Privacy policy
Privacy policy
According to Articles 13 and 14 of the General Data Protection Regulation, Roesgaard Godkendt Revisionsaktieselskab must provide several items of information when we process personal data about you.
The following information is generally required:
- Contact information
- Purpose and legal basis of the processing
- Categories of personal data
- Transfer and disclosure of personal data
- Transfer to recipients in third countries or in international organisations
- Where your information comes from
- Retention period
- Rights
- Complaint to the Danish Data Protection Agency
Contact information
Company: Roesgaard Godkendt Revisionsaktieselskab
Address: Sønderbrogade 16, DK-8700 Horsens
CVR no.: +45 37 54 31 28
Phone no: +45 75 62 99 99
Email: revisor@roesgaard.dk
Website: www.roesgaard.dk
Purpose and legal basis of the processing
We collect and store personal data for one or more of the following purposes:
- Assistance with the preparation of financial statements and the submission of statements in companies’ financial statements
- Provision of other advisory services by agreement as well as insurance statements etc.
- Provision of legal services and advice
- Fulfilling legal obligations under the Danish Anti-Money Laundering Act or other legislation (KYC, etc.)
- Recruitment and ongoing personnel management
- Optimisation of products, services, services or user experiences
- Newsletter sign-up
- Distribution of professional information and marketing regarding Roesgaard’s own similar services to existing clients (e.g. information about changes in legislation and practice).
- General marketing initiatives
- Participation in courses, registration for events and teaching
- Consent to the use of cookies
- Processing of other customer enquiries or similar
- The list is not exhaustive.
The legal basis for processing the listed general personal data is found in Article 6(1)(a) to (c) and (f) and Article 28 of the General Data Protection Regulation, while the legal basis for processing special categories of personal data is found in Article 9(2)(f) of the General Data Protection Regulation (legal requirement). The processing of personal data relating to criminal offences is governed by section 8(3) and (4) of the Data Protection Act. The legal basis for the processing of civil registration (CPR) numbers under the Danish Anti-Money Laundering Act is found in Section 11(2)(i) of the Data Protection Act.
Distribution of professional information and marketing to existing clients
If you are a client of Roesgaard, we may use your email address to send you professional information and marketing regarding our own similar services. This may include, for example, information about changes in tax and duty regulations, new property assessments, or other relevant regulatory developments that may affect your business, as well as information about related advisory services from Roesgaard.
The basis for this processing is our legitimate interest in informing our clients about important matters and in offering relevant services, combined with the rules on contacting existing customers under marketing legislation. As a starting point, we have obtained your email address in connection with our advisory or audit services provided to you or your business.
You may object at any time and free of charge to the use of your email address for this type of communication. You can do so by contacting us at revisor@roesgaard.dk.
Roesgaard Godkendt Revisionspartnerselskab can be the data controller for the processing of personal data or be the data processor:
Roesgaard Godkendt Revisionspartnerselskab is the data controller for the processing of personal data when we provide assistance with submitting declarations and other advice with assurance.
In the event of assistance without assurance, including payroll accounting, delivery of the NAV financial system, preparation of financial analyses containing personal data, preparation of tax returns as well as financial statements and tax statements without declarations and Robotic Process Automation, please see Roesgaard’s data processing agreement.
Categories of personal data
The personal data we process to fulfil the above-mentioned purpose include:
- Contact information, including name, email address, phone number, address etc.
- Salary and payment information, transaction data, tax information etc.
- Employee and recruitment information
- Money laundering information, including CPR no. for the purpose of fulfilling our obligations under the Danish Anti-Money Laundering Act
- IP address and information about traffic on our website
- Processing of special categories of personal data, including criminal offences, may occur
- Other personal data you may have provided to us on your own initiative
- The list is not exhaustive.
Transfer and disclosure of personal data
We take data protection regulations seriously, which is why we treat all personal data we receive with care and confidentiality, and all our employees are subject to rules regarding professional secrecy.
However, we disclose personal data to data processors who process data according to our instructions. We ensure that data processing agreements are in place with data processors before we initiate processing with them, so that your information is processed lawfully, confidentially and with the necessary security. At www.roesgaard.dk, you can see an updated list of those with whom Roesgaard has data processing agreements.
We may also disclose personal data to the public authorities as part of the performance of our tasks, e.g. to the Tax Agency or the Danish Business Authority. In some cases, we may also be legally obliged to disclose information to public authorities.
In addition, we may disclose information in confidence to another adviser if such disclosure is necessary for the task to be performed.
