Privacy policy

Privacy policy for visitors of the webshop

As data controller, Digital Flying Tiger Copenhagen A/S ("we", "us") is required to protect your personal data, and our aim is to make you feel secure when we process your personal data as we recognise and respect the importance of your privacy. This Privacy policy explains how we process (e.g. collect, use, share and otherwise process) your personal data when you visit our webshop, www.eu.flyingtiger.com ("the Webshop").

We will process personal data about you in accordance with this Privacy policy, as well as applicable law, including the General data protection regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR") and any amendments thereto and other such legislation supplementing these rules.

1: Who are we?

The company responsible for the processing of your personal information is:
Digital Flying Tiger Copenhagen A/S
CVR no. 41992174
Strandgade 71 - 73
1401 Copenhagen
Denmark
Tel. +45 8852 8000

2: Why do we process your personal data ?

2.1 Data collected automatically when you visit the Webshop
When you visit our Webshop, we automatically collect cookies and other data about you and the way you use the Webshop e.g. your browser type, how much you use a specific function, items in your basket and your IP-address.

The purpose of our processing is to optimise the user experience and the Website’s functionality including creating statistics. This processing of personal data is necessary in order for us to pursue our legitimate interest in operating and improving the Webshop (GDPR Art.6(1)(f)). Please see the separate Cookie policy for further details [link].

2.2 Data collected when you create a profile in our Webshop
When you create a profile on our Webshop we collect your name, address, e-mail address and password. We will also process your purchase history on the Webshop.

The purpose of our processing is to make easy and informative to make purchases on our Webshop. This processing of personal data is necessary for the performance of the contract with you and for our legitimate interest in making the Webshop more accessible to you (GDPR Art.6(1)(b) and (f)).

2.3 Data collected when you make a purchase in our Webshop
When you make purchases in our Webshop we collect your name, address, e-mail address, the items you purchase and the price as well as delivery information. We will also process information on the payment card used as well as any information on returns. Please note that we will not process your card number.

The purpose of our processing is to provide you with the products you have ordered and to facilitate returns. We will also process information necessary to comply with legal requirements, including in relation to bookkeeping and accounting. This processing of personal data is necessary for the performance of the contract and to comply with a legal obligation (GDPR art. 6(1) (b) and (c)).

2.4 Data collected when handling of claims you might file with us
In case you file a claim that a product is defective we will process your name and contact information as well as information provided by you in connection with filing of the claim and our correspondence.

Processing of your personal data is necessary for the performance of the contract with you (GDPR art. 6(1) (b)). Processing may also be necessary to comply with a legal obligation, to pursue a warranty claim or for our legitimate interest to improve quality of our products and services (GDPR art. 6(1) (c) and (f)).

If handling of the claim requires processing of health information we will only process such sensitive personal data if consent has been provided or if it is necessary for the establishment, exercise or defence of legal claims (GDPR art. 9(2) (a) and (f)).

2.5 Data collected when using forms to contact us
In case you contact us by using a form, we will process your name and contact information as well as information provided by you in connection to submitting the form and our correspondence. These data will be handled in accordance with this Privacy policy.

2.6 Data collected when you sign up for newsletters
When you sign up for our newsletter, we collect personal data about you, including your name and your email address. The purpose of our processing is to pursue our legitimate interest in marketing our services (GDPR art. 6(1) (f)).

2.7 Our balancing test
To the extent that we refer to our legitimate interest as the legal basis for the processing of personal data specified above, we have conducted a balancing test for those interests to ensure that our interest is not overridden by your interests or fundamental rights and freedoms. Please contact us by using the email provided in section 1 above if you wish to receive more information on the balancing test.

If we intend to process your personal data for other purposes than those for which the personal data were initially collected, we will - prior to this further processing - inform you of the new purpose.

3: How do we collect personal information about you?

We will collect some of the personal data about you directly from you, for example when you sign up for newsletters, create a user profile or make purchases on the Webshop. When you visit and browse on our Website, we automatically collect technical data about your equipment, browser activity and patterns. We collect these personal data by using cookies and other similar technologies, see our Cookie policy.

