You can read our privacy policy in Danish here
TDC makes a living from digital development and strives to take good care of the data involved, both information about our customers and our employees.
We’ve been processing personal data for more than 135 years, and we were among the first in Denmark to make a public statement on this subject. TDC aims to be a trustworthy and transparent company that leads by example.
1. About TDC Erhverv’s privacy policy
When using TDC Erhverv’s products and services, you share selected personal data with us. In this privacy policy you can read about the information we collect, why we collect it and what we use it for. It is important for us to take good care of your personal data, and we hope that you will take the time to read how we do it.
Structure
TDC Erhverv’s privacy policy consists of a general policy description (this document) and a number of specific descriptions of the personal data processing in connection with various specific processes and use of TDC Erhverv’s individual products.
When you use our portals/websites, we collect cookies about you. You can read about cookies here.
When you do business with TDC Erhverv, the agreement will contain general terms and conditions for the use of the product or service in question. You can read more about the terms and conditions for business customers here.
When the product or service we provide to your company requires a data processor agreement (DPA), the DPA will usually be covered by the general terms and conditions of the product or service.
If you apply for a job at TDC Erhverv, Nuuday A/S will process personal data about you. You can read more here.
Who is responsible for the processing of your personal data?
Nuuday A/S, central business reg. no. 40075291, Teglholmsgade 1, 0900 Copenhagen C determines the purposes for which TDC Erhverv may collect and process your personal data and is therefore the “data controller” according to the rules for the processing of personal data.
How can you contact TDC Erhverv?
If you have any questions about this privacy policy or other questions about how we process your personal data, you are welcome to contact TDC Erhverv’s customer service centre here.
You can also contact TDC Erhverv’s customer service centre if you discover or suspect that we have broken the rules for processing of personal data.
In addition, you can contact Nuuday’s Data Protection Officer (DPO) at: dpo@nuuday.dk
Contents
In this privacy policy you can read about:
what personal data we collect, how we collect it and how we use it.
who has access to your personal data and how long we keep it.
how we protect your personal data.
your rights in relation to our processing of your personal data.
general information on data security and security policies in TDC.
who to contact if you have any questions.
Legal references
When using "consent", reference is made to the basis for processing, as described in the GDPR regulation art. 6, subsection 1, letter a.
When using "contractual obligation/contract", reference is made to the authority for processing, as described in the GDPR regulation art. 6, subsection 1, letter b.
When using "legislation", reference is made to the basis for processing, as described in the GDPR regulation's art. 6, subsection 1, letter c.
When using "balancing of interests", reference is made to the basis for processing, as described in the GDPR regulation art. 6, subsection 1, letter f.
2. Which personal data do we collect, how do we collect it and how do we use it?
TDC Erhverv collects personal data about you for a variety of purposes. The information is collected or created when you, for example, visit our websites (cookies), participate in surveys, register as a new customer or use our products or services. The customer journey below illustrates the different steps that require us to collect data so that we can provide our services to you.
Below you can find general information about how and for what purposes we collect and process your personal data in the different parts of the customer journey.
Step 1: “I visit or reach out”
When you visit TDC Erhverv’s website or contact us, we collect personal data about you.
You can read more about personal data processing using TDC Erhverv's websites, social media and newsletters here.
We process personal information in order to improve the services and products offered to you and to be able to make an proposition to a customer/employer.
We use the information, along with other customer information, in Nuuday’s Business Intelligence (BI) system for statistics, marketing strategy and targeted marketing. You can read more about our privacy policy for BI here.
The personal data we collect for these purposes when you contact TDC Erhverv may be your name, address, telephone number, email address, job title, social security number, birthday, customer number, IP address, order history, and whether you have given us permission to send you marketing materials.
We mainly collect the information through our own systems and websites. However, in some cases, we receive your information from one of our partners, e.g. in connection with customer surveys or if you are participating in a competition.
You can read more about personal data processing in connection with Nuuday’s use of surveys here.
We will only send you ads and offers by phone, post or email if you have allowed us to do so.
