man_at_laptop_with_floating_icons

GDPR

GDPR – General Data Protection Regulation

On May 25, 2018, the EU’s new General Data Protection Regulation (GDPR) and Data Protection Act came into force. At Dstny, we have therefore prepared our systems and processes to ensure that both we and our customers comply with the legislation.

We process data for all our customers to varying degrees. We do not register CPR numbers, but we do handle, for example, your employees’ phone numbers and names. When your company allows Dstny to process this type of personal data, it has been a legal requirement since May 25 to have a data processing agreement in place.

Auditor’s ISAE 3000 (Danish)

Data Processing Agreement

The data processing agreement describes, among other things:

  • which types of personal data we process
  • which processing activities we carry out
  • the purpose of the processing
  • the duration of the processing
  • how we meet the requirements for secure data processing
  • how we comply with the rights of data subjects

The data processing agreement forms an appendix to our general terms and conditions, and is based on a template prepared by the Danish Data Protection Agency.

You can find the data processing agreement here, and guidance for data controllers and data processors can be found, among others, via the Danish Data Protection Agency.

What does your company need to do?

You do not need to take any action.

However, you are of course welcome to contact us if you have any questions.

Important information about Dstny’s processing of personal data

We collect and process personal data about, for example, employees and activities in order to deliver the services our customers request and to comply with legal requirements for data controllers.

You can read more about how we manage these responsibilities in the data processing agreement, included as an appendix to the cooperation agreement, as well as in the quick guide below on how we process personal data. You will also find an FAQ at the bottom of the page.

Any questions regarding the data processing agreement, the GDPR, or compliance with the new regulations can be directed to dpo@dstny.dk 

Quick guide to GDPR – General Data Protection Regulation

1. Processing of personal data

Types of data and purposes

The personal data we collect depends on your contract with Dstny and the services you order for your company or your customers.

For mobile, fixed-line, and IP telephony, as well as fax services, we may collect the following information:

  • End user’s/subscriber’s number/IP address and the called number/IP address
  • Usage data for billing purposes
  • Volume of transmitted data
  • Any personal data contained in phone calls, etc.

Dstny processes this data to enable you to communicate with your end customers, to invoice you, and to comply with applicable legal requirements.

We also collect information about your company’s contact persons with whom we have ongoing cooperation, including name, email, job title, and phone numbers. The purpose of processing this data is to enable us to deliver and provide information about the services you have ordered from us.

Disclosure of personal data

As a general rule, personal data is processed only by Dstny. However, it may also be disclosed to Dstny’s subcontractors. For example, it may be necessary to provide a subcontractor with a customer’s name and address in connection with service or delivery. In addition, personal data may be disclosed to public authorities where required by law.

Transfers of personal data outside the EU/EEA

Dstny generally does not use subcontractors located outside the EU/EEA. However, if this occurs, we follow the European Commission’s standard contractual clauses for the transfer of personal data to countries outside the EU/EEA that do not provide an adequate level of protection. Transfers may also be based on other mechanisms, such as the EU-U.S. Privacy Shield, where applicable.

Legal basis

The legal basis for collecting and processing personal data is your contracts with Dstny and applicable legislation.

Security

Dstny has established a number of security requirements for the processing of personal data. These include, among other things, that Dstny employees must treat personal data confidentially and that IT systems must meet a range of security standards, which are continuously strengthened in line with technological developments.

Retention period

Dstny retains personal data only for as long as necessary to fulfill the purposes described above, including any requirements set out in applicable legislation.

 GDPR is the EU’s General Data Protection Regulation. It originates from the EU’s Digital Single Market strategy, which aims to harmonize the individual digital markets of member states into a single, unified market.

 Yes, we certainly did. In fact, most of the rules relating to data protection have not changed significantly. The major change for us is that we must now document how we comply, and through information and ongoing follow-up, we ensure that we meet these requirements on a daily basis. At the same time, the level of fines has increased significantly.

Under Article 4(7) of the General Data Protection Regulation, a data controller is defined as:
“a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.”

Under Article 4(8) of the General Data Protection Regulation, a data processor is defined as:
“a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.”

As a data processor, we must:
“provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the Regulation and ensure the protection of the rights of the data subject.”

We meet this requirement by entering into a data processing agreement with our customers.

The data processing agreement is ready now, and you can find it here.

Under Article 4(8) of the General Data Protection Regulation, a data processor is defined as:
“a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.”

As a data processor, we must:
“provide sufficient guarantees to implement appropriate technical and organizational measures in such a way that processing meets the requirements of the Regulation and ensures the protection of the rights of the data subject.”

We meet this requirement by entering into a data processing agreement with our customers.

 Dracar is a data processor, just as we are in relation to the customer. Therefore, Dracar must enter into a data processing agreement with us as a subcontractor. As long as Dracar maintains control over and manages its data properly, this ensures that we also meet our obligations towards the customer (as it is Dracar that determines the data we store).

 At its core, the regulation is about protecting personal data and ensuring that the information a company holds about its customers, clients, or employees does not fall into the wrong hands. The idea behind GDPR is to ensure that personal data is only collected, processed, and stored under strict conditions and for legitimate purposes. Organizations that collect and process personal information must therefore protect it against misuse and comply with specific requirements.

 We are both. We act as a data controller in relation to employees, and as a data processor in relation to our customers.

 We provide services to companies, not to private individuals. In this context, it is the company that chooses to provide us with personal data about their employees. The data remains the responsibility of the company, and we therefore enter into a data processing agreement with our customers, outlining our obligations regarding their data.

We prepare the data processing agreement as an appendix to your commercial agreement with us, and we make it available on our website so customers can always download a version for their records.

Dstny – a part of the Destiny Group

Dstny is part of the Destiny Group. Destiny, originally a Belgian company, is a European leader and innovator in secure cloud communications, based on its powerful and secure mobile-first products and UCaaS solutions. Destiny empowers more than 3 million business users to communicate, collaborate, and deliver excellent customer service. The company enables service providers, channel partners, end customers, and third-party services to thrive within its cloud ecosystem.

Headquartered in Brussels, Destiny has 1,000 employees across 8 European countries and an expected annual turnover of approximately €250 million (2022).

2026-04-30 10:25:08