Contact
Diplomasafe ApS
C/O Rønnow Arkitekter A/S
Strandgade 27B, 3. tv
DK- 1401 København K
CVR: 37 99 91 64

Phone: (+45) 2829 6688
E-mail regarding privacy: privacy@diplomasafe.com
Homepage: https://diplomasafe.com

If the issuer and Diplomasafe joint data controllers you will find contact data on the issuers homepage.

Processing of Personal Data

All our processing of personal data takes place in data centers located within EU / EEA countries. We use the significant subcontractor as hosting partner:

• Amazon Web Service

What Data do We Collect?

The data we process about you, if you have a profile in Diplomasafe, includes:

• Name
• E-mail address
• Credential data (e.g. educational and course information)
• Social media profiles (LinkedIn, Facebook, Twitter etc.) if you connect the social medial profile to your Diplomasafe account.
• Log data on events related to the data listed above

In addition, we collect data in connection with your use of our websites. This data is not associated with your profile. Data includes:

• IP-address (stored as masked data for privacy purposes)
• Operation system
• Display resolution
• Browser type

See also the section “About Cookies” for information on the use of cookies.

Relevance of collected data

We only collect data which is relevant and necessary to provide a service for managing your digital credentials.

Data Quality

We seek high data quality. If errors are found in the data, we will correct them as soon as possible. However, for certain data (including data in credentials) only the issuer can correct data. Inquiries regarding errors in the digital credentials must therefore be addressed to the specific issuer. The issuer can then request the Diplomasafe to revoke your digital credential and issue a new credential with the correct information.

Purpose of Data Collection

We collect your personal data to allow you to receive, manage, share and control issued digital credentials as well as provide issuers statistics on the use of issued digital credentials.

Data collected in connection with your use of our websites is used solely for visitor statistics and analysis to improve our service. However, data can also be used for investigation in connection with abuse and security incidents.

Use and Transfer of Data

Your personal data will only be used for the purpose for which it was collected, and we will not disclose personal data to third parties other than general statistics except for the issuer of your credentials or if you give your explicit consent.

However, your personal data may be sent on to third parties (“data processors”) who process data on our behalf. These third parties only process your personal information according to instructions from us as data controllers.

We may also disclose your personal data to authorities if there is a legal basis in law, regulation or after order from a public authority e.g. we may disclose data to law enforcement based on a court order.

Security

We have adopted internal information security rules that contain instructions and controls that protect your personal data from being destroyed, lost, or altered. We have controls to protect against unauthorized disclosure and access. Our information security management is certified according to the ISO/IEC 27001 security standard by an independent auditor.

Your personal data is stored and processed in data centers that are physically located in EU / EEA countries for app.diplomasafe.com and Canada for app.diplomasafe.io. All data centers are certified according to the ISO/IEC 27001 security standard.

Your Rights

Openness

At any time, you are entitled to know which of your personal data we process, where it originated from and how we use them. You are also entitled to know for how long we keep your personal data and who receives data about you, to the extent that we transfer your data.

In case of data security breaches that have consequences for you, we are obliged to notify you. This is done via the email address you registered with us.

You have the right and the opportunity to correct errors and inaccuracies in the personal data we process about you. We encourage you to keep your registered data, including your e-mail address, updated.

In some cases, we will have an obligation to delete your personal data. If you believe that your data is no longer necessary for the purpose for which we obtained it, you may request it be deleted. You can also contact us if you believe your personal data is being processed in violation of law or other legal obligations. Or if you want to revoke your consent.

For security reasons, however, it is not possible for you to correct any errors on a digital credential. If you find an error, you should contact the issuer, who will revoke the inaccurate credential and issue a new one.

If you submit a request to correct or delete your personal data, we will investigate whether the conditions are met and, if necessary, make changes or deletions as soon as possible.

Challenging our Processing of Your Personal Data

You have the right to object to our processing of your personal data and the right to have your objection handled by us. If your objection is justified, we will cease processing your personal data.

Opposition to our Processing of Your Personal Data

You can file a complaint to the Danish Data Protection Authority, Datatilsynet, if you believe that we treat your data in violation of the law or without your consent or other legal basis. However, we encourage you to contact us first in order to settle the dispute.

The contact data of the Danish Data Protection Authority:
Datatilsynet
Borgergade 28,5
DK-1300 København K

Tlf.: (+45) 33 19 32 00
Fax: (+45) 33 19 32 18

www.datatilsynet.dk

Deletion of Personal Data

We store your personal data as long as you are a registered user of the system.

You may at any time delete your digital credentials from the system. However, you must be aware that issued digital credentials cannot be verified once they are deleted from the system and that we do not have the opportunity to restore deleted digital credentials.

You may be deleted as a user by contacting us. If you are deleted as a user all personal data including digital credentials are deleted. Personal data will be deleted without undue delay. However, any log data for security reasons will be deleted within 6 months.

We may delete expired and revoked credentials. But you can always enforce that an expiring credential not to be deleted after expiry in the settings for the credential.

We may delete you as a user (including your personal data) if you no longer have valid credentials and have not been logged in for more than 5 years.

Consent

Our processing of your personal data always relies on your acceptance of the end user license agreement during registration.

You always have the right to revoke your consent. If you withdraw your consent and are our processing of your personal data based on your consent, we will cease processing your personal data.

Joint data controllers

In case the issuer and Diplomasafe are joint data controllers the issuer is responsible for

• providing you the contact information about the issuer and the data protection officer (where applicable)
• rectifying incorrect personal data
• notifying you when required by GDPR article 19

and Diplomasafe is responsible for

• providing you with the contact information of Diplomasafe (see above)
• providing you the information of the category of processed personal data and the purpose of processing your personal data (see above)
• providing you with information on data retention policies (see above)
• providing you with information on how to lodge a complaint (see above)
• deleting personal data on your request or due to data retention policies
• notifying you when required by GDPR article 19
• providing you with your personal data in a portable form if requested by you
• handling your objections to the processing of your personal data

About Cookies

Purpose and Relevance

We use several cookies on our websites for the solution to work. For example, cookies are used to remember settings and to keep a session between your browser and the solution.

In addition, we use cookies to optimise and improve your experience of the website and the solution through collecting statistics on the use of our websites.

Overview and Management of Used Cookies

An overview of cookies used is available by clicking the icon in the lower left corner of the webpage. This is also where you manage your consent regarding cookies.