Processing of personal data
Your personal data belong to you. As data controller, GAIS is both interested in and under an obligation to protect the data we have about you.
We only collect and store personal data when it is relevant and necessary. We make great demands to both the security of our IT systems and to the way our employees process personal data to ensure that data is always protected in the best possible manner.
Below, you can read more about the individual areas of our data protection policy. You can read about, for example, the times when we record data about you, which types of data, how we use the data, for how long we keep your data and about your rights.
If there is anything in particular that you need to know when using specific services, we will tell you about it.
We are the data controller – how can you contact us?
GAIS is part of the Krifa Group, which is the data controller responsible for the processing of the personal data which we process about you. In many cases, however, we will process data about you for your employer – in such cases we will be the data processor, and therefore, you will need to exercise your rights in relation to your company and not in relation to us.
Legally, Kristelig Fagforening is the data controller in relation to the data processing, where we are not the data processor:
Kristelig Fagforening
Klokhøjen 4
8200 Aarhus N
Cvr. no.: 11698301
If you have any other questions regarding the way Krifa processes your personal data, please do not hesitate to contact our Head of Operations Henrik Steuer Carlsen via:
- Mail: henrik@gais.dk
- Telephone: +45 4140 6371
You can also contact Krifa’s data protection officer (DPO) Hans Ullemose Pedersen in the following ways:
- Mail: dpo@krifa.dk
- Telephone: +45 2544 4009
- By letter: Krifa, attn.: HUP, Klokhøjen 4, DK-8200 Aarhus N.
Why do we process your personal data?
There may be several reasons why we will process your personal data, which all originate from your interaction with gais.dk, the GAIS platform, GAIS advertising or other types of interaction with GAIS.
As a result, we will process your data:
- When you create a user on the GAIS platform in order to be able to save your surveys and secure access to them;
- When you accept cookies on gais.dk or give us your data in response to our advertisements, in order for us to provide you with personalised and tailored communication and marketing;
- When your employer creates a GAIS survey that includes you, to give you an insight into job satisfaction at the workplace;
- When you ask us to do it in order for us to be able to contact you.
What is the legal basis for processing your personal data?
Our processing of your personal data requires a legal basis (legal authority), which corresponds to the basis described above.
The following constitutes our legal authority for processing the specific data:
- Most often our authority will be based on the agreement concluded (with you or your company) when you use the platform (Article 6 (1) (b) of the GDPR).
- We will obtain your consent if the processing goes beyond the required functionality of the platform, for example if you use gais.dk to ask us to send you newsletters, use non-required cookies or contact you (Article 6 (1) (a) and Article 9, (2) (a) of the GDPR).
- We may be under an obligation to store some data as a result of current legislation (e.g. accounting information) (Article 6 (1) (c) of the GDPR).
- In certain instances, processing may be based on a concrete assessment of interests, e.g. our use of necessary functional cookies. (Article 6 (1) (f) of the GDPR).
Which personal data do we process?
We only process personal data which is relevant for the purpose and legal authority for processing. Consequently, data processing will depend on the way in which you interact with us.
We may therefore process the following general types of information about you:
- Name
- Age
- Gender
- Contact information (telephone number and email address)
- Information about position and employer
- IP address
- Information given to us at your own initiative
In principle, we do not process personal data unless you have provided it on your own initiative via the comments field on the platform.
As the platform measures job enthusiasm for you specifically and, among other things, includes your experience of balance in your working life and your relationship with your manager, we consider your answers to contain confidential personal data.
How do we collect your personal data?
We mainly receive the personal data we process from you or your employer – depending on the way in which you interact with us.
We receive data from you when you interact with the GAIS platform, our website or our advertisements.
We receive data from your employer when they create a GAIS survey of the company – your employer is responsible for such data, but we process it for your employer.
With whom do we share your personal data?
In general, we will never pass on your data if we are not entitled to do so based on a legal obligation, your consent or if passing on is legitimate as a consequence of balancing of interests.
In practice, the data will only be passed on to suppliers who perform data processing for us according to our instructions (data processors). As a consequence, your data will not be shared with anyone who can use your data unless you ask us to do so. Therefore, your data will not be shared with the rest of the Krifa Group unless you ask us to do so.
Are any recipients of your personal data based in third countries, incl. international organisations?
The majority of our data processing takes place in Europe, including the processing of the most confidential data.
Some of our data processors are based in the USA or in a part of a group headquartered in the USA. As a result, data may be processed in the USA, which is termed a third country.
In these cases, the data processors are certified in accordance with the ”Privacy Shield” scheme with data processor agreements. GAIS continuously keeps up to date with current guidelines, following the Schrems II decision, including relevant extra initiatives and/or strict risk assessments of American-owned data processors.
