Privacy & Cookie Notice
Monjasa Holding A/S, business registration no. 33150709, Strevelinsvej 34, 7000 Fredericia, Denmark and each of its subsidiaries (collectively referred to as “Monjasa”) are committed to handling personal data responsibly and in accordance with applicable data protection legislation.
This privacy notice outlines Monjasa’s principles in collecting, using and safeguarding personal data collected from users of our website and profiles on social media platforms, contact persons at Monjasa’s customers, suppliers and other business partners as well as data subjects which are part of a whistleblower reporting (i.e. the senders of notifications, the reported persons and other third parties involved).
We encourage you to read this privacy notice to learn more about the ways we collect, use, disclose and protect your personal data
1. If you visit our website
Data controller
Unless otherwise informed, Monjasa Holding A/S is the data controller in relation to the personal data collected when you visit and make use of the functions on our website.
Collection of personal data
Monjasa may collect, process and store personal data about you in the following instances:
• When you visit and browse our websites
• When you make use of our invoice checker
• When you communicate with Monjasa
• When you make use of other functions and services offered by Monjasa
Types of personal data
Monjasa may collect, process, and store the following personal data about you:
• Name, e-mail address and similar identification data
• Company name and company address
• Branch/business area
• Customer ID
• Content of inquiries
• IP address and device information
• Information about your usage of our websites (digital footprint)
Cookies
We use cookies on our website. Please read more about the use of cookies in our cookie policy, which is available on Monjasa’s website.
Purposes of the processing
Your personal data may be processed for the following purposes:
• Completion of requests received from you
• Promotional marketing in general
• General communication
• Providing support
• Product and service development
• Statistics and analysis
Legal basis
Monjasa will mainly process your personal data based on one or more of the following legal bases:
• Legitimate interests:
- In most cases, the processing of your personal data will be based on our legitimate interest in, for instance, conducting statistics, analysis, marketing activities (where consent is not required), providing support as well as improving and developing our products and services (Article 6(1)(f) of the GDPR).
• Contractual obligation:
- The processing of your personal data will in some cases be necessary for the performance of a contract (Article 6(1)(b) of the GDPR).
- If you accept our use of functional, statistical and marketing cookies, we base the processing of your IP address, device information and digital footprint on your consent (Article 6 (1) (a) of the GDPR).
• Consent: If you accept our use of functional, statistical, and marketing cookies, we base the processing of your IP address, device information and digital footprint on your consent (Article 6 (1) (a) of the GDPR).
Retention period
Your personal data will be deleted when it is no longer needed for one or more of the purposes mentioned above.
Personal data relating to statistics and analytics is deleted within 1 year.
The personal data may, however, be processed and stored for a longer period if anonymised.
2. If you visit our profiles on social media
Monjasa and the individual social media are joint data controllers in the processing of your personal data. Monjasa complies with the guidelines of the European supervisory authorities concerning joint controllership and Monjasa attempts to ensure that you receive information on the processing of your personal data when you visit our sites on the social medias.
This section applies to Monjasa’s processing of personal data which you leave behind and/or provide when you visit Monjasa’s sites on social medias such as Facebook (including Instagram) and LinkedIn (the “social medias”). This section is a supplement to the general privacy policy issued by the social medias individually. Both Facebook and LinkedIn have published an addendum on the joint controllership which you may go to by clicking here (Facebook or LinkedIn).
Processing of your personal data through social media
Depending on your conduct on the social media sites, Monjasa and the social media may retrieve the following personal data about you:
• Your “likes” or other reactions expressed on the sites
• Comments left by you on the sites
• Your visits to the sites
We encourage you to delete comments, likes and other interactions you have left on our profile yourself if you no longer want them shown on our pages. Monjasa does not delete such publicly available interactions.
Please refer to the privacy policy of the provider for each of the social media platforms for information on how long they store your personal data.
Purposes of the processing
Your personal data may be processed for the following purposes:
• Development, improvement and protection of our products and services
• Performance of research activities and statistics
The social media collect statistical data on the visitors’ behaviour for their own purposes through cookies and pixels on your device when you visit the sites. Each cookie contains a unique identification code which remains active for a certain period unless it is deleted prior to the expiry of such period.
