Tomos Tours I/S, CVR number 43704656 is the data controller for the information we process about you, and we ensure that your personal data is processed in accordance with the law.
We take your data protection seriously, and we have therefore adopted this privacy policy that tells you how we process your personal data.
Contact information
If you wish to contact us regarding our processing of your personal data, you can do so at:
Tomos Tours I/S
Skavenvej 26
6880 Tarm
Contact information for the GDPR responsible person
Kristoffer Sørensen
E-mail: info@tomostours.dk
Processing of personal data
Personal data is all kinds of information that can be attributed to you to one extent or another. This privacy policy describes how Tomos Tours I/S processes your personal data. We only process information about you that is necessary and processed for a purpose, and we always treat your personal data confidentially.
Data security
We have taken appropriate measures to secure your information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access. We ensure that processing can only take place when all data protection principles are met.
We keep data up to date
You can use the contact information above to notify us of your changes, and we will ensure that your personal data is updated. If we ourselves become aware that your personal data is incorrect, we will update the information and notify you of this.
Below you can see on what basis we process your information, for what purpose, and for how long we store it.
Website visitors
When you visit our website, we process the following personal data about you: IP address, user behavior, information appearing in a contact form, such as Name, telephone number and email
We process personal data about you for the following purposes:
To record information for use in contacting and booking our products
To optimize and ensure optimal operation of our website.
We process the information on the following basis for processing:
You have given your consent via cookie banner (GDPR Art. 6, paragraph 1, letter a).
Our legitimate interest, which is to be able to administer our website (GDPR Art. 6, paragraph 1, letter f).
The personal data is deleted according to the aforementioned deletion rules prescribed in our cookie banner.
Contact and service
When you contact us by email, telephone, contact form on the website or by regular letter, we process the following information about you:
Your contact information and the content of your inquiry.
The purpose of processing your personal data is that we would like to provide you with good service and process your inquiry.
We process this information on the following processing basis:
We process your information in order to provide you with a service in connection with a contract (Article 6(1)(b) of the General Data Protection Regulation).
We process your information based on a legitimate interest in being able to answer your questions and possibly enter into a detailed conversation in order to uncover your needs (Article 6(1)(f) of the General Data Protection Regulation).
Your personal data will be deleted when the purpose of storing the personal data is no longer applicable. This will be assessed specifically based on the specific inquiry and the nature of the inquiry. We will process your personal data as long as we have correspondence with you. When the correspondence has been concluded and the content of this does not give rise to further action, your information that may appear in the correspondence will be deleted.
Exchange of services
In connection with us entering into an agreement for the exchange of services, it is necessary for us to process personal data about you. Below we will process general personal data, such as your name and email, for the purpose of complying with our obligations under the agreement with you (Article 6(1)(b) of the General Data Protection Regulation).
Information collected in this connection will generally be deleted when the agreement has been fulfilled, unless there is a specific reason to store the information for a longer period of time, such as a warranty period, or if a need arises to make a complaint.
We must store accounting records for 5 years from the end of the financial year to which the purchase or sale relates.
Social Media
When you like and/or follow us on LinkedIn, Facebook and Instagram, we process the following information about you:
Your name and, if applicable, the content of the message you send us.
The purpose of processing your personal data is to keep interested followers updated on, among other things, points of interest, etc.
We process personal data on the following grounds:
Our interest in marketing and improving our campaigns and social media pages (Article 6(1)(f) of the GDPR)
Facebook and Instagram
We are joint data controllers with Meta for the information about you that is collected when you visit our pages on Facebook and/or Instagram. This means that together with Meta we must allocate and determine the responsibility for complying with the legislation regarding the processing of your personal data.
You can find our agreement on joint data responsibility here: https://www.facebook.com/legal/controller_addendum
Meta uses Insights on Facebook /Instagram to collect statistical information about visitor behavior on the site, including age, gender, relationship status, work, lifestyle, areas of interest, purchase information and geographical information. For this purpose, Meta has placed cookies on your device when you visit Facebook/Instagram. Each cookie contains a unique identification code that remains active for a period of two years, unless deleted before the end of this period. Meta receives, stores and processes your personal data through these cookies. We receive aggregated results of this information. You can read more about Facebook's/Instagram's use of cookies here: https://m.facebook.com/policies/cookies/ and Cookie Policy | Help for Instagram
We do not share information about you that we receive from Meta. However, Meta may share information about you with third parties. You can read more about this under the section “how this information is shared” in their Privacy Policy.
If you want to delete your cookies, you can see how via our Cookie banner, or you can contact Meta.
Meta processes information about you, even if you do not have an account with them. You can read more about this here: Meta's Privacy Policy - How Meta processes and uses user data | Privacy Center (facebook.com)
Job Application
If you apply for a position with us, we will process the information that appears in your application, CV and other accompanying documents. It is not necessary for you to write your CPR number.
The purpose of processing personal information about you in the recruitment process is to assess whether you are a qualified candidate for a vacant position with us.
We process this information on the following basis:
Based on our legitimate interest, which is to assess your qualifications and competencies in relation to the advertised position (GDPR Art. 6, paragraph 1, letter f).
The processing of CPR numbers only takes place if you have provided it yourself in connection with the application or CV. We process CPR numbers in order to be able to defend or assert a possible legal claim (Dutch Data Protection Act Section 11, paragraph 2, no. 4, cf. Section 7, paragraph 1 and DGP Art. 9, paragraph 2, letter f).
If you submit sensitive personal data, we process it on the following legal basis:
A legitimate interest, which is the interest of both parties in the assessment of a future collaboration (Article 6(1)(f) of the General Data Protection Regulation) and for the purpose of establishing or defending any legal claim regarding the recruitment process (Article 9(2)(f) of the General Data Protection Regulation).]
Applications and attachments can be stored for up to 6 months after the recruitment process has been completed, after which your data will be deleted. The purpose of storage after the recruitment process is to safeguard interests in the event of any objections to discrimination, unequal treatment, etc. during the recruitment process.
In the case of unsolicited applications, applications and attachments are stored for a maximum of 6 months, after which they are deleted. If we wish to store your applications for a longer period than this, this will be done on the basis of your specific consent.
If we wish to save your application with attachments, with a view to possible future employment, this will be done on the basis of your consent (GDPR Art. 6, para. 1, letter a).
Your rights
You can, by contacting the contact information at the top of the page:
- gain access to your personal data
- have your registered personal data corrected
- have personal data about yourself deleted
- have the processing of your personal data restricted.
- have your personal data provided (data portability) for the purpose of transferring it to another data controller
- object to the processing
If you give us your consent, your consent is voluntary, and it has no consequences for you if consent is not given, is only given for certain points or is later revoked.
Consent can be revoked at any time by using the contact information above.
When you contact us with a request to exercise the above rights, we will respond to you within one month. If we cannot comply with your request, you will be given a reason for this.
To exercise your rights or if you have any questions about the above, please contact us. Our contact details can be found at the top of the page.
If you are subsequently dissatisfied with the way in which we process your information, you have the right to file a complaint with the Danish Data Protection Authority.