Skip to content

We care about privacy

Who we are

We are Framna ApS and we design and develop world class digital products for our clients, our website is www.framna.com.

We can be found at Njalsgade 17A, 2. 2300 Copenhagen, Denmark.

We are part of the Framna group of companies which includes companies based in Switzerland, Sweden, the Netherlands, the UK and USA.

Introduction

This privacy notice (“Privacy Notice”) sets out how we use and protect your personal data when we collect it in any of the following ways:

  • when it is collected through our website (e.g. if you complete a contact form, sign up for an event or sign up to our newsletter);
  • when you contact our team through any channel (e.g. by email, LinkedIn message etc);
  • via automated technologies or interactions (e.g. through cookies or similar technologies);
  • when you engage with us on social media;
  • when we collect it from publicly available sources;
  • when your employer contracts with us as a client; or
  • when you attend Framna event or webinar.

Throughout this Privacy Notice, where we refer to “Data Protection Legislation”, we mean the EU General Data Protection Regulation (EU GDPR). This includes any replacement or amending legislation coming into effect from time to time.

When we use the term “personal data” and “processor” in this Privacy Notice, these terms have the meanings given to them in Article 4 of the EU GDPR.

We are committed to meeting the requirements of the Data Protection Legislation and we have developed this Privacy Notice to ensure that you are aware of:

  • the personal data we collect about you;
  • what we do with your personal data;
  • what we do to keep your personal data secure; and
  • the rights and choices you have in relation to your personal data.

We will only use your personal data in accordance with this Privacy Notice. If we need to use your personal data for any other purpose, we will tell you and we will update this Privacy Notice.

The types of personal data we collect

We only collect personal data that we genuinely need and only in accordance with the Data Protection Legislation.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, last name, and title.
  • Contact Data includes company address, company name, job role, company email address, and telephone numbers.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website.
  • Usage Data includes information about how you interact with and use our website, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Recruitment Data includes your CV, skills, experience, qualifications, right to work documentation or visa documentation.
  • Social Media includes your user name, demographics and job title.

We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.

The table shown at the end of this Privacy Notice explains how and why we process each type of personal data.

You can access the table here.

Legal basis for processing your personal data

We will only ever process your personal data if we have a legal basis to do so. The legal bases we rely on are:

  • Performance of a contract – this is where we process your personal data to fulfil a contractual arrangement we have made with you, or prior to entering into a contractual relationship with you. 

  • Consent – this is where we have asked you to provide permission to process your personal data for a particular purpose. Please note, if we are relying on your consent, you can withdraw your consent at any time by contacting us or using the opt out link in any emails that we send to you.
  • Legal obligation - we may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
  • Legitimate interest – we may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example, to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

The table shown at the end of this Privacy Notice explains the purpose of our processing and the legal bases that we rely on for each type of personal data which we process.

You can access the table here.

Your rights

You have a number of rights under Data Protection Legislation. If you would like to exercise any of these rights, you can contact us using the contact details in the “Contact Us” section further below.

Your rights under the Data Protection Legislation are:

(a) Right to be informed about our collection and use of your personal data

You have the right to be informed about the collection and use of your personal data. This Privacy Notice gives you this information.

(b) Right to access your personal data

You have the right to access the personal data that we hold about you. This is sometimes called a ‘Subject Access Request’. If we agree that we are obliged to provide personal data to you (or someone else on your behalf), we will provide it to you or them free of charge and will aim to do so within 1 month from the point that we are able to confirm your identity. We will ask for proof of identity and sufficient information about your interactions with us so that we can locate your personal data.

(c) Right to correction your personal data

If any of the personal data we hold about you is inaccurate, incomplete or out of date, you can ask us to correct it.

(d) Right to restrict processing

You have the right to ask us to restrict the processing of your personal data. For example, this may be because you have issues with the accuracy of the data we hold or the way we have processed your data. This right is not absolute and only applies in certain circumstances.

(e) Right to erasure

You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. This right is not absolute and only applies in certain circumstances.

