We only process personal information about you for the specific purposes mentioned above under Section 2, and We only process personal information that is necessary. We may process the following categories of personal data about you:

1. Ordinary personal data such as:
   • Basic contact details (e.g. your name, address, telephone number and email address)
   • Photos (Occasionally, we may do photo recordings in our shops in connection with special events, e.g. store openings or re-openings, special sales or other campaigns. If we do such photo recordings, there will always be signs informing about this at the entrance to the store and - if a special event is limited to a certain area - in the immediate surroundings of this area. We may also process photos that you submit to us in relation to competitions in which you participate)
   • Geo-location
   • Payment cards
   • Purchase history
   • Credit information
   • Competition participation, results and information provided by you in connection with competition
   • CCTV recordings
   • Information provided by you in connection with filing of a complaint

      

2. Sensitive personal information such as:

• If you file a customer claim including health information, Zebra collects and processes the necessary health information for the purpose of handling your claim. Normally, the health information is collected from you. We will only process sensitive personal information if consent has been provided, or if it is necessary to comply with a legal obligation, or to defend a legal claim.

4. HOW DO WE COLLECT PERSONAL INFORMATION ABOUT YOU?

We will normally collect your personal information directly from you. However, We may also collect personal information from another source than you, which may be:

1. Online sources, e.g. social media
2. Our affiliates and partners

5. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH? 

We may share your personal information with:

1. Other group entities, subsidiaries and partner entities. You may find information on the entities we may disclose your personal data to here: Zebra Group
2. Suppliers and vendors that We work with, such as supplier of products that we sell, service providers, technical support, IT consultants, supply services and financial institutions, including insurance companies.
3. Public authorities such as Tax authorities, the national Police and the Danish Data Protection Agency (Datatilsynet).
4. Social media platforms, such as Facebook, Instagram, YouTube, and Twitter.
5. Distributors of e-marketing such as MailChimp

Where We engage a third party data processor to process personal information on our behalf, We will delegate such processing in writing, will choose a data processor that provides sufficient guarantees with respect to technical and organisational security measures governing the relevant processing, will obligate the processor to act on our behalf and under our instructions and to comply with all relevant legislation regarding the use of data processors. In addition, We will impose in writing appropriate data protection and information security requirements on such third party data processors. 

From time to time, We may also need to disclose personal information to other parties, such as any person (natural or legal) or organisation to whom We may be required by applicable laws to disclose personal information, including, but not limited to, law enforcement authorities, financial institutions, and central and local government.

Personal information may also be disclosed in connection with a corporate restructuring, sale, or assignment of assets, merger, divestiture, or other changes of the financial status of Us or any of our affiliated entities. 

Finally, personal information may also be disclosed if necessary to protect the legitimate interests of Us (unless this would prejudice the rights and freedoms or interests of you), or in our judgment to comply with applicable law, legal or regulatory obligations or regulatory inquiries or requests.

6. UNDER WHAT CIRCUMSTANCES WILL WE TRANSFER YOUR PERSONAL INFORMATION OUTSIDE THE EU/EEA?

In some cases, We will be transferring personal information to countries outside the EU/EEA - e.g. when using IT service providers in such countries.

You can find an updated list of countries to which we may transfer data here: list of third countries.

Such transfers will only happen for the specific purposes mentioned above under Section 2, and We will always ensure that appropriate safeguards are in place for such transfer as set out below:

1. The country/countries or company/companies has/have been deemed by the Commission of the European Union to have an adequate level of protection of personal data
2. The country/countries has/have not been deemed by the Commission of the European Union to have an adequate level of protection of personal data. We will in such cases provide appropriate safeguards for the transfer through the use of "Model Contracts for the Transfer of Personal Data to Third Countries", as published by the Commission of the European Union, or any other contractual agreement approved by the competent authorities. You may obtain a copy of the contract/agreement by contacting Us at info@flyingtiger.com.

 
7. FOR HOW LONG WILL WE RETAIN YOUR PERSONAL INFORMATION?

We will retain your personal information only for as long as it is necessary for the purposes for which the data was collected or later processed. As a general rule, We will store data on customer contracts and purchases for five (5) years from the end of the year, where the contract was entered into or the purchase completed. If necessary in order to fulfil the purposes mentioned above, we will store your information for an extended period. We may also retain your personal information for a longer period if we are legally required to do so or if retention is necessary for the establishment, exercise or defence of legal claims.

We have specific retention policies for the following type of personal information:

• Information processed for marketing purposes will be deleted upon your request
• Information processed in relation to customer claims will be deleted five (5) years after the case has been closed
• Information processed in relation to personal injury will be stored for a period of 10 years
• Recordings from CCTV surveillance will generally be deleted 30 days from the date of the recording, unless longer retention is necessary for the handling of a dispute

Information on criminal offences will be deleted upon final judgement has been delivered

8. WHAT IF THE PROVISION OF YOUR PERSONAL INFORMATION IS MANDATORY?

In some cases, the provision of at least some of your personal information is a requirement necessary to enter into a contract.

Therefore, if you refuse to share such personal data, we may not be able to provide the services you request.

9. WHAT ARE OUR SECURITY MEASURES?

We will implement security measures to protect your personal data against manipulation, loss, destruction, and against unauthorised access. We continuously revise our security procedure based on the newest, technological developments.

In practice, it is not possible to provide 100 % security, and therefore we cannot guarantee that the information is protected completely against anyone who will succeed in circumventing the security measures and gain access to the data. Thus, you provide your data information at your own responsibility.

10. WHAT ARE YOUR RIGHTS?

In general, you have the following rights:

• You have the right to request access to and rectification or erasure of your personal data.
• You also have the right to object to the processing of your personal data and have the processing of your personal data restricted.
• If processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent.

• You have the right to receive your personal information in a structured, commonly used and machine-readable format (data portability).

There may be conditions or limitations on these rights. It is therefore not certain for example you have the right of data portability in the specific case - this depends on the specific circumstances of the processing activity. Also, if you request to have your personal data deleted for example, we may not be able to provide the services you request.

You may always lodge a complaint with the data protection supervisory authority 
Datatilsynet, 
Borgergade 28, 5., 
DK-1300 Copenhagen K. 
Email: dt@datatilsynet.dk. 
Phone: +45 33 19 32 00