IDC Ventures - Privacy Policy 

1. Introduction

Here you can read about how IDC Management Denmark ApS (hereinafter "we," "us," and "our") collects, processes, and stores your personal data as part of our operations and the activities described in section 3 below.

Responsible handling of personal data is crucial to our business goals and reputation. Therefore, this privacy policy describes how and why we collect personal data about you, how the data is used, when it is deleted, and how you can, among other things, access your personal data.

2. Data Controller

IDC is the data controller for the processing activities described in this privacy policy unless otherwise stated in the activities in section 3 below. If you have any questions about this privacy policy or our processing of your personal data as described in section 3 below, please contact us at:
            IDC Management Denmark ApS
            VAT number: DK-40911871
            Store Kongensgade 40H, 3. Th., 1264 Copenhagen K, Denmark
            Email: ir@idcventures.com

3. How do we process personal data about you as part of our activities?

We collect and process personal data in different situations, and the purposes of the collection, what the personal data is used for and when it is deleted can vary. The individual activities where IDC (as data controller) can collect personal data about you are therefore described separately below.

3.1. When you visit our website

When you visit our website (IDC Ventures — A Platform for Entrepreneurs by Entrepreneurs), we process, store, and disclose personal data about you for various activities and through cookies and your personal data may be used for the purposes specified below.

You can read more about cookies, the different types of cookies we use, how to change your cookie settings, delete cookies, and more in our cookie policy which is available here. Our website may contain links to other websites or to integrated websites. We are not responsible for the content of websites from other companies or their processing practices of personal data, and we refer you to read their privacy policy as well as other relevant policies relevant for other websites.

3.1.1. What personal data is processed and where does it come from?

We expect to collect the following personal data about you through cookies on our website:

• IP-address
• Information about which device you use (pc, tablet, mobile phone etc.)
• Information about your behaviour on our website (such as clicks, interests, and browsing history).
• Images, videos

3.1.2. Why do we process the personal data?

We process your personal data for the following purposes:

• For administration, maintenance, and development of the website
• To analyse the use of our website and collect statistics about visitors
• For marketing purposes, such as our newsletter service

3.1.3. What is the legal basis for our processing?

Our processing of general personal data is based on the following legal bases:

• Consent: When you visit our website, we ask for your consent to place cookies in accordance with our cookie policy. We process your personal data to offer functions on the website, collect statistics and promote products for marketing purposes based on your consent. This legal basis is found in Article 6(1)(a) of the GDPR. You can withdraw your consent at any time by contacting us (see section 2 above).
• Legitimate Interest: We may collect personal data about you to be able to run the website, perform statistics and analytics, maintenance, development of the website, and for security reasons. This legal basis is found in Article 6(1)(f) of the GDPR. The legitimate interests are our legitimate interests in providing and optimising our website to you and providing you with the best online experience and products. You can object to this processing at any time by contacting us (see section 2 above).

3.1.4. Who do we share your personal data with?

Your personal data may be shared with online service and ad providers and any of our IDC corporate entities.

We may transfer your personal data to countries outside of the EU/EEA if necessary to carry out the relevant task. Any transfer will take place subject to valid legal grounds for such transfer (the GDPR Chapter 5), e.g. the Standard Contractual Clauses published by the EU Commission which can be found here: Standard contractual clauses for international transfers (europa.eu). We may also rely on the EU-U.S Data Privacy Framework, if we transfer personal data to the US which can be found here: Home (dataprivacyframework.gov).

3.1.5 For how long do we store your personal data?

The retention period depends on the cookie. Your personal data is stored in accordance with our cookie policy which is included in our cookie solution.

We may store and process data for longer in anonymised form meaning we can no longer identify you.

3.2 When you communicate with us by e-mail, phone, or otherwise

When you communicate with us, contact customer service, or otherwise communicate with us, we collect and process your personal data.

We urge you not to disclose any sensitive or confidential personal data to us unless it is strictly necessary for your inquiry. For security reasons, we encourage you to send the information in encrypted form if you submit confidential or sensitive personal data via email.

