Privacy Policy

SoftwareCentral A/S
Date: 12 November 2018

1. Responsibility

  1. Protecting your Personal Data is our highest priority regardless of whether such Personal Data relates to you, your transactions, your products or your services.
  2. We process Personal Data and have therefore adopted this Privacy Policy, which provides you information on how we process your Personal Data.

2. Service Provider

Service Provider is:

SoftwareCentral A/S
VAT No. 32559735
Kongevejen 418
Øverød
2840 Holte
Denmark
(“SoftwareCentral”)

T: +45 45474400
E: info@SoftwareCentral.com
W: SoftwareCentral.com/Smartpackagestudio.com

3. Personal Data

  1. It is important for us to keep your Personal Data safe and confidential. We have procedures for collecting, storing, deleting, updating and disclosing Personal Data to prevent unauthorized access to your Personal Data and to comply with applicable laws.
  2. We ensure fair and transparent computing. When we ask you to provide us with your Personal Data, we will let you know what Personal Data we process about you and for what purpose such Personal Data is being processed. You will receive information about this at the time of collection of your Personal Data.
  3. The following guidelines describe the types of Personal Data we collect, how we process such Personal Data, and who you can contact, if you have any questions or comments about this Privacy Policy.

4. Categories of Personal Data

  1. We will collect and process the following Personal Data pertaining to our customers, which may include:
  2. General Personal Data (e.g. name and/or username, address, e-mail, telephone numbers, location, etc.)
  3. Transaction Data
  4. Information to/from social networks. Customer log-in via website, web booking, contact information, report access, contact information, track and trace, location data from the internet
  5. Newsletters
  6. CRM Systems, names, address, phone number, e-mail, areas of interest

5. Purpose

  1. We collect and store your Personal Data for specific purposes or other legitimate business purposes.
  2. Your Personal Data is collected and used for:
  3. The handling of your purchase and performance of our services / products
  4. Fulfilment of your request for products or services
  5. Improvement of our products or services
  6. Setting up and improving your user profile at SoftwareCentral.com/Smartpackagestudio.com
  7. Direct marketing activities
  8. Statistics and adaption of SoftwareCentral’s services
  9. Improvement of the website SoftwareCentral.com/Smartpackagestudio.com
  10. Fulfilment of an agreement or other arrangements upon your request
  11. Administration of your relation to SoftwareCentral
  12. Compliance with legal requirements / protection of vital interests