You can read more about social media’s processing of personal data by visiting their privacy policies (Facebook or LinkedIn) and cookie policies (Facebook or LinkedIn).
Legal basis
Monjasa will mainly process your personal data based on the following legal basis:
• Legitimate interests: We process your personal data pursuant to our legitimate interest in being able to improve our products and services (Article 6(1)(f) of the GDPR).
Sharing of your personal data
Monjasa will at no point disclose your personal data collected via social medias to third parties.
The social medias may share your personal data internally among its subsidiaries and externally among its partners using analytical services, advertisers, other individuals, surveying partners and researchers and academics. Such transfers may include transfers to countries outside EU. For more information, please refer to the social medias’ terms and conditions and privacy policies linked to above.
Rights towards the social media
The social media’s general set-up dictates that you must contact the social media in question if you wish to exercise your rights. This is owing to the fact that only social media are, in purely functional terms, capable of taking the steps necessary to comply with most of your requests. If, however, you are of the opinion that Monjasa is capable of complying with your request, please do not hesitate to contact us.
If you are a Facebook user, you may exercise your rights by changing your private settings (link) or configure your preferences (link) in order to have an influence on how your personal data will be collected and processed when you visit and use the Facebook site. If you are a LinkedIn user, click here (link) to change your settings or here (link) to exercise your rights.
3. If you are a contact person at our customers, suppliers, or other business partners
This section sets out the policy of Monjasa’s processing of personal data collected from owners of sole proprietorships or contact persons at Monjasa’s customers, suppliers and other business partners who collaborate with Monjasa.
Data controller
Unless otherwise informed, the Monjasa entity your company (or your employer) concludes an agreement with, collaborate with or correspond with is the data controller in relation to the personal data collected.
Collection of personal data
Monjasa may collect, process and store personal data about you in the following instances:
• When your company or the company you are employed with enters into an agreement with Monjasa, including buys services offered by Monjasa
• When you have shown an interest in Monjasa’s products or services, e.g. by providing your business card to Monjasa
• When you participate in customer satisfaction surveys
• When you fill in HSEQ event reports
• When you make use of Monjasa’s website and portals
• When you collaborate and communicate with Monjasa
• When you visit our physical addresses
Types of personal data
Monjasa may collect, process, and store the following personal data:
• Name, e-mail address, telephone number and similar identification data
• Individual data, such as preferred language
• Organizational data, such as company name, company address, job position, business area, primary work location and country
• Contractual data, such as purchase orders, invoices, contracts and other agreements between your company (or your employer) and Monjasa, that may include e.g. your contact information
• Financial data, such as payment terms, bank account details and credit ratings
• IT-related data, such as logs about your usage of Monjasa’s website
• Information provided when you visit our physical addresses, e.g. registration of visitors or recordings from video surveillance
Such information may be provided directly by you (primarily via emails and other correspondence) or by a third party such as your employer.
Purposes of the processing
Your personal data may be processed for the following purposes:
• Generally, to plan, perform and manage the business relationship, including any contracts
• Administration, such as processing payments (including the collection of outstanding invoices), evaluation of credit ratings, performing accounting, auditing, billing activities, arranging shipments and deliveries as well as providing support services
• Ensuring security on our physical addresses
• Completion of requests received from you
• General, including promotional, communication
• Evaluation and development of our services, including statistics and analytics
• Compliance and regulatory purposes, such as fulfilling our legal and compliance-related obligations to prevent illegal activity
• Dispute handling
Legal basis
Monjasa will mainly process your personal data based on the following legal bases:
• Contractual obligation: The processing of your personal data will in some cases be necessary for the performance of a contract (Article 6(1)(b) of the GDPR).
• Legitimate interests: We may process your personal data pursuant to our legitimate interest in, for instance, to manage daily operations according to lawful and fair business practices, including planning, performing and managing the business relationship or our legitimate interest in e.g. fulfilling our contractual rights and obligations with our company, conducting credit ratings, statistics, analysis, customer satisfaction surveys, marketing activities (where consent is not required), providing support as well as improving and developing our products and services (Article 6(1)(f) of the GDPR).
