Last updated: October 2025
Stjerne-Chrom A/S processes personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act. This policy describes what information we collect, what we use it for, and what rights you have.
Data controller
Stjerne-Chrom A/S
Smedevænget 16B, 4700 Næstved
CVR: 42321214
Phone: +45 55 70 07 63
Email: [email protected]
What information do we process?
We process the following categories of personal data about our customers, suppliers and business partners:
- General contact details: name, title, company, email, phone number, postal address
- Information about your relationship with us: orders, invoices, correspondence, delivery details
- Technical information about the use of our website (see the section on cookies)
We only collect information that is necessary in order to deliver our services, and we do not retain it for longer than necessary.
Purposes and legal basis
We process personal data for the following purposes:
| Purpose | Legal basis |
|---|---|
| Entering into and performing contracts, including order processing and invoicing | Contract (GDPR Art. 6(1)(b)) |
| Bookkeeping and compliance with legal requirements | Legal obligation (GDPR Art. 6(1)(c)) |
| Marketing and customer care towards existing customers | Legitimate interest (GDPR Art. 6(1)(f)) |
| Responding to enquiries via contact form and email | Legitimate interest (GDPR Art. 6(1)(f)) |
Storage and deletion
We retain personal data for as long as it is necessary to fulfil the purposes for which the information was collected. Accounting records are retained for 5 years after the end of the financial year in accordance with the Danish Bookkeeping Act. Correspondence and customer information is deleted when it is no longer necessary – typically 3 years after the last active customer relationship.
Disclosure
We only disclose personal data to third parties if it is necessary in order to perform an agreement with you, or if we are legally obliged to do so. We use a small number of data processors – for example providers of IT systems, accounting and freight – who process data on our behalf under a data processing agreement.
Security
We have implemented appropriate technical and organisational security measures to protect personal data against unauthorised access, alteration, deletion or disclosure. Access to personal data is restricted to employees who have a work-related need for it.
Your rights
Under the General Data Protection Regulation, you have a number of rights in relation to our processing of your personal data:
- Access — you can obtain access to the information we process about you
- Rectification — you can have inaccurate information corrected
- Erasure — you can have information deleted when it is no longer necessary
- Restriction — you can have the processing of your information restricted
- Objection — you can object to processing based on legitimate interest
- Data portability — you can have your information provided in a structured format
You can exercise your rights by contacting us at [email protected].
Complaints
If you are dissatisfied with our processing of your personal data, you can lodge a complaint with the Danish Data Protection Agency (Datatilsynet):
Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby — www.datatilsynet.dk
Changes
We reserve the right to update this privacy policy from time to time. The version in force at any given time can be found on our website.