Business customer and suppliers Privacy Policy

Processing of our business customers’ and suppliers’ personal data

CEGO A/S and its subsidiaries (hereinafter collectively “we” or “us“) process personal data about our business customers (buyers or licensees of our games) and suppliers (or contact persons at such) (hereinafter referred to as “you“). We will always process your personal data in a safe and confidential manner in accordance with applicable data protection legislation, and we have implemented appropriate measures to protect the data against the risks involved in the processing.

If you have any questions in relation to the processing of your personal data, if you want to exercise your rights as described below or if you want to complain or object to our processing then please do not hesitate to contact the responsible for our data protection policies at compliance@cego.dk.

1. Business customers

1.1 Business customers: Purpose, types of personal data and legal basis for processing

We process ordinary personal data about our business customers for the purpose of

  • establishing, maintaining and terminating business customer relationships, including
    • registering customers in relevant IT systems
    • managing payments, invoicing and bookkeeping
    • marketing our games
    • day-to-day communications – and
    • carrying out purchases, license agreements, etc.
  • handling possible claims.

Our processing of your ordinary personal data as a business customer (or employees at such) is based on:

  • Legitimate interests, when carrying out registering customers in IT systems, managing payments, invoicing and bookkeeping, day-to-day communications and marketing our games.
  • Performance of contract, when carrying out registering customers in IT systems and managing payments, invoicing and bookkeeping in relation to business customers established in sole proprietorships and smaller partnerships.
  • Legal obligation, when carrying out bookkeeping activities, including storage of relevant material according to the Danish Bookkeeping Act and handling claims (including transferring necessary information to payment service providers, law firms, auditors and debt collectors).

1.2 Storage period

In general, your personal data will be stored as long as they are relevant for a potential, existing or former business relationship with you.

Personal data contained in correspondence and inquiries will be stored for up to 3 years after the last date of contact, unless a longer storage period is set out according to statutory law or if necessary for any ongoing or potential complaints proceedings, disputes or claims for defects pending between you and us.

Personal data which must be stored under the Danish Bookkeeping Act or other accounting rules will be deleted 5 years after the end of the relevant financial year. Additionally, identification information stored under anti-money laundering rules will be kept at least 5 years to satisfy statutory requirements.

Personal data contained in backup copies will be deleted by routine overwriting (incremental) and cannot be accessed in the usual manner.

1.3 Recipients

Your personal data will be accessible only to relevant employees.

The data will be disclosed only to the persons who need them for the purposes stated above (e.g. reporting potential criminal behaviour) or where disclosure is required by law. We may, if relevant for a particular order or purchase, transfer your contact information to third parties, e.g. carriers for carrying out deliveries (e.g. prizes).

In addition, we use data processors in some of our processing of personal data who, in compliance with specific instructions provided by us, will have access to your personal data. If we send your personal data to external parties outside the UK or European Economic Area, we will only do so where there are adequate safeguards in place to protect your personal data as required under law such as including the EU Commision’s Standard Contractual Clauses and EU Commission Decisions on Adequacy (which are available on the EU Commission’s website) in our agreements with the third parties who have access to your personal data.

2. Suppliers

2.1 Purpose, types of personal data and legal basis for processing

We process ordinary personal data about you such as a supplier to us for the purpose of establishing, maintaining and terminating supplier relationships, including:

  • managing payments, invoicing and bookkeeping – and
  • handling possible claims.

The personal data will normally be provided by you, e.g. by telephone or electronically by email in connection with the correspondence between you and us.

The processing is based on:

  • Legitimate interests, when carrying out registering suppliers in IT systems, placing orders and handling invoices and establishing new supplier relationships and maintaining current. Additionally, we share ordinary personal data between our two companies, since it is in our legitimate interest to establish and maintain a common library of suppliers.
  • Performance of contract, when carrying out registering suppliers in IT systems, placing orders and handling invoices in relation to suppliers established in sole proprietorships or smaller partnerships.
  • Legal obligation, when carrying out bookkeeping activities, including storage of relevant material according to the Danish Bookkeeping Act, and handling claims (including transferring necessary information to payment service providers, law firms, auditors and debt collectors).

2.2 Storage period

In general, your personal data will be stored as long as they are relevant for a potential, existing or former business relationship with you.

Personal data contained in correspondence and inquiries will be stored for up to 3 years after the last date of contact, unless a longer storage period is necessary, e.g. for any ongoing or potential complaints proceedings, disputes or claims pending between you and us.

Personal data which must be stored under the Danish Bookkeeping Act or other accounting rules will be deleted 5 years after the end of the relevant financial year.

Personal data contained in backup copies will be deleted by routine overwriting (incremental) and cannot be accessed in the usual manner.

2.3 Recipients

Your personal data will be accessible only to relevant employees. The data will be disclosed only to the persons who need them for the purposes stated above or where disclosure is required by law.

In addition, we use data processors in some of our processing of personal data who, in compliance with specific instructions provided by us, will have access to your personal data. If we send your personal data to external parties outside the UK or European Economic Area, we will only do so where there are adequate safeguards in place to protect your personal data as required under law such as including the EU Commision’s Standard Contractual Clauses and EU Commission Decisions on Adequacy (which are available on the EU Commission’s website) in our agreements with the third parties who have access to your personal data.

3. General

3.1 Updating your personal data

We always seek to ensure that your personal data are accurate and updated. In case of changes to your personal data, we kindly ask you to let us know by using the above contact details. If you inform us of any inaccuracies in your personal data, or if we notice such inaccuracies, we will have them rectified or deleted as soon as possible.

3.2 Your rights under the data protection legislation

As a data subject you have a number of rights which you may exercise by contacting us, using the above contact details.

You have the right to request information about which personal data we process and to receive a copy of the data. Further you have the right to data portability (i.e. to receive your data in a structured format) for those of your data which are provided by you and processed by us based on your consent or the performance of a contract.

You also have the right to object to our processing of your personal data and to request rectification or erasure of any data which you believe are incorrect, outdated, etc. Further, you may request a restriction of the processing of your personal data. For some of these rights, e.g. the right to erasure, exercising them requires satisfaction of certain concrete conditions set by data protection legislation.

3.3 Complaints

If you disagree with the way in which we process your personal data, you may file a complaint, using the above contact details. If you disagree with a decision made in any complaint proceedings (or do not wish to complain directly to us), you may also file a complaint with the Danish Data Protection Agency which can be contacted through their website at https://www.datatilsynet.dk/databeskyttelse/klage-til-datatilsynet, via e-mail: dt@datatilsynet.dk or by phone +45 33 19 32 00.