PRIVACY POLICY

Copenhagen, December 1st 2020

At Thylander Gruppen A/S (“Thylander Group”, “we”, “us” or “ours”), we give high priority to confidentiality and data security. This privacy policy applies to our processing of personal data, including on our website “www.thylander.dk”, and sets out the guidelines for Thylander Group’s way of processing your personal data and provides you with the information that you are entitled to receive in accordance with applicable data protection legislation. You are encouraged to read the privacy policy before submitting your personal information to Thylander Group.

Data controller and contact information

The data controller for your personal information is:

Thylander Gruppen A / S
Sundkrogsgade 7
2100 København Ø
Denmark
Mail: info@thylandergruppen.dk
Phone number: +45 70229922
CVR no. 34800782

Business and data collection areas

2.1 Property Management

2.1.1 Types of personal data, purpose and legal basis

Thylander Group is responsible for the management of a large number of properties. In practice, this means that Thylander Group is subject to obligations in accordance with the management agreements with investors as well as applicable legislation, including in particular the Act on Managers of Alternative Investment Funds (“FAIF”). As part of these contractual and regulatory obligations, Thylander Group will need to process the following types of personal information about the following categories of registered persons:

A) Actual owners behind the investment companies: Name, address, telephone number, e-mail address, date of birth and bank account information.

B) Board members: Name, address, telephone number, e-mail address, date of birth and bank account information.

C) Tenants: Name, address, telephone number, e-mail address, date of birth, monthly rent, identification information and rental address.

D) Suppliers, property administrators, resident representatives and real estate agents: Name, address, email address and telephone number.

Thylander Group processes the above mentioned personal data in order to comply with the management agreements and due to the legitimate purposes of being able to prepare accounts, budgets, negotiate agreements, evaluate the need for maintenance work, open and close bank accounts and to be able to make financial and legal due diligence of the properties, in connection with purchase and sale in accordance with Article 6 (1, litra b and 1, litra f) of the Danish Data Protection Regulation.

Thylander Group processes and passes on the above mentioned personal data in order to be able to invoice and comply with our legal obligations in the Accounting Act, FAIF and Article 6 (1, litra c) of the Danish Data Protection Regulation.

The above mentioned personal data may also be processed and passed on to independent recipients, on the basis of our legitimate interest in being able to determine, defend and enforce legal claims, according to Article 6 (1, litra f) of the Danish Data Protection Regulation.

In addition, in certain cases we process the above mentioned personal data as a result of our legitimate interest in being able to answer inquiries and advise, according to Article 6 (1, litra f) of the Danish Data Protection Regulation.

2.1.2 Third Party Recipients

In order to fulfill the above mentioned purposes, we may provide third parties with access to the personal data which, on the basis of a contractual relationship with Thylander Group, provides relevant services. For example, IT suppliers, mail providers and advisers in connection with the purchase and sale of properties. Such providers will only process the personal data in accordance with our instructions and with concluded data processor agreements.

As a rule, personal information is not passed on to a third party without prior permission. However, in certain circumstances it may be necessary to disclose the personal data to the police, lawyers, accountants, real estate investors, courts and public authorities.

Personal data are not transferred to insecure third countries.

2.1.3 Deletion

As a rule, personal information is only stored as long as it is relevant to be able to manage the properties, after which they will be deleted.

In practice, this means that personal information obtained about tenants will be deleted 6 months after the personal information was obtained for use for the specific purpose (eg 6 months after the end of due diligence).

Personal information obtained about suppliers and real estate agents will be deleted no later than 2 years after the last contact and personal information about property administrators and resident representatives will be deleted no later than 3 years after the end of the collaboration with the administrator.

Information about beneficial owners and board members for the above mentioned purposes will be deleted 3 years after the end of the collaboration.

The information required for accounting will be stored in our accounting file for 5 years from the end of the financial year in order to comply with the documentation requirements of the Accounting Act.

2.2 Money laundering documentation

2.2.1 Types of personal data, purpose and legal basis

Thylander Group is licensed as a Manager of Alternative Investment Funds and has direct customer contact, which is why Thylander Group is covered by the Danish Money Laundering Act. This implies that Thylander Group is legally obliged to obtain the following types of personal information about the following registered persons:

A) Real owners behind the investment companies: Name, address, telephone number, e-mail address, date of birth, copy of identification (passport, driver’s license, health card or utility bills). This means the social security number may appear and in very special cases also information about criminal offenses.

