Rosendahl Design Group A/S Annual Report 2023 • ESG Reporting Rosendahl Design Group has a Data Ethical Policy that sets the overall framework for the company’s processing of data. It is supplemented by an External Personal Data Policy regulating personal data originating from consumers, customers, and business partners as well as an Internal Personal Data Policy regulating personal data belonging to or used by the compa- ny’s employees. Together, the policies form the data ethical foundation on which the company operates. The policies address the processing and use of personal data that is in the possession or care of Rosendahl Design Group. The company mainly processes ordinary personal data such as names, e-mail addresses, and comparable contact information. Automatic personal data such as cookies is gathered and processed only in accordance with an informed cookie consent, which is submitted actively and voluntarily by the registrant. For the past few years, Rosendahl Design Group has increas- ingly implemented profiled marketing, thereby using personal data to provide targeted marketing to individual consumers. The purpose of the profiling is to appear more relevant to and to improve the purchase experience of the individual consumer. Relevant personal data is for example the consum- er’s age, geographical location, fields of interest, favorite brands etc. Rosendahl Design Group processes personal data only to the extent that is necessary in order to fulfil a contractual, legisla - tive, governance, or management commitment, or in order to provide relevant marketing, the latter only with the informed consent of the data owner. COMPLIANCE AND REPORTING Rosendahl Design Group oversees its compliance with GDPR on a regular and organized basis. Through a designated software, Rosendahl Design Group keeps track of Article 30 records and monitors the processing of data, the IT systems used for this purpose, deletion procedures, and security measures. Management continuously reports to the Board of Directors on GDPR compliance. PERSONAL DATA The currently most extensive processing of personal data pertains to the employees of the company. Ordinary personal data may here be supplemented by data concerning position, salary, pension, age etc. This data is processed with the sole purpose of fulfilling the company’s contractual obligations towards the employees. Profiled marketing is only exercised based on an informed, active, and voluntary consent from the consumer. The consent can be withdrawn by the consumer at any time, and efficient deletion procedures have been implemented to ensure compliance with GDPR as well as the immediate cease of marketing activities towards the consumer. Rosendahl Design Group does not buy from nor does it sell personal data to other legal entities but it does, from time to time, collaborate with other (non-competing) businesses on the gathering of marketing consents. In connection with such collaborations, the consumer consents actively and voluntarily to the data processing by both companies on an informed basis. A compliant data processing agreement will always be established between the two companies. INTERNAL CONTROL AND TRAINING Supplementary to the tracking of compliance through a desig- nated software, Rosendahl Design Group’s Legal & Compliance department hosts internal GDPR courses and workshops for the purpose of ensuring awareness and compliance through- out the organization. Legal & Compliance also offers advice, tips, and reminders relating to GDPR on the company’s intranet on a regular basis. On rare occasions, sensitive personal data such as the employee’s health or family matters may be processed but only to the extent that it is necessary in relation to the employee’s professional performance, well-being or the professional relation between employee and management. Finally, a designated software has been implemented since 2022 for the purpose of deleting GDPR sensitive material from the mailboxes of the company’s employees. All employees receive monthly reports, and sensitive material is automatically deleted unless actively excluded by the employee. In relation to external parties, Rosendahl Design Group processes personal data to the extent that it is necessary for the receiving or delivery of the company’s products or for similar operational purposes. ANCHORING IN THE ORGANIZATION Policies on data ethics as well as decisions relating to the implementation and use of new data and/or technology are anchored in Management. In addition thereto, Rosendahl Design Group processes personal data originating from consumers with the purpose of marketing the company or its products, however only with the registrant’s informed, active and voluntary consent to the processing of the data. In relation to marketing, the personal data processed is mainly ordinary contact data such as name, e-mail address and phone number. 49
Download PDF fil