Data Controller
We are the data controller for the processing of personal data that we handle concerning our customers and business partners. Our contact information is listed below.
Obsidian Digital A/S
Per Henrik Lings Allé 4, 5th floor,
2100 Copenhagen Ø, Denmark
VAT No.: 37407739
It is not a requirement for our company to have an external Data Protection Officer (DPO), but if you have questions about the processing of your personal data, you can contact us at obsidian@obsidian.dk.
Processing Activities
As a data controller under the GDPR, we have the following processing activities.
Website Visits
When you visit our website, we use cookies to ensure the site functions correctly, which you can read more about in our cookie policy.
Communication with Potential Customers
If you have questions about our site or would like to learn more about our services, you can contact us via:
- Contact form
- Phone
Through this process, we will handle your personal data to engage in a dialogue with you, for example, to answer questions about our services. We only process the information you provide us in connection with our communication.
We will typically process the following standard information: name, email, and phone number. Our legal basis for processing this personal data is Article 6(1)(f) of the General Data Protection Regulation. You can always request that this information be deleted.
Customers
We need to communicate with our customers to ensure that the service is delivered correctly. In this context, we may process information about your name, address, services, specific agreements, payment information, and similar details. The legal basis for processing this personal data is Article 6(1)(b) of the General Data Protection Regulation. You can always request that this information be deleted.
Newsletter
We have a newsletter that you can voluntarily subscribe to—and you can always unsubscribe. The purpose of the newsletter is to send subscribers emails with new information from the company, which may include events, webinars, and announcements about our services.
We will only send you emails if you have given your explicit consent. Explicit consent can be given on Obsidianagency.com, when signing up for a webinar, through Meta Lead Ads, and in other places. Our legal basis for processing your personal data (i.e., your email address) in connection with the newsletter will be Article 6(1)(a) of the General Data Protection Regulation. We will process your personal data as long as you are subscribed to the newsletter. When you unsubscribe, we will stop sending it to you.
Accounting
We are required to store all accounting documents in accordance with the Danish Bookkeeping Act. This means we store invoices and similar documents for accounting purposes. These documents may contain standard personal information such as name, address, and a description of the service. Our legal basis for processing personal data for accounting is Article 6(1)(c) of the General Data Protection Regulation. We store this information for at least five years after the end of the current financial year.
Job Applications
We are happy to accept job applications to assess whether they match our company's hiring needs. If you send us your job application, our legal basis for processing your personal data is Article 6(1)(f) of the General Data Protection Regulation. If you are part of a recruitment process and/or are hired for the job, we will provide you with separate information on how we handle your personal data in that context.
Data Processors
Few people can do everything on their own, and the same applies to us. We have business partners and use suppliers, some of whom may be data processors. External suppliers can provide systems to organize our work, services, advice, IT hosting, or marketing.
- HubSpot - for marketing purposes
- Twentythree - for hosting webinars
- Meta - for marketing purposes
- Google - for marketing purposes
- Webflow - for hosting Obsidianagency.com
- Obsidian d.o.o - our 100% owned subsidiary based in Bosnia & Herzegovina
It is our responsibility to ensure that your personal data is processed correctly. Therefore, we place high demands on our business partners, and they must guarantee that your personal data is protected. We enter into agreements (data processing agreements) with companies that handle personal data on our behalf to enhance the security of your personal data.
Disclosure of Personal Data
We do not disclose your personal data to third parties unless it is specifically stated in your consent—for example, in connection with the purchase of a ticket through an external ticketing system.
Profiling and Automated Decisions
We do not perform profiling or automated decisions.
Third-Country Transfers
As a general rule, we use data processors in the EU/EEA, or those who store data in the EU/EEA. In some cases, this is not possible, and in these situations, data processors outside the EU/EEA may be used if they can provide adequate protection for your personal data.
Processing Security
We keep the processing of personal data secure by implementing appropriate technical and organizational measures. We have conducted risk assessments of our personal data processing and have subsequently implemented appropriate technical and organizational measures to increase processing security. We have carried out Transfer Impact Assessments, entered into data processing agreements, and added Standard Contractual Clauses in connection with our 100% owned subsidiaries outside the EU.
Data Subject Rights
Under the General Data Protection Regulation, you have a number of rights regarding our processing of your information.
If you wish to exercise your rights, you must contact us so we can assist you.
- Right of access: You have the right to access the information we process about you.
- Right to rectification: You have the right to have incorrect information about yourself corrected.
- Right to erasure: In special cases, you have the right to have information about you deleted before the time for our general deletion policy occurs.
- Right to restriction of processing: In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to have processing restricted, we may in the future only process the information—apart from storing it—with your consent, or for the purpose of establishing, exercising, or defending legal claims, or to protect a person or important public interests.
- Right to object: In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You can also object to the processing of your data for direct marketing purposes.
- Right to data portability: In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format.
You can read more about your rights in the Danish Data Protection Agency's guide on the rights of data subjects, which you can find at www.datatilsynet.dk.
Withdrawal of Consent
When our processing of your personal data is based on your consent, you have the right to withdraw your consent.
Complaint to the Danish Data Protection Agency
You have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with how we process your personal data. You can find the Danish Data Protection Agency's contact information at www.datatilsynet.dk.