• Legal claims: The processing may also be necessary to prevent fraud or establish, exercise or defend legal claims (Article 6(1)(f) of the GDPR).
• Legal obligation: The processing of your personal data will in some cases be necessary to comply with legal obligations, such as our obligations to prevent illegal activity (Article 6(1)(c) of the GDPR).
Retention period
Your personal data will be deleted when it is no longer needed for one or more of the purposes mentioned above.
However, subject to other requirements under local law, the following retention periods apply:
• Personal data included in accounting records is kept for 5 years from the end of the financial year to which the records relates.
• Personal data contained in customer satisfaction surveys will be deleted within 5 years.
• Personal data contained in HSEQ event report will be deleted within 5 years.
• Personal data collected in connection with business, support or other commercial activities will be stored as long as such data is relevant for the handling and monitoring of the issue in question. The retention period will typically be commensurate with the period laid down in the rules on the limitation of legal claims or the duration of our business relationship.
The personal data may, however, be processed and stored for a longer period of time if anonymised or if we are obliged to do so according to law.
4. If you use our whistleblowing system
Serious and sensitive concerns that may have an adverse impact on the operations and performance of Monjasa or which may have a significant effect on a person’s life or health may be reported via our whistleblowing system, whereby Monjasa will process personal data about data subjects which are part of a whistleblower reporting (i.e. the senders of notifications, the reported persons and other third parties involved).
Data controller
Unless otherwise informed, Monjasa Holding A/S is the data controller in relation to the personal data collected as part of a whistleblower reporting.
Collection of personal data
Monjasa may collect and process personal data when a report is made as well as during the investigation of reports.
Types of personal data
If you report a suspected misconduct, such report will remain confidential and, if desired, anonymous. You should in any case provide a contact email address, as the investigating person may need to contact you for further details on the incident to be able to handle the case properly.
We may process the following personal data about the reported person:
• Name, job position, contact information and reported facts, including a description of the suspected misconduct
The following personal data may be processed about other third parties mentioned in the report:
• Name, job position, contact information and reported facts
Purposes of the processing
Monjasa may process personal data for the following purposes:
• Initial reporting and investigation of reports of alleged breaches
• Provide responses to requests made by the whistleblower, the reported person or other third parties involved
Legal basis
Monjasa will mainly process the personal data based on one or more of the following legal bases:
• Legitimate interest: We may process the personal data pursuant to our legitimate interests in investigating reports (Article 6(1)(f) of the GDPR).
• Legal obligation: Establishment of a whistleblowing system is mandatory to Monjasa and the processing of personal data is necessary to comply with a legal obligation (Article 6(1)(c) of the GDPR).
Retention period
Subject to other requirements under local law, the report and collected information will be deleted:
• Immediately if the report is outside the scope or is manifestly unfounded, or if no internal action is made in relation to the concern.
• Right after the closing of the case by the authorities if a report is filed with the police or other relevant authorities.
• 2 months after the investigation has been completed if no further action is taken.
• If disciplinary sanctions are made towards the reported employee based on the collected information or there are other reasons for it being necessary to continue storing the information, the collected information may be transferred to the employee’s personnel file. In such case the personal data will be deleted no later than 5 years after termination of employment.
5. General information applicable for all individuals covered by this privacy notice
Disclosure to other data controllers and transfer to data processors
To meet the purposes mentioned above we may give third parties, who provide relevant services on basis of a contractual relationship with Monjasa, access to your personal data, including providers of e.g. IT services, ERP systems, invoicing systems, marketing services, website analytics, IT support, IT service development as well as digital developers, e-mail operators, hosting providers and other suppliers providing systems or services to Monjasa. Such service suppliers may only process personal data on behalf of Monjasa and in accordance with our instructions.
Your personal data may be disclosed to accountants. Under certain circumstances it may also be necessary to disclose your personal data to lawyers, courts, public authorities, the police and potential buyers.