6. The Data Subjects’ rights

  1. The Data Subjects’ rights will only be individually important in relation to SoftwareCentral in the cases where SoftwareCentral is Data Controller. If SoftwareCentral is Data Processor, the Data Subjects’ rights must be fulfilled by the Data Controller who will typically be SoftwareCentral’s customer.
  1. Right of access
    1. According to article 15 of the General Data Protection Regulation, the Data Subject is entitled to receive information of whether any Personal Data about the subject is being processed and if so, obtain access to the Personal Data (a copy of the Personal Data must be handed over).
  2. Furthermore, the Data Subject is entitled to receive the following information:
    • the purpose of the processing
    • the affected categories of Personal Data
    • the recipients or categories of recipient, the Personal Data has been or will be passed on to, particularly recipients in third countries or international organisations
    • if possible, the period in which the Personal Data will be stored or, if this is not possible, the criteria used for determining this period
    • the right to request the Data Controller for rectification or erasure of Personal Data or limitation of the processing of Personal Data regarding the Data Subject or to object to such processing
    • the right to complain to a supervisory authority
    • any available piece of information about the origins of the Personal Data if it has not been collected from the Data Subject
    • the occurrence of automated decisions, including profiling as described in article 22(1) and (4) and, as a minimum, meaningful information about the logic hereof as well as the importance and the expected consequences for the Data Subject of such processing.
  3. Furthermore, the Data Subject is entitled to receive information about the necessary guarantees if the Personal Data has been transferred to third countries.
  4. In order to comply with a request for access we shall search all systems – including all databases, all hardware and all portable media – as well as all physical materials which are part of a register and hand over the Personal Data that has been registered about the Data Subject.
  5. According to the General Data Protection Regulation the right to access does not apply if the Data Subject’s interest in the information is considered to be of less importance than fundamental concerns for personal interests, including the concern for said subject.
  1. Data portability
    1. Furthermore, according to article 20 of the General Data Protection Regulation the Data Subject is entitled to receive Personal Data about himself which said subject has provided to the company. This Data must be provided in a structured, commonly used and machine-readable format.
    2. The Data Subject is also entitled to transmit this information to another Data Controller himself without objections from the company when the processing is based on consent and carried out automatically. If the Data Subject makes use of this right to data portability, the Data Subject is also entitled to have Personal Data transmitted directly from one Data Controller to another, if this is technically possible.
    3. The right to data portability only comprises information received from the Data Subject and will only comprise automatic processing. Further, the right to data portability will be very limited if the company bases its right to process Personal Data on any other legal rights to process Personal Data than consent.
  2. Right to rectification
    1. According to article 16 of the General Data Protection Regulation, the Data Subject is entitled to obtain rectification of incorrect Personal Data by the Data Controller without undue delay. Taking the purpose of the processing into consideration, the Data Subject is also entitled to obtain completion of incomplete Personal Data, e.g. by submitting a supplementary statement.
    2. This right supplements our own basic obligation to continually ensure that only correct and updated information is processed, cf. article 5(1), point d.
    3. However, the right to rectification only applies to objective Personal Data and not to subjective assessments. The fact that we may have decided that an employee does not have legal basis to conduct a case is not considered to be Personal Data governed by the right to rectification.
  3. Right to be forgotten