(f) Right to portability

The right to portability gives you the right to receive personal data you have provided to us in a structured, commonly used and machine-readable format. It also gives you the right to request that we transmit this data directly to a third party.

(g) Right to object

You have the right to object to our processing of some or all of the personal data that we hold about you. This is an absolute right when we use your data for direct marketing but may not apply in other circumstances where we have a compelling reason to do so, e.g., where we have a legal obligation to do so.

You can make a complaint to Datatilsynet (the Danish data protection authority) at any time about the way we use your personal data. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

If you have any feedback about this Privacy Notice or would like to complain about our privacy practices please contact our Data Protection Manager at dpo@framna.com.

How long we retain your personal data 

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

The table shown at the end of this Privacy Notice explains how long we retain each type of personal data.

You can access the table here.

Who we may share your personal data with

Our group companies

We are part of a group of companies known as the Framna Group. You can find details of each of our group companies here.

We share your personal data between our group companies for the following reasons:

  • so we can provide shared services such as marketing, finance and legal;
  • so we can provide digital product development, and related services, to one another, and to each other’s clients; and
  • to identify cross sell and upsell opportunities.

Where we share data between the group companies we have group information sharing agreements and data processing agreements in place.

External parties

In some circumstances we may need to share your personal data with third parties in order to:

  • provide you with the service that you have asked for
  • send you marketing communications
  • meet our legal obligations
  • run and manage our business
  • carry out audits

We may share your personal data with the following third parties:

  • Law enforcement or other public authorities that require us to release information.
  • Any organisation where it is necessary for us to establish a legal claim or to defend ourselves against such a claim.
  • Our professional advisors including accountants, legal professionals or insurers.
  • Providers of ancillary business support services such as information technology services (as a processor on our behalf).
  • Marketing service providers (as processors on our behalf) including organisations that help us communicate with you.
  • Any organisation in the event of the sale, merger, reorganisation, dissolution or disposal of our business. We will inform you of any such transfer or disclosure as required by law.

In all cases we will:

  • only provide the minimum personal data that each party requires to carry out their duties;
  • only disclose personal data to organisations who we have a contractual relationship with or who have an overriding legal requirement to hold the information;
  • ensure that we have data processing agreements in place with the third parties; and
  • carry out due diligence on the third parties.

International transfers of personal data

In some instances your personal data may be processed outside the European Economic Area (EEA), for example where we use an IT provider based outside the EEA.

If and when this is the case we take steps to ensure there is an appropriate level of security so your personal data is protected in the same way as if it was being processed within the EEA.

Where we need to transfer your data outside the EEA we will use one of the following safeguards:

  • The use of EU standard contractual clauses in contracts for the transfer of personal data to third countries or Binding Corporate Rules, and we will undertake transfer impact assessments for each transfer to identify any supplementary measures required; or
  • Transfers to a non-EEA country with privacy laws that give the same protection as the EEA (those countries with an adequacy decision, or US companies registered with the EU-U.S. Privacy Framework).

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How we use cookies

When you first visit our website, you will be asked for your permission for us to use some types of cookies.

We have separated our cookies into four categories:

Strictly Necessary Cookies

These cookies will always be placed.

Strictly necessary cookies are necessary for our website to operate as some cannot be switched off. The cookies include those that ensure our site is secure, operates as you would expect and remembers your privacy preferences.

Performance Cookies

With your permission we use performance cookies to measure and improve the performance of our site. These cookies help us analyse data about web page traffic and to tailor it to customer needs. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our website and will not be able to monitor its performance.

Functional Cookies

With your permission we use functional cookies that enable our website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Targeting and Advertising Cookies

With your permission we utilise third party marketing and advertising cookies – these cookies are placed by third party marketing companies (such as Google) or social media companies (such as Facebook) and are used to understand the pages that you have visited so relevant advertisements can be shown to you on these platforms and on other websites.

These cookies do not directly store your personal data but can uniquely identify your browser and device. If you do not allow these cookies, you will see less targeted adverts from us. You may however see generic advertisements from or about us on social media or around the web.

