Privacy Policy

Privacy policy
In our privacy policy, you will find help to understand how Fokus Nordic A/S (“we”, “us”,
“our”) processes your personal data in various situations.
When we process personal data, we comply with the EU General Data Protection Regulation
(GDPR) and the Danish personal data rules in force from time to time.
1. Controller
Fokus Nordic A/S, CVR no. 37527750, Østbanegade 123, DK-2100 Copenhagen Ø, processes
a number of personal data about you as data controller in various situations. You
may read more about this below.
If you have any questions about our privacy policy and how we process your personal data
or if you wish to exercise the rights set out in paragraph 7 below, you may contact us at
persondata@fokusnordic.com.
You may read more about how to contact us at the end of the privacy policy (see paragraph
9).
2. Information about collection and processing of personal data
We collect and process the personal data set out below only to the extent necessary to
process your interests and suitability as a potential new customer or tenant in our vacant
leased premises, to fulfil our obligations under existing customer relationships or lease
agreements and the related services and to fulfil any obligations we may have under Danish
law.
2.1. Private leased premises
If you are a residential tenant with us, we will collect general personal data about you. This
includes your name, title, address, telephone number and email address, your use of leased
premises, your rent level, information about your deposit, heating and water consumption
and any other consumption information. We also process information about powers of attorney,
powers to sign, registered easements, profits, restrictive covenants and rights relating
to the lease, your bank account number, information about your household and cohabitant
etc. and information about domestic animals. Moreover, we process information about your
receipt of housing benefits, if relevant. We register whether we have provided access keys
and cards to you, and we process information about the layout of leased premises and any
subleases.
In the event of default or any other breach of the lease agreement, we will also process such
information, including warnings, notices and any other information related to the termination
of the lease agreement for breach or convenience. This also applies if the above circumstances
are caused by bankruptcy or death.
In special cases, we also process your civil registration (CPR) number. If so, we will inform
you thereof specifically, and we will obtain your prior consent if necessary.
We collect and process the above information only if necessary and only for the purpose of
managing and fulfilling the provisions of the lease agreement and the Danish residential
lease acts.
Generally, we do not collect any special categories of personal data (sensitive data) about
you.
If we need to collect additional personal data about you which are not covered by those set
out above, we will inform you thereof unless you are already aware of the collection and
processing or your interest in being informed thereof must yield to essential considerations
for public or private interests.
Legal basis for processing:
Point (b) of article 6(1) of the GDPR (management and performance of the lease agreement)
and point (f) of article 6(1) of the GDPR (our legitimate interest in processing data related to
the lease of the leased premises, including household information, access cards, consumption
data, etc.).
2.2. Commercial premises
If you are a commercial tenant with us, we will collect general personal data about you as
the contact person of the commercial tenant represented by you. This includes your name,
title, photo identification, address, telephone number and email address and your affiliation
with the commercial tenant. We register whether we have provided access keys and cards
to you.
If the commercial tenant is a sole proprietorship, we will also process personal data about
the commercial use of the leased premises, rent level, deposit, revenue if the rent is revenue-
based, heating and water consumption and any other consumption information. We
also process information about industry knowledge, powers of attorney, powers to sign, registered
easements, profits, restrictive covenants and rights relating to the lease and bank
account number. Moreover, we process information about the layout of leased premises,
any subleases and rights of assignment and resumption. In the event of default or any other
breach of the lease agreement, we will also process such information, including warnings,
notices and any other information related to the termination of the lease agreement for
breach or convenience. This also applies if the above circumstances are caused by restructuring,
bankruptcy or death. In special cases, we also process civil registration (CPR) numbers.
If so, we will inform you thereof specifically, and we will obtain your prior consent if
necessary.
We collect and process the above information only if necessary and only for the purpose of
managing and fulfilling the provisions of the lease agreement, the Danish Contracts Act (aftaleloven)
and the Danish Business Lease Act (erhvervslejeloven).