In connection with Monjasa’s development, the company structure may change, e.g. through a full or partial sale of Monjasa. In case of a partial hand over of assets containing personal data, the legal basis for the related disclosure of personal data is, as a general rule, Monjasa’s legitimate interest in handing over parts of its assets as well as making commercial changes.
If your personal data is transferred to data processors or data controllers established in countries outside the EU/EEA which do not have an adequate level of protection, such transfers will in general be based on the Data Privacy Framework or EU Commission’s Standard Contractual Clauses which you have a right of access to. If you have any questions about the tools for transfers to countries outside the EU/EEA please contact us us at compliance.group@monjasa.com.
Cookies
We use “cookies” which is a small text file transferred from our website to your hard drive, to track usage and facilitate your ease of access to and use of our site. We do not use “cookies” to gather personal information.
| Cookie Set By | Cookie Name | Purpose | Expiration | |||
| Content Management System cookies, First Party Cookie |
has_js |
Assists the website to understand the Web browser’s Javascript functionality. |
End of session | |||
| Session Cookie, First Party Cookie |
ASP.NET_SessionId |
Required for the correct functioning of the website and rremembers selections or preferences that were made when looking at information or using a service. The content is a randomly generated number. |
End of session | |||
| Google Analytics, Third Party Cookie |
utma |
Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing utma cookies exists. The cookie is |
2 years from set / update | |||
| utmb |
Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.. |
30 minutes from set / update | ||||
| utmc |
Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the |
End of session | ||||
| utmz |
Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics. |
6 months from set / update | ||||
| utmt |
Used to throttle request rate. |
10 minutes | ||||
| Youtube, Third Party Cookie |
VISITOR_INFO1_LIVE, YSC, GEUP |
Cookies used for playing a youtube video. Set during loading a youtube video. |
Expiry time varies. End of session and up to 2 years. | |||
| LinkedIn, Third Party Cookie |
bcookie, bscookie, lidc, lang, utma, utmb,utmc, utmz,utmt, utmv, L1e,L1c, leo_auth_token, visit, RT |
LinkedIn may save these cookies in order for the service to work. These cookies are only saved if you click the share link. |
||||
| Imrworldwide. Third Party Cookie |
IMRID | Collects behavioral information such as a users navigation of a website to build an online profile that can be used for the targeting of advertisements. |
2 years | |||
| Vimeo, Third Party Cookie |
__utmt_player | Indicates the type of request, which is one of: event, transaction, item, or custom variable. | 10 minutes | |||
| player | Stores preferences for the playback of videos from Vimeo.com This cookie is installed as part of displaying any video from Vimeo. |
1 year | ||||
| aka_debug |
Used to diagnose any problems that may occur in the Vimeo video player. |
End of session | ||||
| Scorecardresearch, Third Party Cookie |
UID, UIDR | Collects information such as when a user visited a website, what page of the website it was, title of the web page, IP address. This information is used by ScorecardResearch, a service of Full Circle Studies, Inc., a part of the comScore, Inc. market research community. By analysing general visitation patterns and conducting surveys, ScorecardResearch is able to help companies better understand the likes and dislikes of consumers. | 1 year |
Protection and Security
Monjasa uses a variety of security safeguards to protect customer data and personal information from disclosure. These security safeguards are designed to prevent unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss of personal data.
Your rights
- You have the right to access the personal data we process about you
- You have a right of objection towards our collection and further processing of your personal data
- You have the right to have your personal data rectified and deleted, with certain national statutory exceptions
- You have the right to request us to restrict the processing of your personal data
- Under certain circumstances you may also request to receive a copy of your personal data as well as the transmission of your personal data which you have provided us with to another data controller (data portability)
- You may at any point withdraw the consents that you have given.
Questions or complaints
If you have any questions in relation to this privacy notice or if you wish to make a complaint in connection to our processing of your personal data, please contact us on:
Monjasa Compliance Group
Strevelinsvej 34
7000 Fredericia Denmark
Email: compliance.group@monjasa.com
If your complaint is not resolved by us and you wish to proceed with the case, you can send your compliant to the supervisory authority in your country. A list of European supervisory authorities is available here.
Latest update 1 September 2023