    1. According to article 17 of the General Data Protection Regulation, the Data Subject is entitled to request erasure of Personal Data by us without undue delay. In that case we are obliged to erase Personal Data without undue delay.
    2. However, this right is limited in such a manner that the Data Subject cannot request erasure if the processing is necessary in order to comply with a legal obligation or to establish, exercise or defend legal claims, cf. article 17(3), points b and e.
    3. We believe that the ”right to be forgotten” will very rarely be relevant for the Personal Data collected by us. It may become relevant if the collection of Personal Data was never necessary and therefore should not have been carried out or if the Personal Data is undoubtedly no longer necessary. In that case the obligation to erase Personal Data will also follow from the basic obligation to only process necessary information, cf. article 5(1), point c of the General Data Protection Regulation. However, the “Right to be forgotten” shall not apply if (and for as long as) we store such Personal Data in order to refute a possible legal claim from customers.
    4. If, according to article 17, we are obliged to erase Personal Data, which has been transferred to other Data Controllers or Data Processors, we must inform such Data Controllers and Data Processors of the request for erasure of all links to or copies or reproductions of said Personal Data.
  4. Right to object – also against automated decisions
    1. It follows from article 21 of the General Data Protection Regulation that the Data Subject may at any time exercise his right to object to the processing of his Personal Data, if the processing is based on article 6(1), point e or f. These provisions govern the right to process ordinary Personal Data if the processing is necessary to carry out a task in the interest of society or if the processing is necessary to pursue a legitimate interest and the concern for the Data Subject does not exceed this interest.
    2. If an objection is filed we are no longer entitled to process said Personal Data unless we can prove substantial legitimate reasons for the processing which supersede the interests of the Data Subject or if the processing is necessary in order to establish, exercise or defend legal claims.
    3. We believe that this provision will only have limited impact on our processing because our processing of Personal Data is to a wide extent tied to the authority to comply with an agreement or establish a legal claim just as we – if the processing otherwise complies with the basic processing rules – will often be able to show substantial legitimate reasons for processing the Personal Data.
    4. The provision in article 21 is based on the condition that the Data Subject is made specifically aware of his right to object and that this information must be given no later than at the time of the first communication. Furthermore, this information must be given in clear terms and kept separate from other information.
  5. Right to restriction of processing
    1. Article 18 of the General Data Protection Regulation gives the Data Subject the right to obtain from the Data Controller restriction of processing where one of the following applies:
  6. the accuracy of the Personal Data is contested by the Data Subject, for a period enabling the controller to verify the accuracy of the Personal Data
  7. the processing is unlawful and the Data Subject opposes the erasure of the Personal Data and requests the restriction of their use instead
  8. the controller no longer needs the Personal Data for the purposes of the processing, but back-up of the Personal Data is required for the establishment, exercise or defence of legal claims
  9. the Data Subject has objected to processing pursuant to Article 21(1) pending the verification of whether the legitimate grounds of the controller override those of the Data Subject.
    1. Thus, this right is an alternative (and smaller) interference in the processing compared to the Data Subject’s right to object under articles 21 and 22 and the Data Subject’s ”right to be forgotten” under article 17.
    2. It follows from subsection 2 of this provision that if processing has been restricted, such Personal Data may, except for purposes of storage, still be processed if, among other things, the Data Subject consents or if the processing is necessary to establish, exercise or defend a legal claim.
    3. In our opinion this provision will only have limited importance for our access to process Personal Data as part of our case work.