Generally, we do not collect any special categories of personal data (sensitive data) about
you.
If we need to collect additional personal data which are not covered by those set out above,
we will inform you thereof unless you are already aware of the collection and processing or
your interest in being informed thereof must yield to essential considerations for public or
private interests.
Legal basis for processing:
If you represent a commercial tenant: Point (f) of article 6(1) of the GDPR as we are pursuing
our legitimate interest in managing and performing the lease agreement with the commercial
tenant represented by you.
If the commercial tenant is a sole proprietorship: Point (b) of article 6(1) of the GDPR (management
and performance of the lease agreement) and point (f) of article 6(1) of the GDPR
(our legitimate interest in processing data related to the lease of the leased premises, including
access cards, consumption data etc.).
2.3. Applicants for private leased premises
If you are a residential applicant for vacant leased premises, we will collect the following
personal data about you: name, address, telephone number, email address and the type of
leased premises for which you are applying. We only collect and process these data for the
purpose of meeting your request for the right leased premises and for concluding a lease
agreement.
However, in some cases, we do collect additional personal data. In that case, we will notify
you thereof.
We do not collect any special categories of personal data (sensitive data) about you.
Legal basis for processing:
Point (f) of article 6(1) of the GDPR as we have a legitimate interest in managing applications
and identifying the right leased premises on that basis.
2.4. Applicants for commercial premises
If you are affiliated with a commercial applicant for vacant leased premises, we will collect
the following personal data about you: name, address, telephone number, email address
and your affiliation with the commercial applicant. If the commercial tenant is a sole proprietorship,
we will also process personal data about the types of commercial leased premises,
occupation, position, industry knowledge, financial information and public financial
statements.
We only collect and process these data for the purpose of meeting your request for the right
leased premises and for concluding a lease agreement, if relevant. We do not collect any
special categories of personal data (sensitive data).
Legal basis for processing:
Point (f) of article 6(1) of the GDPR as we have a legitimate interest in managing applications
and identifying the right leased premises on that basis.
2.5. House rules complaints
When dealing with house rules breaches, we process personal data about the complainant
and any witnesses. These data include names, contact details, the date/time of the incident
subject to complaint and any other information related to the incident subject to complaint,
including information about noise nuisance.
When dealing with house rules breaches, we also process personal data about the tenant
or persons belonging to the tenant’s household (the respondent), including names, contact
details, the date/time of the incident subject to complaint and any other information related
to the incident involved subject to complaint, including information about noise nuisance.
We will specifically notify the persons against whom the complaint is filed if this is possible
based on the information received in the complaint. However, in certain cases, we may
postpone or entirely omit such notification if required by essential considerations for public
or private interests.
Legal basis for processing:
Processing of general personal data (e.g. information about name and address, noise nuisance,
time of the incident, information about the identity of witnesses, etc.): Point (f) of
article 6(1) of the GDPR as we are pursuing our legitimate interest of the processing being
necessary for determining whether we are able to establish, exercise or defend a legal claim
based on our house rules and the provisions of Danish rent legislation.
Processing of information on criminal offences (e.g. incidents of violence) is based on section
8(5) of the Danish Data Protection Act (databeskyttelsesloven).
2.6. Job applicants
If you are a job applicant, we will collect the following personal data about you: name,
address, telephone number, email address, work history and job interests in the form of your
CV. We only collect and process these data for the purpose of meeting your request for
employment and for concluding an employment contract, if relevant.
However, in some cases, we do collect additional personal data. In that case, we will notify
you thereof on the date of collection.
We do not collect any special categories of personal data (sensitive data) about you.
Legal basis for processing:
Point (f) of article 6(1) of the GDPR as we have a legitimate interest in going through your
application and your CV for the purpose of identifying the right candidate for the position.
Required processing of personal data
Under the data protection rules, you e.g. have the right to be informed of whether the provision
of personal data is a statutory requirement or a requirement necessary to conclude a
contract and of whether you are obligated to provide the personal data and of the possible
consequences of your failure to provide such data.
