Privacy Policy

We value your privacy and take the protection of personal data very seriously. It is therefore important to us that it is easy to understand how we collect and process personal data.

This privacy policy concerns the processing of personal data when we collect information about individuals, as well as when our services are used, including our website and various self-service systems.

This privacy policy explains:

• what personal data we collect
• why we collect personal data
• how personal data is processed

The privacy policy also explains your rights in relation to personal data and how these rights can be exercised.

This privacy policy should be read in conjunction with the terms of the relevant service being used, which may include additional specific terms regarding the personal data we collect.

Dstny’s policy on the processing of personal data can be summarized as follows:

• We are transparent about how we collect and use personal data.
• We only use personal data to provide our customers with better and more relevant services.
• We always take measures to ensure that personal data is stored securely.

We always process your personal data in accordance with the following key principles:

• We process personal data in accordance with this privacy policy and applicable laws.
• We clearly explain which personal data we collect, as well as why and how we collect and process it. There will be no surprises.
• We only process personal data for legitimate purposes, and only for as long as necessary to achieve those purposes, or as required by applicable law.
• We enable you to make relevant choices and control our processing of your personal data, not only when required by law, but also in other situations where we find it appropriate and technically feasible.
• We respect your data protection rights under applicable law, including the right to access the personal data we hold, to correct it, and to keep it up to date.
• We implement appropriate security measures to ensure that all personal data is protected.

 Dstny A/S, CVR no. 28313160, Skodsborgvej 305 D, 2850 Nærum, determines the purposes for which personal data is collected and processed. Dstny is therefore the “data controller” as defined under data protection legislation. Dstny is legally responsible for ensuring that personal data is processed in accordance with this privacy policy, including our key principles and applicable law. 

4. How we collect your personal data

We collect your personal data in three ways:

• Information provided by companies or users, for example when subscribing to our services
• Information we collect automatically, and information generated when our services are used
• Information we receive about users from third parties

Below, we explain the types of personal data we typically collect through these three methods. For some of our services and products, such as financial services or video conferencing services, it may be necessary to collect additional personal data and/or collect personal data in other ways and/or for purposes specific to the particular service/product. In such cases, our relevant product terms will explain the service-specific conditions for processing personal data. When subscribing to one of our services, users have the opportunity to review and accept the product terms.

Information provided by your company or by users

When companies or users purchase or receive one of our services, certain personal data may be provided to us.

We collect the following information about users when your company purchases or receives telephony or internet services:

• Your name, phone numbers, company email addresses, and possibly postal address when you register to receive one of our services online or via phone
• Credit or payment card details, bank account number and registration number, or other banking/payment details, as well as amounts, dates, and times of any payments made by you or your company
• Information about your customer account with us, such as the type of contract you have, any services subscribed to, and records of payments, both due and received
• Information about your contact with us, such as notes or recordings of calls with our departments, emails or letters sent to us, customer service inquiries, or feedback provided
• Information about our communication with you, such as customer service interactions or feedback

Some services provided via our websites, such as MyDstny, require you or your company to have an online account. When creating an account, you will be asked to provide certain personal data, such as your name, phone numbers, company email address, and to create a unique password. These services generally allow you to designate a registered owner (responsible for payments) as well as one or more users.

• Your current internet provider (if an internet connection is to be transferred to Dstny)

If you choose to receive newsletters, marketing, etc. from us, we collect:

• Contact details such as company name, name, phone number, email address, and company address

Information we collect automatically

When you use our services, we automatically collect information about you and your device. The type of data collected depends on the service and the device used.

When you use our telephony services, we collect:

• The phone numbers you call/text or that call/text you
• Date and time of calls and messages sent or received
• Duration of incoming and outgoing calls via our network
• Your approximate location at the time of communication (see section on location data)
• Browser information (see section on cookies)
• The service level you receive

When you use our internet services, we collect:

• Assigned IP addresses and when they are assigned
• When your modem is turned on/off
• Any line faults
• Your Dstny customer ID (to identify you and bill correctly)

When you visit our website or use online services, we collect:

• IP address of your device (e.g. PC, tablet, smartphone)
• Device model and settings
• Network information
• Details about when, where, and how you used the service
• Login information
• Browser type and version
• Browser plug-in types and versions
• Operating systems and platforms
• Information about your visit, including referral pages, pages visited, and onward navigation
• Products and services viewed or searched for
• Download errors
• Time spent on pages and interaction with them

This data is collected via cookies and similar technologies. You can read more about this in our cookies section.