Our data processors are listed below:
| Data processor | Location | Function |
| Compla A/S | DK | Telephony, hosting and Microsoft 365 |
| Visma Dataløn & ProLøn A/S | DK | Salary payment |
| Visma e-conomic A/S | DK | Financial system |
| Visma Dinero ApS | DK | Accounting program |
| Elvium ApS | DK | HR system |
| Mailchimp | United States | Newsletters |
| Penneo A/S | DK | Signing and KYC |
| Superego A/S | DK | Website |
| Timesolutions A/S | DK | Time tracking system |
| Dataminds A/S | DK | BI solution |
| Woba ApS | DK | Whistleblower system |
| Reportability A/S | DK | Tax calculation tool |
| Kontolink ApS | DK | Automated accounting system |
| Corpay One ApS | DK | Disbursements, etc. |
| Wizkids A/S | DK | AppWriter |
| Epona A/S | DK | Case management |
Transfer to recipients in third countries or in international organisations
We use Mailchimp as a data processor in connection with the handling of our newsletters. Mailchimp is domiciled in the United States, which is why third-country transfers are made when Mailchimp is used. The transfer basis used is EU-U.S. Data Privacy Framework.
We strive to use suppliers within the EU. However, we cannot guarantee that the above will be the only transfers to third countries, as we use some suppliers who may transfer personal data to a third country. Should a transfer to a third country take place, the transfer will be based on the European Commission’s Standard Contractual Clauses (SCC) or by certified companies in the United States according to the Data Privacy Framework List, which you can read more about here:
Home (dataprivacyframework.gov)
Where your information comes from
As a general rule, we collect the information from you. We may also obtain information about you from third parties, such as from the public sector or business partners.
Storage period
We have adopted internal procedures and policies that protect your and your employees’ personal data from being destroyed, lost or altered, from unauthorised disclosure and from unauthorised access or knowledge of them.
We have also adopted internal procedures to ensure that personal data is stored in accordance with the rules of data protection law and the rules on limitation, and is deleted when the purpose of our processing has lapsed. Naturally, we always observe applicable rules regarding minimum storage periods, e.g. the retention obligation of the Danish Bookkeeping Act and the rules of the Danish Anti-Money Laundering Act, which we are also subject to.
Rights
You have the right to access your and your employees’ personal data.
You have the right to be informed at any time which data we process about you and your employees, where they originate from and what we use them for. You can also request information about how long we store your and your employees’ personal data and who receives data about you and your employees to the extent that we disclose data in Denmark and abroad.
If you request it, we can inform you about the data we process about you and your employees. However, access may be restricted for reasons of privacy, trade secrets and intellectual property rights of other individuals. However, if the law to which we are subject so permits, you may exercise your rights by contacting us. You can find our contact details on page 1.
You have the right to have inaccurate personal data corrected (right to rectification) or deleted (right to erasure)
If you believe that the personal data we process about you and your employees is inaccurate, you have the right to have it corrected. You must contact us and inform us about the inaccuracies and how they can be corrected.
In some cases, we will have an obligation to delete your and your employees’ personal data, for example if you withdraw your consent. If you believe that your and your employees’ data are no longer necessary in relation to the purpose for which we obtained it, you can request to have it deleted. You can also contact us if you believe that your and your employees’ personal data is being processed in violation of the applicable rules.
When you contact us with a request to have your personal data and your employees’ personal data corrected or deleted, we will examine whether the conditions are met and, if so, implement changes or deletion as soon as possible.
You have the right to object to our processing of your and your employees’ personal data
You have the right to object to our processing of your and your employees’ personal data. You can also object to our disclosure of your and your employees’ data for marketing purposes. You can use the contact details at the top to send an objection. If your objection is justified, we will make sure to stop processing your and your employees’ personal data.
You have the right to data portability in relation to your personal data
You have the right to use data portability at any time if you want to have your personal data transferred to a new supplier.
You have the right to withdraw your consent
If you wish to withdraw a previously given consent, you must also enter into a contract with us, cf. the contact details on page 1. If you withdraw your consent, it will not affect the processing prior to the withdrawal of your consent.
Complaint to the Danish Data Protection Agency
If you disagree with the way in which Roesgaard processes your or your employees’ personal data or the purposes for which we use it, you are welcome to contact us. You also have the right to lodge a complaint with the Danish Data Protection Agency.
Datatilsynet (Danish Data Protection Agency)
Carl Jacobsens Vej 35
DK-2500 Valby
telephone no.: +45 33 19 32 00
Email: dt@datatilsynet.dk
Changes to the Privacy Policy
We reserve the right to change this Privacy Policy if required by law or if technical solutions so require.