Your personal data is generally processed by us in TDC Erhverv, but in some cases it is transferred to subcontractors or external partners who help us conduct customer surveys, send out marketing materials, etc.
We handle your data with care and furthermore to avoid or prevent your data from being misused in relation to our services.
We process your personal data on the basis of a balance of interests, where we continuously balance the protection of your privacy against our interest in processing your personal data.
Step 2: “I sign up / change products or services”
TDC Erhverv needs some of your personal data in order to register you as a customer or change your current solution and thus provide the service and/or product you want. Our legal basis for collecting this information is sometimes our contractual obligation to provide a particular service to you, but is mostly based on our legitimate interest. This because you as a customer of TDC Erhverv are usually registered through your company, which will be registered as the legal owner. This means that you as an end user are not necessarily a direct customer of TDC Erhverv and that the contract has not been entered with you directly, but with your employer.
The information we collect for these purposes is usually the following about your employer: name, address, phone number, email address, central business registration number, TDC customer number, IMEI number (your phone’s unique ID number) and ICC number (your SIM card’s unique ID number).
We may also collect your name and address, job title, employee ID, initials, the email address and phone number used at your workplace, and possibly your private email addresses. We may also need your date of birth, for example if you have a broadband connection at home provided by your workplace. Otherwise, we will not be able to deliver your product.
We mainly collect the information from the company we have entered into the contract with, but we may also collect it directly from you as a customer, for example if you have a gross salary scheme. In this case, we collect your information based on a contractual obligation. We collect the information by email, phone or online. If you want to have your work mobile number changed to a private number, we also need your social security number in order to register you in our systems and carry out a credit rating. In this case, the processing of your social security number will be based on your consent.
We assign you one or more IP addresses and register/assign/link mobile identification numbers (e.g. IMSI/ICC number, IMEI number, serial number for mobile phone/hardware) and one or more TDC account numbers.
We store the email address you or your company provides us with in order to communicate with you about the order and delivery.
We may ask you to inform us about your bank account/NEM account, for example so that we can charge you co-payment for your company subscription, or because we owe you money and need to credit an amount to you.
In connection with creating a company-paid subscription, you inform us or your employer of who is the legal owner/payer in your household. This is so we can change the information we have to what has been agreed in the contract with your company or with you concerning who the future legal owner and payer should be.
In order to offer employee solutions to your employer, we examine what can be supplied at the employee addresses that the employer informs us about, or the employer-paid solutions we already provide. This is in order to offer you and your employer the best possible solutions.
When your company has entered into an agreement concerning, for example, supplying broadband to you at your home address, you will often be offered to place the order on TDC’s ordering portal (eWeb solution). We will send you an email and a link to our ordering portal. There you will be asked to provide some of the above information so that we can order the agreed products for you. Some of the information will be listed when you log in because we will have received it from your employer.
If your employer has assigned you a secure mobile, priority telephony or a secured line (e.g. Nalla circuitry), we will have this in our records.
If you work for a company where you need access to areas where TDC has access control, we may also process information such as your name, job title, address, date of birth, a photo of you, key tokens and the codes for them, as well as which locations/addresses these apply to. In addition, we may register your movements in and out of the location/address.
For companies, including one-person business/sole proprietorship, we obtain the company’s central business register number for automatic and possibly manual credit rating. We also carry out automatic credit ratings of individuals when we set up a subscription and in connection with subsequent purchases.
Before we register you as a customer, we process your information to investigate whether you have previously violated our terms. In the case of previous violations, our delivery of products or services will only be possible after manual processing of your customer relationship.
We process the personal data across Nuuday, for example, to be able to deliver your order, correct errors, investigate a complaint or offer you a better service or product.
When we plan and carry out the deliveries of products and services, our employees will process personal data about you in order to be able to complete the deliveries. This may include information about the delivery addresses, the delivery date, your name, mobile number, email address and the products you need to have delivered. We may also have information about an alternative contact person that you or your employer have given us.