3.2.1 What personal data is processed and where does it come from?

We collect, process, and store the following types of personal data about you:

• Contact information, including your name, email, and phone number
• The subject of your inquiry, including date, and any attachments you include
• Chat history
• Customer ID
• Other personal data that you provide in connection with your inquiry

3.2.2. Why do we process the personal data?

We process your personal data for the following purposes:

• To process your inquiry or request
• Customer service and sales
• General communication with you
• Statistics and analysis to improve our products and services

3.2.3 What is the legal basis for our processing?

Our processing of general personal data is based on the following legal bases:

• Contractual obligations: If your enquiry concerns a (potential) agreement, we process your data to implement contractual measures or fulfil the agreement with you (Article 6(1)(b) of the GDPR).

• Legitimate Interest: We may collect personal data about you to be able to handle your inquiry, communicate with you, provide customer service, and develop our products and services. This legal basis is found in Article 6(1)(f) of the GDPR. You can object to this processing at any time by contacting us (see section 2 above).

3.2.4 For how long do we store your personal data?

Your personal data will be deleted when we no longer need to process it for the fulfilment of one or more of the above purposes. In most cases, we will delete your inquiry once we have handled and completed your inquiry.

Depending on the nature of the inquiry, we may retain your personal data for up to 3 years from the response to your inquiry for the purpose of documentation and with reference to the statute of limitations rules on the limitation of ordinary monetary claims.

The personal data may be processed and stored for longer if we are obliged to do so by law.

• We may store and process data for longer in anonymised form meaning we can no longer identify you.

3.3. When you subscribe to our newsletter

When you subscribe to our newsletter for direct marketing purposes, we process different personal data about you for different purposes.

3.3.1 What personal data is processed and where does it come from?

We process the following personal data about you in relation to our newsletter services:

• Contact information (email)
• Marketing preferences and click behaviour on published content
• Your consent and the date of your consent

3.3.2 Why do we process the personal data?

We process your personal data for the following purposes:

• To analyse the use of our services and collect statistics to improve our services and products
• For direct marketing purposes, such as our newsletter service

3.3.3  What is the legal basis for our processing?

Our processing of general personal data is based on the following legal bases:

• Consent: When you subscribe to our our newsletter, we ask for your consent for direct marketing purposes. This legal basis is found in Article 6(1)(a) of the GDPR. You can withdraw your consent at any time by contacting us (see section 2 above), by unsubscribing to our newsletters in the bottom of the email, or through your user setting on the LP Portal.
• Legitimate Interest: We collect personal data about you to perform statistics and analytics for development of our products and services. This legal basis is found in Article 6(1)(f) of the GDPR. You can object to this processing at any time by contacting us (see section 2 above)

3.3.4 Who do we share your personal data with?

We may share your personal data and/or make them available to other suppliers and/or service providers in connection with the general operation of our business, e.g. in connection with the external administration of our newsletter solution, analysis tasks, and marketing tasks.

We may transfer your personal data to countries outside of the EU/EEA if necessary to carry out the relevant task. Any transfer will take place subject to valid legal grounds for such transfer (the GDPR Chapter 5), e.g. the Standard Contractual Clauses published by the EU Commission which can be found here: Standard contractual clauses for international transfers (europa.eu). We may also rely on the EU-U.S Data Privacy Framework, if we transfer personal data to the US which can be found here: Home (dataprivacyframework.gov).

3.3.5 For how long do we store your personal data?

Your personal data is stored if your consent to receive newsletters is active and for a period thereafter to document the validity of the consent.

In accordance with the recommendations of the Consumer Ombudsman, we keep documentation of your marketing consent for at least two years after you have withdrawn your consent and in any case for as long as it is relevant for us to be able to document the validity of the consent.

The retention period is based on our legitimate interest in being able to demonstrate that direct marketing has taken place in accordance with applicable legislation (Article 6(1)(f) of the GDPR).

We may store and process data for longer in anonymised form meaning we can no longer identify you, or if we are obliged to do so by law or as part of a specific case.

3.4. When you engage with us as a Partner

When you enrol in our Services as a Partner, we process a variety of personal data about you for different purposes.