Cookies help us provide you with a better experience, by enabling us to monitor which pages you find useful and those which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

Changes to this Privacy Notice

We keep this Privacy Notice under regular review.

We may change this Privacy Notice from time to time (for example, if the law changes). If the changes are material, we will take steps to inform you.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

How to contact us

If you would like to:

  • exercise one of your rights as set out above;
  • ask a question or raise a complaint about this Privacy Notice; or
  • ask a question or raise a complaint about the way your personal data is processed,

you can contact us by clicking here or by emailing our Data Privacy Manager at dpo@framna.com.

 

Summary of processing activities

Purpose / Use

Type of Data

Retention Period

Legal Basis

To respond to any question or enquiries that you make to us.

Identity
Contact
Social Media

For prospects and leads - 2 years from last contact

For clients - 6 years from last contact or end of contract (if later)

Legitimate interest (to develop our business and respond to enquiries)

To manage our contractual relationship with you / your employer, this includes:

  • Registering you / your employer as a new customer

  • Managing payments, fees and charges

  • Delivering our services

  • Notifying you about changes to our terms or privacy policy

  • Dealing with your requests, complaints and queries

Identity
Contact
Marketing and Communications

6 years from end of contract

Performance of a contract with you

 

Collect and recover money owed to us

Identity
Contact

5 years after end of relevant financial year

Legitimate interest (debt recovery)

Manage and improve our business interactions with you, this includes:

  • Analysing & understanding our clients, prospects & leads and how they use and interact with our website and applications

  • Understanding the effectiveness of our marketing campaigns

  • Developing our products and services

  • Market research

Identity
Contact
Technical Data
Usage

2 years

Legitimate interest (to develop and improve our business, website marketing campaigns and services)

To promote our services, this includes:

  • Running and promoting our events and webinars

  • Our newsletter, surveys, blogs and white papers, prize draws and competitions

  • Email marketing campaigns

Identity
Contact
Marketing and Communications
Social Media

 

2 years from last contact

 

Consent

Business development, this includes:

  • Monitoring open source data such as LinkedIn and other professional, corporate and government sources to identify potential leads.

  • Buying in data.

Identity
Contact
Social Media

2 years

Legitimate interest (to expand and develop our business)

To recruit the best talent within our sector

Identity
Contact
Recruitment

6 months

Necessary prior to entering into a contract with you

To administer and protect our business and website (including troubleshooting, testing, system maintenance, support, reporting and hosting of data, investigating and responding to service or security issues)

Identity
Contact
Technical
Usage

For systems monitoring (for example, to detect and prevent failures, vulnerabilities and external threats) - current year plus 1 year.

Where externally developed IT infrastructure, software and systems are used - 7 years from decommissioning of the infrastructure, software or system.

For technical information relating to client user accounts - 1 year from account closure.

Legitimate interests (for running our business, provision of administration and IT services and network security)

 

To deliver relevant website content and online advertisements to you and to measure or understand the effectiveness of the advertising we serve to you

Identity
Contact
Usage
Marketing and Communications
Technical

2 years

Legitimate interests (to study how you use our products and services, to develop them, to grow our business and to inform our marketing strategy)

 

Privacy Notice last updated on 6 August 2024

 

Who we are

We are Framna ApS.

We can be found at; 
Njalsgade 17A, 2.
2300 Copenhagen, Denmark

Introduction

This privacy notice sets out how we use the personal information collected through this website (framna.com), via contact to our team by any channel or when you contract with us as a client.

Throughout this document, where we refer to Data Protection Legislation, we mean the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.

We are committed to meeting the requirements of the Data Protection Legislation and we have developed this privacy notice to ensure that you are aware of;

  • the personal data we collect about you,
  • what we do with your information,
  • what we do to keep your information secure, and
  • the rights and choices you have over your personal information.

We will only use your information as set out in this Privacy Notice. If we need to use your personal information for any other purpose, we will take steps to tell you and we will update this Privacy Notice.