If we receive a letter from you that does not indicate who it is addressed to or if the recipient is not in our system, we will process the letter manually to find the right recipient, after which the letter is usually scanned into our IT system for further processing.
Your employer may have access to our self-service solutions and will be granted user access to the employees who handling orders and fault reports. These employees will be able to view, register, modify and delete information about employer-paid telephony and broadband solutions etc. to the employees of the company. They will also be able to see historical data as long as the employees are registered in the system. It is the employer’s responsibility to discontinue products for employees and delete these employees from the self-service system when the employees leave the company.
TDC Erhverv takes care of all order handling, while delivery, installation and processing of the order may be handled by subcontractors, depending on the type of product or service you have ordered. Handling personal data in connection with deliveries is described for each product or service in step 3: “I use”. There you can also see a list of our products and services.
If you change from one product to another, e.g. when upgrading your internet connection, we will handle this the same way we handle a new order. However, the difference in this case is that we have already registered you as a customer and therefore do not need to collect more personal data to make the change. Activities related to a change of product are described under step 2 of the customer journey: “I sign up / change products or services”. The processing will be the same as described under Products and Services.
At TDC Erhverv it is possible to sign up to a user panel, which is used to contact users of www.tdc.dk and TDC Erhverv’s self-service system in connection with testing new functionalities. In order to contact users, we need to store the email addresses of users who have consented to be contacted. We store users’ email addresses for six months, after which they are automatically deleted.
Step 3: ”I use”
Step 3: ”I use” covers four areas:
”I use”, which concerns the processing of the information that occurs when you use a product or service.
“I pay”, which concerns paying for the use of the product or service (creating invoices).
“I have a problem”, which is about providing you with support if you experience problems with the product or service.
“I leave”, which concerns the processing of your information in relation to termination of contract.
”I use”
TDC Erhverv processes information about your use of our products and services. We do this partly to ensure that you have a good, consistent user experience, to be able to provide the service you have requested, and to ensure that we have the correct information for our invoices.
When you use one of our products or services, we usually only process the information you gave us when you signed up (see step 2 above). However, in some cases, we collect or register additional personal data when you use our products or services, e.g. our postal services. Your contact lists, calendars, and information in the emails you receive and send will contain personal data. In some cases, personal data is created when you use our products and services, e.g. traffic and location data generated in our mobile services, and data from cookies created when you visit our websites.
The personal data that is collected or created, and how we handle and protect it, is described in detail in the individual policies for each product or service. When you use a product or service from TDC Erhverv, we process your personal data in order to fulfil a contractual obligation, which is to provide the product or service to you.
In some cases, we may also be legally required to process your personal data in connection with your use of our products and services.
”I pay”
TDC Erhverv also processes personal data about your consumption to be able to generate an invoice we can send to the company with which we have entered into the agreement. For example, if you have been abroad in connection with your work and have therefore had a higher consumption than usual, it will appear on the bill and be visible to your employer. In some cases, TDC Erhverv will also use your information to improve our workflows and payment systems.
The personal data we typically use for these purposes is: your name, address, phone number, billing status, consumption and bank details. We also collect and use your social security number in special cases where it is necessary to recover debts. We use partners to recover the debt for us. The relevant information is collected through our systems and depends on the subscription or service you have chosen.
When investigating billing issues, we will also be able to see what other subscriptions are linked to your address, including consumption/billing of e.g. movies on Blockbuster.
In case of non-payment, we may use a debt collection company to recover outstanding debts from you to us and in so doing collect and disclose the necessary information to our debt collection supplier.
To ensure correct billing, we perform random checks and analysis of payments for our products, where we for example review information about the products you and your employer have with us, including consumption patterns.
When your employer pays for your telephony usage, your employer will be able to see or get information from us about your usage and calls. For example, we will have a meeting with your employer, where we review lists of the solutions/products delivered to the employees, the prices and usage. If your employer’s contract also includes agreements on discounts for employees or gross salary schemes, the employer will also be able to find out what you are paying for products to verify that we are billing you correctly.
