Privacy Policy

Privacy Policy

Effective Date: 6th of February of 2024.

At MyStick, website owned by IndexIt ApS, we highly prioritize data security and confidentiality. In this privacy policy, you can read about how we handle the personal information we acquire when you register, visit our website and use the various services and features we offer.

If you decide to connect using your Google account, please review the following link for information about how Google uses the data they receive: Google.

• Data Responsibility

MyStick.dk is a website owned by IndexIt ApS. IndexIt ApS is the data controller for the processing of your personal data. Our legal information is as follows:

• Name: IndexIt ApS
• CVR no. 44273012.
• Address: Warmingsgade 1P, 2, 6000 Kolding, Denmark

 

• IndexIt ApS as data processor

In certain cases IndexIt ApS is a data processor on behalf of our clients, e.g. if IndexIt ApS administers a whistleblower electronic data room. In cases where IndexIt ApS is a data processor, IndexIt ApS acts according to instructions from the agreement. In these cases, the privacy policy does not apply to the processing.

• Purpose of Processing and Categories of Personal Data

In connection with the provision of our services and features, we process the following information about you:

• Email address.
• First name and last name registered in email account.
• Session, authentication and permanent cookies.
• Your IP address. 
• The date and time you accessed our services.
• Information about your computer, tablet or mobile device hardware and software (such as the operating system, the internet browser used, software/application version data and your language settings). 
• Information about clicks and which pages have been shown to you.

We process them for the following purposes and under the following legal basis:

1. Improving our services: We use personal data for analytical purposes and product and service improvement, such as offering a more personalised experience based on how you use our platform. Further, your personal data may also be used for the development and enhancement of our machine-learning models and artificial intelligence tools. This is part of our commitment to making our services better and enhancing the user experience.

In this case, we use data for testing and troubleshooting purposes, as well as to generate statistics about our business. The main goal here is to get insights into how our services perform, how they are used, and ultimately to optimise and customise our website, making them easier and more meaningful to use. As much as possible, we strive to use anonymised and de-identified personal data for this analytical work.

The legal basis for processing your data for this purpose is Article 6, subsection 1, letter f of the General Data Protection Regulation because it is our legitimate interest that our website, services and features are relevant and work optimally.

1. Promotion of a safe and trustworthy service: To create a trustworthy environment for you, the organizations analyzed by IndexIt ApS and IndexIt ApS, we continuously analyse and use certain personal data to detect and prevent fraud and other illegal or unwanted activities.

Similarly, we use personal data for risk assessment and security purposes, including when you report a safety concern, or for the authentication of users. When we do this we may have to stop or put certain organizations profiles on hold until we’ve finished our assessment.

The legal basis for processing your data for this purpose is Article 6, subsection 1, letter d of the General Data Protection Regulation because we aim protect you from fraud and Article 6, subsection 1, letter f because it is our legitimate interest to protect our company from fraud.

1. Marketing activities: We use your information for marketing activities like using your email address to send you information related with services made to protect humanity from corruption.

The legal basis for processing your data for this purpose is Article 6, subsection 1, letter f of the General Data Protection Regulation because it is our legitimate interest as a business that our products and services are known to the public and Article 6, subsection 1, letter a (consent).

1. Communicating with you: There might be other times when we get in touch, including by email, by chatbot or by texting you. Which method we choose depends on the contact information you’ve previously shared.

We process the communications you send to us. There could be a number of reasons for this, including:

1. Responding to and handling any requests sent via MyStick.dk contact form or through email. 
2. When you use our services, we might send you a questionnaire or invite you to provide a review about your experience with MyStick.dk.
3. In case of misconduct, we may send you a notice and/or warning.

The legal basis for processing your data for this purpose is Article 6, subsection 1, letter f of the General Data Protection Regulation because it is our legitimate interest to optimize our services and features and protect them from visitor’s misconduct.

1. Legal purposes: In certain cases, we may need to use your information to handle and resolve legal claims and disputes, for regulatory investigations and compliance, to enforce the MyStick.dk terms of use or to comply with lawful requests from law enforcement. Further, we may process your user ID, which is linked to the email address used to create your account, for the purpose of accounting as required by the Digital Markets Act.

The legal basis for processing your data for this purpose is Article 6, subsection 1, letter c of the General Data Protection Regulation.

Organizations information is not covered by the General Data Protection Regulation.

