RSP Systems A/S
DK 5260 Odense S
+45 7199 2818
2. What personal data do we collect and for which purposes?
We collect personal data about you when you visit our website, sign up for our newsletter, when you contact – or request information from us, when you apply for a job, or when you participate in our focus groups.
Our purpose for collecting your personal data is to verify your identity, deliver our newsletter, or other services you may have requested, as well as to improve, test and develop our website and our devices. We also collect your personal data during recruiting processes and where it is required or permitted by law for us to do so.
2. 1 Website
When you visit our website, we may collect personal data such as information about your behavior on our site and other relevant contact information for us to respond to any request that you may make through our website.
Through the collection of such information, we can detect how visitors use our website, which allows us to ensure that we provide the best service possible through the website.
2.2 Job Applications
If you apply for a job at our company, we will typically collect the following personal data from you:
- Name and, if relevant, current job title,
- Contact information, i.e., phone number, address, e-mail address, and
- CV, education, employment history etc. that you may provide us with
We use personal data to assess your suitability for the position in question.
We store all applications for a maximum period of 4 months after having received these. At the expiration of the 4-month period, we delete the applications. If we wish to store your application for a longer period, we will ask for your written consent.
RSP Systems makes use of third-party suppliers for the processing of certain data e.g., recruitment agencies or tests applicants may take. The parties in question process data solely on our behalf, based on instructions and contracts, and must not use data for their own purposes.
If a recruitment agency is involved in the recruitment process, it will be clearly stated in the job advertisement that all applications must be sent to them if an interested party wishes to apply. If the decision to engage a recruitment agency is taken at a later stage, all applicants will be informed, and their permission requested before their application is sent to the recruitment.
The recruitment agency may store all applications for a maximum of 6 months.
2.3 CVs collected as a part of clinical study conduct
To comply with GCP (Good Clinical Practice), MDR (Medical Device Reporting) and ISO 14155, we store CVs for documentation. Access is highly restricted, and all processing comply with MDR and ISO 14155, including deletion.
2.4 Emails and business cards
When you send an email or give a business card to an employee at RSP Systems, we receive personal data such as your name, job title and email address. As the information is freely given, we consider it a consent for us to process the data due to a balance of interest within two different purposes:
- Business Collaboration: We process this data solely for business collaboration and to document communication. The data may be shared internally if deemed relevant, but only normal personal data and for business collaboration only. Never sensitive data or for different purposes.
- Customer Inquiries: As this data may be sensitive, these emails are never shared, unless anonymized or if specific consent is given.
If the email contains sensitive data e.g., health information, the email is deleted immediately following reply.
2.5 Business Collaboration
When RSP Systems is collaborating or considering collaboration with other companies we administer strictly business-related contact information. We process the names, work titles, work email addresses and work phone numbers of the company representatives in the interest of potential or ongoing collaboration and partnership. The legal basis for our processing is the GDPR, article 6, clause 1f: “legitimate interest”.
Only selected employees have access, and all information is reviewed when entered to ensure due diligence concerning data minimization and accuracy.
When we enter into collaboration with companies and consultants, we gather the necessary information to uphold this collaboration including information needed for payment. The legal basis for our processing is either contract or legitimate interest depending on the collaboration.
In cases of sole proprietorships payment necessitates processing of sensitive personal information such as bank information and social security number. This information is only stored in our payroll system which has highly restricted access.
According to the Danish Accounting Act (Bogføringsloven), we are required to store social security numbers for 5 years after last payment. All other sensitive personal information is deleted when collaboration ends.
2.6 Focus Groups and Usability Studies
For the purpose of testing and further developing our device, focus groups and usability studies are performed with voluntary participants.
If you sign up to participate in a focus group or a usability study, we will collect your name, your e-mail address, other relevant contact information and your date of birth.
Personal data collected in connection hereto will exclusively be processed for the purpose of recruiting participants to focus groups and usability studies.
If you sign up to participate in a focus group or a usability study, you will also be asked to provide us with your explicit written consent to the processing of genetic data and data concerning health. You may only participate in a focus group or usability study if such consent is obtained. The consent form contains further information on the usages and retention of the personal data collected.
3. Who do we share personal data with and where do we transfer data to?
We make use of third-party suppliers for storage and processing of certain data, as well as sharing personal data with recruitment agencies, investigators, newsletter delivery systems and other relevant third parties. The parties in question process data solely under our instructions and contracts for corporations as well as data processor agreements and may not use data for their own purposes.
To fulfill your requests, develop our device and conduct tests and trials, we may need to transfer your personal data outside the jurisdiction in which you provide it and thus also to entities countries outside the EU/EEA. All such entities have entered into agreements based on the EU standard contractual clauses – or from October 2023 at the latest on the Data Privacy Framework – to ensure that we comply with our legal obligation to have a lawful basis for transferring personal data.
3.1 Confidentiality and Security
We will keep your personal data confidential and secure, thus we have implemented appropriate safeguards, policies, and technical measures to protect your personal data.
All employees, consultants, investigators, and partners, who have access to or are associated with the processing of personal data, are obliged to process all personal data according to the appropriate level of sensitivity and confidentiality.
4. Complaints and Rights
You have certain rights in relation to the personal data we process about you. You are entitled to:
- access your personal data or be provided with a copy thereof,
- rectification of personal data, if it is inaccurate or incomplete,
- erasure of personal data, unless we are required by law to keep it,
- restrict the processing of personal data (under certain circumstances),
- data portability,
- object to the processing of your personal data,
- withdraw your consent, and
- lodge a complaint with the Danish Data Protection Agency or any other relevant supervisory authority.
If you wish to exercise your rights, please contact us firstname.lastname@example.org