In connection with accounting processes (e.g. invoicing), our finance department can send the relevant information to be used to our third-party subcontractor, who may be outside the EU.
We process your personal data for these purposes in order to fulfil a contractual obligation, including the ability to pay. For other purposes, e.g. for credit rating and disclosure to debt collection agencies, the processing is based on a balance of interests, where we balance our interest in processing your personal data against the wish to protect your privacy.
”I have a problem”
TDC Erhverv processes your personal data when we help you answer any questions you may have about your subscription or service with us. For example, these may be questions about your bill, if you cannot get your product to work, or if you have questions about self-service or additional services.
In order for us to identify you as a customer, find the correct information in our systems and respond to an enquiry from you, we will normally ask you to provide your name, phone number, TDC customer number or central business register number, either over the phone, by email or online contact, such as chat or Facebook. If you allow us to do so, we will also record the conversations for internal training purposes. The personal data we will need in addition to this depends on what the enquiry is about. For example, if it relates to your bill, we will look up your usage so we can account for the bill in question. If your question is about how to use our self-service system, we will guide you through it. We collect this information through our systems. In connection with your use of Nuuday's chatbot and various agent assists, answers are also generated using AI.
Some of our customer support subcontractors may be located outside the EU. You can read more about security and our use of subcontractors below under “Accessing and sharing data”. You can also find more information about our use of subcontractors for each product or service under “Products and services”.
In connection with error correction with your employer, we can log in and view and process the information that your employer can also see and process in our self-service systems. If you or your employer contacts us about an error, we create an error report with information about what the error is about, who sent it, and which product and place of delivery it concerns. We document the troubleshooting process and note comments we receive, or your employer/their employees create a fault report and comment directly in our troubleshooting system to describe the error repair process and solve the problem.
If you consult an advisor when you contact us, e.g. an accountant or lawyer, we will process the information we receive. This assumes that you have provided the necessary power of attorney for this.
If our support is necessary for providing the ordered product or service, we will need to process your personal data in this context to fulfil our contractual obligation. In other support cases, the processing is based on a balancing of interests, where we balance our interest in processing your personal data against the wish to protect your privacy. Phone conversations are only recorded with your consent.
”I leave”
If the contract is terminated, TDC Erhverv processes your personal data to be able to discontinue your company’s service with TDC Erhverv and your subscription or service.
The personal data we need to close your subscription or service is generally only the company name and customer number. As part of the appendix to the contract and in order to close our service, we also process the following information about you: name, address, phone number and email address. In addition, we may generate a final settlement that will show your consumption as an end user will appear. Once we have ensured that we have found all the right end users for a customer, we close the service and thus your subscription in our systems.
When we close your account, we delete the information that is no longer needed. The information in question depends on the individual products and services. For more information about this, see under the heading “Products and services”.
We process your personal data for this purpose in order to fulfil our contractual obligations.
2.1 Products and services
Here you can find more information about how we handle your personal data in relation to a particular product or service:
Servicespecifik persondatameddelelse - Telefonitjenester i TDC Erhverv
Servicespecifik persondatameddelelse - Datatjenester i TDC Erhverv
TDC Erhvervs hjemmesider, sociale medier og nyhedsbreve
Kundetilfredshedsundersøgelser og anden indsamling af data
In situations where TDC Erhverv is a data processor for the customer, you will find information about the processing of personal data in the terms of the product and the associated data processor agreement. You can read the data processor agreements here.
2.2 Consent
Some processing of your personal data requires us to collect your consent. This applies, for example, to the processing of social security numbers, the recording of telephone conversations and certain types of marketing and customer surveys that are not necessary under other legislation, for the purpose of fulfilling a contract with you or based on a balancing of interests. The text in the statement of consent will explicitly state what information we process, how we do it and why. It will also state how long your consent will last.
You always have the right to withdraw your consent. We ensure that it is as easy to withdraw consent as it is to give consent, and we keep documentation to prove that you have consented to us processing your personal data.