We may also collect information when integrating our digital services with third-party services (e.g. social networks like Facebook or LinkedIn), where you have given consent.

This may include:

• Information you provide when signing up for services
• Automatically collected data (e.g. IP address and device info)
• Location data (for location-based services)
• Other information provided with your consent or as permitted by law

Information we collect from other sources

We may collect personal data about you from third parties in connection with the services we provide, in accordance with applicable law.

Examples include:

• Credit information about you or your company from external credit agencies for customer approval and credit decisions
• Information from advertising networks, analytics providers, and search information providers

If you use social media credentials to log in or interact with Dstny services, we may collect information from your social media profile, such as interests, likes, and friend lists. You can control this through your social media account settings.

We may combine personal data from third-party sources with data you provide and data we collect automatically.

We collect information about your location in the following cases:

1. When you use our telecommunications services. For example, we collect cell ID data, which indicates your device’s location on our network and provides an approximate geographic position. We need this information to deliver mobile telephony services to you.
2. When you use our location-based services or receive location-based offers, and you have given consent for us to process your location data for these purposes. Depending on the service or offer, as well as your position within our network, we may use your cell ID and/or other location data generated by the Global Positioning System (GPS). GPS data provides a much more precise geographic location. For these purposes, we may also use geo-fencing techniques to determine when your device enters a specific geographic area.

The collection and processing of your personal data primarily take place so that we can provide the agreed services and products to you, including delivering necessary support where required.

This processing includes, among other things:

1. Managing your customer relationship with us, including administering and fulfilling your orders, issuing invoices, and collecting payments for our services
2. Communicating with you about the services we provide
3. Sending notifications about purchases and service disruptions
4. Responding to your questions and feedback
5. Providing an overview of the services or parts of services you have used or are using
6. Informing you about changes to our services and terms
7. Reminding you of the benefits included in your services
8. Advising you on how to use our services to ensure you get the best value
9. Creating customer profiles
10. Monitoring and recording our communication with you for training and quality assurance purposes
11. Recording details about the products and services you order
12. Communicating with you regarding your orders or services
13. Managing our services for internal operations, including troubleshooting, network management, and optimization to improve customer experience
14. Ensuring that website content is presented in the most effective way for your devices
15. Protecting our services and network, including ensuring security for you and our employees
16. Investigating, preventing, and handling illegal activities or violations of our terms and applicable law
17. Complying with legal and regulatory obligations, including providing certain data to authorities for investigations and legal proceedings (we only disclose personal data to the police based on a court order)
18. Conducting credit checks to assess subscription requests

In addition, we may use your personal data for marketing purposes, such as offering more relevant and tailored services and sending you information and newsletters about our products and services. This will only take place if you have given your consent. See the section “How we use your personal data for marketing purposes” for more details.

We also continuously use personal data to produce statistics and analyses, for example to identify general trends, improve our understanding of customer behavior, and develop new services. Most of these statistics are based on anonymized data, while others are based on personal data. See the section “Statistics and analyses for Dstny’s internal use” for more information.

Processing of your CPR number

To subscribe to certain services at Dstny, you or your company may be required to provide your CPR number. Dstny processes this information to uniquely identify you as a customer and/or user, including for credit assessments, address lookups in the national registry, and payments to your NemKonto.

Statistics and analyses for Dstny’s internal use

We use your data to create aggregated statistics on, for example, sales, services, customers, network traffic, and location patterns. We also analyze the use of our network and services to identify trends, improve our understanding of customer behavior, develop new services, optimize existing ones, and offer more tailored services. Additionally, we measure the effectiveness of our advertising to optimize our marketing efforts for the benefit of our customers.

Such analyses and statistics are based on the legitimate interest provision in GDPR Article 6(1)(f), where they rely only on general and non-sensitive data. In these cases, Dstny has assessed that its legitimate interests, particularly in improving services for customers, outweigh any potential customer interest in objecting.

