Back

Privacy and cookie policy

 

1. Purpose of the policy
The purpose of this privacy policy is to make you aware of how Odense Marcipan A/S [CVR number 15233699], which consists of Odense Marcipan A/S, IGOS and Bæchs Conditori (hereinafter Odense Marcipan “we”, “us”, “our”) processes your personal data. With this policy, we want to make you aware of what information is collected and processed and how long it is stored. The privacy policy covers the processing of personal data by Odense Marcipan when you enter into agreements, interact or otherwise exchange personal data with us.

2. Description of the processing
Odense Marcipan processes your data for one or more specific purposes and in accordance with the data protection rules. Among other things, we process your data if you are a customer with us, a customer via our webshop, guest, business partner, supplier, visit our websites (www.odense-marcipan.dk, www.odense-konditoriet.dk, www.odense-foodservice.dk, www.igos.dk or www.baechs-conditori.dk) or our social media, if you sign up for our newsletter or apply for a job with us.
As a general rule, the data will come directly from you, and we will only process your data for as long as it is necessary for the purpose for which it was collected. However, the data may also be processed and stored longer in anonymized form.
Below you can get an overview of the different types of processing we perform.

2.2 Customer inquiries
We process your personal data if you contact our customer service. We process your personal data based on our interest in being able to contact you and respond to your inquiries, cf. GDPR art. 6(1)(f). The data we process will typically include name, company name, job title, CVR number, e-mail, telephone number, address and information about the inquiry.
We delete your data on an ongoing basis, but no later than 5 years after the last inquiry.

2.3 Guests
If you visit one of our locations, we will register your visit and will therefore process your personal data in this connection. We process the data in order to manage which guests visit our company. The processing is done in accordance with GDPR art. 6(1)(f). The data we process will typically be name, company name and phone number.
We delete the data collected in connection with your visit on an ongoing basis, but no later than 5 years after registration.

2.4 Suppliers and business partners
When we enter into agreements with suppliers and business partners, we process information about their contact persons. This includes information about the name of the contact person, company name, CVR number, job title, telephone number, e-mail and, if necessary, payment and/or bank details.
The data is processed either because it is necessary for the performance of the contract with the supplier or business partner concerned, cf. GDPR Art. 6(1)(b), or because we have a legitimate interest in processing their contact details as part of the contract, cf. GDPR Art. 6(1)(f).
We retain relevant contact information throughout our collaboration. Written correspondence is deleted on an ongoing basis, and information that is necessary to fulfill our obligations under the Danish Bookkeeping Act is stored for 5 years plus the current financial year.

2.5 Cookies and website
In connection with the general operation of our website, we collect personal data about you via cookies to improve the website's appearance and user experience and to compile statistics. The information we collect via cookies includes your IP address, MAC address, communication with you, browser type, device (type, version, operating system, etc.) and digital footprints, including user behavior and page views.
We only collect your data if you have given your consent. You can withdraw your consent at any time. Read more about this in our cookie declaration on our websites.

2.5.1 Compliance with sanctions or anti-corruption rules
In order to ensure compliance with the sanction rules in the legislation as well as compliance with the anti-corruption rules, a screening of external third parties may take place in relation to suppliers, business partners or business associates we have or will establish relationships with.
We therefore process information about the contact person, managers of business customers and people with management or board positions in the form of full name, email address, telephone number, job title, communication, participation in meetings with us, input given at meetings, business observations and reviews, image, audio and video recordings (including recordings from Teams meetings), results in anti-corruption and compliance screenings.
The information will be cross-referenced against sanctions and fraud databases for this activity. Examples of such databases are Bureau van Dijk, which will obtain the results for us and may reveal information about the criminal records of our business customers' executives and individuals in management and board positions. You can read more about Bureau van Dijk's processing of personal data here.
The processing is based on GDPR Article 6(1)(f) as we have a legitimate interest in carrying out the processing for the purpose of fulfilling our legal and compliance obligations and to ensure that our counterparties are within acceptable risk.
In most cases, there will be no retention of personal data. However, personal data may be retained in special circumstances for as long as deemed necessary to document compliance with laws and regulations or for contractual reasons.

