Privacy policy

We take your data protection seriously, which is why we have adopted this privacy policy, which informs you of how we process your information.

Business Hub Zealand (in Danish: Erhvervshus Sjælland), Fulbyvej 15, 4180 Sorø, CVR: 4008 4746, is the data controller for the information we process about you, and we ensure that your personal information is processed in accordance with the law. We process your information if you have been in contact with us, whether in the form of event participation, having received sparring, or having been part of a course. We always process your information securely.

Contact information

You can contact us on tel. +45 55 35 30 35 or email info@ehsj.dk if you have any questions about the processing.

You can also contact our DPO: td@gapsolutions.dk or tel.+45 71 74 98 45.

Processing of personal information

Personal information is all kinds of information which directly or indirectly can be linked to you. If you do not want us to process your information, it may be difficult to meet our agreements and legal obligations.

Where do we get your personal information?

We collect personal information about you in various ways. Below, you can see some examples of how we might collect your information:

Through the use of cookies on our website
By you submitting the information yourself, e.g. by answering a questionnaire or filling in a form on the website
By you commenting or following us on social media such as Facebook and LinkedIn
Through your collaboration with us or your participation in a course, sparring, an event, or other activity with us

Below you can see the legal basis on which we process your information, for what purpose we process it and for how long we keep it.