3 Who has access to your personal data and how long do we keep it?
3.1 Accessing and sharing information
To ensure that only relevant persons have access to your personal data when they assist you in one of the steps of the customer journey with us, we have imposed strict access restrictions in the systems where the information is stored and processed.
This means that an employee does not have access to your personal data unless he or she has to perform a task necessary to provide you with a product or service. Depending on the task to be performed, the employee will only gain access to the personal data necessary to perform the task. We also require our partners and subcontractors to be equally restrictive if they handle your personal information on our behalf.
We share personal data with our partners and subcontractors in the following situations:
In order to provide you with a product or service. In situations where we share (transfer) personal data to a subcontractor or partner, we only transfer the personal data they need to perform their part of the task. We also ensure that the subcontractor or partner processes the personal data in a secure and confidential manner and that they follow our instructions.
With your consent: In some cases, we share personal data with companies, organisations or people outside TDC Erhverv, once you have consented to it.
Due to a balancing of interests: In some cases, we share personal data with companies, organisations or persons outside TDC Erhverv, when we have a legitimate interest in doing so, and this interest does not lead to your privacy being compromised.
For legal reasons: In order to comply with legislation, other regulations, legal processes or to comply with legitimate requests from public authorities.
In order to enforce our terms and conditions related to the individual service, including when investigating potential violations.
In order to detect, prevent or otherwise address fraud or security or technical problems.
In order to protect ourselves from breaches of rights or security and from damage to the TDC Group’s property, our users or the public, as required by law or otherwise permitted.
It may be that a partner or sub-supplier has parts of their products or services in a country outside the EU (a third country), and that your personal data is therefore sent out of the EU.
TDC Erhverv uses the relevant legal bases in Articles 44-49 of the GDPR in connection with the transfer of personal data. In cases where there is an adequacy assessment from the EU Commission, a transfer of personal data will be authorized in Article 45, subsection 1.
In cases where there is no adequacy assessment from the EU Commission, a transfer of personal data will be authorized in Article 46, paragraph 2, letter c.
When a transfer is authorized in Article 46, subsection 2, letter c, then TDC Erhverv ensures that the transfer is assessed in accordance with the EDPB's guidance 01/2020 on supplementary measures, so that effective supplementary measures are ensured in the situation that a Standard Contractual Clause does not in itself ensure a sufficient level of protection.
If you have questions about the basis for transfers to countries outside the EU/EEA contact, please contact TDC Erhverv customer service here.
You can read more about which types of personal data are transferred to which types of subcontractors under the section "Products and services", and about whether a subcontractor processes your personal data within the EU or in a third country.
3.2 Storage of personal data
TDC Erhverv does not wish to store your personal data for longer than necessary. We store the personal data for as long as is necessary to provide our products or services to you, for as long as is necessary to be able to accommodate e.g. complaints or legal proceedings, or for as long as other legislation requires. We also store your information for a short period of time after you have terminated your agreement with us so that we can recover your account if you wish (during the cooling-off period), or so we can answer any questions you may have about how we processed your personal data while you were a customer with us.
We have a general procedure for how long we store certain types of personal data. However, there may be exceptions to this, so we recommend that you look at the descriptions under “Products and services”, which contain information about how long the information is stored for each product and service.
We ensure that the set data storage time (the period we store your information) also applies to our subcontractors. They do not store your information for longer than we do.
You will find an overview of Nuuday's general deletion policies here.
4. How do we protect your personal data?
To ensure that your personal data is processed in a secure manner, we have implemented an information security management system based on best practice ISO27001 and the Insurance and Pension standard. This system provides management, process and other administrative, technical and physical controls that ensure that our IT environment is secure as regards confidentiality, integrity and accessibility.
We also pay special attention to the systems and applications that process your personal data. For each of these systems, we have special safety requirements and controls.
The safety requirements and controls are in place both with us and with our subcontractors, so that the entire service supply chain is secured. We perform audits and security checks, e.g. vulnerability and penetration tests, both on our own systems and on systems operated by our subcontractors.
