendors are under a data processing agreement with us, act on our instructions and adhere to the policies described in this document.
- CIMCO has employees and offices globally. This means that we may transfer information globally. Outside of the EU, we have offices in for example United States, but CIMCO employees or subprocessors may access the information from other countries.
5. Protection of your information
- We take care to protect your personal data against abuse or loss. As an example, we store it in secure environments. We also provide training to our employees on data protection best practices and require them to enter into a confidentiality agreement.
- We cannot guarantee absolute security though. If you would like to learn more about what we do to protect your data, please contact us at firstname.lastname@example.org (or email@example.com for the Danish part of the company).
5.1 Information shared with vendors and service providers
- In order to deliver our services, we rely on a number of different vendors. This covers everything from the software we use in our finance department to the infrastructure we use to run our OnDemand and other services. These vendors act as data processors on our behalf.
- We hold our vendors and service providers to the same high privacy standards as we hold ourselves to. In all cases where we share your information with anyone outside of CIMCO, we explicitly require the them to acknowledge and adhere to our privacy and customer data handling policies through a data processing agreement.
- Some vendors and service providers are based outside the European Union, including the United States.
6. How long we keep information
- We keep your information only for as long as it is warranted from to fulfill our commitments to you, or to adhere to legal or regulatory requirements.
- If you are a customer or partner, we keep the information for the duration of our relationship. Certain information may be kept for longer though, for instance contracts will be archived even when terminated.
- If you have requested to receive marketing communications, we will keep your personal information only for as long as you interact with us.
- In most cases, we keep your personal information for no more than 12 months after the last contact or when your contract has expired, with the exception of information we have to keep for legal reasons, such as signed contracts.
6.1 If you are a CIMCO customer or partner
- If you are a CIMCO customer or partner, we may keep your personal information for the duration of our contract between your organization and us. If not required by law or regulation to keep your information beyond that term, we will remove it within 12 months of the contract ending.
- If you have signed or entered into a contract with us, we typically archive and store that contract for an extended period of time, typically seven years or longer, depending on jurisdiction. Other items such as invoices may also be kept for longer than 12 months.
- If you have asked to receive one of our newsletters or other marketing communications from us, we will keep your personal information to maintain your subscription, even if you would no longer be a customer or partner of ours.
- If you have signed up to take part in our developer community or discussion forums, your personal information will remain unless you explicitly tell us to remove it.
6.2 If you are not a CIMCO customer or partner
- If you have opted into any of our content marketing initiatives or have opted in to our newsletters, your personal information will be kept for us long as you seem to be an active subscriber.
- If you been invited to yearly events we will keep your information up to 3 years in case you want to rejoin.
- If we haven’t seen any activity on your part for 12 months, we will remove your personal information or anonymize it.
- If you have been in touch with us with a question, demo request, asked for a quote, or have engaged with a sales representative, your information will be stored for up to 12 months after the last recorded activity, and will then be removed or anonymized.
- If you have signed up to take part in a community, discussion forums, or similar, your personal information will remain unless you explicitly tell us to remove it.
- If you have submitted a valid GDPR data subject access request to exercise your right to be forgotten we will delete your data within 30 days of the request.
7. OnDemand and other products and services
- We provide software and services to our customers. This software and these services allow our customers to manage their data and content, and it may be used to collect personal information.
- In these cases, it is our customers that control the processing of personal information, and we act on their behalf as a data processor.
- If you have a question about how your information is processed or have any other requests relating to your data, please contact the owner of the data and content.
- Information processed in OnDemand services and other products and services
- Our customers may use our OnDemand and other products and services from CIMCO.
- We do not control the content of these products and service, or the types of information that our customers may choose to collect or manage using our services.
8. Your choices and rights
- You can choose to opt out of marketing communications at any time, regardless if you are a customer, partner, or none of the above.
- If you are an individual based in the EU you can request a copy of your personal information and you can update any incorrect information.
- If you are an individual based in the EU, you can ask to have your personal information removed, or in some cases limit our processing of personal information. This does not apply when we need to keep your information for legal reasons.
8.1 How you can opt out of marketing
If you don’t want to receive marketing communications from us, you can at any time use the “Unsubscribe”, “Opt-out” or similar link present in all marketing emails from us.
Please note that opting out of email marketing typically doesn’t mean that you won’t see ads from us. Please see the section below on how you can opt out of web tracking, although it doesn’t mean that you will opt out of ads altogether.
8.2 How you can opt out of web tracking
There are several ways to opt out of web tracking:
Most browsers allow you to block third-party cookies or prevent cross-domain tracking. This will limit the cookies that can be set by third-party scripts. This will not completely eliminate tracking by some third-party services though as they may use first-party cookies.
Most browsers also allow you ask not to be tracked (it sends the “Do Not Track” request header). If you have enabled this feature, we will not track the pages you visit in a way that enables us to connect them to your personal information. Your page views may still be collected anonymously though. Many of the third-party services we use for collecting anonymous data also respect the Do Not Track setting.