7. General processing principles

  1. Processing principles
    1. We will process Personal Data in a legal, reasonable and transparent manner.
    2. Our processing of Personal Data is subject to purpose limitation which means that Personal Data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
    3. We carry out restrictive processing of Personal Data which means that it must be sufficient, relevant and limited to the necessary data for the purposes for which it is processed.
    4. Personal Data must be processed in accordance with a principle of accuracy which means that it must be correct and, if necessary, updated.
    5. We process Personal Data in accordance with a principle of storage limitation which means that Personal Data must be stored in such a way that the Data Subjects cannot be identified for any longer than what is necessary for the purposes for which the relevant Personal Data is processed.
    6. Personal Data must be processed in accordance with principles of integrity and confidentiality which means that it must be processed in such a way that the Personal Data is kept sufficiently safe and protected against unauthorised or unlawful processing and accidental loss, destruction or damage, by using adequate technical or organisational measures.
  2. Data Protection Impact Assessment (DPIA)
    1. Article 35 of the General Data Protection Regulation contains a requirement that where a type of processing, in particular when using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of Personal Data.
    2. The duty to carry out an assessment of the impact only applies to specific cases where a high risk to the rights and freedoms of natural persons is found.
    3. A data protection impact assessment shall be required in the case of:
  1. processing on a large scale of special categories of data or of Personal Data relating to criminal convictions and offences, or
  2. a systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person, or
  3. a systematic monitoring of a publicly accessible area on a large scale.
    1. It is our assessment that we will rarely carry out processing which complies with one of the above criteria. Therefore, we expect that the provisions governing impact assessment will have relatively little impact on our processing of Personal Data about customers.
    2. If an impact assessment is carried out anyway, the result of the assessment will be taken into consideration when adequate measures need to be taken.
    1. Data Protection Officer (DPO)
      1. The duty to appoint a Data Protection Officer is, according to article 37 of the General Data Protection Regulation, conditioned upon the fact that processing of Personal Data is ”core activity”. This is neither the case where SoftwareCentral acts as Data Processor, nor in situations where SoftwareCentral acts as Data Controller.
      2. The Data Controller and the Data Processor shall designate a Data Protection Officer in any case where:
      1. the core activities consist of processing operations which, by their nature, their scope and/or their purposes, require regular and systematic monitoring of Data Subjects on a large scale, or
      2. the core activities consist of processing on a large scale of special categories of data; or
      3. the core activities consist of processing on a large scale of Personal Data relating to criminal convictions and offences.
        1. It is our assessment that SoftwareCentral does not process Personal Data on a scale as described above. We have therefore chosen not to appoint a Data Protection Officer.
      1. Data Controller
        1. With regard to Personal Data about employees and information about SoftwareCentral’s customers, SoftwareCentral will predominantly work as Data Controller. SoftwareCentral will independently assess whether there is basis for collecting/processing Personal Data which is relevant and necessary and for how long the Personal Data should be stored. In these cases where SoftwareCentral primarly provides it support and services, SoftwareCentral will act as Data Processor.
      2. Data processing agreement
        1. In cases where we are Data Controllers and have assessed that the arrangement with the Data Processor constitutes a data processing structure, we will prepare a data processing agreement.
        2. The data processing agreement must be entered into between us (the Data Controller) and the other party (the Data Processor) and must comply with the requirements to data processing agreements as set out in the General Data Protection Regulation, cf. article 28(3) of the General Data Protection Regulation. This means that a contract or another legal document which is binding for the Data Processor must be prepared. Furthermore, it is a requirement that the data processing agreement is in writing, including electronic form.
        3. Furthermore, the General Data Protection Regulation sets out several specific requirements to the contents of the data processing agreement. The contract must, among other things, set out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of Personal Data and categories of Data Subjects and the obligations and rights of the controller as well as the obligations of the Data Processor with respect to carrying out the task. These requirements are described in detail in article 28(3), points a-h of the General Data Protection Regulation.
        4. If we act as Data Processor for the customer, we must enter into a written data processing agreement with the customer.
      3. Transfer to third countries
        1. There will be no transfer of Personal Data to third countries.
      4. Data Processors – an overview
        1. The technical operation of SoftwareCentral is carried out by external companies. These companies act as Data Processors of the Personal Data for which we are Data Controllers.
        2. The data processing is carried out within the European Union.
        3. The Data Processor acts solely under our instruction.
        1. We use the following Data Processors:
      Data Processor Location Contract type
      Microsoft EU Data Processing Agreement
      Stripe
