Data Protection and Privacy Policy

XtensionIT ApS
Jernbanegade 1, 2. sal
5000 Odence C
DK
Company registration number: 41345136

This is version 1 last updated the 28.03.2023 13:14.


1. Introduction
1.1 This Data Protection and Privacy Policy (the “Policy”) describes how XtensionIT ApS
(“us”, ”we” or ”our”) when acting in the role of a controller, collects and processes your
personal data relating to the purchase of services, membership, products, or your use
of our website,
1.2 The Policy is prepared and made available to comply with the General Data Protection
Regulation (2016/679 of 27 April 2016) (the ”GDPR”) and the rules included herein on
information to be provided to you.

2. Types of personal data processed
2.1 We process personal data about you when this is necessary and in accordance with
the applicable legislation. Depending on the specific circumstances, the processed
personal data include the following types of personal data:
a) address
b) email
c) invoicing and bookkeeping data and documentation
d) IP addresses
e) payment card details
f) Customer number
g) purchasing history
h) name
i) telephone number
j) account status (customer points, payments etc.)
2.2 When relevant, personal data is collected directly from you or from external sources.
Sources can be publicly available records and social media profiles.
2.3 If we need to collect more personal data than specified above, we will inform you by
updating this Policy.

3. Purposes of processing the personal data
3.1 The personal data we collect about you is processed for the following purposes:
a) To deliver products or services.
b) To respond to inquiries or complaints.
c) To provide service messages and information.
d) To store personal data to comply with applicable legislation requirements such as
bookkeeping acts.
e) To send newsletters and direct marketing (such as e-mails, MMS', direct messages
on social media, etc.)
f) To send newsletters by e-mail.
g) To provide support and service messages, including responding to questions and
complaints and sending updates about our products and services.
2
h) To prevent fraudulent behavior or misuse of our products, services and website,
including the processing of personal data for the purpose of legal actions.
i) To improve our products, services, or website.

4. Legal basis for processing personal data
4.1 We only process your personal data when we have a legal basis to do so in accordance
with the GDPR. Depending on the specific circumstances, the processing of personal
data is done on the following legal basis:
a) The processing is necessary for the performance of a contract to which the data
subject is a party in accordance with GDPR, Article 6(1)(b), the first indent.
b) The processing is necessary to comply with applicable legislation in accordance
with GDPR, Article 6(1)(c).
c) The processing is necessary for the purposes of the legitimate interests where
such interests are not overridden by the interests or fundamental rights and
freedoms of the data subject which require protection of personal data in
accordance with GDPR, Article 6(1)(f).
d) The legal basis for the processing of such personal data is consent, in accordance
with GDPR, Article 6(1)(a). You can withdraw your consent at any time by
contacting us via the contact details provided at the end of this Policy. If you
withdraw your consent, the personal data processed will be deleted, unless it can
or must be processed in order to comply with legal obligations.
4.2 If we send you direct marketing, including by email, we will ask for your prior consent
in accordance with the applicable rules such as marketing acts.

5. Disclosure and transfer of personal data
5.1 We only transfer personal data to other entities when legally permitted or required.
Our organization is part of a concern or a group of companies where, depending on
the circumstances, personal data is shared.
5.2 We transfer personal data to the following recipients from the EU/EEA:
a) Suppliers
b) Collaborators
c) Processors
5.3 From time to time we use external entities as suppliers to assist us in delivering our
services. The external suppliers will not receive or process personal data unless
applicable law allows for such transfer and processing.
Where the external parties are acting in the role of processors, the processing is
always based on a data processing agreement in accordance with the requirements
under GDPR.
Where the external parties are acting in the role of controllers, the processing of
personal data is based on such external parties’ data privacy policy and the relevant
legal bases which the external parties are obligated to inform about unless the
3
applicable legislation allows otherwise.
5.4 We transfer personal data to countries or international organisations outside the EU/
EEA. Personal data is transferred to the following countries not subject to an article 45
adequacy decision: Dubai..
Such transfers are based on the standard contractual clauses about data protection
made or approved by the EU Commission and possibly approved by a national data
protection agency, ensuring a sufficient level of protection.
5.5 If you have any questions about our use of processors, cooperation with other
controllers, including our subsidiaries, or the transfer of data to third countries, you
may contact us for more information or documentation of our legal basis for such
transfers.

6. Erasure and retention of personal data
6.1 We ensure that the personal data is deleted when it is no longer necessary for the
processing purposes described above. However, we retain your personal data to the
extent that we are legally obligated, as is the case with for example accounting and
bookkeeping materials and records. If you have any questions about our retention of
your personal data, you may contact us by using the email mentioned in the last
section of this Policy."

7. Data subject rights
7.1 As a data subject under GDPR, you have a number of rights.
You have the right to request access to the personal data we process about you,
the purposes we process the personal data, and whether we disclose or transfer
your personal data to others.
7.1.1
7.1.2 You have the right to have incorrect information rectified.
7.1.3 You have the right to have certain personal data deleted.
7.1.4 You may have the right to restriction of our processing of your personal data.
You may have the right to object to our processing of your personal data based
on reasons and circumstances that pertain to your particular situation.
Objection can also be to the processing of personal data for the purpose of
direct marketing.
7.1.5
You have the right not to be subject to a decision based solely on automated
means, without human interference unless the decision (1) is necessary for
entering into, or performance of a contract between you and the Organization,
(2) is authorised by law, or (3) is based on your explicit consent.
7.1.6
4
If the processing of your personal data is based on your consent, you are
entitled to withdraw such consent at any time. Withdrawal of your consent will
not affect the lawfulness of the processing carried out prior to your withdrawal.
7.1.7
You are entitled to receive personal data which you have provided to us in a
structured, commonly used, and machine-readable format (data portability).
7.1.8
7.1.9 You can always lodge a complaint with the data protection authority.
7.2 Your rights may be subject to conditions or restrictions. Accordingly, there is no
certainty that you will be entitled to for example data portability in the specific
situation; it will depend on the circumstances of the processing.
7.3 More information about data subject rights can be found in the guidelines of the
national data protection authorities.
7.4 Please use you the contact details below if you want to use your rights.
7.5 We try to meet your wishes about our processing of personal data, but you can always
file a complaint to the data protection authorities.

8. Changes to this Policy
8.1 We reserve the right to update and amend this Policy. If we do, we correct the date
and the version at the top of this Policy. If we make significant changes, we will provide
notification by way of a visible notice, for example on our website or by direct
message.

9. Contact
9.1 You may contact us at the below specified email if you:
a) disagree with our processing or consider our processingof your personal data
infringeson the law,
b) havequestions or comments to this Policy, or
c) want toinvoke one or more of your rights as a data subject described in this Policy.
If you have questions or comments to this Policy or if you would like to invoke one or
more data subject rights, please contact us at gdpr@relateit.dk.
We are an innovative software developer focused on expanding core business solutions. Our tailored technology solutions, built on the Microsoft platform, meet our customers' specific needs and optimize their business processes.
+ 45 32 42 66 34 info@xtensionit.com
© XtensionIT ApS 2024
CVR 41345136