Thylander Group processes the above mentioned personal data in order to comply with the rules of the Danish Money Laundering Act, according to which Thylander Group is obliged to establish the identity of the beneficial owners behind the investment companies for the purpose of combating money laundering and in certain cases to report to the relevant authorities. The legal basis for this processing of personal data is Article 6 (1, litra c) of the Danish Data Protection Regulation (general personal data), the Danish Data Protection Act § 11, 2, 1 (Social security numbers), and the Danish Data Protection Act § 8, 3 (criminal information).

In certain cases, Thylander Group also processes the above mentioned personal data for the legitimate purpose of being able to determine, defend and enforce legal claims, cf. Article 6 (1) of the Data Protection Regulation. 1, letter f (general personal data), the Data Protection Act § 11, para. Article 9 (2) (4) of the Data Protection Regulation 2, letter f (CPR numbers) and the Data Protection Act § 8, para. 3 (criminal information).

2.2.2 Third Party Recipients

In order to fulfill the above mentioned purpose, we may provide third parties with access to the personal information that, on the basis of a contractual relationship with Thylander Group, provides relevant services. For example, IT providers, email providers and law firms may assist in obtaining money laundering documentation. Such providers will only process personal data following our instructions and in accordance with concluded data processor agreements. The personal information is generally not passed on to a third party without your permission. However, in certain circumstances it may be necessary to pass on the personal data to the police, lawyers, accountants, courts and investors.

Personal data are not transferred to insecure third countries.

2.2.3 Deletion

Personal data will be deleted 5 years after the termination of the business relationship or the completion of a single transaction. However, the personal data is stored for a longer period if personal data is necessary to process due to a pending case.

2.3 Property Management

Thylander Group is also responsible for the processing of personal data about tenants, in connection with the administration of Thylander Group’s properties. Thylander Group has chosen to outsource the day-to-day property management to a number of professional property managers. These property managers have the day-to-day operation and responsibility for the administration of the properties and thus also for the processing of personal data about the tenants in question. In collaboration with these property managers, Thylander Group has ensured that the property managers hand over a privacy policy to the tenants that fulfills our duty to provide information as data controller, as a result of our role as landlord. Depending on the tenancy in question, Thylander Group thus instead refers to the following privacy policies in relation to Thylander Group’s processing of personal data in connection with the administration of properties:

  • Deas A/S – link.
  • Newsec Property Asset Management – link.
  • Norse Property Management – link.

As Thylander Group has left the day-to-day administration of the leases to the above mentioned property managers, please contact the property managers and not the Thylander Group if you are a tenant and have questions regarding the administration of your lease. Contact information on the property managers can be found via the links above.

3. Cookies

We use cookies on our website.

4. Security

We protect the confidentiality, integrity and availability of your personal information. Therefore, we have implemented security measures to ensure that our internal procedures comply with the established security standards and applicable Danish legal requirements.

We have internal rules on information security, which contain instructions and measures that protect your personal information against being destroyed, lost, altered, against unauthorized publication and against unauthorized access to or knowledge of them.

Employees who have a work-related need for access to personal information have received training and instruction in the Danish data protection rules.

5. Your rights

  • You have the right to gain insight into the personal data we process about you, with certain statutory exceptions.
  • You have the right to rectify and delete your personal data, however, with certain statutory exceptions, including the Danish Accounting Act and the Danish Money Laundering Act.
  • You have the right to request us to limit your personal information.
  • In certain circumstances, you may also request to receive a copy of your personal information as well as the transmission of the personal information you have provided to us to another data controller (data portability).

You also have the right to object to the collection and further processing of your information, including objections to our processing, which takes place on the basis of your legitimate interest under Article 6 (1, litra f) of the Danish Data Protection Regulation.

6. Questions and complaints

If you have any questions about this privacy policy or if you wish to complain about the way we process your personal data, please feel free to contact us:

Thylander Gruppen A/S
Sundkrogsgade 7
2100 København Ø
Denmark
Mail: info@thylandergruppen.dk
Phone number: +45 70229922

If your complaint is not resolved by us and you want to proceed with the case, you can complain to the Danish Data Protection Agency:

Datatilsynet
Carl Jacobsens Vej 35
2500 Valby
Denmark
Phone: +45 33193200
E-mail: dt@datatilsynet.dk

7. Changes to our Privacy Policy

We reserve the right to make changes to this Privacy Policy from time to time. In the event of changes, the date at the top of the privacy policy will be changed. The current personal data policy will be available on our website www.thylander.dk. In the event of significant changes, you will be notified by e-mail.