If Dstny wishes to conduct analyses based on more detailed data, traffic data, or location data, this will only take place with your prior consent, in accordance with GDPR Article 6(1)(a). You may withdraw such consent at any time.

Anonymization and use of data for public health analysis (COVID-19)

We use anonymized location data to produce analyses for Statens Serum Institut, supporting mathematical modeling for their public authority work related to COVID-19.

Processing based on the performance of our contract with you
Most of the personal data we process about you is processed in order to deliver the requested services and thereby fulfill our contract with you. The collection and processing of such personal data are therefore based on Article 6(1)(b) of the General Data Protection Regulation (GDPR). This means that personal data may be collected and processed where necessary for the performance of a contract to which the data subject is a party.

Processing based on consent – and your right to withdraw consent

Certain processing activities will only take place if you have given your prior consent. This applies, for example, to the use of information about your location, mobile usage, and data consumption in order to send you more tailored marketing material, including relevant news and offers. See the section “How we use your personal data for marketing purposes” for more information.

If we process your personal data based on your consent, you have the right to withdraw that consent at any time. You can do this by contacting our customer service.

If you choose to withdraw your consent, this will not affect the lawfulness of processing carried out prior to the withdrawal. The withdrawal will only take effect from the time it is made.

Processing of your CPR number for credit checks and name/address validation will also only take place based on your consent. You may withdraw this consent as well, but this may have consequences for your subscription with us.

Processing based on legitimate interests

In general, the use of your personal data for analyses and statistics prepared by Dstny is based on the legitimate interest provision in Article 6(1)(f) of the GDPR. For more information, see the section “Statistics and analyses for Dstny’s internal use,” which explains the factors considered in balancing the interests involved.

We may share your personal data with affiliated companies within our group for processing in accordance with the purposes described in the section “How we use your personal data – purposes of processing” above. Our group companies may process this data either for their own purposes or on our behalf, and they will always do so in accordance with this privacy policy and applicable law.

We use partners and service providers for a range of business purposes, such as helping us offer, deliver, bill, repair, and improve our services. In such cases, it may be necessary to disclose your personal data to these third parties.

We will typically share your personal data with third parties when:

1. It is necessary to involve a third-party partner, agent, or service provider to enable or enhance our services, allowing us to provide better service to you.
2. We engage service providers or other data processors who process your personal data on our behalf and under our instructions. In such cases, we take measures to ensure your data remains protected and that third parties process it only in accordance with our instructions and not for their own purposes.
3. We share information with third parties that provide services (such as social networks, including Facebook and LinkedIn) that you have chosen to integrate with our services, to the extent necessary for you to use those services.
4. You request that we share your personal data with a third party in accordance with our data protection policy.
5. You have given your consent for us to share your personal data.
6. We are required or permitted by law to disclose your personal data, for example to protect you, us, or others from harm, or when required by a court order or other legal obligation to disclose data to law enforcement authorities, courts, or public authorities.
7. We decide to sell, purchase, merge, or otherwise reorganize our business, in which case your personal data may be shared with potential or actual buyers, sellers, partners, and their advisors.
8. In the event of continued non-payment after reminders, we may transfer your case to a debt collection agency with which we cooperate. We may also report you to a credit reference agency while you remain in debt to us.
9. We are required to disclose certain personal data to directory services, unless you have requested that such information not be published.

When we share your personal data, we take appropriate measures to ensure that recipients protect your privacy, keep your data secure, and process it in accordance with applicable law. These measures may include entering into appropriate agreements with third parties.

We do not sell your personal data to third parties without your consent.

Transfers to processors in third countries

In some cases, we transfer data to processors outside the EU and EEA. Such transfers are based on data processing agreements as well as the European Commission’s Standard Contractual Clauses, which are considered to provide adequate safeguards for the protection of privacy, fundamental rights, and freedoms, as well as for the exercise of related rights.

The European Commission’s Standard Contractual Clauses can be found here: https://commission.europa.eu/law/law-topic/data-protection_en

We want to increase the value you get from being a Dstny customer and provide you with more relevant information about products and services. Therefore, with your consent, we and selected third parties may use your personal data to send you marketing material regarding products and services based on your preferences and interests.