      Payments Europe, Ltd., a company incorporated in Ireland and with offices at 1 Grand Canal Street Lower, Grand Canal Dock, Dublin.      		 EU Data Processing Agreement.
      1. The Data Processor has taken the necessary technical and organisational security measures to ensure that the Personal Data is not accidentally or illegally destroyed, lost or impaired and that it does not become known to unauthorised persons, is abused or in any other way processed in a manner that violates the Data Protection Act. The Data Processor will upon request – and against payment of the Data Processor’s at any time applicable hourly rates for such work – provide you with sufficient Personal Data to prove that the Data Processor has taken the necessary technical and organisational security measures.
      1. Transfer – customer data
        1. We may disclose Personal Data to other companies or people under any of the following circumstances:
      2. if sharing the information is reasonably necessary to provide or otherwise make available SoftwareCentral and any feature of SoftwareCentral or a service that you have requested.
      3. to keep you up to date on the latest product announcements, software updates, special offers, or other information we think you would like to hear about either from us or from our business partners (unless you have opted out of these types of communications). (Note that you will not be able to opt out of service announcements that contain important information relevant to your use of SoftwareCentral and are not promotional in nature.)
      4. if we believe in good faith that we are required to do so by law, about litigation, to prevent a crime, or to protect personal property, the public, or SoftwareCentral.
      5. about a sale or merger with another entity, consolidation, restructuring, sale of company assets, financing or other corporate change, including during the course of any due diligence process or if SoftwareCentral should ever file for bankruptcy or related proceeding.
      6. when we otherwise have the Data Subject’s consent to share the information.
      7. SoftwareCentral may also share non-Personal Data with third parties (e.g. aggregate or demographic data).
      8. Transfer – Categories of Recipients
        1. If we receive a request from the police (or similar public authority) or the court system to hand over Personal Data, we will hand over your Personal Data in accordance with applicable law.
        2. In addition, we do transfer Personal Data to the following categories of recipients:
      9. Public authorities (e.g. tax authorities, police, customs authorities, social authorities, healthcare sector, work supervision authorities and educational institutions)
      10. Banks
      11. Credit agencies
      12. Accountants
      13. External law firms
      14. Suppliers
      15. Partners
      16. General technical measures
        1. The Danish Data Protection Agency’s IT security guidelines, cf. below, form the basis of the considerations and assessments we have carried out under the General Data Protection Regulation.
        2. Access to Personal Data is restricted to persons who have a material need for access to Personal Data. Personal Data will only be accessed on a “need to know” basis.
        3. Employees who handle Personal Data are instructed and trained in what they must do with Personal Data and how to protect Personal Data.
        4. There must be as few people as possible with access to Personal Data, with due regard for the operation. However, there must be a sufficient number of employees to ensure the operation of the tasks concerned in case of sickness, holidays, staff replacement, etc. Personal Data will only be accessed on a “need to know” basis.
        5. Personal Data on paper is stored in for example cartons and binders that are kept closed and locked when not in use.
        6. When documents (papers, charts, etc.) are discarded, shredding and other measures are used to prevent unauthorized access to Personal Data.
        7. We use access codes to access PCs and other electronic equipment with Personal Data. Only those who need to have access will receive an access code and then only for the systems that they need to use. Those who have a password may not leave the code to others or leave it so others can see it. Checking of assigned codes must be done at least once every six months.
        8. Unsuccessful attempts to access IT systems with Personal Data are detected and logged. If a specified number of consecutive rejected access attempts is detected, further attemps must be blocked.
        9. We have appointed a responsible person to monitor such inaccessible attempts. Taking into account the technological development, software is available that can clarify who has attempted to gain access to Personal Data.
        10. We do not store or process Personal Data USB keys or other portable data media.
        11. PCs connected to the Internet shall have an updated firewall and virus control installed. When connecting to WiFi, for free access, we ensure appropriate security measures taking into account the current state of technology development in the IT-area.
        12. If sensitive Personal Data or social security numbers are sent by e-mail via the Internet, such e-mails must be encrypted. If you send Personal Data to us via e-mail, please note that sending to us is not secure if your e-mails are not encrypted.
        13. In connection with the repair and service of data equipment containing Personal Data and when data media are to be sold or discarded, we take the necessary measures to prevent information from being disclosed to a third party.
        14. In the situations where a computer is submitted for repair and where Personal Data is stored on such computer, we establish several access codes for different sections of the Personal Data. For example, a repairer will not need to be able to access Personal Data that may be on the computer. Such a multi-code scheme may help – but not eliminate – the risk of abuse of Personal Data. In addition, agreement and verification should ensure that repairers do not unduly access Personal Data, for example, by using confidentiality statements.