3.4.1 What personal data is processed and where does it come from?

We process the following personal data about you as a natural person when performing our Partner relationship management:

• Contact information (name, email, phone number, address)
• Newsletter preferences
• Investment preferences
• Financial information, such as holdings, invested capital, and other financial data related to your investments
• Information you may share, and we may collect prior to, during, or after investor calls, such as questions, video recordings and photos included in Investor Call Replays etc.
• Personal data related to your IDC profile on the LP Portal
• Personal data required for the purpose of complying with applicable laws and regulations (such as anti-money laundering and counter terrorist financing regulations)
• Other personal data you may share with us during our partnership

3.4.2 Why do we process the personal data?

We process your personal data for the following purposes:

• For administration, maintenance, and development of our relationship
• To analyse the use of our services and collect statistics
• To communicate with you, such as providing service info and customer support
• For marketing purposes, such as providing info about new investment opportunities
• For security reasons
• For financial purposes, including administration of portfolio, investments, accounting, and auditing
• To comply with applicable laws and regulations (such as anti-money laundering and counter terrorist financing regulations)
• To handle any lawsuits, complaints, or disputes

3.4.3 What is the legal basis for our processing?

Our processing of general personal data is based on the following legal bases:

• Contract: When you enter into a partnership with us for our Services, we process your personal data in accordance with the rights and obligations agreed between us. This legal basis is found in Article 6(1)(b) of the GDPR.
• Legal obligation: We may have to comply with a legal obligation to which we are subject. This legal basis is found in Article 6(1)(c) of the GDPR. The legal obligation in question is inter alia set out in the Danish Anti-Money Laundering Act, the Danish Companies Act, and the Danish AIFM Act.]
• Legitimate Interest: We may process personal data about you to be able to communicate with you, to handle any legal disputes, to optimise our services, and for security reasons. This legal basis is found in Article 6(1)(f) of the GDPR. The legitimate interests are our legitimate interests in providing you customer service, to defend or pursue any legal claims, general communication and for security reasons related to our employees and the workplace. You can object to this processing at any time by contacting us (see section 2 above).

3.4.4. Who do we share your personal data with?

We may share your personal data and/or make them available to suppliers and/or service providers in connection with the general operation of our business, e.g. in connection with the external administration of our IT systems, analysis tasks, marketing tasks, audit, legal assistance, etc. We may also share your personal data with our IDC corporate entities.

We may also share your information with public authorities and other government agencies for financial reporting and registration purposes.

We may transfer your personal data to countries outside of the EU/EEA if necessary to carry out the relevant task. Any transfer will take place subject to valid legal grounds for such transfer (the GDPR Chapter 5), e.g. the Standard Contractual Clauses published by the EU Commission which can be found here: Standard contractual clauses for international transfers (europa.eu). We may also rely on the EU-U.S Data Privacy Framework, if we transfer personal data to the US which can be found here: Home (dataprivacyframework.gov).

3.4.5 For how long do we store your personal data?

Your personal data is stored as long as we are in a contractual relationship, and as long as it is necessary to document our legal position which may overlap with the Danish Statute of Limitations.

Personal data collected for the purpose of complying with the Danish Anti-Money Loundering Act will be stored as long as we are in a contractual relationship, and for a period of 5 years after its termination.

Accounting material, including personal data, which we are obliged to store, is deleted no earlier than 5 years after the end of the financial year to which the information relates according to the Danish Accounting Act.

3.5 When you engage with us as a Portfolio company (Founders)

When you become a portfolio company, we process different types of personal data about the founders and other contact persons related to the portfolio company.