You decide how we use your personal data for marketing purposes. This means that we will obtain your consent, where required by law, before using your personal data for marketing. You may withdraw your consent at any time by contacting customer service or by following the procedure described in the marketing material.

Please note that if you withdraw your consent, we will stop sending you marketing material. However, we will continue to send you messages related to the services we provide to you (so-called service messages).

We automatically collect information through the use of cookies, web beacons (also known as clear GIFs or pixel tags), and similar technologies.

Cookies

A cookie is a text file containing small amounts of information that a website can send to your browser and which may then be stored on your computer as an anonymous tag that identifies your computer, but not you.

Our websites use cookies to improve your user experience when visiting our sites and to collect information about your usage patterns and interests, so we can show you online advertisements relevant to your interests when you return to the website. You can configure your browser to notify you before receiving a cookie, giving you the opportunity to decide whether to accept it. You can also disable cookies in your browser. If you do so, some of our websites may not function properly. We also use cookies and similar technologies for analytics and advertising purposes.

For most types of cookies, including those used for advertising, you have the right to opt out when visiting our websites. If you opt out of advertising cookies, we will stop using them. However, please note that this does not mean you will no longer see advertisements, it only means that the ads you see will not be tailored to your interests.

For more information about our use of cookies and how to opt out, you can read more here. If you want to learn more about cookies in general, visit www.aboutcookies.org.

Pixel tags

A pixel tag, also known as a clear GIF or web beacon, is an invisible tag that we may place on certain pages of our website. When you visit these pages, the pixel tag generates a generic notification of that visit. These pixel tags typically work together with cookies and track when a computer visits a page. If you disable cookies, the pixel tag will simply record an anonymous visit to the website.

A “smart pixel” is a small graphic file containing a unique identifier embedded in an email. We may use smart pixels in our email campaigns or newsletters. They allow us to track whether an email was successfully opened and to record certain information about the recipient’s activity. Users who have configured their email software to block automatic image downloads will not be tracked by our smart pixel unless they actively choose to download images in the email (many email clients block images by default).

We will not retain your personal data for longer than necessary for the purposes for which it was collected, unless we are legally required to retain it for a longer period.

Under accounting legislation, Dstny is required to retain accounting records for 5 years from the end of the financial year to which the records relate.

As a telecommunications provider, Dstny is also required under data retention regulations to store certain types of telecommunications traffic data generated and processed within our partners’ mobile networks. These data may be used by law enforcement authorities for the investigation and prosecution of criminal offences. Such data must be retained for 1 year, after which it is deleted.

Marketing consents are retained for documentation purposes for as long as they are valid and for up to 2 years after they were last used. Data relevant to potential legal claims, which are subject to statutory limitation periods, is retained for 3 years for documentation purposes.

We have a Data Protection Officer (DPO) across our operations. Their role is to ensure that the processing of your personal data always complies with this privacy policy and applicable legislation.

We have implemented appropriate technical and organizational security measures to protect your personal data against unauthorized access, collection, use, disclosure, copying, modification, or disposal. Our dedicated security team regularly reviews these measures.

When we use service providers or other data processors to process personal data on our behalf, we require them to follow our instructions and implement appropriate security measures to protect the personal data they process.

When you log in to your account using your phone number or username and password, all data is encrypted using technologies designed to ensure secure communication, such as Transport Layer Security (TLS) and Secure Socket Layer (SSL).

We apply these technologies across all our websites where personal data is collected. To make purchases on these websites, you must use a TLS- or SSL-enabled browser such as Internet Explorer, Safari, Firefox, or Chrome. This ensures that your personal data remains confidential and protected when transmitted over the internet.

If you use a username and password to access our services, you are responsible for keeping them secure and confidential. If you remain inactive after logging into your account for a period of time, you will be automatically logged out. This is done to protect your information and prevent unauthorized access to your account.

Our telecommunications network is international, and Dstny operates in several countries. We also use partners and service providers in multiple other countries, and the technical infrastructure (such as servers) used by us and/or our partners and service providers to deliver certain services (e.g. digital services) may be located in countries other than where you normally use our services.