Website visitors
Indhold er hentet
The first time you land on Business Hub Zealand’s website, you see a banner with information about cookies for statistical purpose. If you click on 'Reject', no cookies will be set for statistical purposes. However, we do use a cookie to remember your rejection. We do this in order to ensure optimal operation of our website.
We process the following information about website visitors:
- A generated userID
We process the information on the following legal basis:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation ) article 6, subsection 1, letter e and a as far as ordinary personal information is concerned, as well as article 9, subsection 2, letters f and g as far as special categories of personal information is concerned.
Contact persons at the companies we provide with guidance
Indhold er hentet
When you are a contact person at a company to which we provide advice or with which we intend to start an advisory course together, we (primarily) process the following personal information about you:
- Name, address, email and telephone number, position, education, or work function
- CPR-number (if you are Danish)
- CVR-number and P-number
We process personal data about contact persons in the companies to which we provide advisory services for the purpose of handling and managing the service we deliver to them as well as managing our collaboration in the various projects. We also process information about companies and their contact person for the purpose of measuring the effect of activities carried out by the Business Hubs, as stated in the Danish Business Authority's national performance contract with the Business Hubs.
We collect this information on the following legal basis:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation ) article 6, subsection 1, letter e as far as ordinary personal information is concerned, as well as article 9, subsection 2, letters f and g as far as special categories of personal information is concerned.
- Executive Order no. 285 of 1 March 2022 on eligibility for support, accounting, audit and control, etc. in connection with the payment of subsidies from the European Regional Fund, the European Social Fund Plus and the Just Transition Fund section 16, subsection 4, No. 5.
- Regulation (EU) No 1303/2013 of the European Parliament and of the Council of 17 December 2013 article 125, subsection 4, letter a, and Commission Delegated Regulation (EU) No 480/2014 of 3 March 2014, Article 25.
- Regulation No 1304/2013 of the European Parliament and of the Council of 17 December 2013 on the European Social Fund and repealing Council Regulation (EC) No 1081/2006, Annex I.
- Consolidate Act No. 433 of 22 April 2014 (Administrative Act) section 28, subsection 2, no. 3 as far as confidential information is concerned.
- Act No. 502 of 23 May 2018 on supplementary provisions to the regulation on the protection of natural persons in connection with the processing of personal data and on the free exchange of such information (Data Protection Act) Section 11, subsection 1, as regards the processing of social security numbers (CPR).
We keep the information for as long as the law allows, and we delete it when it is no longer necessary. The retention period depends on the nature of the information and our reason for keeping it.
- On projects with EU subsidies, the information is stored for up to 10 years, cf. Executive Order no. 586 of 03/06/2014 section 33, subsection 2, cf. Commission Regulation (EU) No 1407/2013 of 18 December 2013 on the application of articles 107 and 108 of the Treaty on the Functioning of the European Union to de minimis aid, article 6, subsection 4.
- For other Danish state subsidy projects, information is stored for 5 years, cf. Executive Order no. 586 of 03/06/2014 section 33, subsection 1.
- Information about contact persons at companies, where guidance was never initiated, is deleted 2 years after the last contact or upon request.
Your information may be shared with the following data recipients:
- The Danish Business Authority and Statistics Denmark may receive information about the company, as well as information about any external advisers the company has been referred to during the advisory process.
- The analytics and consulting firm, Competencehouse, evaluates a large part of our client companies' interaction with the Business Hubs via their contact persons. The firm receives the name and e-mail of the contact person in order to carry out a client satisfaction survey.
- Personal and company information is shared with other public business promotion entities who use joint CRM systems, and may also be shared with other public entities/authorities and partners with a view to improving current or future services to companies/the business world, or for statistical purposes, if relevant.
Partners
Indhold er hentet
When you partner with us, we may process the following personal information about you:
- Name, address, emails, telephone number
- Bank details
- CVR-number
- CPR-number
- General skills, CV, educational background.
We collect personal information about our partners for the purpose of managing the contracts we enter into with you, including in particular to ensure our contact options and knowledge base about you in connection with our collaboration. This is of central importance for the services Business Hub Zealand provides to our contact persons, who represent the companies and entrepreneurs we advise. In addition, we may process information about you in order to document our use of partnerships in relation to the exercise of our official authority, in the form of business promotion services as stated in the Danish Business Authority's national performance contract with the business hubs.
We process the information based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) article 6, subsection 1, letter e as far as ordinary personal information is concerned, as well as article 9, subsection 2, letters f and g as far as special categories of personal information is concerned.
We keep the information for as long as the law allows, and we delete it when it is no longer necessary. The retention period depends on the nature of the information and our reason for keeping it.
- On projects with EU subsidies, the information is stored for up to 10 years, cf. Executive Order no. 586 of 03/06/2014 section 33, subsection 2, cf. Commission Regulation (EU) No 1407/2013 of 18 December 2013 on the application of articles 107 and 108 of the Treaty on the Functioning of the European Union to de minimis aid, article 6, subsection 4.
Your information may be shared with the following data recipients:
- The Danish Business Authority and Statistics Denmark may receive information about the company, as well as information about any external advisers the company has been referred to during the advisory process.
- Public business promotion entities that use joint CRM-systems.
- Public authorities.
- Private companies/entrepreneurs in cases, where it is relevant.
Newsletter
Indhold er hentet
When you sign up to receive our newsletter, we will process the following information about you:
- Email and name
The purpose is to deliver a newsletter to you that is tailored to your interests and wishes, so you will find the content relevant for you.
We process the information based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) article 6, subsection 1, letter a as far as ordinary personal information is concerned.
Your personal information will be deleted when you revoke your consent. You are free to revoke your consent, and you can use the contact information at the top if you wish to do so.
Use of photos
Indhold er hentet
If we assess that a photo is harmless and with no specific focus on individuals, and that it will have a positive effect on the outside world's perception of us, either as a workplace, as a business partner or in another context, we will publish it on the internet.
We process the information based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) article 6, subsection 1, letter e as far as ordinary personal information is concerned.
If you are to actively participate in marketing, videos or other promotional material in collaboration with us, we will ensure that this takes place on the basis on your consent or under a model contract.
We process the information based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) article 6, subsection 1, letter a or b as far as ordinary personal information is concerned.
Photos will be deleted if we conclude that they no longer serve their purpose, if a contract for the use of the photo has expired, or if you revoke your consent. Additionally, you also have the option of objecting to our use of photos in which you appear.
Contact and communication
Indhold er hentet
When you reach out to us by email, telephone, contact form on our website or by ordinary letter, we process the following information about you:
- Your contact information and the content of your inquiry.
The purpose of processing your personal information is to provide you with quality service and process your inquiry.
We process the information based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) article 6, subsection 1, letter e as far as ordinary personal information is concerned, as well as article 9, subsection 2, letters f and g as far as special categories of personal information is concerned.
Your personal information is deleted when the purpose for storing the information is no longer present. This is individually assessed based on the specific inquiry and the nature of the inquiry. We process your personal information for as long as we have ongoing correspondence with you. When the correspondence is finished and its content does not give rise to further action, your information will be deleted.
Job applicants
Indhold er hentet
When we receive your application, it will be read and processed according to the regulations below.
The application with attachments will be shared internally with relevant personnel in the recruitment process.
Personal information received during the recruitment process will be processed on the following legal basis:
We process the information based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) article 6, subsection 1, letter e as far as ordinary personal information is concerned, as well as article 9, subsection 2, letter f as far as special categories of personal information is concerned.
The CPR number is only processed if you yourself have submitted it with your application or CV. We process the information in accordance with Act No. 502 of 23 May 2018 on supplementary provisions to the regulation on the protection of natural persons in connection with the processing of personal data and on the free exchange of such information (Data Protection Act) Section 11, subsection 1, as regards the processing of social security numbers.
According to the data protection regulations, you have the right to be informed whether disclosing your personal information is mandatory by law or a requirement that must be met in order to enter into a contract, as well as any possible consequences of not providing that information.
Please note that it follows from the Danish Health Information Act that an employee must disclose, before employment on their own initiative or when asked about it by the employer, whether the employee is aware of having an illness or having symptoms of an illness that will have significant influence on the employee's ability to hold the position in question.
In addition, please note that if you are offered employment, we need some personal information about you to draw up your employment contract, including e.g. your name and address, cf. the provisions of the Employment Contract Act. If you do not wish to provide the information that you are required to provide in accordance with the provisions of the Health Information Act and the information necessary for an employment contract to be drawn up, it will not be possible to offer you employment.
We save your application with attachments until we find the right candidate and the recruitment process is completed. After this, your application with attachments will be stored for 6 months, after which it will be deleted.
Regarding unsolicited applications, we save your application with attachments for 6 months, after which it will be deleted.
If we find occasion to store your application with attachments for more than 6 months, we will contact you to obtain your consent to this.
Your consent is voluntary, and you can revoke it at any time by contacting us using the above contact information.

