Skip to content

Privacy Policy

Data protection and confidentiality are important to the LEGO Foundation (“we”, “us”, or “our” “LEGO Braille Bricks”). This Privacy Policy sets out clear guidelines on LEGO Braille Bricks processing of your personal data when you visit our website, Home | LEGO Braille Bricks, or in other ways interact with the LEGO Foundation.

1. Data controller and contact information

The LEGO Foundation is data controller for the processing of your personal data:

LEGO Fonden
Højmarksvej 8, st.
7190 Billund
Denmark
CVR-nr.: 12458339

If you have any questions about our processing of your information, you are always welcome to contact us.

You can contact our Administration officer if you have a request, comment, or a question about this Privacy Policy, please contact:

LEGO Fonden
Att.: Administration Officer
Højmarksvej 8, st.
7190 Billund
Denmark
Email: LEGOfoundation@lego.com

2. Purpose, legal basis, and types of personal data

Below we have listed for which purposes we may process your personal data when you interact with LEGO Braille Bricks.

a. To reply to your inquiries

If you contact us via our website, email or in other ways, we will use your personal data to be able to respond to your inquiries. We typically process the following personal data about you, including contact details such as name, address, email, phone number, company or learning institution.

We use art. 6(1)(f) in the GDPR (the rule on balancing of legitimate interests) as our legal basis. Our legitimate interest is to be able to respond to your inquiries and communicate with you.

We obtain the personal data, that is collected, directly from you.

We will keep your personal data only for the period necessary to fulfil the purposes listed above.

We kindly ask for you not to share sensitive personal data with us (the definition of sensitive personal data can be found in the GDPR art. 9), unless specifically asked to share such data.

If you want to know more about who we share data with or third country transfers go to section 4 and 5.

b. LEGO Braille Bricks Blog

If you sign up to our LEGO Braille Bricks Blog, we will use your personal data to be able to act on your signup, and provide you with access to the blog. To do so we will typically process the following personal data about you: acceptance of terms, name, email, blog content and comments, photos and links to videos, log of interaction with the blog and moderation.

We use art. 6(1)(b) in the GDPR as our legal basis, when you sign up to the LEGO Braille Bricks Blog, as the data is necessary to fulfil the contract with you regarding participation/signup. However, we may also use art. 6(1)(f) in the GDPR (the rule on balancing of legitimate interests) as our legal basis. Our legitimate interest is to administer the blog and send out relevant information regarding the blog etc.

We obtain the personal data, that is collected, directly from you and you have chosen to share on the LEGO Braille Bricks Blog. We kindly ask for you not to share sensitive personal data with us in the LEGO Braille Bricks Blog unless it is anonymized (no longer personal data) as we are not able to ensure your confidentiality (the definition of sensitive personal data can be found in the GDPR art. 9).

We will keep your personal data for as long as you remain a member of the LEGO Braille Bricks Blog. You can delete entries into the LEGO Braille Bricks Blog if you wish, or you can contact us on the above-mentioned contact information if you wish for us to assist you.

If you delete your account, we will delete your personal data and your entries into the LEGO Braille Bricks Blog within 30 days, we will however keep records of your signup for a period of 12 months from your deletion of the account in order for us to document the terms you signed up for.

The Moderators of LEGO Braille Bricks Blog may at their own discretion delete posts or users that do not comply with the terms of use and Community Guidelines for the LEGO Braille Brick Blog.

If you want to know more about who we share data with or third country transfers go to section 4 and 5.

c. Conferences and Workshops

If you attend one of our conferences or workshops, we will use your personal data to be able to act on your registration and communicate with you before, during and after the event in question. For a conference or a workshop we will typically only process the following personal data about you: name, position, email, phone number, attendance, company or learning institution.

We use art. 6(1)(b) in the GDPR as our legal basis, when you register for an event, as the data is necessary to fulfil the contract with you. However, we may also use art. 6(1)(f) in the GDPR (the rule on balancing of legitimate interests) as our legal basis. Our legitimate interest is to administer events and send out evaluation forms, etc.

We generally obtain the personal data, that is collected, directly from you, but we can also receive the information from other parties, such as your employer, handling the registration on your behalf.

We will keep your personal data for the period necessary to complete the event in question and for the evaluation of such event. If you have paid a fee to attend the event, we will keep invoice data during the relevant financial year plus 5 years, as laid down in the Danish Bookkeeping Act.

If you want to know more about who we share data with or third country transfers go to section 4 and 5.

d. Vendors

We may process personal data when we enter contracts, have contractual dialogues, ad-hoc supplies, or dialogues about ad-hoc supplies. We typically process name, title, email address, correspondence, phone number, information about powers to bind, and information listed in auto signatures.

We process the personal data to manage our supplier contracts, purchase goods, explore new supplier relationships, and keep track of potential and future business partners.

We use art. 6(1)(f) in the GDPR as our legal basis (the rule on balancing of legitimate interests) as it is necessary to record the personal data to be able to contact our current and future suppliers. We also use art. 6(1)(b) in the GDPR as our legal basis for processing your personal data in connection with the signing of new contracts or management of existing contracts.