• Recipients

In certain cases, we hand over your personal data to our business partners and suppliers, e.g. IT suppliers, providers of client satisfaction surveys, suppliers of newsletter services, etc. These business partners only process the personal data on behalf of IndexIt ApS and in accordance with IndexIt ApS instructions.

We may also pass on your information to external third parties if we are required to do so or it is part of the service we provide to you. This can be, for example, to the police, the Tax Administration, other public authorities, Danish or foreign courts, arbitration courts, law firms, parties, counterparties, and representatives.

In connection with the fact that we have to deposit received client funds into a client account, we are obliged to pass on the client’s identity information to the bank holding the account for use by the latter in fulfilling the duties incumbent upon us under the Money Laundering Act.

• Third Countries

IndexIt ApS does not transfer your personal data to third countries (countries outside the EU/EEA), unless it is necessary. When transferring personal data, we will ensure that there is a basis for the transfer, and you will be specifically informed about it.

• Security

We have high standards for security, also when it comes to the protection of your personal data. Therefore, we have a number of internal procedures and policies that ensure that we live up to our high security standards and thus meet the requirements for the implementation of appropriate technical and organizational security measures. Thus, we do our best to ensure the quality and integrity of your personal data.

If you need to send us sensitive personal data, we recommend that you use encryption, e.g. secure email or a code-protected file (Word or PDF format).

• Cookies

A web browser cookie is a small text file that websites place on your computer’s, tablet’s or mobile device’s web browser.

These cookies store information about the content you view and interact with, in order to remember your preferences and settings or analyse how you use online services.

Cookies are divided into ‘first party’ and ‘third party’:

• First party cookies are the cookies served by the owner of the domain – in our case that’s MyStick.dk. Any cookie we place ourselves is a ‘first party cookie’.
• Third party cookies are cookies placed on our domains by trusted partners that we’ve chosen to allow to do so. These can be social media partners, advertising partners, security providers and more.

And they can be either ‘session cookies’ or ‘permanent cookies’:

• Session cookies only exist until you close your browser, ending what is called your ‘session’. They are then deleted.
• Permanent cookies have a range of different lifespans and stay on your device after the browser is closed. On the MyStick.dk platform, we serve permanent cookies.

Web browser cookies may store information such as your IP address or another identifier, your browser type, and information about the content you view and interact with on digital services. By storing this information, web browser cookies can remember your preferences and settings for online services and analyse how you use them.

Alongside cookies, we also use tracking technologies that are very similar. Our website, and emails may contain small transparent image files or lines of code that record how you interact with them. These include ‘web beacons’, ‘scripts’, or ‘tracking URLs’:

• Web beacons have a lot of different names. They might also be known as web bugs, tracking bugs, tags, web tags, page tags, tracking pixels, pixel tags, 1×1 GIFs or clear GIFs.

In short, these beacons are a tiny graphic image of just one pixel that can be delivered to your device as part of a web page request, in an app, an advertisement or an HTML email message.

They can be used to retrieve information from your device, such as your device type or operating system, your IP address, and the time of your visit. They are also used to serve and read cookies in your browser or to trigger the placement of a cookie.

• Scripts are small computer programs embedded within our web pages that give those pages a wide variety of extra functionality. Scripts make it possible for the website to function properly. For example, scripts power certain security features and enable basic interactive features on our website.

Scripts can also be used for analytical or advertising purposes. For example, a script can collect information about how you use our website, such as which pages you visit or what you search for.

• Tracking URLs are links with a unique identifier in them. These are used to track which website brought you to the MyStick.dk website you’re using. An example would be if you click through from a social media page, search engine or one of our affiliate partners’ websites.

All these tracking technologies are referred to as ‘cookies’ here in this Privacy Policy.

When you use our website, information can be collected via cookies about IP address, device ID, viewed pages, browser type, browser info, operating system, internet service provider, timestamp, a referral URL, features used or activities engaged in the website, user behaviour, device category and information about your preferred settings.

They allow you to be recognized as the same user across the pages of a website, devices, between websites, or when you use our apps. When it comes to purpose, they are divided into three categories: functional cookies, analytical cookies and marketing cookies.

Functional cookies

These are cookies required for our websites and apps to function and must be enabled for you to use our services.

Functional cookies are used to create technologically advanced, user-friendly websites and apps that adapt automatically to your needs and preferences. This also includes enabling essential security and accessibility features.