3.5.1 What personal data is processed and where does it come from?

We process the following personal data about you

• Contact information (name, email, phone number, address)
• Newsletter preferences
• Financial information, such as ownership, invested capital, and other financial data related to your portfolio company
• Personal data related to your IDC profile on the LP Portal
• Other personal data you may share with us during our partnership

3.5.2 Why do we process the personal data?

We process your personal data for the following purposes:

• For administration, maintenance, and development of our relationship
• To analyse the use of our services and collect statistics
• To communicate with you, such as providing service info and customer support
• For marketing purposes, such as providing info about new investment opportunities
• For security reasons
• For financial purposes, including administration of portfolio, investments, accounting, and auditing
• To comply with applicable laws and guidelines
• To handle any lawsuits, complaints, or disputes

3.5.3 What is the legal basis for our processing?

Our processing of general personal data is based on the following legal bases:

• Contract: When you become a Founder, we process your personal data in accordance with the rights and obligations agreed between us. This legal basis is found in Article 6(1)(b) of the GDPR.
• Legal obligation: We may have to comply with a legal obligation to which we are subject. This legal basis is found in Article 6(1)(c) of the GDPR. The legal obligation in question is inter alia set out in the Danish Anti-Money Laundering Act, the Danish Companies Act and the Danish AIFM Act.]
• Legitimate Interest: We may process personal data about you to be able to communicate with you, to handle any legal disputes, to optimise our services, and for security reasons. This legal basis is found in Article 6(1)(f) of the GDPR. The legitimate interests are our legitimate interests in providing you customer service, to defend or pursue any legal claims, general communication and for security reasons related to our employees and the workplace. You can object to this processing at any time by contacting us (see section 2 above).

3.5.4 Who do we share your personal data with?

We may share your personal data and/or make them available to suppliers and/or service providers in connection with the general operation of our business, e.g. in connection with the external administration of our IT systems, analysis tasks, marketing tasks, audit, legal assistance, etc. We may also share your personal data with our IDC corporate entities.

We may also share your information with public authorities and other government agencies for financial reporting and registration purposes.

We may transfer your personal data to countries outside of the EU/EEA if necessary to carry out the relevant task. Any transfer will take place subject to valid legal grounds for such transfer (the GDPR Chapter 5), e.g. the Standard Contractual Clauses published by the EU Commission which can be found here: Standard contractual clauses for international transfers (europa.eu). We may also rely on the EU-U.S Data Privacy Framework, if we transfer personal data to the US which can be found here: Home (dataprivacyframework.gov).

3.5.5 For how long do we store your personal data?

Your personal data is stored as long as we are in a contractual relationship, and as long as it is necessary to document our legal position which may overlap with the Danish Statute of Limitations.

Accounting material, including personal data, which we are obliged to store, is deleted no earlier than 5 years after the end of the financial year to which the information relates according to the Danish Accounting Act.

3.6 When you use our Whistleblower Scheme

Our Whistleblower Scheme allows members of the Board of Directors and Executive Board as well as any other employees and former employees of the Company to report their knowledge or reasonable suspicion of serious and criticisable matters or illegalities in relation to the Us and/or the Funds.

A report may include various personal data depending on the subject matter and we will only process a whistleblower report after it has been processed by our external Whistleblower Scheme partner, and if the report concludes that it concerns a reportable matter.

For information about the processing of personal data for the initial screening, we refer to our Whistleblower policy which can be found here: [IDC Management Denmark ApS - Whistleblower Policy].

3.6.1 What personal data is processed and where does it come from?

We process the following personal data about you as a whistleblower:

• persons who make a report, whose identification data and other data is provided in connection with the report or at a later stage in the processing of the reported activities
• persons covered by a report, whose identification data and other data is contained in such reports, including typically identification information and information about the involvement of the reported persons in the reported activities.

3.6.2  Why do we process the personal data?

We process your personal data for the following purposes:

• To comply with applicable laws and guidelines and to administer the Whistleblower Scheme
• To handle any lawsuits, complaints, or disputes that may relevant

 3.6.3 What is the legal basis for our processing?

Our processing of general personal data is based on the following legal bases:

• Legal obligation: We may have to comply with a legal obligation to which we are subject. This legal basis is found in Article 6(1)(c) of the GDPR. The legal obligation in question is set out in the AIFM Act and the Danish Whistleblower Protection Act.
• Criminal offences: The legal basis for the processing of information on criminal offences is section 8(3) of the Danish Data Protection Act, as the processing is necessary to pursue our legitimate interest in complying with the AIFM Act.

