Terms, Conditions and Processing of Personal Data

Effective as of 25 May 2018

General Information
The Glyptotek thanks you for your interest in our products and is delighted that you are visiting glyptoteket.dk. Protecting and respecting your privacy is extremely important to us. Our goal is to process your data responsibly and appropriately at all times. In the context of this processing, our policy is transparency. The Ny Carlsberg Glyptotek, Dantes Plads 7, DK-1556 Copenhagen V (CVR No. 60178518) is the data controller in charge of the collection and processing of personal data.

We process the personal data, with which you provide us, confidentially, and only disclose it if absolutely necessary. But it is important for you to read these terms and conditions carefully so you understand why and how we process your personal data.

When purchasing products from us, using our services or browsing our website from your computer, mobile phone or mobile application, you consent to our collection of your personal data, and you accept these terms and conditions. If we update them and you continue to use our services, you hereby also accept the new terms.

In order to ensure that we process your personal data in accordance with the law, the Glyptotek is defined as a data controller responsible  for collecting your data.

What Is Personal Data?
‘Personal data’ is any kind of information about an identified or identifiable natural person. In other words, it is any kind of information that can directly or indirectly relate to a person. It includes the likes of name, address, telephone number or even images and dynamic IP addresses.

When we collect personal data about you in the context of your visit to our website or as part of our services, we always ensure that we do so with clear, explicit consent, so you know exactly what types of data we collect and why we collect that data.

When Does The Glyptotek Collect Personal Data?
When you use our services, you usually provide data such as name, address, email address and financial information, along with other data that enables the Glyptotek to offer you our service.

We collect personal data:

• When you buy goods online or browse our website.
• When you subscribe to our newsletter.
• When you sign up for an event.
• When you use or interact with our services.
• When you take part in promotions, contests or surveys.

For example, the Glyptotek registers and stores the data you provide us with when entering into an agreement with us. Accordingly, we register your data with the sole purpose of providing a product or service when you shop on our website. We do not use data for any purpose other than the express purpose described here and to comply with applicable law.

We use video surveillance in the museum. We do this to protect the artefacts, prevent crime and ensure evidence and information for use in a police investigation in the event of crime. The video recordings are stored in secure environments and with limited access by security staff.

Use of Personal Data at the Glyptotek
We use the data we collect to run our museum, provide and develop the quality of our services and improve your experience when interacting with us.

We use the data we collect for the following:

• Processing your purchase and delivering your goods
• Fulfilling your desire for products or services
• Improving our products and services
• Customising our communication and marketing for you
• Managing your relationship with us
• Complying with legal requirements
• Statistical analysis

Personal Data for Third Parties
Proper handling of your personal data is extremely important to the Glyptotek. We would never sell, publish or in any way disclose data to a third party without your consent, or if it is not necessary in terms of completing a transaction and ensuring compliance with applicable Danish law. We do not use your data for purposes other than those described in this Personal Data Policy.

In order to provide our service to you, we may disclose your data to our selected and trusted partners. For example, we disclose data to partners who are entitled to use your data in the context of delivering goods, and to be able to keep you updated vis-à-vis the status of an order.

When you submit data to third parties with whom we cooperate, we may also receive your data. These might include trusted partners who deal with marketing, finance, advertising and payment.

It is the responsibility of the Glyptotek to ensure that your personal data is not misused. Consequently, we place high demands on our partners when your personal data is used outside the Glyptotek. We therefore always ensure that our partners guarantee protection of your personal data.

Storage of Personal Data at the Glyptotek
At the Glyptotek we store your personal data for as long as you use our services. We also retain and use your data if this is necessary for complying with legal obligations and upholding our agreements.

The Glyptotek is obliged to protect your personal data. We use technical and organisational measures to prevent unauthorised access and use, destruction, alteration or disclosure of your personal data by any individual or organisation. To ensure your security and protection, only a limited number of people with a legitimate need have access to your personal data.

In order to best protect your data, we have adopted internal rules on information security, which contain both instructions and measures to protect your personal data from being destroyed, lost or altered, from unauthorised disclosure and from unauthorised access to, or knowledge of it. In addition, all Glyptotek staff must follow internal procedures and rules in relation to handling personal data.

