Country

Language

Cart

Your cart is empty

Privacy Policy

Privacy Policy

Data Controller

We are the data controller for the processing of personal data that we process about our customers and business partners. You will find our contact information below:

Company Name: Vandaya ApS (2017)

Address: Porcelænshaven 26, 2000 Frederiksberg

CVR No.: DK 38559060

It is not a requirement that our company has an external DPO, but if you have any questions regarding the processing of your personal data, you can contact us via contact@vandaya.com

Processing Activities

As the data controller according to GDPR, we have the following processing activities.

Website Visits

When you visit our website, we use cookies for the website to function, which you can read more about in our [cookie policy].

Communication with Potential Customers

If you have any questions about our site or would like to learn more about our services, you can contact us via:

Through this, we will process your personal information so that we can engage in a dialogue with you, such as responding to questions about our services. We only process the information that you provide us in connection with our communication.

We will typically process the following personal data: name, email, phone number.

Our legal basis for processing this personal information is Article 6(1)(f) of the General Data Protection Regulation.

We delete our communication with you when it becomes clear whether you want our services or not.

Should there be a need to retain your personal information for a longer period in a particular case, this may be the case.

Customers

We need to communicate with our customers to ensure that the service is delivered correctly. Through this, we may process information such as name, address, services, special agreements, payment information, and similar.

The legal basis for processing this personal information is Article 6(1)(b) of the General Data Protection Regulation.

Once the service has been delivered and any outstanding matters are concluded, we will immediately delete the personal information.

Newsletter

We have a newsletter, which is voluntary to subscribe to - and you can always unsubscribe from it again.

The purpose of the newsletter is to send emails to the subscribers with new information from the company, which may include new content on the website, advertising of our services.

We will only send you emails if you have given your active consent to this. This initially requires you to provide your email address, which we will subsequently send an email to, so that you can confirm the subscription. In this way, we ensure that you have actually subscribed to the newsletter, i.e. given active consent.

Our legal basis for processing your personal information (i.e. the email address) in connection with the newsletter will be Article 6(1)(a) of the General Data Protection Regulation.

We will process your personal information as long as you are still subscribed to the newsletter. Upon unsubscribing from the newsletter, we will also stop sending it to you. If we have not sent you a newsletter in 1 year, your consent will expire due to our inactivity.

Upon unsubscribing from the newsletter, we will keep your previously given consent for 2 years after it was last used due to statute of limitations requirements according to the Consumer Ombudsman's spam guidelines section 11.3.

Accounting

We are required to keep all accounting records in accordance with the Accounting Act. This means that we keep invoices and similar documents for accounting purposes. This may contain ordinary personal information such as name, address, service description.

Our legal basis for processing personal data for accounting purposes is Article 6(1)(c) of the General Data Protection Regulation.

We keep this information for a minimum of 5 years after the current accounting year has ended.

Job Applications

We warmly welcome job applications with the aim of assessing whether they match a staffing need in our company.

If you submit your job application to us, our legal basis for processing your personal information is Article 6(1)(f) of the General Data Protection Regulation.

If you have submitted an unsolicited job application, our HR department will immediately assess whether your application is relevant, and subsequently delete your information if there is no match.

If you have applied for a posted job, we will dispose of your application in the event that you are not hired, and immediately after the right candidate is found for the job.

If you are involved in a recruitment process and/or are hired for the job, we will provide you with separate information on how we process your personal information in this context.

Data Processors

Few can manage everything on their own, and the same goes for us. Therefore, we have partners and suppliers, some of whom may act as data processors.

External suppliers may, for example, provide systems to organize our work, services, consulting, IT hosting, or marketing.

  • Shopify – Website platform
  • Billy - Accounting software
  • Klaviyo – Marketing
  • Avecdo - Marketing
  • Meta - Marketing
  • Youtube - Marketing
  • TikTok – Marketing
  • Plann - Marketing
  • LinkedIn - Marketing
  • Instagram - Marketing
  • Google - Marketing

It is our responsibility to ensure that your personal information is handled properly. Therefore, we set high standards for our partners, and our partners must guarantee that your personal information is protected.

We therefore enter into agreements with companies (data processors) that handle personal information on our behalf to increase the security of your personal information.

Disclosure of Personal Information

We do not disclose your personal information to third parties.

Profiling and Automated Decisions

We do not carry out profiling or automated decision-making.

Transfers to Third Countries

As a rule, we use data processors in the EU/EEA, or who store data in the EU/EEA.

In some cases, this may not be possible, and data processors outside the EU/EEA may be used, provided that they can provide adequate protection for your personal information.

Processing Security

We keep the processing of personal information secure by implementing appropriate technical and organizational measures.

We have conducted risk assessments of our processing of personal information and have subsequently implemented appropriate technical and organizational measures to increase processing security.

One of our most important measures is to keep our employees updated on GDPR through ongoing awareness training, GDPR courses, and by reviewing our GDPR procedures with the employees.

Rights of the Data Subjects

Under the General Data Protection Regulation, you have a number of rights regarding our processing of information about you.

If you wish to exercise your rights, you should contact us so that we can assist you with this.

Right of access

You have the right to obtain access to the information we process about you, as well as a number of additional details.

Right to rectification

You have the right to have inaccurate information about yourself corrected.

Right to erasure

In certain cases, you have the right to have information about you erased before the time of our usual general deletion occurs.

Right to restriction of processing

In certain cases, you have the right to have the processing of your personal information restricted. If you have the right to have the processing restricted, we may in the future only process the information – except for storage – with your consent or for the purpose of establishing, exercising, or defending legal claims, or to protect a person or important societal interests.

Right to object

In certain cases, you have the right to object to our otherwise lawful processing of your personal information. You can also object to the processing of your information for direct marketing purposes.

Right to data portability

In certain cases, you have the right to receive your personal information in a structured, commonly used, and machine-readable format and to have this personal information transmitted from one data controller to another without hindrance.

You can learn more about your rights in the Danish Data Protection Agency's guidance on the rights of data subjects, which you can find at www.datatilsynet.dk.

Withdrawal of Consent

When our processing of your personal data is based on your consent, you have the right to withdraw your consent.

Complaint to the Danish Data Protection Agency

You have the right to lodge a complaint with the Danish Data Protection Agency if you are unhappy with the way we process your personal data. You can find the contact information for the Danish Data Protection Agency at www.datatilsynet.dk.

We generally encourage you to learn more about GDPR so that you are updated on the rules.

Free worldwide delivery

We ship worldwide, and shipping is free on all orders from 150€.

Satisfied or refunded

We offer easy returns with a 30 day refund policy.

Customer support

We are always here to help. Need help with sizing, styling or have any questions. Please don't hesitate to reach out.

Secure payments

Our secure payment system ensures a safe and protected transaction.