        15. When we use an external data processing agent to handle Personal Data, a written data processing agreement is signed between us and the Data Processor. This applies, for example, when we use an external document archive or if cloud systems are used in the processing of Personal Data – including communication with the customer. In the same way, a written agreement between us and our customer is always entered into if we act as Data Processor. Data processing agreements are also available electronically.
        16. We have internal rules on information security. We have adopted internal rules on information security that contain instructions and measures which protect Personal Data from being destroyed, lost or modified, from unauthorized disclosure, and against unauthorized access or knowledge of them. We will ensure that collected Personal Data is treated with care and protected according to applicable safety standards. We have strict security procedures for collecting, storing and transferring Personal Data to prevent unauthorized access and compliance with applicable laws.
        17. We have taken the necessary technical and organizational safeguards to protect your Personal Data from accidental or illegal destruction, loss or change, and against unauthorized disclosure, abuse or other actions contrary to applicable law.
        18. The systems are located on servers in secured premises.
        19. We use industry standards such as firewalls and authentication protection to protect your Personal Data.
        20. All data transferred between client (browser and web app) and server(s) are encrypted according to the HTTPS protocol.
        21. All production facilities are locked and only staff members who have signed a declaration of confidentiality have access to the production facilities. After the end of normal working hours, the production facilities are locked. Access to the production facilities is always carried out under the supervision of an employee.
        22. We take a back-up of all databases and files on shared drives every night. The back-up is stored on an internal server, partly on an external data centre.
      17. Back-up
        1. We make the following types of back-up:
      1. Rolling back-up. This method takes daily back-up of all file and data updates and creates a back-up of all new data. This creates a history of changes so that the ability to recover lost data is increased.
      2. back-up clone. This back-up strategy creates a perfect copy of each device on the network
      3. back-up offsite. This back-up ensures against data loss if back-up is stored on site. All data and files are backed up and back-up stored offsite.
        1. All back-up data and files are overwritten at 30-day intervals. It is not technically possible to complete erasure of individual files on a back-up before such overwriting occurs. Thus, if you have requested that we erase Personal Data, such Personal Data will be erased in live environment, but will remain on back-up until the specific back-up is overwritten after 30 days. However, we have introduced internal processes and procedures to ensure that Personal Data is not reintroduced as live data by reloading data and files from a back-up as Personal Data has been erased according to the “right to be forgotten.”
      1. Erasure – when
        1. When an assignment from a customer has ended, we will have no further need to process the Personal Data. The assignment has been solved.
        2. However, several other considerations and special provisions mean that Personal Data should not or cannot be erased until some time has passed.
        3. The period in which the Personal Data is stored before erasure should be decided.
        4. Under the book keeping rules, Personal Data related to a payment must be kept for the current calendar year + 5 years after the end of the accounting year.
        5. To ensure that we are able to represent our interests in case of a liability suit Personal Data can be stored for 3 years after the end of the assignment.
        6. To ensure the logical synergy with the processing of accounts, customer data should be stored for 5 years after the termination of the customer relationship.
        7. Contact information – CRM must be continuously erased and updated. E-mails which may be important for the determination of a legal claim must be stored for 5 years and then erased, unless legal claims have been submitted against or may be submitted by SoftwareCentral.
        8. Personal Data relating to the usage of the product will be anonymized, as soon as such Personal Data has been provided to SoftwareCentral.
      2. Erasure – how
        1. It appears from IT security text ST3 from the Danish Data Protection Agency regarding the erasure of Personal Data that erasure of Personal Data means that Personal Data is irrevocably removed from all storage media on which it has been stored and that Personal Data cannot be recreated in any form. In that connection, it is necessary to pay attention to all storage media – including portable storage media such as laptops, USB sticks etc. as well as back-up.
        2. To facilitate the erasure process, all physical material must be scanned to the electronic case and then shredded or returned to the customer.
        3. Alternatively, Personal Data may be completely anonymized with the result that it cannot be ascribed to a specific person. In this case, the General Data Protection Regulation does not apply and complete anonymizanonymization is therefore an alternative to deletion. It is, however, important to remember that anonymization as an alternative to deletion is conditioned upon deletion of all traces that may lead to the person, the data concerns. This is often a very difficult task.
        4. Following deletion/anonymizanonymization we will carry out appropriate cross checks in the form of searches for name/CPR-no. etc. regarding the customer and the case to ensure that nothing appears.
      3. Duty to disclose – Customer
        1. Each customer receives a link to our Privacy Policy.