It should be noted in that respect that, under the Danish Health Information Act (helbredsoplysningsloven),
an employee must state of their own motion or at the employer’s request
whether they know that they suffer from an illness or show symptoms of an illness which will
significantly affect their ability to carry out the work in question. Further, as a potential future
employee, you are subject to the general duty of disclosure, which means that you must not
knowingly withhold information that may be relevant to your opportunity of being employed.
Moreover, it should be noted that, if you are offered a position, we will use certain personal
data about you to draft your employment contract, including your name and address, see
the provisions of the Danish Employment Contracts Act (ansættelsesbevisloven).
If you do not wish to provide the information that you are required to provide under the
provisions of the Danish Health Information Act and/or according to your duty of disclosure
or the information necessary for drafting an employment contract, we will not be able to offer
you a position.
2.7 Customers and investors
If you represent and/or are a customer/an investor (a “customer”) with us, we will collect
the following personal data about you: name, address, telephone number, email address,
civil registration (CPR) no., photo identification (for the customer’s beneficial owners and
members of the executive board and board of directors of companies managed by us in
accordance with the Danish Anti-Money Laundering Act (hvidvaskloven)), occupation, position,
powers of attorney, powers to sign, directorships, executive board positions, ownership
of properties covered by the customer relationship, ownership of companies covered by the
customer relationship, insurances covered by the customer relationship, bank details covered
by the customer relationship and financial and tax information covered by the customer
relationship as well as owners’ association contributions and heating and water consumption
and the like if the owner is a member of an owners’ association.
However, we may need to collect additional personal data in connection with our management
of the customer relationship. In that case, we will inform you thereof unless you are
already aware of the collection and processing or your interest in being informed thereof
must yield to essential considerations for public or private interests.
We only collect and process these data for the purpose of performing the agreement which
we have concluded with you and/or the business represented by you and of fulfilling the
obligations under the Danish Anti-Money Laundering Act to banks and public institutions.
Legal basis for processing:
If you represent the customer: Point (f) of article 6(1) of the GDPR as we have a legitimate
interest in performing the agreement which we have concluded. If you are the customer (as
a private individual): Point (b) of article 6(1) of the GDPR (necessary for the agreement).
As regards our obligations under the Danish Anti-Money Laundering Act: Point (c) of article
6(1) of the GDPR, cf. part 3 of the Danish Anti-Money Laundering Act.
Processing of your civil registration (CPR) no.: Section 11(2) of the Danish Data Protection
Act.
3. Sharing personal data
Generally, we will share your personal data with our processors who, e.g., provide our IT
systems, including hosting, backup and support services.
We will also share your data to the extent required, including to public authorities such as
the Danish Tax Agency and the police.
If you are a residential tenant or a commercial tenant with us, we will share your personal
data with the owner of the property and with the suppliers and business partners assisting
us in fulfilling our obligations under new and existing lease agreements and the related services.
These suppliers and business partners will be: caretaker businesses, heating businesses,
lawyers, brokers, etc. In some cases, we will share your personal data in connection
with a transaction such as a merger or an asset sale.
If you are a customer and/or an investor with us, we will share your personal data with
banks.
If we wish to use your personal data for a purpose other than the purpose for which they
were originally collected, we will notify you thereof and obtain your prior consent if required.
However, if we anonymise your personal data so that you will no longer be identifiable, we
may use the data for other purposes without notifying you as it will no longer be personal
data.
4. Sharing information with recipients outside the EU/EEA
We do not share personal data with recipients outside the EU/EEA.
5. Protection of personal data
Under the GDPR, we must store your personal data in a secure and confidential manner.
We store your personal data on servers with restricted access, located in controlled facilities,
and our security measures are continuously monitored to determine whether our user data
are handled securely and with due consideration for your rights as a private individual.
