Cookie and privacy policy.
All inquiries are answered by GastroFun ApS:
GastroFun ApS
8310 Tranbjerg
TLF: 5093 9988
Or through the contact form on the website
Concept overview
1.1 Personal data
Personal data is any information relating to an identified or identifiable non-fictional individual, i.e. a person or a sole proprietorship1.
Different pieces of information that together can lead to the identification of a specific individual also constitute personal data. This applies regardless of the measures taken to hide the information in the individual pieces of information from the outside world. If the individual cannot be identified from the total amount of pieces of information, it is not personal data.
As of 25 May 2018, all online organizations are obliged to handle personal data of EU and UK citizens according to an EU directive called the General Data Protection Regulation (GDPR). In Danish known as Databeskyttelsesforordningen or Persondataforordningen2. This directive replaces the Data Protection Directive (DPD) and the Personal Data Act.
However, the GDPR is in practice identical to the former Danish Personal Data Act. But because national laws in this area have long been ignored, a number of laws have been moved to a common EU level and penalties have been increased.
Examples of personal data include:
A photo of a face, IP addresses, email addresses that are private and personal and cookies.
Examples of data that is not personal data include
A company’s CVR number, an email address for a department within a company.3
Personal data can be divided into four categories4:
1) CPR numbers and other national identification numbers: This information is not handled by EU directives but by each nation’s own laws. In Denmark, the handling of CPR numbers is governed by the Act on the Central Personal Register5. As a starting point, these are handled as sensitive data.
2) Sensitive data: Processing of sensitive data without the individual’s explicit consent is generally prohibited.
3) Criminal offenses: Processing of criminal offenses requires either consent or a legitimate interest that makes it necessary.
4) General data: No explicit consent is required to handle this data.
The Danish Data Protection Agency has prepared a figure below that divides the last three categories. The top area of sensitive personal data is, according to the Danish Data Protection Agency’s guidance, adequate in relation to the General Data Protection Regulation.
The use of cookies is extensively covered by the ePrivacy Directive as of May 25, 2018, which replaces the cookie law. The EU does not believe that the intensive use of cookie banners that the old cookie law resulted in has in practice given users more control over the use of their personal data, so cookie banners are no longer required under ePrivacy. Instead, you will now be able to use your browser settings to control what your personal data can be used for.
The Danish Data Protection Agency is the governmental authority in Denmark that oversees the General Data Protection Regulation.
1.2 Cookies
A cookie is a small text file that is used by websites to identify a person from the crowd of visitors and to associate information about a person on their own machine through a browser when they visit that site. A cookie contains anonymous data. -It does not need any information that directly identifies a person, such as phone numbers and IP addresses or similar to identify a person. A cookie consists of pure information in text form and cannot contain malicious code that could, for example, constitute a virus.
Cookies are used to target ads to users and to collect statistics about user interaction with the site. If you do not want targeted ads, you can use a VPN to anonymize your internet connection.”
Most browsers normally ensure that the information contained in a cookie is only accessed from the domain from which it is set. However, the cookie can be set by an external hosted service built into the page as well as by the web server for the domain in question. If a cookie is set by an external service, it is only through this service’s domain and not the domain of the web server itself that the information about a cookie is accessed. This ability to access information through an external service is used in advertising for so-called re-targeting campaigns, where ads are targeted to users who have previously visited certain websites.
The external services integrated on this site are hosted on the domains of Google, Facebook and Stroosle respectively. Their respective privacy policies are referenced in section 4.
1.3 Data in the Cloud
It is not only cookies that are used to target ads, but also information collected by various online services on the web such as social media and search engines. Generally speaking, data is stored in the “cloud”. Your search results in Google Search and your Facebook information are used by some advertisers to target ads.
Online services operating in the EU and the UK have a duty to inform you as a citizen if they use sensitive data about you for business purposes, what they use, why and that you must give consent. You have the right to subsequently stop this use of your sensitive data and to have this information deleted.
