Privacy Policy

In this privacy policy, SDC has described how SDC processes and protects the personal data for which SDC is responsible. SDC is responsible for the personal data of employees of SDC, consultancies, business partners and affiliated financial institutions.

When SDC processes personal data about you, we will refer to this Privacy Policy. SDC may in some cases send or disclose separate information about the processing of personal data, if the processing is not adequately described in this policy.

 

Data Controller

When processing your personal data for SDC's purposes, SDC is the data controller.

SDC A/S
Borupvang 1a
2750 Ballerup
Denmark

 

The purpose of processing of personal data

SDC only processes personal data where there is a specific and legitimate purpose. Below we have listed the most relevant purposes of SDC's processing of personal data and some of the activities associated with this:

Applications and recruitment:
For example, applicants applying for a job (whether solicited or unsolicited), potential candidates attending various events (social or academic), candidates contacting SDC for employment (either as a regular employee or consultant), entering and participating in SDC's recruitment process and by participating in job interviews and/or personality tests.

Daily operations:
For example, in the operation and management of IT and communication systems, improvement of products and services, management of company assets, allocation of company assets and human resources, strategic planning, project management, business continuity, preparation of audit trails and other reporting tools, maintenance of records relating to production and other business activities, maintenance of premises security, budgeting, financial management and reporting;  communication, handling of mergers, acquisitions and reorganization or divestiture.

Compliance:
For example, by monitoring compliance with internal policies or applicable laws, complying with legal and other requirements, such as income tax and national insurance deductions, recording and reporting obligations, conducting audits, requests from public or regulatory authorities, responding to legal processes such as subpoenas, pursuing legal rights and remedies, defending litigation and dealing with any internal complaints or claims, and complying with internal policies and procedures.

Communication:
For example, by arranging communication with employees, guests to SDC, contact persons in financial institutions and business partners, using photographs in newsletters and other material distributed within SDC, providing references, ensuring business continuity, protecting the health and safety of employees and others, securing IT infrastructure, office equipment and other property, facilitating communication in an emergency, Publication of contact information and photos on our website.

 

Types of personal data

General personal data:
SDC processes personal data that we receive from either you, our business partners or financial institutions, etc. Normally, this corresponds to the processing of some of the following categories of personal data, such as:

Name, email, phone number, address, phone number, date of birth, gender, photographs, bank and salary information, description of current position and title, employment status, information contained in application letters and CV/CV, previous employment background and references, educational history, professional qualifications and academic credentials, other relevant skills, and personality test results.

Special categories of personal data:
Special categories of personal data are defined as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data for the purpose of uniquely identifying a natural person, health data or data concerning a natural person's sex life or sexual orientation, and criminal offences

Generally, SDC does not process sensitive personal data. In connection with an application, we register that a criminal record has been presented at the time of the job interview, but SDC does not store it.

 

Collection of personal data

We may collect personal information about you from the following source(s):

  • Directly from you, e.g. through an application process or other forms or information you provide to SDC in connection with your application, consultancy work, etc.
  • During your activities related to your application, consultancy work, etc., such as through your performance and interaction with other employees or other persons
  • From third parties, which may include (the list is not exhaustive):
  • References
    • Previous employers
    • Public authorities (in particular with regard to security controls and obtaining security licences)
    • Other third parties, including background checks, agencies and external recruiters
    • Websites, LinkedIn or similar public media

 

Legal basis for processing of personal data

We process personal data based on the following legal bases under the GDPR:

  • Consent (Article 6(1)(a)):
    For example, when you provide SDC with the relevant personal data directly or you give SDC your explicit consent to obtain such personal data.
  • Necessary for the performance of the contract between you and SDC (Article 6(1)(b)):
    For example, when it is necessary for SDC to comply with a contractual obligation.
  • Necessary for the SDC to comply with a legal obligation (Article 6(1)(c)):
    For example, when SDC must comply with laws on bookkeeping and financial reporting, etc.
  • Necessary to pursue SDC's legitimate purpose (Article 6(1)(f)):
    For example, when you, as a guest at SDC, state your name on arrival for security reasons.
  • Necessary to meet obligations in the fields of employment, social security and social protection (Article 9(2)(b)):
    For example, when SDC must comply with employment legislation, etc.
  • Necessary for the establishment, exercise or defence of legal claims (Article 9(2)(f)):
    For example, in cases where it is necessary for SDC to either establish, exercise or defend legal claims.

