Data Protection Policy
1. Introduction
Our goal is that you trust that we process your personal data in a transparent and secure manner. It is important to us that you take the time to read this Data Protection Policy which will inform you of our handling of your personal data.
The policy applies to Nordic Supreme by Scandinavian Cannabis A/S (hereinafter referred to as Nordic Supreme).
The purpose of the Data Protection Policy is to inform you of the manner, extent and purpose of the processing of personal data on our website and of the rights that you have under the Personal Data Regulation. According to Art. 6 of the Data Protection Regulation, personal data is defined as any type of information about an identified or identifiable natural person.
Nordic Supreme behandler udelukkende nødvendige personoplysninger om dig og i henhold til rammerne af Databeskyttelsesforordningen og de øvrige gældende databeskyttelsesregler.
Nordic Supreme only processes necessary personal data in accordance with the framework of the Data Protection Regulation and the other applicable data protection rules. This data protection policy makes information available under Art. 4 of the Data Protection Regulation.
2. Data controller
The legal entity responsible for the collection and processing of your personal data is listed below:
Nordic Supreme
Hellevad 37
5690 Tommerup
Phone: +45 30 42 81 66
E-Mail: info@nordic-supreme.com
3. Generelt om behandlingen af personoplysninger
Any questions you may have can be sent to us by e-mail to info@nordic-supreme.com As data protection rules may be subject to change or internal changes to the processes may require adaptation, we kindly ask you to review the Data Protection Policy periodically.
Da regler om databeskyttelse kan være genstand for ændringer, eller fordi virksomhedsinterne ændringer i processerne kan nødvendiggøre en tilpasning, beder vi dig om regelmæssigt at læse persondatapolitikken igennem.
4. Types of processing and purpose/legal basis for data collection
A) Visits to our website
When you visit our website, we automatically process general and personal data from your device, including the following data: Information about the type of web browser and the version used The operating system and the user’s IP address Date and time of visit Websites from which the user comes to our website
The information is also stored in our system’s protocol files. We do not store your IP address or other information attributable to you.
The legal basis for processing your personal data is Art. 6, 1 (f) of the Data Protection Regulation: Nordic Supreme’s legitimate interest, which consists in providing and operating the website and its functions.
B) Contact Nordic Supreme via the email address info@nordic-supreme.com
The information in the query is used to process the inquiry and the information included in the user’s email is stored temporarily.
The legal basis for the processing of this personal data is in accordance with Art. 6, 1 (f) of the Data Protection Regulation: Aurora Nordic’s legitimate interest, which consists of handling and responding to inquiries from website users.
C) Recruitment
In connection with the recruitment of new employees to Aurora Nordic, we collect and process your personal data during the recruitment process. This applies both to advertised positions that you apply for, unsolicited applications via our website and to situations where we recruit you.
The purpose of processing your personal data is to be able to assess your qualifications in relation to the specific position that you have applied for, or in relation to another open position at Aurora Nordic, which may be relevant to you.
We process personal data about you, collected either directly from you or via our external search agencies. This is typically the information that you have provided to us such as application, CV and educational documentation.
Aurora Nordic is responsible for the personal data you enter via the recruitment system on our website. The system is provided by Garuda AS. When you apply through the system, your consent allows us to register, collect and process your personal data.
In addition to the above personal information, we also process the personal data that you have published yourself on e.g. LinkedIn and similar social media / websites.
As part of the recruitment process, you may be asked to complete tests and provide references with your commitment in the form of a consent form. Notes from references and test results will be deleted after closing of the recruitment process unless you are employed.
We can share your application with internal stakeholders in our organization who are involved in the recruitment. Access to your personal data for these internal stakeholders will be limited and conclude once the recruitment process is completed.
If you suffer from or has suffered from an illness that will have a significant impact on your ability to work in relation to the particular job for which you have applied or are a candidate, legally you must inform us at the latest during the job interview. We will only process health information if it is deemed relevant together with your other data. Note that health information is considered “sensitive personal data”.
We also point out that all positions at Aurora Nordic require a clean criminal record, so if you are employed by Aurora Nordic, we will ask you – with your written consent – to provide us with a copy of your criminal record. Apart from the above, we recommend that you omit the provision of any sensitive data.
Your personal data is stored in our recruitment system for a period of six months, after which it is automatically deleted unless you actively register in our job agent that you wish to extend the period.
The legal basis for the processing of your personal data that we receive from you through your application material is the Data Protection Regulation Article 6.1.b (your request for our processing prior to contract).
If you inform us of illness conditions that will have a significant impact on your ability to work, we will process such health information on the basis of Article 6.1.a (consent) of the Data Protection Regulation, which also applies to the treatment of other types of personal data that you have provided with consent e.g. test results, criminal record, etc.
D) Fulfillment of legal obligations
In addition, we process your personal data to fulfill legal obligations, such as storage obligations under the Accounting Act. The legal basis for this treatment is Art. 6,1 (c) of the Data Protection Regulation.
E) Other processing of personal data
Aurora Nordic A / S will only use personal data for purposes other than those mentioned above, if it is necessary for a legal claim to be established, asserted or defended; Art. 6, 1 (f) of the Data Protection Regulation.