3.6.4 Who do we share your personal data with?

We may disclose personal data to law enforcement authorities and others who may assist us in the investigation and prosecution of reported criminal offences if an offence is committed. In addition, the information will be shared with our trusted employees, unless the reported offence relates to one or more of the trusted employees.

3.6.5 For how long do we store your personal data?

Reports that are processed and handled regardless of the outcome are normally deleted 18 months after they are finalised. However, we may store the personal data for a longer period of time if it is necessary to comply with the law or to establish, defend or exercise a legal claim.

3.7 When you register as a user on our platform, the “LP Portal”

When you register as a user on our platform, the LP Portal, we process your personal data which you have provided to us.

3.7.1 What personal data is processed and where does it come from?

We process the following personal data about you when using the LP Portal:

• User information (name, email, phone number)
• Birthdate
• Password
• Personal data shared during Investor Calls if any
• User behaviour, including clicks and browsing history
• Interests based on your consent to our newsletter
• Other personal data you may share with us on the platform

3.7.2  Why do we process the personal data?

We process your personal data for the following purposes:

• For administration, maintenance, and development of our relationship
• For general communication with you such as customer service, investment news
• Marketing of investment opportunities
• To analyse the use of our services and collect statistics
• For marketing purposes, such as our newsletter service

 3.7.3 What is the legal basis for our processing?

Our processing of general personal data is based on the following legal bases:

• Legitimate Interest: We may collect personal data about you to be able to run the LP Portal, perform statistics and analytics, maintenance, development of the website, security, and for communication and marketing reasons. This legal basis is found in Article 6(1)(f) of the GDPR. The legitimate interests are our legitimate interests in providing our website to you and providing you with the best online experience and products. You can object to this processing at any time by contacting us (see section 2 above).

3.7.4 Who do we share your personal data with?

We may share your personal data and/or make them available to other suppliers and/or service providers in connection with the general operation of the platform, e.g. in connection with the external administration of our IT systems, analysis tasks, and marketing tasks.

We may also share your personal data with our IDC corporate entities.

We may transfer your personal data to countries outside of the EU/EEA if necessary to carry out the relevant task. Any transfer will take place subject to valid legal grounds for such transfer (the GDPR Chapter 5), e.g. the Standard Contractual Clauses published by the EU Commission which can be found here: Standard contractual clauses for international transfers (europa.eu). We may also rely on the EU-U.S Data Privacy Framework, if we transfer personal data to the US which can be found here: Home (dataprivacyframework.gov).

3.7.5 For how long do we store your personal data?

Your personal data is stored in as long as you have an active account on the LP Portal. The retention period of your personal data

We may store and process data for longer in anonymised form meaning we can no longer identify you.

3.8 If you apply for a job at IDC Ventures

If you apply for a job with us, including one or more of our affiliated companies, we process your personal data in connection with the recruitment process. The data controller for the processing of your application is the company in which you have applied for a job. If the company is located within the EU/EEA, we manage the recruitment process on behalf of that company and will act as the data processor.

We encourage you to not include any sensitive or confidential information, such as health data or social security number, unless this is a requirement or is explicitly requested for the position you are applying for.

3.8.1 What personal data is processed and where does it come from?

We process the following personal data about you during our recruitment process:

• Contact information (name, email, phone number, address)
• Information included in your resumé, application and any attachments you provide
• Employment history, including experience, skills, performance, and general appearance
• Publicly available information, e.g. on the internet and on social media
• Results from tests, such as personality tests
• Personal data collected via interviews (physically and online)
• References you have listed, or you have consented for us to contact
• Potentially health information if necessary for the position you have applied for, or if you are required to disclose this information due to any special health conditions that may affect your role and work performance, or which may be of special interest to us
• Credit rating if the position includes financial responsibility (e.g. auditing or a C-suite role)
• Potentially your criminal record, if necessary for he position you have applied for
• Other personal data you may share with us during the recruitment process

3.8.2 Why do we process the personal data?

We process your personal data for the following purposes:

• To assess whether you are the right fit for a position at IDC Ventures or one of our corporate entities
• To comply with applicable laws
• To assert or defend legal claims

