This document primarily outlines the policies and procedures adhered to by Ellab in order to comply with the General Data Protection Regulation (GDPR) with respect to our digital marketing activities and web services. It serves as a comprehensive guide detailing our approach to data protection in the context of website usage, digital marketing, and customer interactions on our digital platforms.
The scope of this document extends to:
- The collection, use, storage, and transfer of personal data from our website visitors and service users.
- The rights of data subjects in relation to their personal data, and how they can exercise these rights.
- The measures we take to ensure the security of personal data.
- The use of cookies on our websites.
- Compliance with data breach notification and response procedures.
Please note that this document does not cover GDPR requirements related to other areas such as Human Resources, employee data, or offline data processing activities. Those areas are covered by separate policies and procedures designed to ensure Ellab's compliance with GDPR across all facets of its operations.
Ellab, with its headquarters in Denmark (an EU member state) and subsidiaries in various EU and non-EU countries, including the USA, France, and the UK, is required to comply with GDPR. The organization collects and processes the personal data of EU residents and engages in transactions involving EU residents, such as payments for goods or services. Therefore, Ellab is obligated to comply with GDPR regulations.
At Ellab, we are committed to protecting the privacy of our users and maintaining transparency in our data collection and processing practices. To demonstrate our adherence to the GDPR requirements, we have developed a comprehensive Privacy Policy frame that addresses the essential aspects of data protection. By addressing these points in our Privacy Policy, we ensure that Ellab remains transparent and compliant with GDPR requirements, fostering trust among our users and upholding the highest standards of data privacy. For further details, refer to our Privacy Policy at www.myellab.com.
Ellab collects data using Google Analytics (GA4), Google Ads which employ cookies and other tracking technologies to gather navigation information. To the best of our knowledge, the data collected remains anonymous, as we configure these tools to exclude identifiers that could be associated with individual users, such as location or IP address.
Additional personal data is collected through Pardot forms. This information may include, but is not limited to: work email, name, company phone, company industry, job title, country, reason for contacting us, and a free text field for messages. We also provide forms with fewer fields for users to subscribe to our newsletter or download PDFs. This information is collected only after users have accepted the terms outlined in our Privacy Policy.
Ellab retains analytics/navigation data for up to 14 months, while user-related data is stored for 2 months. Aggregated data, such as the total number of pages visited, the total number of users, and the total average time spent on the site, is retained for comparison with the previous year.
Once users accept the terms and submit a form, some of their data and navigation information, such as the pages they engaged with or the contact form they submitted, are stored in our CRM (Salesforce). This enables us to provide a proper reply to user inquiries, tailored to their individual needs and interests. We perform routine cleaning tasks to ensure we only retain data from users who are interested in being contacted by us and have recently engaged with Ellab.
3. Categories of Personal Data:
Ellab collects various categories of personal data to enhance user experience, improve advertising effectiveness, and facilitate service provision. The categories include:
a. Advertising Data: Ellab collects data for displaying targeted ads through Google Display Network and LinkedIn. This data is collected directly by the respective platforms and used to show users relevant advertisements based on their interests and online behavior.
b. Aggregated Analytical Data: To better understand user interactions with our website and optimize its performance, Ellab collects aggregated data for analytical purposes. This data may include metrics such as the number of visitors, pages viewed, and the average time spent on the site.
c. Contact Form Data: Ellab collects personal data through contact forms, which may include fields such as work email, name, company phone, company industry, job title, country, reason for contacting us, and a free text field for messages. This data is used to address user inquiries and provide tailored services.
d. Service Provision Data: To provide our services, process invoices, and conduct follow-up activities, Ellab stores the necessary data obtained from user interactions, contact forms, and other sources.
4. Purposes of Data Collection and Processing:
Ellab collects and processes personal data for a variety of purposes aimed at improving user experience, optimizing marketing efforts, and ensuring customer satisfaction. These purposes include:
a. Analytical Purposes: Ellab analyzes user data to understand which channels drive traffic to our website, allowing us to optimize campaigns and enhance the effectiveness of our marketing strategies.
b. User Support and Communication: By collecting personal data through contact forms and other means, Ellab can respond to user queries promptly and efficiently, providing the necessary assistance and information as required.
c. Service Provision: The data collected enables Ellab to deliver tailored services to our clients, ensuring their specific needs are met and fostering long-term relationships built on trust and satisfaction.
d. Customer Satisfaction Monitoring: By processing user data, Ellab can gauge customer satisfaction levels, identify areas for improvement, and implement measures to enhance the overall user experience.
