blue brochure
Discover the unique world of labels with our GM catalogue

Privacy Policy

Effective Date: April 11, 2025

 

1. Introduction

At GM, Grafisk Maskinfabrik A/S (“GM”, “we”, “us”), we are committed to protecting your personal data. This privacy policy describes how we collect, process, and safeguard personal information in accordance with the General Data Protection Regulation (GDPR) and relevant Danish legislation.

It applies when you interact with us, including through our website, www.gmfinishing.com, www.gmfunctionals.com, as well as other digital platforms, communications (e.g. CRM-systems), or contractual relationships.

 

2. Who We Are

Grafisk Maskinfabrik A/S develops and produces advanced converting and finishing equipment for digital label printing, as well as systems for functional materials used across industrial sectors. With international operations, GM processes data from customers, partners, suppliers, and users worldwide.


Data Controller

We are the data controller responsible for handling your personal data in accordance with this privacy policy.


Grafisk Maskinfabrik A/S
Klintehøj Vænge 12
3460 Birkerød, Denmark
Phone: +45 45812300
Email (privacy matters): privacy@gm.dk

 

Hosting Provider

Our websites are hosted by NHL-Data, which acts as our main data processor:


NHL-Data ApS
Gammel Køge Landevej 55
2500 Valby, Danmark
Phone: +45 70286600
E-mail: kontakt@nhl-data.dk

 

3. Purpose of Collecting Personal Data

We collect personal data when you engage with us directly or indirectly, including when you:

  • Visit our website or interact with our digital services
  • Contact us via forms, email, phone, or social media
  • Register for newsletters, webinars, or events
  • Apply for a job or send us your CV
  • Enter into agreements as a customer, partner, or supplier

We may also collect limited information via third parties (e.g., LinkedIn or trade shows), or from publicly available sources, provided lawful grounds exist.

 

4. Categories of Personal Data

The categories of personal data we collect depend on the context of our interaction with you and may include:

  • Name, job title, company name
  • Email address, phone number, postal address
  • Device type, browser, IP address, and geolocation (if enabled)
  • Website usage behaviour and preferences
  • Marketing preferences and communication history
  • Information related to a contract, such as order history, invoicing, or service delivery
  • CV, work history, education (for job applicants)

We aim to limit collection to data that is adequate, relevant, and necessary for the specified purpose.

 

5. Legal Basis for Processing

We will process your personal information lawfully, fairly and in a transparent manner. We collect and process information about you only where we have legal bases for doing so.

These legal bases depend on the services you use and how you use them, meaning we collect and use your information only with:

  • GDPR Article 6(1)(a) – Consent: for specific purposes such as sending newsletters, using cookies for analytics or retargeting, or creating marketing audiences. Consent can be withdrawn at any time.
  • GDPR Article 6(1)(b) – Contractual necessity: To enter into or perform a contract with you (e.g. when fulfilling orders, responding to inquiries, or supporting customer relations).
  • GDPR Article 6(1)(c) – Legal obligation: To comply with Danish and EU law (e.g. tax records, employment records). Legal basis: 
  • GDPR Article 6(1)(f) – Legitimate interests: For purposes such as improving services, ensuring IT security, marketing to existing customers, or maintaining business operations. We carefully assess that your rights and freedoms are not infringed.


6. Purpose of Processing

We may collect, hold, use and disclose information for the following purposes:

  • Provide and deliver our products, services, and support
  • Respond to your inquiries and manage our business relationship
  • Manage user access to our website and secure our IT systems
  • Send relevant communications and marketing materials, with consent
  • Perform customer segmentation and analysis
  • Fulfill legal obligations including tax and financial reporting
  • Recruit and evaluate job candidates
  • Prevent misuse or unauthorized access to systems and data

Personal information will not be further processed in a manner that is incompatible with these purposes. Without your consent, we do not use your data for purposes beyond those described here.

 

7. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes it was collected for, or as required by applicable law. For example:

  • Contact information for leads is retained up to 12 months after the last interaction.
  • Accounting and transaction data is retained for 5 years, per Danish bookkeeping regulations.
  • Newsletter subscribers remain on our list until consent is withdrawn.
  • Recruitment data is deleted 6 months after a hiring process, unless prolonged with consent.
  • Once the retention period expires, data is securely deleted or anonymized.