Other information about the processing

Security
Indhold er hentet
We have implemented appropriate technical and organisational measures to prevent your information from being accidentally or unlawfully deleted, published, lost, corrupted or from being disclosed to unauthorised persons, misused or otherwise processed in violation of the law. We ensure that processing can only take place, when all data protection principles are met. cf. GDPR art. 5.
All data transmissions and storage of personal information take place on systems with backup and restoration procedures established for all servers. Access to personal information is subject to both organisational and technical measures, such as user ID and a personal password, etc.
Data minimisation
We keep data up to date
Indhold er hentet
As our service depends on your information being correct and up-to-date, we ask that you inform us of any relevant changes to your information. You can use the contact information above to notify us of any such changes, and we will ensure that your information is updated. If we ourselves become aware that our information about you is incorrect, we will update the information and notify you of this.
Transfer of information
Indhold er hentet
We use a number of third parties to store and process the information, including suppliers of IT solutions. These only process information on our behalf and cannot use it for their own purposes.
We sometimes transfer information to companies located in unsafe third countries. If this happens, we will only do so if we have a legal transfer mechanism. We may transfer ordinary personal information (e.g. name, e-mail, or images) to the following companies in the USA, based on the commission's standard contracts, cf. GDPR art. 46, subsection 2, letter c:
- Facebook
- LinkedIn
- Vimeo
- YouTube
- HubSpot
- Pipedrive
- Microsoft
- Smartsheet
Joint Controllership (for the use of social media)
Indhold er hentet
We use the following social media: Facebook and LinkedIn, which are categorised as joint data controllers. Joint controllership means that both parties are responsible for the purpose and processing of personal information.
You can find our agreements on joint controllership here:
https://legal.linkedin.com/pages-joint-controller-addendum and https://www.facebook.com/legal/controller_addendum
If we publish customer endorsements or similar, we will do so on the basis of consent, cf. GDPR article 6, subsection 1, letter a.
Your rights
Indhold er hentet
When we process personal information about you, you have a wide range of rights pursuant to the GDPR. You can therefore, if you contact us, exercise the following rights:
- Gain access to your personal information
- Have your information rectified
- Have your information erased (Right to be forgotten)
- Have the processing of your information restricted
- Receive your information with w view to moving them to a different data controller (data portability)
- Object to our processing, when it is based on our role as a public authority (GDPR article 6, subsection 1, letter e)
If you give us your consent, it is voluntary, and there will be no consequences for you if consent is not given, if it is given only to certain points, or if it is later revoked. Consent can be revoked at any time by using the contact information above. If you choose to revoke your consent, it does not affect the legality of our processing of your personal information based on your previously communicated consent and until the time of your revocation.
When you contact us with a request to exercise any of the above rights, we will get back to you within one month. If we cannot accommodate your request, you will be given a reason why.
To exercise your rights, or if you have any questions about the above, you can contact us or our DPO. Please find the contact information at the top of the page.
If you are subsequently dissatisfied with the way in which we process your information, you have the right to lodge a complaint with the Danish Data Protection Authority.