2.6 Tracking tools
On our websites, we also have integrated plugins from social media that can collect data about you if you have given your consent. We have a joint data responsibility with each social media platform. We use integrated plugins from Pinterest, YouTube, Meta (Facebook and Instagram) and LinkedIn.
In order to carry out targeted marketing on Facebook, we use tracking tools from Meta Ireland Ltd. including Meta Business tools in the form of Meta-pixels. Through this, we collect data about you.
This means that when you visit our website, the tools collect information about your IP address, that you have visited our website, the time of your visit, information about your browser and operating system and information about other online identifiers that have been collected via cookies. The data is processed for the purpose of targeting our marketing on Facebook.
We are joint data controller with Meta Ireland Ltd. for the processing of personal data collected and transmitted in connection with your visit to our website. Meta Ireland Ltd. processes the data for its own purposes, such as improving and streamlining its advertising platform.
We only collect your personal data if you have given your consent, cf. GDPR Art. 6(1)(a). You can withdraw your consent at any time in your browser settings or by contacting odense-marcipan@odense-marcipan.dk
You can read more about Meta Ireland Ltd.'s processing of your personal data in their privacy policy here, and about the joint data responsibility and the joint data responsibility agreement here
In addition to tracking tools from Meta Ireland Ltd. we also use tracking tools from Google Inc. in the form of Google AdWords and Google Analytics.

2.7 Social media
We use certain social media, including Pinterest, YouTube, Meta (Facebook and Instagram) and LinkedIn to get in touch with our customers and potential customers and to promote our marketing. If you have “liked” our fan page on the social media or have been in contact with us through this, we inevitably process your personal data. For this purpose, we only process information about your name and email. You can read more about our processing of personal data under the auspices of Odense Marcipan's fan pages on Facebook here.
If you contact us via social media, we process your personal data based on our interest in being able to contact you and respond to your inquiries, cf. GDPR art. 6(1)(f). The data will originate from you and the social media that you contact us through.
We have a so-called joint data responsibility with the social media we use, as we both process your personal data for our own purposes. You can read more about the social media's processing of your personal data below:
• Meta's (Facebook and Instagram) processing of your personal data here, and about joint data responsibility here.
• You can read more about LinkedIn's processing of your personal data here and about joint data responsibility here.
• Pinterest's processing of your personal data here and about joint data responsibility here.
• Google's (YouTube) processing of your personal data here.
As a user, you have the option to send private messages via our social platforms. Data relating to direct communication via social media will be deleted immediately after the request. In relation to correspondence sent via Facebook and Instagram, the messages are automatically transferred to Messenger. The information is answered via Messenger and deleted immediately after replying.
Posts on e.g. Facebook pages or in public groups are not deleted, as a post or comment on Facebook pages or in public groups is considered public areas. You can read more about public areas here.

2.8. Competitions
If you participate in a giveaway, we also process information about your name, address and telephone number, cf. GDPR Art. 6(1)(f), so that we can send you a gift if you are the winner of the giveaway.
The data that we process in connection with your participation in a giveaway will be deleted immediately after the giveaway has ended.

3. Recipients of personal data
3.1.
We treat your personal data with confidentiality, and we do not generally disclose the data to third parties. However, we may disclose your personal data if you have given your consent, if we have a legitimate interest in the disclosure or if we have a legal obligation.
3.2.
There is also a transfer of personal data between associated companies, as we have a legitimate interest in transferring personal data within the group for internal administrative purposes.
3.3.
We may transfer personal data to our system suppliers who process personal data on our behalf and on our specific instructions in accordance with the data processing agreement entered into.
3.4.
In some cases, we use data processors outside the EU/EEA, whereby personal data may be transferred to third countries, e.g. in connection with our use of cloud solutions. For this purpose, we use a valid transfer basis (either in the form of the EU-U.S. Data Privacy Framework or Standard Contractual Clauses) before we transfer the personal data. The transfer only takes place in compliance with the necessary security guarantees required by applicable data protection legislation, and an individual assessment is always made regarding the need for additional measures.

4. Your rights
4.1.
When we collect information about you, you have a number of basic rights under data protection rules that you can make use of. You can read more about your rights on the Danish Data Protection Agency's website here.
4.2.
The rights mentioned above may be subject to conditions and restrictions. Whether you as a data subject can request, for example, to have your personal data deleted will in all cases depend on a specific assessment.
4.3.
If you have given your consent to our processing of your data, you have the right to withdraw this consent at any time.
4.4.
If you are dissatisfied with our processing of your personal data, you can file a complaint with the Danish Data Protection Agency via their website www.datatilsynet.dk or by calling +45 33 19 32 00.

5. Contact information
5.1.
The company responsible for processing your personal data is:
Odense Marcipan A/S
CVR no.: 15233699
Toldbodgade 9-19
5000 Odense C, Denmark
E-mail: odense-marcipan@odense-marcipan.dk
Telephone: +45 63 11 72 00

5.2.
We have appointed an employee as our internal personal data coordinator. If you have any questions regarding our processing of your personal data, you can therefore contact personal data coordinator Birthe Nielsen at odense-marcipan@odense-marcipan.dk or by phone +45 63 11 72 00.

6. Changes
6.1.
We reserve the right to update and amend these guidelines for the processing of personal data. In the event of significant changes, we will contact you in the form of an email or visible notice on our website.

6.2.
This privacy policy was last amended on 12.12.2024.