page-header
Your Privacy, Our Policy

Privacy Policy

We at Fischer & Kerrn [Fischer & Kerrn A/S, Fischer & Kerrn Ltd. and Fischer & Kerrn UK Ltd.] are committed to protecting your privacy. This Private Policy applies to both our website, our consultancy services, our support tools and our Software Products (the Platform, Concierge Booking 365 (SaaS), Concierge Booking and ACTIVESIGNATURE). The purpose of this Privacy Policy is to provide a description of the types of information we collect on our websites and in our Software Products – and to confirm that Fischer & Kerrn comply with the EU Privacy Shield Framework promulgated by the EU.

  • Data Controller
    Fischer & Kerrn A/S
    Amagerfælledvej 106
    2300 Copenhagen S
    Phone: +45 33279797
    Email: info@fischerkerrn.com

At Fischer & Kerrn, we are committed to protecting the personal data you provide to us. In this privacy policy, you can read about what types of personal data we collect, how we use it, how we protect it, and what rights you have as a result of our processing. In most cases, our processing of personal data takes place as part of our activities as a software company.
Our core service essentially consists of offering a cloud-based software solution that can be accessed via the internet. In doing so, we collect and process data on behalf of our customers, and in such situations, we act as a data processor.
This privacy policy mainly covers the situations where we collect information for our own purposes and where we act as the data controller. However, we have also briefly described how we act as a data processor, as we acknowledge that, as an employee of one of our customers, you may be interested in how your data is processed when your employer uses our software.

In which situations do we collect and process your personal data?
1. When we enter into an agreement with you or the company you represent.
2. When we implement software at your company.
3. When we provide our SaaS service.
4. When we manage the operation and security of our systems.
5. When you sign up for our newsletter.
6. When we invoice your company.
7. When you visit our website and cookies are placed on your device.
8. When you apply for a job with us.
9. When you contact our customer support.

What personal data do we collect, for what purposes, and on what legal basis?
Sale of Software: When you or your company contacts us with the intention of purchasing software – for example via our website, newsletter, or LinkedIn – we process basic personal data such as name, email, phone number, job title, and company name. This data is used to establish contact, prepare and send offers, and enter into an agreement. The processing is necessary to carry out the sale and conclude a contract and is therefore based on GDPR Article 6(1)(b).

Software Implementation: Once you as a customer have accepted an offer, we collect basic personal data on relevant contacts involved in the software implementation. This may include name, email address, job title, and phone number. Additionally, we may process technical data such as usernames and login credentials where necessary to access your environment/infrastructure. The purpose is to collaborate on the implementation, track time spent, and provide technical assistance. The processing is part of fulfilling the contract, in accordance with GDPR Article 6(1)(b).

Provision of SaaS Services: When our software is activated, a dedicated operational environment and
database are created for your company. From that point, we act as a data processor and process personal data solely on your behalf and in accordance with your instructions. We retain administrator access to the application in order to ensure proper operation and support. This processing is governed by the data processing agreement entered into with you under GDPR Article 28. The data processing agreement is always available on our website.
Please note that if our products are used as on-premise solutions, we do not have access to your systems or your data. Our ACTIVESIGNATURE solution is exclusively hosted on-premise, while CONCIERGE BOOKING SOFTWARE can be used either on-premise or as a cloud-based solution hosted in our environment.
In cases where CONCIERGE BOOKING SOFTWARE is hosted in our Azure cloud environment, we may process the following personal data:

  • Name and contact details: When you register for CONCIERGE BOOKING SOFTWARE, we may store your name, email address, and operating system.
  • Cookies: We use cookies to record your preferences and settings.
  • Usage data: We collect data about how you and your device interact with our software products. This information is used to improve our products and services. The usage data we collect cannot be linked to you personally. The legal basis for this tracking is GDPR Article 6(1)(f).
  • Demographic data: We collect data about your country of origin and preferred language.
  • Meeting data: We collect information about your resource bookings and the meetings you
    schedule in Microsoft Exchange and CONCIERGE BOOKING SOFTWARE. This includes names and email addresses of participants, meeting length, booked resources, catering and services, and cost codes for invoicing.
  • Visitor data: We collect data about visitors booked for meetings and those registered in
    CONCIERGE BOOKING SOFTWARE. This includes name, email address, company, mobile number, and license plate number.

