All links on this page open in new windows / tabs.
Personal data policy is an important part of running a business today and that is something that we take very seriously in Northern Workshops.
This page will explain how your personal data is handled at Northern Workshops and how it affects you as a customer. The page here will contain some technical information about how we store your personal data and we will always be happy to answer any questions about this.
The key sentence in relation to our personal data policy is for us to create complete transparency and security regarding your personal data.
What is the General Data Protection Regulation (GDPR)
GDPR is a new legislation that is handled by the EU and is valid in all EU countries. The primary purpose is to create transparency for you as a customer and how your personal data is handled.
It is important to take GDPR "down to the right level" compared to Northern Workshops. Firstly, it is very limited what personal data information you exchange with us and at the same time we have a very simple but at the same time also highly organized business structure which makes our systems simple and secure in their construction.
Of course, it is your credit card information, which you are particularly aware of in terms of breach of security. Therefore, we have the section below "How is my personal data stored?" described it very carefully which systems we use and how we handle GDPR.
There are numerous websites already available about GDPR, but I recommend that you read about data security through the Data Inspectorate, which is the official agency in Denmark: http://www.datatilsynet.dk/generelt-om-databeskyttelse/
What does it mean as a customer?
One of the "big" things in relation to GDPR is to collect consent from one's customers when they submit potentially sensitive personal information.
As a direct consequence of this we have chosen to delete all e-mailing lists despite the fact that we have already obtained consent in this regard. It is very limited, what we have of scope on these lists, and how much we have emitted over the years.
In addition, we will provide you as a customer with complete transparency in what personal data we store and how we store them. See more in the next section about this.
You will be greeted by an additional dialog box on the page relative to when you fill in a form or purchase a product in which you agree to keep your personal data.
How is my personal data stored?
Northern Workshops is a small company and therefore the structure is also relatively simple. It is important to describe that you as a customer at any time have the right to be informed and to provide and / or delete the personal data stored. This must be done in writing by e-mail to firstname.lastname@example.org and documentation for the secure ID will be required before the information is delivered and / or deleted.
Virtually all customer contact is typically done via e-mail, where all this data is stored on an SSL-secured Exchange server, hosted directly by Microsoft. As long as we are in an active dialogue with a specific customer assignment, we will keep all written dialog on the mail server. Subsequently, all the documentation is filed for a year after which we archive documentation securely and anonymously.
There are a number of products here at www.northernworkshop.com, which can be purchased / ordered online, where you make payment immediately online. The entire website is built on the hosting service SquareSpace, which uses a global payment system called Stripe. That is, Northern Workshops does not even store credit card information or other personally sensitive information in connection with transactions. Both SquareSpace and Stripe are protected with a 24-character password plus 2-factor authentication.
In connection with payment of invoices outside of www.northernworkshop.com, it will be done by either bank transfer or online payment via Stripe or YourPay payment system. It is Billy accounting system, which uses YourPay payment system for billing customers. If you pay your bill by bank transfer, it is your bank and my bank (Vestjysk Bank), which is responsible for data security. We do not make any manual prints of my bank statements from my bank.
GDPR overview of the systems I use:
- Billy (accounting system): https://www.billy.dk/blog/saadan-bliver-billy-klar-til-gdpr/ (danish document - use Google Translate)
- Stripe (Payment System): https://stripe.com/guides/general-data-protection-regulation
- SquareSpace (website system): https://support.squarespace.com/hc/en-us/articles/360000851908-GDPR-and-Squarespace
What personal data do I provide?
In connection with your communication, browsing the website and / or purchasing at www.northernworkshop.com you will transfer one or more of the following information:
- Phone number
- Credit card information in connection with purchase
What happens if there is a breach of security?
If it happens that I'm experiencing a breach of security, the affected customers will receive direct email notification within 72 hours of the break. This documentation will describe what information has been compromised and how you as a customer should deal with.
All breaches of the security are also reported to the data inspector within 72 hours:
Data Responsible: Hans Christian Strikert
(+45) 26 71 84 03