More specifically, these cookies:

• Enable our website to work properly, so you can register, log-in, and use the website.
• Remember your interactions in the website, past searches and other preferences to help you use our website efficiently and effectively.
• Remember your registration info so you don’t have to retype your log-in credentials each time you visit our website (passwords are always encrypted).

Analytical cookies

These cookies measure and track how our website is used. We use this info to improve our website and services.

More specifically, these cookies:

• Help us understand how visitors and customers like you use our website.
• Help us improve our website and communications to make sure we are interesting and relevant.
• Allow us to find out what does and does not work on our website.
• Help us understand the effectiveness of advertisements and communications.

The data we gather through these cookies includes but is not limited to which pages you have viewed, which referral/ exit pages you have entered and left from, which platform type you have used, which emails you have opened and acted upon, and date and timestamp info. It also means we can use details about how you have interacted with the site, such as the number of clicks you make on a given screen, your mouse and scrolling activity, the search words you use, and the text you enter into various fields.

Marketing cookies

These cookies are used by IndexIt ApS and our trusted partners to gather info about you over time, across multiple websites, applications, or other platforms.

Marketing cookies help us to decide which products, services and interest-based ads to show you, both on and off our website and apps.

More specifically, these cookies:

• Categorize you into a certain interest profile, for example, based on the websites you visit and your click behavior. We use these profiles to display personalized content.
• Display personalized and interest-based ads on our website. This is called “retargeting” and is based on your browsing activities. It can also be based on your shopping habits or other online activities.

 

Retargeting ads can be shown to you both before and after you leave our website since their aim is to encourage you to browse or return to our website. You might see these ads on websites, apps, or in emails.

• Integrate social media into our website. This allows you to like or share content or products on social media.

These “likes” and “share” buttons work using pieces of code from the individual social media providers, allowing third-party cookies to be placed on your device.

These cookies can be purely functional, but can also be used to keep track of which websites you visit from their network, to build a profile of your online browsing behavior, and to show you personalized ads. This profile will be partly built using comparable info the providers receive from your visits to other websites in their network.

We work with trusted third parties to collect data. We occasionally share info with these third parties, such as your email address. These third parties might link your data to other info they collect to create custom audiences or deliver targeted ads. 

Legal Basis

Processing for marketing purposes takes place on the basis of Article 6, paragraph 1 of the Data Protection Regulation. 1 letter a (consent).  

Processing for functional and analytical purposes takes place on the basis of Article 6, paragraph 1 of the Data Protection Regulation. 1 letter f (the balancing of interests rule), where the legitimate interest for IndexIt ApS is to develop and maintain a relevant website that functions optimally. 

Non-cookie techniques – email pixels

We may also use techniques like pixels, which we don’t mark as cookies because they don’t store any info on your device.

We sometimes place pixels in emails like newsletters. A “pixel” is an electronic file the size of a single pixel that’s placed in the email and loaded when you open it. By using email pixels, we can see if the message was delivered, if and when you read it, and what you click.

We also receive this info about the push notifications we send you. These statistics provide us with feedback about your reading behavior, which we use to optimize our messages, and make our communications more relevant to you.

What are your choices?

To learn more about cookies and how to manage or delete them, visit allaboutcookies.org or the help section of your browser.

In the settings for browsers like Internet Explorer, Safari, Firefox or Chrome, you can choose which cookies to accept and which to reject. Where you find these settings depends on which browser you use:

• Cookie settings in Chrome
• Cookie settings in Firefox
• Cookie settings in Internet Explorer
• Cookie settings in Safari

If you choose to block certain functional cookies, you may not be able to use some features of our services.

In addition to specific settings that we may offer on MyStick.dk, you can also opt-out of certain cookies:

• Analytics

To prevent Google Analytics from collecting analytical data on certain browser types visit the following link: Google Analytics Opt-out Browser Add-on (only available on desktop).

• Marketing

We always aim to work with advertising and marketing companies that are members of the Network Advertising Initiative (NAI) and/or the Interactive Advertising Bureau (IAB).

Members of the NAI and IAB adhere to industry standards and codes of conduct and allow you to opt out of behavioural advertising.

Visit www.networkadvertising.org to identify NAI members that may have placed advertising cookies on your computer. To opt out of any NAI member’s behavioural advertising programme, just check the box that corresponds to that company.

You may also want to visit www.youronlinechoices.com or www.youradchoices.com to learn how to opt out of customised ads.