3.8.3  What is the legal basis for our processing?

Our processing of general personal data is based on the following legal bases:

• Consent: We may ask for your consent to collect references from previous/current employers that you have not provided as references. If we cannot offer you employment, we may offer to save your application for later use based on your consent. This legal basis is found in Article 6(1)(a) of the GDPR. You can withdraw your consent at any time by contacting us (see section 2 above).If it is necessary to see your criminal records or similar documentation, we will ask for your consent based on Section 8.3 of the Danish Data Protection Act. The legal basis for processing personal data from criminal records may also be regulated in local data protection legislation depending on your jurisdiction and will be assessed in each case.   If it becomes necessary for the position you have applied for and in exceptional circumstances, we will ask for your explicit consent to process any health data (Article 9(2)(a) of the GDPR).
• Legitimate Interest: We may process personal data about you to assess your eligibility and to offer you employment, based on the information you provide in your resumé, application and any attachments, publicly available information, results of personality tests, references you have provided in your application, and other information you provide to us in connection with the recruitment process. If the position includes executive financial responsibility (e.g. bookkeeping or auditing), we may obtain information about your credit rating. Processing may also be necessary to defend or assert legal claims. This legal basis is found in Article 6(1)(f) of the GDPR. You can object to this processing at any time by contacting us (see section 2 above).
• Contractual obligation: If we offer you employment, the processing of your personal data will be based on the employment agreement we enter with you (Article 6(1)(b) of the GDPR).

3.8.4 Who do we share your personal data with?

We may share your personal data and/or make them available to other suppliers and/or service providers in connection with the general operation of our business, e.g. in connection with the external administration of our IT systems and HR administration.

We may also share your personal data with our IDC corporate entities.

We may transfer your personal data to countries outside of the EU/EEA, including our affiliated companies. Any transfer will take place subject to valid legal grounds for such transfer (the GDPR Chapter 5), e.g. the Standard Contractual Clauses published by the EU Commission which can be found here: Standard contractual clauses for international transfers (europa.eu). We may also rely on the EU-U.S Data Privacy Framework, if we transfer personal data to the US which can be found here: Home (dataprivacyframework.gov).

3.8.5 For how long do we store your personal data?

If you are offered a position with us, your application as well as additional relevant personal data collected in connection with the recruitment process will be stored in your personnel file with us.

If you are not offered a position, we will keep your application and any additional personal information collected during the recruitment procedure for a period of six (6) months after our refusal, unless you have given your consent to for us to store your personal data for a longer period in case other employment opportunities arise.

Any criminal records and health data will be deleted immediately after review.

We may store and process data for longer in anonymised form meaning we can no longer identify you.

3.9 When you visit our social media profiles

If you visit our social media profiles, we may process your personal data as the data controller. In some cases, we act as joint data controllers together with the provider of the social media platform and has entered into a joint data controller agreement. We refer you to the individual social media providers’ privacy policies for more information about their processing of your personal data.

We have the following social media profiles:

• LinkedIn (LinkedIn Ireland Unlimited Company)
  • See LinkedIn’s privacy policy here: LinkedIn Privacy Policy
  • You can customise your privacy settings here: Manage your account and privacy settings | LinkedIn Help
• YouTube (Google LLC)
  • See Googles privacy policy here: Privacy Policy – Privacy & Terms – Google
  • You can customise your privacy settings here: YouTube Privacy Controls & Settings - How YouTube Works

3.9.1. What personal data is processed and where does it come from?

When you visit our social media profiles, we and the social media provider may process the following personal data about you:

• Publicly available information on the platform such as user information (name, email, phone number, address), gender, workplace, interests etc.
• Any likes, comments, posts, messages, and other interactions with our social media profile page
• Other personal data you may share with our profile

3.9.2 Why do we process the personal data?

We process your personal data for the following purposes:

• For analysis and statistical purposes to improve and develop our business, services, and social media profile pages
• To communicate with you and general marketing initiatives

The social media providers may process your personal data for their:

• Adverting and sales initiatives
• To provide us with statistics data about you visit to our social media profile
• To improve their social media offerings, features, and products

3.9.3  What is the legal basis for our processing?

Our processing of your personal data is based on the following legal bases:

• Legitimate Interest: We may process your personal data to communicate with you, for marketing purposes on our social media profiles, and to improve our business, products, and services. This legal basis is found in Article 6(1)(f) of the GDPR. You can object to this processing at any time by contacting us (see section 2 above).