We have implemented technical and organisational confidentiality and information security
measures to protect your personal data from destruction, loss, alteration, unauthorised disclosure,
access or knowledge by unauthorised persons. If a security breach of your personal
data would result in a likely high risk for you, such as discrimination, identity theft, financial
loss, loss of reputation or any other significant disadvantage, we will notify you of the security
breach as soon as possible.
6. Erasure of personal data
We erase or anonymise personal data continually as the purpose for which they were collected
ceases to exist.
If you are a residential tenant with us, we will store your personal data for five years after
the tenant’s vacation of the premises.
When we deal with house rules breaches and we find a complaint to be unfounded, we
will immediately erase your personal data related to such house rules breach. Similarly, we
will erase the complaint and the personal data collected when the complaint procedure has
been completed without giving rise to any objectionable issues. If the complaint uncovers
objectionable issues, we will erase the personal data collected on or before erasure of the
personal data related to the specific lease agreement.
However, we will not erase data if we are required under law to store them or if they are
necessary for legal claims etc., e.g. in connection with proceedings before the housing tribunal
or due to outstanding accounts with the respondent.
If you are a commercial tenant with us, we will store your personal data for five years after
the end of the lease agreement.
However, we will not erase data if we are required under law to store them or if they are
necessary for legal claims etc., e.g. in connection with proceedings before the housing tribunal
or due to outstanding accounts with the respondent.
If you are a residential applicant, we will store your personal data for a maximum of 12
months after receipt of your application unless you actively ask us to keep your application
for an additional 12 months.
If you are a commercial applicant, we will store your personal data for a maximum of 12
months after receipt of your application unless you, on behalf of your business, actively ask
us to keep your application for an additional 12 months.
If you are a job applicant, we will store your personal data for up to six months unless
otherwise agreed.
If you are or represent a customer and/or an investor, we will store your personal data for
up to five years after the end of the business relationship.
7. Your rights
Under the General Data Protection Regulation, you have several rights in relation to our
processing of data about you. Please contact us if you wish to exercise your rights. Your
data protection rights comprise the following:
– Right to access data (right of access): You have the right to access the data which
we process about you and several other data.
– Right to rectification (correction): You have the right to have inaccurate data about
you rectified.
– Right to erasure: In special cases, you have the right to have data about you erased
before we are generally required to erase such data.
– Right to restriction of processing: In certain circumstances, you have the right to restrict
the processing of your personal data. If you have the right to restrict the processing,
we will, in future, only be permitted to process the data – except for storage
– with your consent or for the establishment, exercise or defence of legal claims or
for the protection of a person or important public interests.
– Right to object: In certain circumstances, you have the right to object to our otherwise
lawful processing of your personal data.
– Right to transmit data (data portability): In certain circumstances, you have the right
to receive your personal data in a structured, commonly used and machine-readable
format and to have such data transferred from one controller to another without hindrance.
You may read more about your rights in the Danish Data Protection Agency’s guidance on
the data subjects’ rights, which is available on www.datatilsynet.dk.
You may withdraw your consent at any time if we are processing data based on your consent.
You may contact us about this by using the contact details stated at the end of the
privacy policy (see paragraph 9). If you decide to withdraw your consent, it will not affect the
lawfulness of our processing of your personal data on the basis of the consent previously
given by you up to the time of withdrawal. Therefore, if you withdraw your consent, the withdrawal
will not become effective until such time.
8. Complaint to the Danish Data Protection Agency
You have the right to file a complaint with the Danish Data Protection Agency if you are not
satisfied with our processing of your personal data. You will find the Danish Data Protection
Agency’s contact details on www.datatilsynet.dk.
9. Contact details:
Fokus Nordic A/S
Østbanegade 123, blok 6, 2. sal
DK-2100 Copenhagen Ø
+45 7010 0075
Email: persondata@fokusnordic.com
Last updated
We reserve the right to update and amend this privacy policy.
This privacy policy was last updated in February 2024.