4: Who do we share your personal information with?

We may share your personal information with:

a) Suppliers and vendors that we work with, such as supplier of products that we sell.
b) Third parties who process personal data on behalf of us, and therefore acts as our data processors. We use third parties to send out newsletters and as hosting provider. We have entered into data processing agreements that comply with article 28 of the GDPR with all our data processors to ensure that such data processors implement appropriate organisational and technical security measures in such a way that the processing complies with the requirements of the GDPR and ensures the protection of your rights.
c) Public authorities such as tax authorities.
d) We may share some information regarding your use of the Webshop with external service providers for analytical purposes by means of cookies or similar techniques. We only share such information if you accept the use of cookies. You can opt-out at any time, and for further information please refer to the Cookie policy.
e) Providers of payment solutions when handling payment of your webshop purchases.

From time to time, we may also need to disclose personal information to other parties, such as any person (natural or legal) or organization to whom we may be required by applicable laws to disclose personal information, including, but not limited to, law enforcement authorities, financial institutions, and central and local government.
Personal information may also be disclosed in connection with a corporate restructuring, sale, or assignment of assets, merger, divestiture, or other changes of the financial status of us or any of our affiliated entities.

5: Under what circumstances will we transfer your personal information outside the EU/EEA?

We may in some cases be transferring personal information to countries outside the EU/EEA - e.g. when using IT service providers in such countries, which could be Canada, US, Australia, India, Japan, Singapore, UK, New Zealand, Switzerland.

Such transfers will only happen for the specific purposes and we will always ensure that appropriate safeguards are in place for such transfer as set out below:

a) The country/countries or company/companies has/have been deemed by the Commission of the European Union to have an adequate level of protection of personal data.
b) The country/countries has/have not been deemed by the Commission of the European Union to have an adequate level of protection of personal data. We will in such cases provide appropriate safeguards for the transfer through the use of "Model contracts for the transfer of personal data to third countries", as published by the Commission of the European Union, or any other contractual agreement approved by the competent authorities.

6: For how long will we retain your personal information?

We will retain your personal information only for as long as it is necessary for the purposes for which the data was collected or later processed. As a general rule, we will store data on customer contracts and purchases for five (5) years from the end of the year, where the contract was entered into or the purchase completed to comply with our legal obligations.

If necessary, in order to fulfil the purposes mentioned above, we will store your information for an extended period. We may also retain your personal information for a longer period if we are legally required to do so or if retention is necessary for the establishment, exercise or defense of legal claims.

We have specific retention policies for the following type of personal information:

• Data collected automatically when you visit our Webshop will be deleted in accordance with the Cookie policy.
• Information processed for marketing purposes will be deleted upon your withdrawal of your consent. However, we retain documentation on your consent to receive marketing material two years after withdrawal in accordance with the Danish Statute of Limitations.
• Information processed in relation to customer claims will be deleted five (5) years after the case has been closed
• Information processed in relation to personal injury will be stored for a period of 10 years

7: What if the provision of your personal information is mandatory?

In some cases, the provision of at least some of your personal information is a requirement necessary to enter into a contract.
Therefore, if you refuse to share such personal data, we may not be able to provide the services you request.

8: What are our security measures?

We will implement security measures to protect your personal data against manipulation, loss, destruction, and against unauthorized access. We continuously revise our security procedure based on the newest, technological developments.

9: What are your rights?

In general, you have the following rights:

• You have the right to request access to and rectification or erasure of your personal data.
• You also have the right to object to the processing of your personal data and have the processing of your personal data restricted.
• If processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent.
• You have the right to receive your personal information in a structured, commonly used and machine-readable format (data portability).

There may be conditions or limitations on these rights. It is therefore not certain for example you have the right of data portability in the specific case - this depends on the specific circumstances of the processing activity. Also, if you request to have your personal data deleted for example, we may not be able to provide the services you request.
You may always lodge a complaint with the Danish Data Protection Agency or to the data protection authorities in the country where you live or where you consider a breach of data protection law has occurred.