5. Data Sharing with Third Parties:
Apart from the data that services like Google (which we understand is anonymous) can use, Ellab does not share or sell any kind of information or data to third parties.
6. Informing Users of Their Privacy Rights and Options:
Ellab is committed to informing users of their privacy rights and providing options to exercise those rights. To achieve this, we have implemented the following measures:
a. Cookie Disclaimer: Our website features a cookie disclaimer that clearly communicates the use of cookies. Users have the option to accept only essential cookies with one click or customize their cookie preferences. The disclaimer also provides a link to our Privacy Policy, where users can find more information about the cookies we use.
b. Privacy Policy Access: Before submitting any form, users are required to read and accept the terms outlined in our Privacy Policy. This ensures that they are aware of their privacy rights and how we handle their personal data.
c. Privacy Policy and Terms & Conditions Availability: Our Privacy Policy and Terms & Conditions are easily accessible from any page on our website, with links located in the footer of all pages. This enables users to review our policies at their convenience.
d. Location-Specific Terms: On the Terms & Conditions page, users can find terms adapted to their country when different regulations or service reasons apply, ensuring that our policies remain compliant with local laws and requirements.
Ellab is dedicated to informing users about their rights under the GDPR and providing them with the necessary tools and resources to exercise these rights. To achieve this, we have implemented the following measures:
Our Privacy Policy clearly outlines users' rights to access, rectification, erasure, restriction of processing, data portability, objecting, and opting out of automated decision-making. This policy is easily accessible on our website, with a link in the footer of all pages and mentioned explicitly when users provide personal information through forms.
We have established mechanisms for users to exercise their rights, including contacting us via email at info@ellab.com.com or by mail at Ellab A/S, Trollesmindealle 25, 3400 Hillerod, Denmark. These channels for communication are specified in our Privacy Policy, ensuring users are aware of their options for exercising their rights.
Ellab handles requests related to users' privacy rights by ensuring that all requests are handled in compliance with GDPR guidelines. Users are informed about the status of their requests and any actions taken by Ellab.
We are committed to informing users about their right to non-discrimination when exercising their privacy rights. Ellab maintains policies and procedures that ensure fair treatment of users and prevent discriminatory practices when users exercise their privacy rights under GDPR.
At Ellab, we prioritize obtaining valid consent from our users in accordance with GDPR guidelines. We are committed to implementing mechanisms that are explicit, informed, documented, granular, and easily accessible and allowing users to withdraw their consent at any time and that the withdrawal process is as easy as the consent process. In this section, we will discuss the various aspects of our consent process and our efforts to ensure compliance with GDPR requirements.
Ellab is committed to providing users with the ability to make informed choices about data collection and processing. We ensure that consent is freely given by making "Accept" and "Deny" options equally accessible and easy to use (in one click). Clear and transparent information about the data processing activities is provided, and users can customize their consent preferences using the available settings.
Ellab ensures that users are informed about the details of data collection and processing by providing a comprehensive Privacy Policy that outlines the types of data collected, the purpose of the collection, the duration of data storage, and the third parties involved. This policy is accessible through the cookie disclaimer, as well as on the footer of each page on the website.
Ellab documents user consent to comply with GDPR requirements by storing a record of the user's consent action along with the date in the CRM system when they accept the terms and submit a form.
Ellab obtains consent for different types of cookies or tracking technologies on the website through the cookie disclaimer pop-up, which allows users to select only essential cookies, accept all cookies, or access more settings to customize their cookie preferences.
Ellab ensures that consent is freely given and that users have equal access to "Accept" and "Deny" options by making both choices accessible with one click. The information is clear and transparent, and a settings functionality is provided so users can approve or disapprove specific cookies.
For any data stored in Ellab's systems, users can exercise their rights and withdraw consent by contacting Ellab via email at info@ellab.com.com or by mail at Ellab A/S, Trollesmindealle 25, 3400 Hillerod, Denmark. Users can also easily withdraw or change their consent regarding cookies through a functionality in the website footer “Cookie consent manager” that allows them to reopen the cookie settings and modify their preferences.