IT Operations and Security: In connection with the operation and maintenance of our platform and internal systems, we process technical log data such as usernames, IP addresses, login times, and system activity. This is done to ensure availability, protect against unauthorized access, troubleshoot issues, and monitor system stability. This processing is based on our legitimate interest in ensuring secure and stable operations, in accordance with GDPR Article 6(1)(f).

Newsletters: If you sign up for our newsletter, we process your email address and optionally your name to send you relevant updates, new feature information, and possibly marketing content. This processing is based solely on your consent under GDPR Article 6(1)(a), and you can withdraw your consent at any time using the unsubscribe link in the newsletter. If you have questions, feel free to contact us via the email address listed in this privacy policy.

Invoicing: When invoicing your company, we process the contact information of relevant individuals in the finance department or designated contacts. This includes name, email, job title, and service -related information. The processing is necessary for billing and to fulfill our bookkeeping obligations. The legal basis is GDPR Article 6(1)(b) for contract performance and GDPR Article 6(1)(c) in accordance with Section 12(1) of the Danish Bookkeeping Act.

Cookies and Website Visits: When you visit our website, we may place cookies on your device, depending on your consent. Cookies may collect information about your device and behavior, including IP address, browser type, operating system, and pages visited. This information is used to improve the website, analyze traffic, and deliver relevant content. The placement and processing of cookies for analytical and marketing purposes is based on GDPR Article 6(1)(a).

Recruitment: When you apply for a position with us, we process the data you submit, including name, contact details, CV, application, references, and in some cases, your civil registration number (CPR) when hired (we require this to register you in our payroll system). The data is used to manage the recruitment process and, upon hiring, to register you as an employee. The processing is necessary to enter into an employment agreement under GDPR Article 6(1)(b), and CPR numbers are processed in accordance with Section 12 of the Danish Data Protection Act.

Support and Customer Inquiries: When you contact our support team, we process the data you provide – typically name, email address, company name, and the content of your inquiry. The purpose is to respond to your request, provide technical support, and document the communication. This processing is based on our legitimate interest in providing support and maintaining customer service, under GDPR Article 6(1)(f).

Which third parties do we share your data with?
We use external third parties to provide various IT systems such as email platforms, hosting services,
marketing tools, customer management systems, and website functionality. If you have consented to our use of marketing/analytical cookies, we may share information about your website interactions with third-party platforms such as social media.
Additionally, we may need to share information with external advisors, accountants, and public authorities such as the Danish Tax Agency. We may also engage external consultants or enter into agreements with companies that assist with IT support, professional advice, hosting, etc.
Many of these third parties act as data processors under GDPR Article 4(8). We have entered into dataprocessing agreements with these parties to ensure that your personal data is handled securely, responsibly, and in compliance with the law. If a third party does not act as a processor but gains access to your personal data – for example, as part of a consulting assignment –we ensure that the individual or entity is contractually bound to confidentiality.
If a processor may transfer your personal data to a third country, we ensure that adequate safeguards are in place to protect your data. Such safeguards typically consist of the processor committing to the EU’s Standard Contractual Clauses (SCCs) under GDPR Article 46(2)(c). Alternatively, transfers may be made to countries and companies deemed safe by the European Commission, as per GDPR Article 45.

How long do we store your data?
We generally delete your data when we no longer have a purpose for retaining it. Information related to customer relationships is deleted after the current year plus 5 years, as required by the Danish Bookkeeping Act. An exception applies if a dispute arises or other legitimate reason exists to retain the data longer; in such cases, retention will be based on a concrete assessment, typically guided by the Danish statute of limitations.
Data collected via cookies is retained for the period specified in our cookie policy.
If you have subscribed to our newsletter, we retain your name and email address until you unsubscribe. You may unsubscribe at any time using the link provided in every newsletter.
Recruitment data is typically deleted shortly after the recruitment process ends, unless you have given consent for longer retention.

Your rights
You have the right to:

  • – Access the personal data Fischer & Kerrn processes about you
  • – Request the deletion of your personal data
  • – Request correction of inaccurate or incomplete data
  • – Object to the processing of your personal data
  • – Request restriction of processing
  • – Receive your personal data in a structured, commonly used, and machine-readable format

You may file a complaint with the Danish Data Protection Agency (Datatilsynet) about our processing of your personal data. Their contact information is:
Datatilsynet
Carl Jacobsens Vej 35, 2500 Copenhagen
Email: dt@datatilsynet.dk, Phone: +45 33 19 32 00

Back to top