Privacy Policy

This policy governs any kind of processing (including collection, use, transfer, storage and deletion) of personally identifiable information (any information that may be used to identify a physical person, and any other information associated therewith) about natural persons, who are in any way connected to the KIRKBI A/S. 


The processing is done by legal units and entities within KIRKBI A/S and this policy applies to our processing of personal data collected through any means, actively as well as passively, online as well as offline, from persons located anywhere in the world.


General principles
Generally, KIRKBI A/S will be guided by the following principles when processing personal data:

1. We will only collect personal data for specific and specified purposes;
2. We will not collect personal data beyond what is necessary to accomplish those purposes;
3. We will not use personal data for purposes other than that for which the data was collected, except as stated herein, or with prior consent;
4. We will not transfer personal data to third parties or across borders, except as stated herein, or with prior consent;
5. We will seek to verify and/or update personal data periodically, and we will accept requests for amendments of personal data;
6. We will apply high technical standards to make our processing of personal data secure;
7. Except when stated herein, we will not store personal data in identifiable form longer than is necessary to accomplish its purpose, or as is required by law.


Transfer of personal data to third parties and/or other countries
As a general principle, we process personal data in order to facilitate or improve the KIRKBI website and services to you. We do purchase supplementary data from public sources to complement our data bases.


We do not process personal data on behalf of third parties, nor do we sell personal data to, or share personal data with, third parties for their own, independent use, except if you allow us to do so.


We do share personal data with third party vendors when it is necessary to provide services that we cannot perform ourselves.


We also use third party data hosting companies to store personal data collected by us in their servers.


All data transfers to third party vendors or partners, including those listed as examples above will be subject to a written contract between us and the third party vendor or partner in question, and the vendor or partner will not have any authority to use such personal data for any purpose other than as instructed by the KIRKBI A/S.


We will disclose personal data when legally obligated to do so under subpoena or court order, or for law enforcement purposes.


Cookies – passive collection
Read more about the use of cookies on this site here.


Review and update of personal data
You may always contact us to review and update personal data we may have stored about you. You may either use the following link or contact our LEGO Consumer Service. Please note that prior to accessing and making changes to your account, we must verify your identity properly. It may take up to 10 business days before changes take effect.


Data security
Access to some of our website services are protected by access restrictions based on user generated names and passwords. It is important that you always choose a password which is hard to guess for others, and protect your password against disclosure.


All external transmissions of personal data facilitated by us are protected by encryption.


All data storage, at the KIRKBI operated computer facilities as well as at business partner facilities, will be subject to written contracts.


Generally, processing of personal data will take place in accordance with applicable legislation and best practices concerning data security.


Handling of personal data is controlled by documented policies and procedures, including strict physical and logical access control, security back-up, failover, anti-malware protection, monitoring and vulnerability detection mechanisms.


Miscellaneous
KIRKBI A/S may need to change its data processing policy from time to time to keep up with the ways in which we collect, use, transfer, store and/or delete personal data. If policy changes are made, which would materially and adversely affect the privacy of individuals to whom this policy applies, we will endeavor to give notice of such changes to all individuals concerned.