It’s possible that your mobile device allows you to limit information sharing for retargeting purposes through its settings. If you choose to do so, it’s good to be aware that opting out of an online advertising network doesn’t mean you’ll no longer see or be subject to online advertising or marketing analysis. It just means that the network you’ve opted out from will stop delivering ads that are tailored to your web preferences and browsing patterns.

Some websites have ‘Do Not Track’ features that allow you to tell a website not to track you. We’re currently unable to support ‘Do Not Track’ browser settings.

• Storage and deletion

We delete your personal data when we no longer need to process them to fulfill one or more of the purposes stated above. 

As a general rule, we store personal data collected for ten years after the end of the client relationship, but there may be shorter or longer storage periods in special cases, including but not limited to comply with legal requirements for deletion or storage.  

Documentation for your marketing legal consent is kept for two years from when you have revoked your consent to receive direct marketing material. The retention period is set on the basis of IndexIt ApS legitimate interest in being able to document that direct marketing has taken place in accordance with applicable legislation.

Personal information included in bookkeeping material is stored for five years from the end of the financial year, after which the information is deleted. The storage period is set on the basis of the storage requirements in Section 10 of the Accounting Act and is therefore done with a view to complying with applicable legislation.

Personal information that we have obtained in accordance with the Money Laundering Act is stored for five years after the end of the client relationship and then deleted.

• Your rights

You have the right to gain insight into the personal data that we process about you, with certain exceptions provided for in the legislation. In addition, you can object to the collection and further processing of your personal data. Furthermore, you have the right to have your personal data corrected, or you can ask us to limit the processing of your personal data.

If you ask for it, we will delete the personal data that we have registered about you without undue delay, unless we can continue the processing on another basis, e.g. if the processing is necessary to establish a legal claim, if it is necessary for to answer an inquiry from you, or if we are obliged by law to store the information.

In certain circumstances, you may also request that we provide you with a copy of your personal data in a structured, commonly used and machine-readable format, and request that we transmit the information to another data controller (data portability).

If we process your personal data on the basis of your consent, you can withdraw your consent at any time. This can be done by contacting us (see below). If you withdraw your consent, we will cease to process your personal data, unless we are entitled or obliged to continue processing or storing your personal data on another basis, including in accordance with the law. Withdrawal of your consent does not affect the legality of the processing that took place before the withdrawal of consent.

If you wish to exercise your rights as described above, you are welcome to contact us at any time (see below).

We ask that, in connection with inquiries regarding your rights, you provide us with sufficient information for us to process your inquiry, including registered email address, so that we can identify you and respond to your request. We will respond to your inquiry as soon as possible.

Among others, you have the right to review the personal data we keep about you at any time and request access to or deletion of your personal data by sending an email to our Data Protection Officer at personaldata.mystick@indexit.dk. If you want to find out more about your rights to control your personal data, read on.

• Send an email from your registered email address titled “Right of access to personal data” to get a copy of your personal data.
• Send an email from your registered email address titled “Right to be forgotten” to erase your personal data from our system.
• Send an email from your registered email address titled “Unsubscribe from email marketing” to manage your subscription to our mailing lists.
• Send an email from your registered email address titled “Right to be correct” for your data to be rectified or completed and explain how.
• Send an email from your registered email address titled “Right to object” for us to stop processing your data.

Please note that requesting the right to be forgotten and the right to object may be followed by your account deletion and from you being forbidden to access and use our website in the future.

You have the right to send a complain to:

Datatilsynet

Carl Jacobsens Vej 35

2500 Valby 

Telephone: 33 19 32 00

E-mail: dt@datatilsynet.dk

 

• Links to other websites.

On our website there are links to other websites or to integrated websites. IndexIt ApS is not responsible for the content of other companies’ websites or for their practices in connection with the collection of personal information.

When visiting other websites, you should always read the website’s privacy policy and other relevant policies.

• Changes to the privacy policy

We reserve the right to change this privacy policy due to significant changes in legislation, new technical solutions, new or improved functions or to improve the website.

Our cookie policy may also be updated from time to time. If these updates are substantial, particularly relevant to you or impact your data protection rights, we’ll get in touch with you about them. However, we recommend that you visit this page regularly to stay up to date with any other (less substantial or relevant) updates.

• Contact

Write to personaldata.mystick@indexit.dk – with Privacy Policy in the subject field if you have questions about the guidelines in our privacy policy.

If you have any questions about the cookie statement or you wish to withdraw your consent on using your personal data, please send an email to our Data Protection Officer at personaldata.mystick@indexit.dk.