We generally obtain your personal data directly from you or from your colleagues in the legal entity which you represent or are employed.

Your personal data will be deleted when it is no longer relevant for the purpose for which it was obtained. E.g., if the negotiations do not result in a contract, 72 months after the end of the contract, or at the end of a period of limitations.

If you want to know more about who we share data with or third country transfers go to section 4 and 5.

e. Webinars and live sessions

If you attend one of our Live Session via LEGObraillebricks.com we will most likely, depending on the setting of your media tool, the topic of the day and your interaction with us, process the following information about you: name, position, email, attendance, learnings, related question, chat messages, video stream or photo, company or learning institution. For more information please see the following privacy policy for Zoom at https://explore.zoom.us/en/privacy/.

We kindly ask for you not to share sensitive personal data with us in the Live Session unless it is anonymized (no longer personal data) as we are not able to ensure your confidentiality as we have many participants (the definition of sensitive personal data can be found in the GDPR art. 9).

Your personal data will be deleted when it is no longer relevant for the purpose for which it was obtained, e.g. for as long as you participate in the webinars and any recordings of such webinars are publicly available.

If you want to know more about who we share data with or third country transfers go to section 4 and 5.

f. Recordings (sound and video), and photos

We may record (photos, video, and sound) our activities (webinars, workshops, events, conferences, project partners etc.) to be able to share them on our website or social media platforms, such as YouTube or Facebook.

If you attend a virtual event that is being recorded by us, we will always inform you before the event and we will notify all participants as part of the introduction. If you do not want to be recorded, you can turn off your audio and camera when joining the event.

If we publish recordings from our virtual events, we use art. 6(1)(f) in the GDPR (the rule on balancing of legitimate interests) as our legal basis. Our legitimate interest is to be able to share our content for us to reach as many users of the LEGO Braille Bricks as possible and give them the possibility to learn.

Please note, that sharing of photos and recordings on social media will be according to the terms of use of the relevant social media.

We may also record other events to be able to document activities and internal learnings, and we may also share them on our website or social media platforms. We process such recordings on the basis of art. 6(1)(a) in the GDPR (consent). However, we may also use art. 6(1)(f) in the GDPR (the rule on balancing of legitimate interests) as our legal basis if we, from an overall assessment of the situation and motive, find this to be adequate. Our legitimate interest is to be able to share our content for us to reach as many users of the LEGO Braille Bricks as possible and give them the possibility to learn.

If you have entered into a license agreement regarding our use of the data, then we will use the contract as our legal basis for processing the data art. 6(1)(b) of the GDPR. The use and retention will follow the terms of the license agreement.

We generally make our own recordings or use external photographers, but we may also receive photos and other recordings directly from you or other participants in the event.

You can revoke your consent at any time, and we will delete the images or recordings in question, if we do not have any other legal basis for processing the data.

We will keep your personal data (photos and recordings) for the period necessary to fulfil the purposes described above and no longer than 5 years after the event in question.

If you want to know more about who we share data with or third country transfers go to section 4 and 5.

g. Marketing

We can use your personal data for the purpose of marketing, including for the purposes of being able to target communication specifically to you. Targeted communication includes newsletter. For this purpose, we will only process normal personal data, including name, email, and country.

The personal data we process is provided by you or are collected from publicly accessible sources, for example your LinkedIn profile. The information may also be obtained through your use of our website.

We process your personal data on the basis of article 6(1)(f) in the GDPR (the rule on balancing of legitimate interests). Our legitimate interest is our business interest to be able to carry out targeted marketing activities and maintaining a network of qualified professionals in the sectors in which we operate. We will not disclose your personal data to third parties.

If you have signed up to a newsletter, we will keep your personal data for as long as you wish to receive material from us and for 2 succeeding years. If we have collected publicly accessible information about you for the purpose of being able to carry out marketing activities, we will keep such data for as long as the relevant activity is ongoing and for 2 successive years.

The signup and consent to receive marketing is based on the Danish Marketing Act, and the processing of your personal data for the purpose of sending marketing is based on our legitimate interest as mentioned.

If you want to know more about who we share data with or third country transfers go to section 4 and 5.

h. Use of our website

When you use our website, cookies are used to collect personal data about your behaviour according to your cookie consent. You may read more about this in the cookie overview, which can be accessed through our cookie policy Cookie Policy | LEGO Braille Bricks.

We process your personal data in connection with your use of our website as described above and as further described in our cookie overview. The use of necessary cookies is based on art. 6(1)(f) in the GDPR (the rule on balancing of legitimate interests). Our legitimate interest is to be able provide you with a functioning website. The use of other cookies is based on your cookie consent art. 6(1)(f).

You can read more about the use of cookies in our Cookie Policy | LEGO Braille Bricks. You can withdraw or change your consent by rejecting cookies in the cookie overview or by blocking cookies in your web browser.

