Data Protection Policy - Andersen Group
Aim of the data protection policy
Andersen Group is fully committed to complying with all applicable data protection laws, recognizing that effective data protection underpins trustworthy business relationships. We strive to remain compliant through audits, certifications, and industry-standard contractual protections.
This Data Protection Policy guarantees the level of data protection required by European Union Data Protection Regulations (including GDPR) and defines framework conditions for cross-border data transmission. It applies to all Andersen Group companies, affiliates, and employees, and builds on globally accepted data protection principles.
The latest version is always available at: https://andersenlab.com/
Principles of personal data processing
We collect and use (process) only the information (Personal Data) necessary to conduct our business and interact with data subjects (users, clients, candidates). All personal data is collected and processed lawfully and fairly, with the following principles observed:
  • Processed lawfully, fairly and transparently
  • Collected for specified, explicit and legitimate purposes-not further processed in ways incompatible with those purposes
  • Adequate, relevant and limited to what is necessary (data minimisation)
  • Accurate and kept up to date; inaccurate data is erased or rectified without delay
  • Kept in identifiable form only as long as necessary for the purpose (storage limitation)
  • Processed with security safeguards, using appropriate technical and organizational measures ('integrity and confidentiality')
Lawfulness of processing
Processing is always justified by at least one legal basis as defined in GDPR Art. 6(1):
  • The data subject has given consent for specific purposes
  • Processing is necessary for contract performance or steps before contract
  • Processing is necessary for our or third party legitimate interests, unless overridden by data subject interests or rights, in particular for children
In some cases, prior consent is not required. See GDPR Art. 6(1) for details.
How do we collect your personal information
Main ways we collect your data:
  • Direct contact via our website (service inquiries)
  • Responses to our direct marketing campaigns
  • Acquisition from other sources (e.g., social media)
If you are under 16, do not provide information unless permitted by a parent or guardian.
Please keep your data up to date and notify us of changes.
You have the right to rectification and completion of incomplete data, and the right to erasure ("right to be forgotten") - contact: dpo@andersenlab.com
What personal data may be collected
Collected types include:
  • Name
  • Address
  • Phone numbers
  • E-mail address
When visiting our website, we automatically recognize your domain name, IP address, the referring site, OS version, and web browser. This technical information usually does not directly identify you, and is not considered personal data unless combined with other identifiers.
How do we keep personal data safe
We believe your data must be handled properly and securely:
  • Restricted access on a "need to know" basis
  • Data transfer only in encrypted form
  • Firewalled IT systems to prevent unauthorized access
  • Continuous monitoring for misuse
Technical and organizational measures, including encryption and authentication, safeguard your information against manipulation, loss, destruction and unauthorized access.
Your rights
Every data subject is guaranteed the following rights by GDPR, to be executed promptly and without disadvantage:
  • Right of Access: receive information about processing
  • Right to Rectification: correction of inaccurate/incomplete data
  • Right to Erasure: deletion on request under Art. 17 GDPR
  • Right to Restriction: restrict processing under Art. 18 GDPR
  • Right to Object: object to processing, including for direct marketing
  • Right to Data Portability: receive and transfer your data in machine-readable format
  • Right of Revocation: withdraw consent any time, free of charge
  • Right to Complain: appeal to supervisory authority
Requests to exercise any right: dpo@andersenlab.com
International transfers
Andersen Group operates globally. Data may be processed on servers outside your country. We use EU standard contractual safeguards, including Standard Contractual Clauses, to ensure data protection consistent with EU requirements.
Cookies
The Andersen website uses cookies to personalize your experience. Cookies are only set with your consent and cannot deliver viruses.
Cookies are used for IP and browsing information; Google Analytics tracks usage anonymously. Declining cookies disables some features.
Full Cookie Policy: https://andersenlab.com/cookies-policy
Data protection standards & agreements
We proactively seek review and compliance with international standards (e.g., ISO).
If we process data as your processor, we maintain confidentiality and full EU regulatory compliance, using proper Data Processing Agreements and Standard Contractual Clauses.
Personal data protection clause
Creative marketing underpins business success. Individual rights must always be safeguarded: all data is collected/processed in a legal and fair manner. To show our EU compliance, please note:
  • Lawfulness of Processing: Legitimate interest per GDPR Art. 6(1)(f)
  • Direct marketing data from open sources (e.g., social media)
  • Types collected: name, address, phone, email
  • Security: encryption & authentication; protection from manipulation, loss/destruction, unauthorized access
Your rights (summary clause)
  • Rectification: correct/complete your data (contact: dpo@andersenlab.com)
  • Erasure: right to be forgotten (contact: dpo@andersenlab.com); immediate deletion upon request
Contact details
dpo@andersenlab.com
Andersen Group offices and registered addresses - see website for latest details.
Effective Date: 31 October 2025
This Policy is reviewed and updated regularly. Current version always online at https://andersenlab.com/
© 2026 Andersenlab.