We take your data protection seriously
To protect your personal data the best, we continuously assess how high a risk there is for our data processing affecting your basic rights negatively. We are particularly aware of the risk of you being exposed to discrimination or identity theft, suffering financial loss, or loss of reputation or data confidentiality.
In case the decisions we need to make are dependent on us processing sensible personal data, biometric information, or information regarding punishable relations about you, we carry out an analysis of the impact of data processing to ensure your data protection. The impact assessment will be carried out before we start processing your personal data.
Wiley X EMEA, Subsidiary of WILEY X EMEA, LLC, USA is the data controller, and we ensure that your personal data is processed under existing laws.
Contact person: Wiley X EMEA, Subsidiary of WILEY X EMEA, LLC, USA
Address: Søndergade 8-10, 7570 Vemb, Denmark
Phone number: +45 96930045
Data controller: Wiley X EMEA, Subsidiary of WILEY X EMEA, LLC, USA
We ensure fair and translucent processing
When we ask you to make your personal data available to us, we will inform you of which data we process about you and for what purpose. You will receive information about this when we collect your personal data.
If we collect data about you from others, for instance a supplier, authority, or business partner, you will typically be informed of this at the beginning of the case and in most cases, we will ask you to provide the needed information. The purpose of obtaining information from you will almost always be justified by the assignment we have received from you to fulfil a contract.
Exceptions for disclosure
We send out our disclosure information to all customers for whom we create cases and to new customers who are not yet archived.
For customers in archived cases, who we, in reference to the Danish Bookkeeping Act etc., choose to store, we do not send a Privacy Notice. The reason for this is that we have carried out a balancing of interests and have reached the following conclusion:
- We do not store any information on customers other than name and address.
- The customers have provided us with the information themselves and are aware that we have it and storage it.
- It will be costly to gather name and addresses for the purpose of a postal delivery or to find the relevant e-mail addresses.
Based on the above mentioned, we do not send a Privacy Notice for customers in archived cases.
Particularly, it has been considered whether people, who have had an eye test made and where the case has been archived should have a specific notice or sign a statement of consent. We have carried out a balancing of interests based on the following conditions:
- The customer has provided the information themselves.
- The customer has naturally been present at the eye test. The eye test does not contain any burdensome, sensitive information that can be misused, and it has solely been carried out to manufacture prescription lenses. We do not consider it to be sensitive information whether one uses glasses or not, as it is visible under any circumstances.
Concerning eye tests, we have, based on the abovementioned, also assessed that it is not necessary to gain consent or send a Privacy Notice in archived cases.
Personal data is not sent to third parties in archived cases. We keep virtually no information on third parties. However, B2B customers where the customer is a company or business, a name and company phone number may be included. The information has been given to Wiley X EMEA LLC by the company itself, and it is personal data, which can be found in a phone book or the like. In our opinion, the persons in question, who have assigned an e-mail on behalf of a company, will find it extremely strange to receive Privacy Notices in old, archived cases.
We use this type data about you
We use data about you to ensure that we are in the possession of correct information that is relevant to the assignment you, as a customer, have given us. The data we use is described in the data processing directory, and you will receive a Privacy Notice with information about which personal data we, typically, need to use in your case.
Wiley X EMEA LLC has formulated a Privacy Notice, which customers will be referred to.
We collect and store your personal data for specific purposes
We collect and store your personal data solely for a specific purpose, namely, to fulfil the assignment you have given us.
We collect information to:
- Have clear identifying information on you
- Be able to transmit messages, send communication, and keep you informed, including for use in relation to marketing, among others through newsletters.
- Settle any amounts to your account
- Comply with legal requirements, including accounting rules, tax documentation, and customer account rules.
The abovementioned list is not complete.
We process solely relevant personal data
We only process data about you that is relevant and sufficient in relation to the purpose defined above. The purpose determines which kind of personal data about you that is relevant to us. The same goes for the scope of the personal data we use. For example, we do not use more data than what is needed for the specific purpose.
Before we process your personal data, we examine whether it is possible for us to minimize the amount of personal data about you. We also examine whether some of the types of data we use can be used in an anonymized or pseudonymized form. This we can do if it does not negatively affect our obligations or the service, we offer you.
We process solely required personal data
We collect, process, and store only the personal data required to fulfil our intended purpose. Additionally, it may be determined by law what type of data is necessary to collect and store for our business operations. The type and the scope of the personal data we process may also be necessary to fulfil a contract or other legal obligation.
We check and update your personal data
We check that the personal data we process about you is not inaccurate or misleading. We also make sure to update your personal data regularly.
As our service is dependent on your personal data being correct and up to date, we ask that you inform us of any relevant changes to your personal data. You can use the contact information at the top of the page to notify us of your changes.