8. Detailed processing rules

      1. Authority to process
        1. Our authority to process Personal Data is primarily based on the relationship with our customer and our ability to administrate agreements we have entered into. In general, we will have the authority to process the necessary data within the framework of this assignment. This specifically follows from the General Data Protection Regulation, article 6(1), points a-c and point f as well as article 9(2), points a and f.
        2. These provisions govern the right to process Personal Data, (i) if there is consent, (ii) if the processing is necessary to fulfil the terms of an agreement, (iii) if the processing is necessary in order to comply with a legal requirement, (iv) if the processing is necessary in order to comply with significant interests that supersede the interests of the Data Subject; or (v) if the processing is necessary in order to ensure that a legal claim may be established, exercised or defended.
        3. We are authorised to process civil registration numbers (i) when it follows from the law, (ii) if there is consent; or (iii) if it is necessary to establish a legal claim, cf. the Danish Data Protection Act, section 11, cf. section 7.
        4. We believe that to a wide extent our processing of Personal Data with respect to a customer will have its authorisation in the above-mentioned provisions.
      2. General contact information
        1. Contact information for customers is processed in SoftwareCentral’s CRM system. Contact information will typically be name, phone number and e-mail. The information is continuously updated and is erased no later than 5 years after the termination of the customer relationship.
      3. Information on activation
        1. We collect Personal Data from you and the Data Subject when you activate the service we provide and when you and the Data Subject use the products provided by SoftwareCentral.
        2. Our products collect data about both user and the use of the product in two situations:
      4. When the product checks for available updates or upgrades
      5. When the product is used to capture Personal Data
        1. The following information is collected:
      6. IP address
      7. Product name
      8. User name
      9. Computer Name
      10. Number of starts of the product
      11. All manual changes made to files and registry
      12. Name, version, producer of the product that captures
      13. Operating system on the machine where the capture is made to SoftwareCentral.
        1. Visit on our Website
          1. When you visit SoftwareCentral.com/Smartpackagestudio.com, we also collect non-Personal Data, which is information that by itself cannot be used to identify or contact you, such as demographic information (e.g. age or gender) or usage information (e.g. the browser you are using, the URL that referred you to SoftwareCentral and the areas of SoftwareCentral you visit). We may also supplement the information we collect with information from other sources to assist us in evaluating and improving our products.
        2. IP addresses and browser settings
          1. For each visit to SoftwareCentral.com/Smartpackagestudio.com, the used IP address and browser settings are registered. Your IP address is the address of the computer you use to visit SoftwareCentral.com/Smartpackagestudio.com. Browser settings are, for example, the browser type you are using, browser language, time zone, etc. The IP address and browser settings are registered to ensure that SoftwareCentral can always identify the computer used in case of abuse or unauthorized use about the visit to or use of SoftwareCentral.com / Smartpackagestudio.com. The IP address is also used to determine your approximate location (at city IP-address level).
        3. Customer database
          1. Personal Data in Customer databases will not be processed by SoftwareCentral outside of the Customer environment. Outside of the Customer environment, only contact information will be processed for support and sales purposes.
          2. SoftwareCentral will adhere to the security policies as related to infrastructure, platform and infrastructure audit capabilities available for the standard Customer environment.
          3. During a project implementation, SoftwareCentral will, upon receipt of guidelines from the Customer, not use use technical procedures e.g. file sharing via virtual/remote desktop, which allow for processing, copying or downloading of Personal Data to outside locations. In this way, Personal Data will only remain within the customer’s controlled environment.

9. Questions

If you have questions about this privacy policy or our treatment of Personal Data, rectification or your relationship with us in general, please feel free to contact us at the following address: SoftwareCentral A/S, VAT No. 32559735, Kongevejen 418, Øverød, 2840 Holte, Denmark,

T: +45 45474400,
E: info@SoftwareCentral.com,
W: SoftwareCentral.com / Smartpackagestudio.com

10. Changes

      1. SoftwareCentral may change our Privacy Policy at any given time and such changes shall come into force immediately. You should therefore review our Privacy Policy regularly. If you do not agree to the modified Privacy Policy, please stop using our service. In the event of a conflict between this Privacy Policy and the modified terms, the modified terms shall apply. Your continued use of the services provided by us after the date the modified terms are posted will constitute your acceptance of the modified Privacy Policy.

11. Supervision

      1. The Danish Data Protection Agency, inter alia, supervises the compliance with the applicable national regulation on Personal Data. The contact information for the Danish Data Protection Agency is:

Datatilsynet
Borgergade 28, 5
DK- 1300 Copenhagen K
T: 3319 3200
F: 3319 3218
E-mail: dt@datatilsynet.dk