At Ellab, we acknowledge the rights of our users to refuse the use of nonessential cookies or other tracking technologies. We believe that their access to our services should not be hampered by their decision. As such, we have instituted policies and measures to assure continued access and functionality.
Unrestricted Access Despite Nonessential Cookies Declination: Ellab has designed its digital platforms, including our website, in a manner that allows unrestricted access even if a user declines the use of nonessential cookies. Our website functionality is not dependent on these cookies and remains fully operational even in their absence.
No Blocking of Nonconsenting Users: Our commitment to user rights extends to ensuring nonconsenting users are not blocked from accessing our site. Regardless of their decision to allow nonessential cookies or other tracking technologies, we provide equal access to our site's features and content.
Notification on Potential Impact of Consent Refusal: While our site is designed to function effectively even without nonessential cookies, we believe in keeping our users informed. If there are any potential limitations due to the refusal of certain technologies, we would include a notification in the cookie disclaimer or a relevant section of our site, informing users about the possible consequences of not accepting nonessential cookies or other tracking technologies.
At Ellab, we respect our users' decisions regarding their personal data. As such, we have implemented measures to ensure that data collection and processing activities cease immediately when a user opts out. This extends to both initial website visits and any subsequent changes in consent preferences. Here, we detail how our processes align with GDPR requirements in halting data collection and processing in a timely manner.
Immediate Halt of Data Collection and Processing: When a user opts out or withdraws consent, Ellab's system is designed to promptly cease all data collection and processing. This includes not setting non-essential cookies on the user's browser if they choose to opt out. The option to reject cookies is always accessible via the footer of our website, allowing users to stop non-essential cookie data collection at any given moment.
Prevention of Data Sharing with Third Parties: In the event of a user declining or withdrawing consent, Ellab ensures that no personally identifiable data is shared with third parties. It's important to note that Ellab only shares anonymous data with third-party companies, even when consent is given.
Automated Processes: The process of stopping data collection, processing, and sharing personal data with third parties is fully automated. This ensures a timely response to any changes in user consent, without the need for manual intervention.
Consent Tracking and Monitoring: We utilize our CRM system (Pardot/Salesforce) to track and monitor changes in user consent. This tool stores the consent status of users who have provided personal details via our forms, allowing us to adapt our data collection and processing activities accordingly.
Addressing Challenges and Limitations: Ellab has established efficient systems to manage the prompt cessation of data collection or processing when a user opts out. The automation of these processes, paired with our CRM tools, ensures that we remain compliant with GDPR regulations.
At Ellab, we store and document user consent through our CRM system, Pardot/Salesforce, which ensures a secure and auditable trail of all user actions, including acceptance of the Privacy Policy and cookie settings. In the event of an audit by data protection authorities or a Data Subject Access Request (DSAR) as per GDPR's "Rights of the data subject," we are prepared to swiftly provide verifiable proof of user consent and any requested data. Users can request their stored data, including their consent preferences, by contacting us through the provided email or postal address.
Ellab is committed to ensuring the security and integrity of personal data. In the unlikely event of a data breach, we have stringent processes in place.
We adhere to GDPR regulations, which include the obligation to report any breaches to the supervisory authority within 72 hours, especially if they pose a risk to individual rights and freedoms. Concurrently, we take immediate steps to contain the breach and strive to recover any lost data. Following these immediate actions, we conduct a thorough evaluation of the incident to further enhance our security measures and prevent future occurrences. All details of the breach, including its cause and the steps taken in response, are documented.
For any queries or concerns, please contact us via email at info@ellab.com.com or by mail at Ellab A/S, Trollesmindealle 25, 3400 Hillerod, Denmark.
Ellab is committed to the regular review and update of our Privacy Policy. We conduct a review every 12 months, regardless of whether there are major changes in our operations or data handling practices. Following each review, the effective date of our Privacy Policy is updated to reflect that it has been reassessed.
We prioritize transparency in our Privacy Policy, aiming for it to be as clear and comprehensive as possible. We avoid using complex legal jargon to ensure our users can easily understand our data processing practices. The date of the last update is prominently displayed at the beginning of the policy to provide assurance that the information is current and accurate.
It is important to note that Ellab does not engage in the sale of personal information. All personal data collected is used solely for the purposes outlined in our Privacy Policy. No personal data is sold or shared with third parties for monetary gain.