No data analysis is done for marketing or other purposes.
If there is a need to process your personal data for a purpose not mentioned above, we will inform you in advance within the regulatory framework.
5. Transfer and storage of personal data
We may disclose your personal data to the following recipients:
- Suppliers and partners, including IT suppliers, financial
- institutions, etc., who assist our company
- Group Companies
- Public authorities
To the extent that we transfer personal data to service providers or to other companies within our group, this is done within the framework of a data processing agreement. In the event that we transfer personal data to other companies within our Group outside the European Economic Area (EEA), we will only do this if the third country – as in the case of data transfers to Aurora Canada – has confirmed by the European Commission, adequate data protection level, or other reasonable data security guarantees (e.g. EU standard contract provisions). In case of questions regarding our transfers to third countries, please contact us at the contact information listed in section 3.
The transfer of personal data to governmental institutions and authorities only takes place within the framework of current legislation.
Personal data is stored and processed exclusively on servers within the European Union. We will delete your personal information as soon as it is no longer needed for the above purposes.
Personal data is stored for an extended period only if this is necessary for a legal claim to be established, applied or defended. In addition, we store your personal data to the extent that we are required by law, e.g. accounting law.
6. Your rights
You have rights under the Data Protection Regulation, including:
- The right to access personal data about you (Article 15 of the Data Protection Regulation).
- The right to change incorrect or incomplete personal data (Article 16 of the Data Protection Regulation).
- The right to delete your personal data (Article 17 of the Data Protection Regulation).
- The right to restrict the processing of your personal data (Article 18 of the Data Protection Regulation).
- The right to receive the personal data about you in a structured, ordinary and machine-readable format (Article 20 of the Data Protection Regulation).
- Right to object at any time to the processing of your personal data for direct marketing purposes (Article 21 (2) and (3) of the Data Protection Regulation).
- In the event that we process your personal data in order to protect our legitimate interests, you may object to this processing if there are grounds against which your personal data is processed (Art. 21 (1)) , in the Data Protection Regulation).
You also have the possibility of revoking consent at any time. This also applies to consent submitted to us prior to the entry into force of the Data Protection Regulation, e.g. before 25.05.2018.
These rights can be exercised through notification by mail to GDPR@auroranordic.dk. When requesting access, we may request additional information from you that verifies your identity.
You have the right to file a complaint with a data protection authority, such as the Data Inspectorate in Denmark. You can find the Data Inspectorate’s contact information at www.datatilsynet.dk.
7. Data security and data protection, communication via email
In order to prevent unauthorized access or unauthorized disclosure and to ensure the accuracy of the information and legal processing, Aurora Nordic A/S applies appropriate technical and organizational measures. However, no electronic communication is completely secure. This means that all data and personal data that you transmit to Aurora Nordic A/S may come to the knowledge of a third party by unlawful means.
By communication via email, we cannot guarantee complete security. We therefore recommend sending information in encrypted form if there is a great need for secrecy.
8. SSL- respectively. TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as the website owner, our website uses a recognized network protocol for the secure transmission of information. An encrypted connection lets you know that your browser’s address bar changes from “http: //” to “https: //” and the lock icon in your browser bar.
9. Using Google Analytics
On our website, we use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, which are text files stored on your computer that enable an analysis of your use of the website. To protect your information, we have enabled our website to anonymize the IP addresses; that is, Google within the Member States of the European Union or in countries within the European Economic Area shortens the user’s IP address before transferring it to the United States.
Within the framework of the data processing agreement that we, as the website owner, have entered into with Google, Google will use this information to evaluate your use of the website, to create reports on website activities and to provide additional services related to the use of the website and the Internet, to us.
In cases where personal cookie data is transferred to the United States, Google is certified under the EU-US Privacy Shield Agreement.
For more information, visit https://www.privacyshield.gov/EU-US-Framework or https://support.google.com/analytics/answer/7105316?hl=de&ref_topic=2919631.
When you visit our website, you will be asked for your consent to the use of cookies which are necessary for the operation of the website.
You can prevent cookies from being stored by using a similar setting in your browser software. However, please note that you may not be able to use all features of the website to the full extent.
By installing a browser plug-in, you can also prevent the information collected by cookies (including your IP address) from being sent to and used by Google. You can download and install that plug-in here: https://tools.google.com/dlpage/gaoptout?hl=en.
Visit https://support.google.com/analytics/answer/6004245 for information on how Google Inc. uses data.
10. References and links
Our website may contain information from third parties. The use of these services requires that the third party providers register the user’s IP address. Without disclosing the IP address to third parties, the content cannot be disclosed to the user. Disclosure of the IP address is therefore required to display the content.
We do our utmost to use only third-party content that uses the IP address solely to deliver the content. We have no influence on where third party providers use the IP address (e.g. for statistical purposes).
When using this website, information such as name, address, email address, browser properties, etc. may be asked again. This data protection policy does not apply to the collection, processing and treatment of personal data by third parties.
Third-party providers may have differing and proprietary provisions regarding the collection and processing of personal data. Therefore, before entering personal data on third party internet sites, it is advisable for you to consult them first about their practices in respect to processing of personal data.
This data protection policy was last updated June 2020.