You can also opt out from the individual services we use. See their respective opt-out information on their respective web sites.
9. Your rights as an individual based in the EU
- Access to your information: You have the right to request a copy of the personal information we hold about you.
- Correcting your information: We want to have accurate data. Please contact us if you think the data we hold is not up to date or correct.
- Deletion of your information: You have the right to ask us to delete Personal Data about you if it no longer is required for the purpose it was collected, you have withdrawn your consent, you have a valid objection to us using your Personal Data, or our use of your Personal Data is contrary to law or our other legal obligations.
- Objecting to how we may use your information: You have the right at any time to require us to stop using your Personal Data for direct marketing purposes. In addition, where we use your Personal Data to perform tasks carried out in the public interest then, if you ask us to, we will stop using that Personal Data unless there are overriding legitimate grounds to continue.
- Restricting how we may use your information: In some cases, you may ask us to restrict how we use your Personal Data. This right might apply, for example, where we are checking the accuracy of Personal Data about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where this is no longer a basis for using your Personal Data but you don’t want us to delete the data. Where this right to validly exercised, we may only use the relevant Personal Data with your consent, for legal claims or where there are other public interest grounds to do so.
- Automated processing: If we use your Personal Data on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision. This right only applies where we use your information with your consent or as part of a contractual relationship with you
- Withdrawing consent using your information: Where we use your Personal Data with your consent you may withdraw that consent at any time and we will stop using your Personal Data for the purpose(s) for which consent was given.
- Please contact if you wish to exercise any of these rights. You can find the contact details below.
10. If you want to submit a complaint
We have appointed a Data Protection Officer. If you are a European Union (“EU”) resident who requires assistance in exercising your privacy rights, please write to Data Protection Officer at firstname.lastname@example.org. To contact the Danish part of CIMCO contact email@example.com .
We always want to resolve directly all complaints about how we handle Personal Data. If you are an EU resident, you also have the right to lodge a complaint with the Swedish Data Protection Authority (“Datainspektionen”) or the Danish equivalent.
You can reach the Swedish Datainspektion using one of the following methods:
SE-104 20 Stockholm
Drottninggatan 29, 5th floor
Telephone: +46 (0)8 657 61 00
You can reach the Danish Datatilsynet using one of the following methods:
Borgergade 28, 5
1300 Kbh K
11. How to contact us
Send email to: firstname.lastname@example.org
You can contact our Data Protection Officer at email@example.com
You can write to:
Vermundsgade 38A, 3
Tel: +45 45 85 60 50
Fax: +45 45 85 60 53
12. Individuals not based in the EU
- COMPELLED DISCLOSURE: CIMCO may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- DISPUTE RESOLUTION: Any questions or concerns regarding the use or disclosure of Personal Data should be directed to the notices address specified in Contact Information below. CIMCO will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this Policy. For complaints that cannot be resolved between CIMCO and the complainant, CIMCO has agreed to participate in the dispute resolution procedures of the panel established by the European data protection authorities to resolve disputes pursuant to the Privacy Shield Principles. Under certain conditions, as more fully described on the Privacy Shield website, individuals may be able to invoke binding arbitration before the Privacy Shield Panel jointly created by the U.S. Department of Commerce and the European Commission.
- YOUR CALIFORNIA PRIVACY RIGHTS: California’s “Shine the Light” law permits customers in California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates. Under the law, a business should either provide California customers certain information upon request or permit California customers to opt in to, or opt out of, this type of sharing.
- CIMCO may share Personal Data as defined by California’s “Shine the Light” law with third parties and/or affiliates for such third parties’ and affiliates. If you are a California resident and wish to obtain information about our compliance with this law, please e‐mail or write to us at the addresses specified in “Contact Information” below. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that CIMCO is not required to respond to requests made by means other than through the provided e‐mail address or mail address.
- ENFORCEMENT AND COMPLIANCE: CIMCO will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that CIMCO determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment. CIMCO will respond promptly to inquiries and requests by the Department of Commerce for information relating to the Privacy Shield and/or to complaints regarding compliance with the Principles referred by EU Member State authorities through the Department. CIMCO is subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to its compliance with the EU‐U.S. Privacy Shield Framework. If CIMCO becomes subject to an FTC or court order based on non‐compliance, CIMCO will make public any relevant Privacy Shield‐related sections of any compliance or assessment report submitted to the FTC, to the extent consistent with confidentiality requirements. CIMCO may be required to disclose Personal Data in response to a lawful request by public authorities, including to meet national security or law enforcement requests.
- ONWARD TRANSFER: If a third‐party processes Personal Data on behalf of CIMCO in a manner inconsistent with the General Data Protection Regulation and applicable law, CIMCO could be liable unless CIMCO can prove that it is not responsible for the event giving rise to any damage. If CIMCO transfers data to a third party agent, CIMCO will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the Personal Data transferred in a manner consistent with CIMCO’s obligations under the Principles; (iv) require the agent to notify CIMCO if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department of Commerce upon request.