Please note this Privacy Notice does not apply to the services we provide our clients where we are acting as their Data Processor. 

The personal data we collect

We only collect personal information that we genuinely need and in accordance with the Data Protection Legislation.

The type of personal information that we will collect directly from you when you contact us via this website will include your;

  • Name
  • Telephone Number
  • Email Address
  • Job Title

We will also collect additional information that will help us to deal with your message, specifically what we can help you with and what you would like from our potential collaboration.

We also collect information when you engage with our social media channels. Social media offers another way for us to communicate with you, for you to communicate with us, and for you to communicate with others about our products and services. We monitor this publicly available content, as it helps us to understand what people are saying about our products and services, so that we may develop them. It also offers an additional way for us to communicate with our clients.

We collect limited technical information about your visit to our site, this helps us to better understand how our customers move around, and interact with, this website.

To identify new leads and companies that will benefit from our services, we buy in data from data providers and we also use open data sources such as LinkedIn and other professional and corporate resources. 

 

Lawful basis for processing your personal data

We will only ever process your personal data if we have a lawful basis to do so. The lawful bases we rely on are;

  • Contract – This is where we process your information to fullfil a contractual arrangement, we have made with you. 
  • Consent – This is where we have asked you to provide permission to process your data for a particular purpose. Please note, if we are relying on your Consent, you can withdraw your consent at any time by contacting us or using the opt out link in any emails that we send to you.
  • Legitimate Interests -  This is where it is in our business interests to process your data. Generally this is to provide you with the best products and service in the most secure and appropriate way, our marketing activities and identification of new leads.

Your Rights

You have a number of Rights under Data Protection Legislation. If you would like to exercise any of these rights, you can contact us using the contact details in the “Contact Us” section further below.

You rights under the Legislation are –

  • The right to be informed about our collection and use of personal data
  • You have the right to be informed about the collection and use of your personal data. This Privacy notice gives you this information. 


Right to access your personal information

You have the right to access the personal information that we hold about. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 1 month from the point that we are able to confirm your identity. We will ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.

Right to correction your personal information

If any of the personal information we hold about you is inaccurate, incomplete or out of date, you can ask us to correct it.

Right to restrict processing

You have the right to ask us to restrict the processing of your personal data. For example, this may be because you have issues with the accuracy of the data we hold or the way we have processed your data. The right is not absolute and only applies in certain circumstances.

Right to erasure

You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. 

Right to portability

The right to portability gives you the right to receive personal data you have provided to us in a structured, commonly used and machine-readable format. It also gives you the right to request that we transmit this data directly to another controller.

Right to object

You have the right to object to our processing of some or all of the personal data that we hold about you. This is an absolute right when we use your data for direct marketing but may not apply in other circumstances where we have a compelling reason to do so, e.g., a legal obligation. 

You can make a complaint to the Datatilsynet at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have. If you have any feedback about this privacy notices, our would like to complain about our privacy practices please contact our Data Protection Officer at dpo@framna.com

 

How we use your personal data 

We will use your personal information to;

  • Answer any questions that you have or to follow up with you on any enquiries
  • If you contact us through email, phone or through our website we will use your information to answer your questions and to correspond with you.

Manage our relationship with you

If we start working together, we will use personal information to:

  • Manage our contractual relationship with you
  • Contact you throughout our relationship regarding the services


Manage and improve our business and our interactions with you

We will use certain personal and technical information to:

  • analyse and understand our clients
  • understand the effectiveness of our advertising campaigns
  • develop new products and services
  • secure our network
  • investigate and respond to service or security issues
  • to administer our website
  • to meet our legal and regulatory obligations


To promote our services 

If you give us your permission, we will use your information to send you promotional material that we believe will be relevant to you. 

You can unsubscribe from these communications at any time using the unsubscribe link in our emails or by contacting us. 

To manage recruitment

If you apply for a job with us via our Careers page, we will process personal data about you in order to consider your application.