This means that, in some cases, we may transfer your personal data to countries other than where you normally use our services, including countries outside the European Economic Area (“EEA”), so that it can be processed centrally. Such countries may not provide the same level of data protection as the country in which you normally use our services.

We therefore always take appropriate measures to ensure that your personal data is adequately protected when processed internationally. These measures typically include data security assessments of recipients of personal data and entering into appropriate agreements with such recipients.

You have certain rights in relation to the personal data we hold about you. We have measures and processes in place to enable you to exercise your rights and ensure that we can meet your requests regarding your personal data.

Right of access

You have the right to access the personal data we process about you, as well as additional information. This means that you can generally obtain copies of documents containing your personal data and be informed about the purposes of processing, categories of personal data (including whether sensitive data is involved), recipients or categories of recipients, retention periods, transfers to third countries, etc.

Certain exceptions apply, for example if documents contain Dstny’s trade secrets.

Right to rectification

You have the right to have inaccurate personal data corrected. If Dstny finds your request justified, we will correct the data as soon as possible and without undue delay.

Right to erasure (“right to be forgotten”)

In certain cases, you have the right to have your personal data deleted before our general retention period expires.

You have the right to have your personal data erased without undue delay if one of the following applies:

1. The data is no longer necessary for the original purposes
2. Processing is based on your consent and you withdraw it, with no other legal basis for processing
3. The data has been processed unlawfully
4. Dstny is legally required to delete the data
5. Dstny must delete the data following your objection

Right to restriction of processing

In certain cases, you have the right to restrict the processing of your personal data. If processing is restricted, we may only process the data—apart from storage—with your consent, for legal claims, or to protect a person or important public interests.

You have the right to request restriction when:

1. You contest the accuracy of the data (processing is restricted while we verify it)
2. The processing is unlawful and you request restriction instead of deletion
3. We no longer need the data, but you require it for legal claims
4. You have objected to processing (restriction applies while we assess competing interests)

Right to object

In certain cases, you have the right to object to otherwise lawful processing of your personal data. This applies where processing is based on:

• A task carried out in the public interest or under official authority
• Legitimate interests pursued by Dstny or a third party, unless your rights override those interests

If you object, Dstny will reassess whether the processing should continue based on your specific situation.

You also have the right to object to processing for direct marketing purposes. In that case, your data will no longer be processed for such purposes.

Right to data portability

In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transferred to another data controller.

This right applies when:

1. Processing is automated and based on consent or a contract
2. The data has been provided by you (either directly or generated through your use of services)

We will respond to your request within a reasonable timeframe and always within the deadlines required by law.

We will do our best to ensure that the personal data we hold about you is accurate and up to date. However, it is your responsibility to provide correct and complete information and to keep it updated.

You can read more about your rights in the Danish Data Protection Agency’s guidance at datatilsynet.dk.

Complaints to the Danish Data Protection Agency

You always have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with how we process your personal data. Contact details can be found at datatilsynet.dk.

Our websites may contain links to third-party websites, and some of our digital services may give you access to third-party services (e.g. social networks).

We have no control over how third-party websites and services process your personal data. We do not review third-party websites or services, and we are not responsible for them or their processing of personal data. Please read the privacy policies of any third-party websites or services you access through our websites or services.

This privacy policy is effective as of May 15, 2020. We may update the policy from time to time, in which case we will post a prominent notice on the front page of our website for 30 days. By continuing to use our services after this period, you confirm your continued acceptance of the privacy policy.

Where appropriate, or if we make significant changes to the privacy policy, we will also notify you by email or SMS.

If we make material changes to the privacy policy and you do not wish to accept them, you will have 30 days to terminate the service free of charge.

If you do not terminate the service within 30 days, your continued use of our services will constitute acceptance of the updated privacy policy. This will be explained to you in the email or SMS notification informing you of such changes.

If you have any questions or complaints regarding this privacy policy or how we handle your personal data, you can contact Dstny’s Data Protection Officer by post at:

Dstny A/S
Attn: Data Protection Officer
Skodsborgvej 305 D
2850 Nærum

or by email at: dpo@dstny.dk

View Dstny’s privacy policy under GDPR