Privacy Policy | Diana Lys A/S

Document owner: Diana Lys A/S

Last revised: 26-06-2026

Version: 1.2

Privacy Policy

By Diana Lys A/S

Diana Lys A/S is the data controller for the information we collect about you, and we ensure that your personal data is processed in accordance with applicable legislation.

We take your data protection seriously, and we have therefore adopted this privacy policy, which explains how we process your personal data.

This policy is evaluated at least once a year.

Contact details

If you wish to contact us regarding our processing of your personal data, you can do so at:

Diana Lys A/S
Kertevej 2,
7840 Højslev
CVR 58299618
trine@Diana-Lys.dk

1. Processing of personal data

Personal data means any kind of information that, to some extent, can be attributed to you. If you do not wish us to process this information, it may become problematic to maintain and fulfil any agreements entered into and legal obligations.

As data controller, we have implemented appropriate technical and organisational measures to prevent your information from being accidentally or unlawfully deleted, disclosed, lost, impaired, accessed by unauthorised persons, misused or otherwise processed in violation of the law. We ensure that processing can only take place when all data protection principles are met, cf. Article 5 of the General Data Protection Regulation. Below, you can see the basis on which we process your information, for what purpose and for how long we retain it.

1.1 Customers

In order for you to be a customer with us, it is necessary for us to collect the following personal data about you:

  • Name, email, telephone number, job title
  • Company name, address, CVR number and delivery address

We collect personal data for the following purposes:

  • Processing your purchase and delivering our service
  • Administration of your relationship with us

We collect this information on the following legal basis:

  • Processing takes place on the basis of fulfilling the purchase agreement, cf. Article 6(1)(b) of the General Data Protection Regulation.
  • Our legitimate interest, which is the administration of the customer relationship, necessitates the processing of this personal data, and we ensure that pursuing the legitimate interest will not override your rights, cf. Article 6(1)(f) of the General Data Protection Regulation.

We retain the information for as long as permitted by law, and we delete it when it is no longer necessary. The retention period depends on the nature of the information and the purpose of the processing. Information relating to customer relationships is generally retained for 5 years after the end of the financial year in accordance with the Danish Bookkeeping Act. Other information is deleted when it is no longer necessary.

1.2 Suppliers and business partners

In order to be a supplier or business partner with us, it is necessary for us to collect the following personal data about you:

  • Name, telephone number, email.
  • Bank details, contact person and address.

We collect personal data about suppliers and business partners for the following purposes:

  • Processing our purchases/services
  • Administration of your relationship with us

We collect this information on the following legal basis:

  • Processing takes place on the basis of fulfilling the purchase contract, cf. Article 6(1)(b) of the General Data Protection Regulation.

We retain the information for as long as permitted by law, and we delete it when it is no longer necessary. The retention period depends on the nature of the information and the purpose of the processing.

1.3 Recruitment

The purpose of collecting personal data about you in the recruitment process is to assess whether you are a qualified candidate for a vacant position with us.

The personal data that appears in the recruitment process is the information contained in your application, CV and other submitted documents, which is registered. It is not necessary for you to include your CPR number.

Your application and attachments are shared internally with relevant staff in the recruitment process, but are not shared with persons outside the company.

If you are invited to a job interview, we will note information for use in the further recruitment process.

We process your information on the basis of our legitimate interest, cf. Article 6(1)(f) of the General Data Protection Regulation, which is to assess your qualifications and competencies in relation to the advertised position.

Applications and attachments may be stored for up to 6 months after the recruitment process has ended, after which your information will be deleted. The purpose of retention after completion of the recruitment process is to safeguard interests in the event of any objections regarding discrimination, unequal treatment or similar matters during the recruitment process.

If we wish to store your application and attachments for the purpose of possible future employment, this will take place on the basis of your consent, cf. Article 6(1)(a) of the General Data Protection Regulation.

1.4 Unsolicited applications

For unsolicited applications, we process your information on the basis of our legitimate interest, cf. Article 6(1)(f) of the General Data Protection Regulation, which is to assess your qualifications and competencies in relation to possible future employment.

For unsolicited applications, applications and attachments are stored for a maximum of 6 months, after which they are deleted. If we wish to store your application for longer than this, this will take place on the basis of specific consent from you.

Your consent is voluntary, and you may withdraw it at any time by contacting us using the contact details above.

2. Other information about processing

2.1 Data minimisation

We only process the information that is necessary to fulfil our specified purposes. In addition, we may be required by law to collect and retain certain other information about you. We only retain personal data for as long as it is necessary or required by law. Personal data is deleted or anonymised when it is no longer necessary for us to process it.

2.2 We keep data up to date

As our service depends on your personal data being accurate and up to date, we ask you to inform us of relevant changes to your personal data. You can use the contact details above to inform us of your changes, and we will ensure that your personal data is updated. If we ourselves become aware that your personal data is not accurate, we will update the information and notify you of this.

2.3 Disclosure of information

We use a number of third parties for the storage and processing of information, including providers of IT solutions. These parties process information solely on our behalf and may not use it for their own purposes. In relevant cases, personal data is disclosed to, for example, banks, external bookkeepers, freight companies, etc.

Disclosure of information:

We use data processors/suppliers for the processing of personal data. We prioritise suppliers from the EU, as well as from third countries which the European Commission has approved in relation to the level of protection of personal data, cf. Article 45 of the General Data Protection Regulation.

Disclosure of information to unsafe third countries:

We also use some data processors/suppliers in unsafe third countries. When the legislation of third countries does not offer the same security as the EU, we have enhanced obligations in protecting your data. We use Microsoft 365 as our email and collaboration platform. In this connection, personal data may be processed by Microsoft, including being transferred to countries outside the EU/EEA. The transfer takes place on the basis of the European Commission’s Standard Contractual Clauses (SCCs, Article 46(2)(c)) and other necessary security measures.

If you would like to know more about the transfer bases that affect you, you can contact us using the contact details at the top of this document.

2.4 Website and cookies

When you visit our website, we may process personal data about you. This may include your IP address and technical information about your device to the extent necessary for the operation and security of the website.

The website uses cookies. Any non-essential cookies are only used with your consent, which you provide via the cookie banner. You can change or withdraw your consent at any time via the cookie settings on the website.

If you contact us via the website or email, we process the information you provide yourself in order to respond to your enquiry. The processing takes place on the basis of our legitimate interest, cf. Article 6(1)(f) of the General Data Protection Regulation, or as part of taking steps prior to entering into a possible agreement, cf. Article 6(1)(b).

3. Your rights

By contacting us using the contact details at the top of the page, you can:

  • obtain access to your personal data
  • have your registered personal data rectified
  • have personal data about yourself deleted
  • have your personal data provided to you (data portability) for the purpose of transferring it to another data controller
  • object to the processing
  • have the processing of your personal data restricted.

When you contact us with a request to exercise the rights above, we will respond to you within one month. If we cannot fulfil your request, you will receive an explanation.

To exercise your rights, or if you have questions about the above, you can contact us. You will find our contact details at the top of the page.

If you are subsequently dissatisfied with the way in which we process your information, you have the right to lodge a complaint with the Danish Data Protection Agency.