Phonestore and GDPR

1. All employees at PS are informed about the general content of the legislation and its effect on the company's work processes.

2. PS has access to personal data on mobile devices to the extent, and only to the extent, that our customers choose to provide any passcodes for these or if no passcode has been set on the mobile device. This data is not accessed, stored, or copied under any circumstances, unless the customer directly requests it, and in such cases, data is deleted when it is no longer necessary to retain it. Only PS's technicians and owners have access to the stored data, and data is only accessed when necessary to meet the customer's explicit request or demand. Data is stored on PS's computers in a separate office which is locked when not staffed by PS personnel. During transport to and from the customer, all mobile devices are kept in a sealed envelope, which is checked upon arrival at PS's workshop in Hellerup, and is also expected to be checked by the customer upon delivery.

3. Going forward, it will be part of the order confirmation that consent is simultaneously given for PS to handle all personal data in accordance with the above procedures, described in point 2.

4. Our customers have the right, at any time, to demand to review or have any stored data handed over. Likewise, our customers can demand that all stored data be deleted. PS will comply with such a demand promptly and without undue delay.

5. If data is requested for review, PS will attempt to provide the relevant medium for this. If this is not possible, the customer is expected to provide a medium themselves.

6. PS's Data Protection Officer (Niels Spanggaard) reviews all relevant security measures every 14 days to ensure that any stored data is properly secured against security breaches. This review includes, among other things, checking security codes and checking the continued necessity of any stored data.

Brief description of the General Data Protection Regulation and its relevance for PS and our customers (English). Brief description of the General Data Protection Regulation and its relevance for PS and our customers (English)

● Personal data is defined as any information relating to a person who can be identified directly or indirectly. This includes online identifiers, such as IP addresses and cookies, if they are capable of being linked back to the data subject.

● Indirect information might include physical, physiological, genetic, mental, economic, cultural or social identities that can be linked back to a specific individual.

● There is no distinction between personal data about an individual in their private, public or work roles – all are covered by this regulation.

● Companies will be required to implement appropriate technical and organisational measures in relation to the nature, scope, context and purposes of their handling and processing of personal data. Data protection safeguards must be designed into products and services from the earliest stages of development.

● A key part of the regulation requires consent to be given by the individual whose data is held. Consent means “any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed”.

● Organisations will need to be able to show how and when consent was obtained. This consent does not need to be explicitly given, it can be implied by the person’s relationship with the company.

● However, the data obtained must be for specific, explicit and legitimate purposes. Individuals must be able to withdraw consent at any time and have a right to be forgotten; if their data is no longer required for the reasons for which it was collected, it must be erased.