 

8. Your Rights

You have the following rights under GDPR:

  • Access: You may request details of the personal information that we hold about you. You may request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format.
  • Correction: If you believe that any information, we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.
  • Erasure: You may request that we erase the personal information we hold about you at any time.
  • Restriction: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our website or products and services.
  • Objection: Object to processing based on legitimate interest. To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.
  • Portability: You may also request that we transfer this personal information to another third party.


Contact us at privacy@gm.dk to exercise your rights. We will respond within 30 days.

 

9. Data Security

We apply appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Security measures include encryption, access controls, firewalls, secure infrastructure, user authentication, and regular security audits. Our internal policies align with the principles of ISO/IEC 27001 and ISO/IEC 27002, and we ensure that only authorized personnel access personal data for clearly defined purposes. We also practice data minimization, ensuring we do not store or process more information than needed.

We conduct risk assessments of our processing of personal data and subsequently implemented appropriate technical and organizational measures to enhance processing security.

We keep our employees up to date on GDPR knowledge through ongoing awareness training, GDPR courses, and by reviewing our GDPR procedures with them.

 

10. Automated Decisions

We do not use your personal data for automated decision-making or profiling that would produce legal or significant effects.

 

11. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve your user experience, enable core functionality, and analyze site traffic.

We use both essential (functional) and optional (analytical, marketing) cookies. Consent for non-essential cookies is requested through a cookie banner when you first visit the site.


More details can be found in our Cookie Policy.

 

12. External Links

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites and cannot accept responsibility or liability for their respective privacy practices.

 

13. External Data Processors

We use other trusted external partners and suppliers, some of whom may act as data processors on our behalf, including but not limited to:

  • IT and cloud service providers (e.g. hosting, email, analytics)
  • Professional advisors (e.g. auditors, legal counsel)
  • Public authorities when required by law (e.g. tax authorities)
  • Logistics and marketing partners, under controlled conditions

All external processors act only on our instructions and are subject to signed Data Processing Agreements (DPAs), which ensure they meet GDPR standards.

We do not sell your data to third parties.

 

14. International transfers

Some of our partners or service providers may process data outside the EU/EEA. Where such transfers occur, we ensure compliance with GDPR through:

  • Transfers to countries with an adequacy decision from the European Commission.
  • Standard Contractual Clauses (SCCs) approved by the EU
  • Transfer Impact Assessments (TIAs), where appropriate

These safeguards ensure that your personal data is protected with equivalent standards regardless of location.

 

15. Marketing and Communications

If you have provided consent or if we have a legitimate interest, we may use your personal data to send you marketing communications, such as newsletters, product updates, invitations to events, or promotions relevant to your role or industry.


You can withdraw consent or opt out of future communications at any time by using the unsubscribe link in emails or by contacting us at privacy@gm.dk.


We do not share your data with third parties for their own marketing purposes.

 

16. Advertising and Retargeting

We may use certain data to show you relevant advertisements on platforms such as Google, Facebook, and LinkedIn. This includes using cookies, tracking pixels, or hashed email addresses to create custom or lookalike audiences.

This enables us to deliver more targeted advertising based on your activity or professional interests. These campaigns are run through third-party platforms that may collect data independently in accordance with their own privacy terms

Such marketing activity is based on your consent, which is managed via our cookie consent banner. You can opt out or adjust your preferences at any time.


You can also manage advertising settings directly with the platforms:

 

17. Complaints

If you are unhappy with how we process your personal data, you also have the right to contact a regulatory body or data protection authority in relation to your complaint, e.g. Datatilsynet (Danish Data Protection Agency). Website: www.datatilsynet.dk

 

18. Data Breaches

We have procedures in place to handle potential data breaches. If required, we will notify the Danish Data Protection Authority (Datatilsynet) and, where appropriate, affected individuals without undue delay, in accordance with GDPR Article 33 and 34.

 

19. Changes to this Policy

We may update this privacy policy from time to time. Significant changes will be communicated via our website or email, if appropriate. Continued use of our services after such updates implies acceptance of the revised terms.

 

Last updated: April 11, 2025