To ensure the quality of your personal data we have adopted internal rules and established procedures for checks and updates of your personal data.
We erase your personal data when it is no longer required
We erase your personal when it is no longer required for the purpose for which we collect, process, and store your data.
However, reference is made to Article 17 of the General Data Protection Regulation, according to which erasure can be waived to the extent that the storage of personal data is necessary for the establishment, exercise, or defense of a legal claim. For the sake of the customer and ourselves, it is important that cases, which we have conducted, can be documented during the period in which legal claims can be asserted against us or our customer regarding the case. That is why, information rarely is erased until more than 5 years have passed from the end of the contract.
Below are Wiley X EMEA LLC’s guidelines for erasure of personal data in connection to marketing purposes to respectively B2C and B2B-customers.
Regarding the processing of personal data in context of marketing purposes to B2C the following applies:
If you have been inactive, i.e. if you have not opened a newsletter from us for more than 12 months, you will automatically receive an e-mail from us. If you do not open this, you will automatically stop receiving e-mails from us. If you are not reactivated within additionally 12 months, your personal data will automatically be erased from database. If you wish to be removed from our database earlier than indicated above, please contact us at GDPR@wileyx.eu.
Regarding the processing of personal data in context of marketing purposes to B2B the following applies:
Collection of e-mail addresses in connection with future contact to potential new customers.
We ensure that we have the legal basis to process your personal data
When we process your personal data, it is with the purpose described above. Even though we have a legal basis to collect personal data about you, we must always ensure that we process your personal data solely for legitimate purposes. Our legal basis, as your co-contractor, is that it is necessary for us to have your relevant personal data to fulfil the contract we have with you.
We do not disclose your personal data without legal basis
We do not disclose your personal data to business partners or affiliates for marketing purposes. As your co-contractor, we are under an obligation to maintain confidentiality, which supplements the rules regarding personal data.
We will only disclose your personal data if we are legally obligated to do so, for instance as a part of a report to an authority. In this connection, you will be informed, as you have a right to insight.
If we disclose information to third parties who are not independent data controllers, we must ensure that a data processing agreement is in place that protects you and us against the data controller acting carelessly with your personal data and against the instruction we give the data controller.
We protect your personal data and have internal rules on information security
We have adopted internal rules on information security that contain instructions and measures to protect your personal data against being destroyed, getting lost or become altered, against unauthorized disclosure, and against unauthorized access or knowledge of them.
We have established procedures for assigning access rights to those of our employees who process sensitive personal data and data that cover information on personal interests and habits. We check their actual access through logging and supervision. To avoid data breaches, we make regular backups of our dataset. We also protect the confidentiality and authenticity of your data through encryption.
In the event of a security breach that results in a high risk to you of discrimination, identity theft, financial loss, loss of reputation or another significant inconvenience, we will inform you of the security breach as soon as possible.
If we place cookies, you will be informed of the use and the purpose of collecting data through cookies.
When using cookies, we ask for your consent. However, cookies necessary to ensure functionality and settings may be used without your consent.
You have the right to gain access to your personal data
At any time, you are entitled to know what data we process about you, where it originates from and what it is used for. You can also find out how long we store your personal data and who are receiving data on you, to the extent that we transfer data in Denmark and abroad.
On your request, we can inform you about the data we process on you. However, access may be limited for reasons of other people’s personal data protection, business secrets, or intellectual property rights.
You can also exercise your rights by contacting us. You can find our contact information at the top of the page.
You have the right to get inaccurate personal data corrected or erased
If you believe that the personal data, we process on you are inaccurate, you have the right to have it corrected. You need to let us know what data is incorrect and how it should be corrected.
In some cases, we will have an obligation to erase your personal data. This applies, for instance, if you withdraw your consent. If you believe that your personal data is no longer necessary for the purpose for which we collected it, you can request to have it erased. You can also contact us if you believe that your personal data is being processed in violation with the law or other legal obligations.
When you contact us with your request to have your personal data corrected or erased, we will examine whether the conditions are met and, if so, carry out the changes or erase the data as soon as possible.
You have the right to object to our processing of your personal data
You have a right to object to our processing of your personal data. You can also object to our disclosure of your data for marketing purposes. You can use the contact information at the top of the page to send an objection.
If your objection is justified, we will ensure that we cease processing your personal data. You have the right to receive the personal data you have provided to us and the data we have collected from other actors based on your consent. If we process data about you as a part of a contract to which you are a party, you may also receive your data. You also have the right to transfer this personal data to a different service provider.
If you wish to exercise your right to data portability, you will receive your personal data from us in a commonly used format.
If you wish to access your data, have it corrected or erased, or object to our data processing, we will investigate whether it is possible. We will reply to your request as soon as possible and no later than a month after we have received your request.
Last update: 30.11.20223