The Glyptotek takes all precautions to ensure that our website does not contain viruses or anything related to them. But we can never guarantee complete security when data is transferred. This means that there may be a risk that other unauthorised persons will force access to data when it is sent and stored electronically. Therefore, we cannot guarantee that our website is virus free, and we disclaim any liability for loss resulting from this. We advise you to protect yourself and your data by closing your browser after use, installing antivirus software and constantly updating software and apps.

The Glyptotek cannot be held liable for any loss of any kind that may arise as a result of the use of our services, as a result of forced entry into the Glyptotek’s systems or other operational disruptions for which the Glyptotek is not responsible. Therefore, you submit your data at your own risk. In the event of unauthorised individuals gaining access to your data, we will notify you without undue delay and immediately start remedying the situation by deploying the necessary tools.

Deletion of Personal Data at the Glyptotek
We delete your personal data when it is no longer needed for the purpose for which it was collected, processed and stored. If you unsubscribe from the Glyptotek’s newsletter, your contact information will be deleted no later than 6 months after you have unsubscribed.

Season Ticket Holders
The Glyptotek collects, stores and processes the name, address, email address and telephone number of season ticket holders and data about the visits of season ticket holders to the museum.

We use this personal data to administer season tickets and provide season ticket holders with the best possible information about activities and offerings at the Glyptotek, and to adapt the museum and its offerings to suit both season ticket holders and our other visitors. We process personal data in order to make users aware when their season ticket is about to expire. We also use the data for marketing and for the compilation of statistics and analyses.

Our basis for processing the personal data of season ticket holders is mainly to comply with the agreement entered into between season ticket holders and the Glyptotek. We process personal data on the basis of our legitimate interest in marketing, developing both existing and new services and products, conducting analyses of our customer segments, products and services and compiling related statistics. We may also process personal data for the purpose of enforcing a legal claim.

We emphasise that the use of personal data for sending marketing material only takes place if a season ticket holder has previously given his/her express consent, unless the law permits us to contact a season ticket holder without the season ticket holder giving his/her prior consent.

The Glyptotek ensures the necessary updating of stored data so that the personal data is not stored longer than necessary. Upon termination of a season ticket membership, all of the season ticket holder’s personal data will be suspended. No later than 24 months after the termination of the membership, the member’s personal data will be deleted or anonymised, unless we are legally obliged or entitled to keep the data longer. The data can also be stored longer in anonymised form.

Your Rights
As a customer of the Glyptotek, upon request you are entitled to gain insight into the data we have processed about you, where it comes from and what we use it for. You can also find out how long we store your data and who receives data about you, to the extent that we disclose data in Denmark and abroad. However, access may be restricted due to the privacy, trade secrets and intellectual property rights of other persons.

If the data is incorrect, incomplete or irrelevant, you have the right to have the information amended or deleted. If the customer relationship ends, identity and transaction data is stored for five years in accordance with the Danish Bookkeeping Act, the Law on Money Laundering Prevention and the Data Retention Directive.

Given that our service depends on your data being accurate and up to date, we ask you to inform us of any relevant changes to your data. You can contact us below to inform us of your changes.

Your consent is voluntary. If you change your mind, you have the option of withdrawing your consent by contacting us.

We do not knowingly collect personal data from children under the age of 18. If we become aware that we are processing personal data from a child, without the consent of a parent or guardian, we will make every effort to remove that data. If you become aware that a child has provided us with personal data without the consent of a parent or guardian, you can contact our customer support department.

Cookies
We use cookies on our website. Cookies are small text files that contain letters and numbers stored on your computer. These cookies make it possible to collect information about which pages and functions users makes use of and visit. Upon entering our website you will see pop up window letting you decide how to deal with the cookies.

Contact Us
If you would like more information or to amend or delete your data, you are more than welcome to contact us. You can either write to us at Ny Carlsberg Glyptotek, Dantes Plads 7, DK-1556 Copenhagen, DK or email us or call us on +45 33418141.

You also have the option of lodging a complaint about the Glyptotek’s processing of your personal data. Lodge your complaint by contacting the Danish Data Protection Agency, Borgergade 28, 5, DK-1300 Copenhagen K.