For how long will we keep your personal data?
We will keep your personal data for as long as it is necessary in order to safeguard your rights, our contractual obligations towards you or your employer and our obligations under current legislation.
Data, which can identify the data subject, will be deleted from the GAIS platform upon request from the company or the data subject himself/herself. Replies on the platform will subsequently be kept in a completely anonymous form, ensuring that the anonymised data can form part of the future underlying data.
Your right to withdraw or limit your consent
Right to see your data (access)
You have a right to gain access to the data we process about you. If you wish to make use of this right, you may contact us on info@gais.dk
If we process data for your employer, however, you will need to contact you employer instead to gain access.
Right to have data corrected (rectification)
Right to erasure
You have a right to have your personal data erased or made anonymous if it is no longer necessary for us to keep or process your data. In some cases, however, we cannot erase or make your personal data anonymous – for example if we are under an obligation to keep it due to legislation.
If we process data for your employer, however, you will need to ask them to erase the data.
GAIS is also under an obligation, independently and proactively, to erase data about you which we no longer have a reason to process.
Right to restriction of processing
In certain instances, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we will only be entitled to store the data in future. If we are to process it in another way, this will either require your consent or that legal requirements can be established/exercised/defended, or in order to protect a person or important public interests.
If we process data for your employer, however, you will need to exercise this right in relation to your employer instead.
Right to object (objection)
In certain cases you have the right to object against our otherwise legal processing of your personal data. You may also object against the processing of your data for direct marketing.
If we process data for your employer, however, you will need to exercise this right in relation to your employer instead.
Right to pass on data (data portability)
In certain cases you have the right to receive your personal data in a structured, commonly used and machine-readable format and possibly have the right to have this data transmitted from one data controller to another without hindrance.
If we process data for your employer, however, you will need to exercise this right in relation to your employer instead.
You can read more about your rights in the Danish Data Protection Agency’s guidelines about the rights of data subjects. This information can be found here www.datatilsynet.dk
To whom can you complain?
Collection and storage of data
The Platform consists of several underlying systems that have been integrated to modern and tested standards in order to ensure the data security of users. All data that an organisation or individual has submitted will be stored securely.
All systems and databases are hosted in state-of-the-art hosting centres at Microsoft on https://www.azure.com/ in Europe.
All exchanges of confidential information between the browser and the Platform are handled via SSL.
All data submitted by a respondent are not shared with or made available to others with the exception of the User and GAIS. Exceptions are defined below.
- All responses and calculated index figures are included in anonymised form in benchmark data that are available to all users via the GAIS Platform.
- All responses and calculated index figures are included in anonymised form in data exports from the benchmark data and can be used by GAIS and selected partners.
Only the respondent has access to his/her own non-anonymised data and index figures, but may share it with others – for example partners, organisations or employer. The selected partner, organisation or company is given access to the GAIS Platform through a third-party site on the GAIS Platform.
Use of data
The GAIS Platform has been designed to focus on securing data that can be attributed to persons as well as possible. GAIS may use respondents’ anonymised data for all purposes as GAIS sees fit while GAIS will always comply with the General Data Protection Regulation and the protection of the respondents as defined here. Examples of use include, but are not limited to:
- Academic research
- Analysis of anonymised data
- Publication of articles and reports based on data
This use of anonymised data cannot identify persons, but is based on the user’s anonymised test results.
Contact
Cookies
GAIS will be able to gather data about users on the platform if it is necessary for website functionality.
In addition to this, you may permit GAIS to gather data about behaviour on our digital platforms. The collected data is used to make the user experience and communication as relevant as possible to the User. Data is collected via cookies which can be deleted or blocked at any time in the User’s Internet settings.
A cookie is a text file stored on the User’s computer, smartphone or tablet. GAIS uses these cookies to collect statistics about user demography and behaviour on the GAIS website. This includes number of visits, pages visited, age, gender, geography and other types of interaction with the site. Cookies are in no way dangerous to your computer and cannot identify you as a person.
Cookies are stored for a varying number of months from the User’s first visit to the GAIS website. If the User visits the website again, the storage period is extended, but cookies are deleted automatically when they expire. Find out more about deleting and blocking cookies below.
If you do not want cookies to be stored in your web browser, you can block or delete all cookies. Select your browser on the list below, and find out more about deleting or blocking cookies.
GAIS uses third-party cookies from Google Analytics and Heap to assess the use of the website and prepare reports on user behaviour on the website. Data from Google Analytics and Heap enable GAIS to enhance the user experience on the website.
GAIS uses third-party cookies from Facebook and LinkedIn in Facebook Pixel and LinkedIn Insight Tag to assess behaviour on the website.
Read also Terms and Conditions