1.4 Consent
Consent is an acceptance that a designated amount of personal data (regardless of what data it is) may be used in a context that is clearly stated via a request.
When it comes to the provision of information society services to children, special rules on consent apply. For example, this may mean that the acceptance of some types of personal data must be made by a guardian on behalf of the child.
Consent can be withdrawn at any time.
For example, when signing up for newsletter updates as emails, you will receive a request to accept that the news media in question may use this email address for this specific purpose.
1.5 Data processor and data controller
According to Article 4(7) of the GDPR, a controller is a data controller:
A natural or legal person, public authority, institution or other
the body which alone or jointly with others determines for what purposes and by what means
personal data may be processed.
According to Article 4(8) of the General Data Protection Regulation, a data processor is:
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. 6
You can be both a data controller and a data processor.
In the specific case of this page, GastroFun ApS will be referred to as the data controller while Facebook, Google, Strossle and their respective subcontractors are data processors.
2 General guideline
- We strive to market ourselves with respect for and in accordance with applicable Danish legislation, including legislation dictated by the EU through the Schengen Agreement. This includes:
- We do not collect so-called criminal personal data or sensitive personal data for marketing purposes
- Private personal data provided to us in confidence, such as emails in connection with signing up for newsletters, will be treated confidentially. We do not sell, rent or publish such personal data
- We respect that consent can be withdrawn at any time
3 What personal data is collected and why it is collected
This website collects and uses personal data for the following reasons:
3.1 Website analysis
Like most news sites, this site uses Google Analytics to map how visitors interact with the site.
We use this data to determine how many people visit our website and how many people read each news post to gain an understanding of what readers find interesting on the site, so that over time we can make the site even more exciting for our readers.
Google Analytics also records your geographical location, device type, internet browser and operating system – none of this information uniquely identifies you as an individual.
However, Google Analytics also stores your machine’s IP address in an anonymized form, which could be used to identify you if Google gave us access to it. However, Google does not pass this information on to us or anyone else.
We consider Google to be a third-party data processor.
Google Analytics collects information using cookies. If you disable cookies in your internet browser, Google Analytics will stop collecting information about your visit to this website. Section 4.2 refers to more options to control the use of private information by Google.
Google documents the technical aspects of their cookies in more detail in their development guides7.
3.2 Contact forms on the site
Should you choose to contact us using our contact form or via. an email, none of the information you provide will be stored by this website or processed by a third-party data processor. Instead, the information will be collected in an email and sent to us via SMTP (Simple Mail Transfer Protocol). Our SMTP servers are protected by TLS (sometimes known as SSL), which means that the email content is encrypted using SHA-2, 256-bit cryptography before being sent over the internet. The email content is then decrypted on our local workstations. However, not all mail servers are secured in such a way. Therefore, we suggest that you generally consider email as a communication platform with poor security and omit strictly personal, confidential or other sensitive information in emails.
4 Control over the collection of personal data
4.1 Via browser settings options
Because cookies are stored on the user’s own machine, users also have the option to delete them again and it is also possible to set most browsers to block cookies completely.
In some modern browsers, you will be able to access some of your personal data in the cloud.
5 Hosting and data security
The Drupal solution is maintained and hosted by Komunikado.
Information to and from the website is delivered over HTTPS and encrypted over SSL.
Should it happen that sensitive personal data is leaked, it will be reported in accordance with the General Data Protection Regulation.
Komunikado’s privacy policy can be found at: https://komunikado.dk/da/cookies
6 Change log
25/5 2018 v/1.0.1: First draft of the Cookie and Privacy Policy prepared according to GDPR
7 References
- The Danish Data Protection Agency’s introduction to the General Data Protection Regulation ︎
- EU GDPR Directive ︎
- EU definition of what constitutes personally identifiable information ︎
- Avodan: “WHAT IS SENSITIVE INFORMATION?” ︎
- Act on the Central Personal Register ︎
- The Danish Data Protection Agency and the Ministry of Justice guidance on data controllers and data processors ︎
- Google Analytics Cookie Usage on Websites ︎