There are occasions where process data on behalf of our clients when they use our hosting services for their application. Therefore, depending on the nature of the application, personal data of our client will be stored by us. In these cases, we act as a data processor and have the relevant contractual clauses in place with our clients to reflect this relationship. Personal data captured by applications we have built for our clients is controlled by our clients.

How long we retain your personal data

We retain a record of your personal information in order to provide you with a high quality and consistent service and to evidence the actions we have taken on your behalf. 

In line with the Data Protection Legislation we only keep your personal information for the length of time we need it to 

  • deliver our services to you
  • meet our Business needs
  • meet our legal obligations

Who we may share your personal data with

In some circumstances we may need to share your personal data with third parties in order to 

  • provide you with the service that you have asked for, 
  • meet our legal obligations,
  • run and manage our business,

We may share your personal information with; 

  • Law Enforcement or other public authorities that require us to release information
  • To any organisation where it is necessary for us to establish a legal claim or to defend ourselves against such a claim.
  • Our professional advisors including accountants, legal professionals or insurers
  • Providers of ancillary business support services such as Information Technology services (as a processor on our behalf).
  • Marketing service providers (as processors on our behalf) including organisations that help us communicate with you.
  • Any organisation in the event of the sale, merger, reorganisation, dissolution or disposal of our business. We will inform you of any such transfer or disclosure as required by law.

In all cases we

  • only provide the minimum personal information that each party requires to carry out their duties
  • only disclose personal information to organisations who we have a contractual relationship with or have an overriding legal requirement to hold the information

 

International transfers of personal data

In some instances your personal information may be processed outside the European Economic Area. 

If and when this is the case we take steps to ensure there is an appropriate level of security so your personal information is protected in the same way as if it was being used within the EEA.

Where we need to transfer your data outside the EEA we will use one of the following safeguards:

  • The use of standard contractual clauses in contracts for the transfer of personal data to third countries, and undertake transfer impact assessments for each transfer to identify any supplementary measures required or
  • Transfers to a non-EEA country with privacy laws that give the same protection as the EEA (such as those countries with an Adequacy decision or for US companies where the company is registered with the EU US Data Privacy Framework).

How we protect your personal data

Data security is of great importance to Us and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure any information that we Control

At a high level we have put the below measure in place:

  • Limiting access to our buildings to those that we have determined are entitled to be there;
  • Implementing access controls to our information technology;
  • All our employees and agents who have access to or are involved in the processing of personal information are contractually obliged to protect the confidentiality of personal information;

 

How we Use Cookies

When you first visit our site, you will be asked for your permission for us to use some types of cookies.

We have separated our cookies into four categories

Strictly Necessary Cookies

These cookies will always be placed. 

Strictly Necessary cookies are necessary for our website to operate as some cannot be switched off. The Cookies include those that ensure our site is secure, operates as you would expect and remembers your privacy preferences.

Performance Cookies

With your permission we use Performance Cookies to measure and improve the performance of our site. These cookies help us analyse data about web page traffic and to tailor it to customer needs. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Functional Cookies

With your permission we use functional cookies that enable this website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Targeting and Advertising Cookies

With your permission we utilise Third Party Marketing and Advertising Cookies – these cookies are placed by third party marketing companies (such as google) or social media companies (Such as Facebook) and are used to understand the pages that you have visited so relevant advertisements can be shown to you on these platforms and on other websites. 

These cookies do not directly store your personal information but can uniquely identify your browser and device. If you do not allow these cookies, you will see less targeted adverts from us. You may however see generic advertisements from or about us on Social Media or around the web. 

Cookies help us provide you with a better experience, by enabling us to monitor which pages customers find useful and those which they do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. 

Changes to this Policy

We may change this Privacy Policy from time to time (for example, if the law changes). If the changes are material, we will take steps to inform you. 

How to contact us

If you would like to

  • exercise one of your rights as set out above, 
  • have a question or a complaint about this policy, or
  • have a question or complaint about the way your personal information is processed.

You can contact us by emailing our Data Protection officer  dpo@framna.com

 

Last Updated  on 8th February 2024

Crafting products that matter.