Disclosure of personal data


As a general rule, SDC does not disclose personal data to others. Should this happen, SDC will always ensure a legal basis for disclosure and provide this specifically.

Processing of personal data outside Europe

SDC generally endeavors not to transfer personal data to countries outside the EU/EEA. Should this happen, SDC will always ensure a legal basis for disclosure and provide this specifically.

Storage of personal data

SDC has fixed criteria for how long we process and store personal data.
These criteria help to ensure that we only store personal data for as long as we have an objective purpose for the storage. The purpose can be both for the sake of compliance with specific legislation, e.g. the Bookkeeping Act or to ensure that we can provide the service in question.

Your rights 

As a data subject, you have a number of rights, which are described below. SDC takes all necessary and adequate measures to protect your personal data and safeguard your rights as a data subject.

Your rights as a data subject include the right to:

  • Request access to your personal data
  • Request rectification of your personal data
  • Request deletion of your personal data
  • Object to the processing of your personal data and have the processing restricted
  • Receive your personal data in a structured, commonly used and machine-readable format (data portability)
  • Complain to a data protection supervisory authority

Do you want to exercise your rights?
You can exercise your rights by contacting SDC's DPO. You can find the contact information below.

Please note that there may be different conditions or limitations to your rights as a data subject than those set out above, depending on the specific circumstances.

Withdrawal of consent

When the processing of your personal data is based on your consent, you can withdraw your consent at any time by contacting SDC's DPO. Please note, however, that this does not affect the legal basis for SDC's processing of your personal data prior to the withdrawal of your consent.

Complaint to the Data Protection Authority

If you are dissatisfied with the way SDC processes your personal data, you can send a complaint to the Danish Data Protection Agency. The Danish Data Protection Agency can be contacted in the following way:

The Danish Data Protection Agency
Carl Jacobsens Vej 35
2500 Valby
Tlf. 33 19 32 00
E-mail: dt@datatilsynet.dk

Data Protection Officer (DPO)

For questions about your rights, including requests for access, etc., please contact our DPO.

DPO
Rasmus Broeng Jørgensen
SDC A/S
Borupvang 1A
2750 Ballerup
Denmark
Telephone number: 44 65 71 11
E-mail: dpo@sdc.dk

Cookies

We use cookies on our website to improve your experience on the site. The purpose of the collection is to make the website more relevant to our users.

Special information on the use of CCTV 

SDC hereby expressly announces that there is video surveillance at the entrances to our premises.

Are you a customer of a financial institution?  – then the financial institution is the data controller for the processing of your personal data

SDC is an IT company that provides IT services, primarily in the form of system solutions and processing of data to more than 50 Nordic banks. Each of these Danish banks has its own agreement with the CPR register regarding the subscription of information for the persons who are customers of the individual bank. SDC, on the other hand, does not have an independent agreement with the CPR register. It is thus the individual bank - not SDC - that is the subscription subscriber. SDC is registered as a subscriber regarding the updating of information from the CPR register. We do this on behalf of and as data processors for our affiliated financial institutions.

If you are a customer of one of these banks, you are therefore not covered by SDC's privacy policy and SDC does not have access to your personal data as a data controller. If you are a customer of a financial institution, you must therefore always contact your financial institution if you want information about the processing of your personal data or make use of your rights. The bank is the data controller for personal data about the bank's customers. You can find a list of the banks linked to SDC here.

 

 


© 2025