3.9.4 Who do we share your personal data with?

We may share your personal data and/or make them available to other suppliers and/or service providers in connection with the general operation of our business, e.g. in connection with the administration of our IT systems.

We may transfer your personal data to countries outside of the EU/EEA, including our affiliated companies. Any transfer will take place subject to valid legal grounds for such transfer (the GDPR Chapter 5), e.g. the Standard Contractual Clauses published by the EU Commission which can be found here: Standard contractual clauses for international transfers (europa.eu). We may also rely on the EU-U.S Data Privacy Framework, if we transfer personal data to the US which can be found here: Home (dataprivacyframework.gov).

3.9.5 For how long do we store your personal data?

We store your personal data as long as they are active on our social media profiles, and until you delete any “likes”, shared posts, comments, messages etc. on our social media profiles.

The data can be stored for a longer period in anonymised form.

4. Disclosure of personal data to data processors and other controllers

Data processors

In connection with the purposes above, we may share your personal data with third parties, including IT suppliers, and other subcontractors. Our subcontractors process your personal data solely under our direct instructions and in accordance with the data processing agreement. Therefore, our subcontractors do not process the personal data for their own purposes but solely as data processors on our behalf.

Disclosures

In certain situations, it is necessary for us to disclose your personal data to third parties other than recruiting clients. Under specific circumstances and in accordance with the law, it may be necessary to disclose your personal data to the following recipients:

• Lawyers, auditors, banks and other consultants
• Courts and other public authorities
• Potential buyers of the company

Our company structure may change as we develop, for example, through the complete or partial sale of IDC. In the event of the transfer of assets containing personal data, we disclose your personal data based on our legitimate interest in transferring parts of our assets and making commercial changes (Article 6(1)(f) of the GDPR).

When transferring personal data to recipients in countries outside the EU/EEA ("international data transfers"), the transfer is based on Chapter 5 of the GDPR, such as the EU Commission's standard contractual clauses or relevant adequacy decisions made by the EU Commission.

5. Your rights

You are entitled to exercise your rights under the data protection legislation at any time:

• Access: You have the right to obtain access to and receive a copy of the personal data we process about you and several additional data. We respond within a reasonable time and no later than one month after receiving your request.
• Right to object: In certain cases, you have the right to object to our collection and processing of your personal data.
• Rectification: You have the right to have personal data about you rectified.
• Erasure: In special circumstances, you have the right to have personal data about you erased before the time for our ordinary erasure.
• Restriction: In certain cases, you have the right to restriction of processing of your personal data. If the right applies, we may then only process the data – except for retention – with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another person or for reasons of important public interest.
• Data portability: In certain cases, you have the right to receive a copy of the personal data you have provided in a structured commonly used and machine-readable format.

If you wish to exercise your rights or have any other questions relating to our processing of your personal data, please contact us at ir@idcventures.com. Your request will be processed in accordance with the legislation in force at the given time. To the extent necessary, we will contact you and ask for additional information required to handle your request correctly.

If you would like to learn more about your rights, please visit the website of the Danish Data Protection Agency, www.datatilsynet.dk.

6. Making a complaint

If you would like to make a complaint about our processing of your personal data, you are welcome to contact us. Our contact details are listed in Section 2 above.

You also have a right to file a complaint to the Danish Data Protection Agency, Carl Jacobsens Vej 35, DK-2500 Valby. A complaint may be filed by email to dt@datatilsynet.dk or through the website of the Danish Data Protection Agency datatilsynet.dk.

7. Updating our privacy policy

IDC may update this privacy policy on an ongoing basis when this is necessary to provide a fair description of our processing of personal data.

In the event of material changes to our processing of your personal data already in our possession, you will be notified directly of the update (e.g. by email) or we will announce the update on our website.

This privacy policy was last updated in September 2023.