Some of our services are also security-certified and subject to external ISAE audits.
The IT environments, systems and applications we use to provide customer service and products, as well as to store and process personal data, are assessed and designed to be as secure as possible.
5. Your rights
TDC Erhverv respects your rights, and the personal data you provide to us belongs to you.
People have different needs when it comes to protecting their personal data. We make every effort to make it clear what personal data we and our partners collect, so that you can exercise your rights.
5.1. Right of access
You have the right to be informed about which personal data we process about you. You will find the information in this personal data notice.
5.2. Right of access to your personal data
You have the right to gain insight into the information that we process about you, as well as a range of additional information. To protect your personal data, we must have your identity verified before we give you access to your data.
At tdc.dk/persondata you can request that your information be provided. We process all requests as quickly as possible and within a month you will receive confirmation that delivery has taken place or when we expect it to take place.
5.3. Right to rectification (correction)
TDC Erhverv ensures that the personal data collected and stored are correct. In cases where you believe that they are inaccurate or incomplete, we encourage you to contact us so that we can correct the information.
However, we have the right to reject your request if it is unfounded or if we repeatedly receive similar requests from you. In such cases we reserve the right to impose an administration fee. We also reserve the right to reject your request if it is pointless.
You can ask to have your personal data corrected by contacting our Customer Service. All requests will be processed as soon as possible and within one month you will receive confirmation that your personal data has been corrected or when we expect it to be.
5.4. Right to deletion
TDC Erhverv has a deletion policy to ensure that no personal data is stored longer than necessary. In addition, you can ask to have personal data about you deleted.
In special cases, you have the right to have information about you deleted before the time of our normal general deletion occurs. You can ask to have your personal data deleted by contacting our Customer Service. We process all requests as quickly as possible and within one month you will receive confirmation that your information has been deleted or when we expect it to be.
5.5. Right to data portability
You also have the right - in a structured, common and machine-readable format - to receive your personal data when you have provided the information to us yourself. You can also have the information transferred to another supplier. This right is called data portability and applies when:
you have given your consent to the processing or when the processing takes place on the basis of a contract, and
the processing is carried out automatically (electronically)
5.6. Right to object
You have the right to object to our otherwise lawful processing of your personal data if the processing takes place on the basis of a balance of interests between our and your purposes and considerations.
If the objection is justified, we will limit the processing as described below.
You also have the right to object to our processing of your personal data for direct marketing purposes. If you object to this processing, we may no longer process your personal data for this purpose.
5.7. Right to restrict processing
In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we may in future only process the information – apart from storage – with your consent, or for the purpose of establishing, asserting or defending legal claims, or to protect a person or important public interests.
5.8. Right to complain to a supervisory authority
You have the right to file a complaint to a supervisory authority if you are dissatisfied with the way we process your personal data. The supervisory authority can be the Danish Data Protection Agency or the Agency for Digital Government, depending on the types of personal data involved.
The Digital Agency oversees the rules on personal data security in the electronic communications sector. You will find the Danish Data Protection Agency's contact information at https://www.datatilsynet.dk/ and the the Agency for Digital Government's contact information at www.digst.dk.
6 General information on data security and security policies in TDC
6.1 Compliance and cooperation with regulatory authorities
The TDC Group’s data protection officer is responsible for continuously monitoring and verifying that TDC Erhverv and our partners and subcontractors comply with the rules for processing personal data and with the security requirements we believe are necessary to secure your personal information.
Our data protection officer cooperates with the Data Protection Agency and other local supervisory authorities with regard to compliance with the rules on the processing of personal data and complaints that cannot be resolved by TDC Erhverv.
6.2 Changes to the privacy policy
We regularly review our personal data protection policy and update it if there are any changes in our processing of personal data. Any changes will be published here, and significant changes will also be announced via email and other communication channels. This applies especially to our processing of personal data in relation to a particular product or service.
This privacy policy was updated October 2024.