If you want to know more about who we share data with or third country transfers go to section 4 and 5.

i. Social Media

This privacy policy applies to the LEGO Foundation’s (”LEGO Braille Bricks”)’ processing of the personal data you leave and/or submit when you visit the following social media platforms;

LEGO Braille Bricks Facebook page (”the Facebook page”). This privacy policy supplement Facebook Ltd.'s (“Facebook”) general privacy policy. Go to Facebook’s privacy policy via the following link: https://www.facebook.com/about/privacy#

LEGO Braille Bricks YouTube Channel (the “YouTube Channel”). This privacy policy supplement YouTube’s general privacy policy. Go to YouTube’s privacy Policy via the following link: https://www.youtube.com/howyoutubeworks/user-settings/privacy/

If you want to know more about who we share data with or third country transfers go to section 4 and 5.

j. Application for LEGO Braille Brick toolkits

If you apply for LEGO Braille Brick toolkits from The LEGO Foundation, we refer you to our partners websites Get the LEGO® Braille Bricks toolkit | LEGO Braille Bricks. Our Partners are the data controllers in relation to such requests, as we only provide them with the LEGO Braille Bricks for their distribution.

Please make yourself acquainted with the privacy policies of our partners, to understand how they process your personal data.

See section 11. In relation to the use of links on our website.

If you want to know more about who we share data with or third country transfers go to section 4 and 5.

3. Recipients

We may share your personal data with independent data controllers if we are legally required to do so. These recipient categories are:

  • Auditors

  • Public authorities

  • Travel Agencies (Flights, Transport and Hotels)

  • LEGO System A/S (Shipping)

Your personal data may also be shared with our data processors. Such sharing is subject to data processing agreements, and the data processor may not use the data for other purposes than to perform the processing for us. These data processor categories are:

  • IT suppliers e.g. Digital Agencies, Conference/Webinar Platform Suppliers

  • Travel Management Agencies

  • Creative suppliers e.g. Media Agencies, Creative Agencies and Film Production Companies

  • Other suppliers of services that The LEGO Foundation work with

4. Processing of personal data outside the EU/EEA

LEGO Foundation transfers, stores, and processes your information (including your personal data and content) both inside and outside of Denmark. We operate globally and may transfer your personal data to third parties in locations around the world for the purposes described in this Privacy Policy. Wherever your personal data is transferred, stored, or processed by us or by companies carrying out such services on our behalf, we will take reasonable steps to safeguard the privacy of your personal data.

In some cases, we will be transferring your personal data to countries outside the EU/EEA.

If your personal data is transferred to countries outside the EU/EEA, such transfer will take place on the following legal basis:

  • Binding Corporate Rules

  • The country has been approved by the European Commission as having an adequate level of security

  • If the country has not been approved by the European Commission as having an adequate level of security, we will transfer the data by use of "Model Contracts for the Transfer of Personal Data to Third Countries", as published by the Commission of the European Union, or any other contractual agreement approved by the competent authorities.

5. Sources of personal data

We generally process personal data that is collected directly from you or from the device you are using.

6. Retention of personal data

We will retain your personal data for the period necessary to fulfil the purposes as listed above.

Data may be processed and stored for a longer period in anonymized form or may be retained for a longer period if we are legally required to do so.

7. Your right to withdraw your consent

You may at any time withdraw any consent that we have obtained from you. You can withdraw your consent by contacting us using the contact information stated above in Section 1. If you withdraw your consent, such withdrawal does not take effect until the date of withdrawal. It does, therefore, not affect the legality of our data processing up to the time when you withdraw your consent.

If you withdraw your consent, images depicting you will not be used in new material, and images depicting you in website material or similar will be deleted or made anonymous immediately. Photos in printed material may be used while stocks last, after which they will be removed before reprinting. In addition, we will make reasonable efforts to delete already published recordings that are available on media at The LEGO Foundations disposal.

8. Your rights

According to the General Data Protection Regulation and the Danish Data Protection Act, you have certain rights.

  • You have the right to request access to and rectification or erasure of your personal data.

  • You also have the right to object to the processing of your personal data and have the processing of your personal data restricted.

  • You have an unconditional right to object to the processing of your personal data for direct marketing purposes.

  • You have the right to receive the personal data that is being processed in a structured, commonly used, and machine-readable format (data portability).

  • Please note that there may be conditions or limitations on these rights. It is therefore not certain that you e.g. have the right of data portability in the specific case - this depends on the specific circumstances of the processing activity.

  • You can exercise your rights by visiting the settings for your account or by contacting us at info@legobraillebricks.com. If you contact us at info@legobraillebricks.com we will have to verify your identity for security purposes.

9. Changes to this Privacy Policy

From time to time, we may change this Privacy Policy to accommodate new technologies, industry practices, regulatory requirements or for other purposes. The updated and current Privacy Policy can be viewed here: Privacy Policy

10. Links to other websites etc.

Our website may contain links to other websites or to integrated sites. We are not responsible for the contents of the websites of other companies or for the practices of such companies regarding the collection of personal data. When you visit other websites, you should read the owners' policies on the protection of personal data and other relevant policies.

11. Questions and complaints

If you have any questions for this Privacy Policy, or if you wish to complain about our processing of your personal data, please contact us using the contact information provided in Clause 1.

You may also complain to:

The Danish Data Protection Agency
Carl Jacobsens Vej 35
DK-2500 Valby
Tel.: +45 33 19 32 00
Email: dt@datatilsynet.dk