Privacy Policy

Data & More ApS ("we," "us," or "our") is the data controller. For questions or to exercise your rights, contact our Data Privacy Manager: Kristian Boe Helweg Hansen, SOHO Business Center, Flæsketorvet 68, 1711 Copenhagen V, Denmark. Phone: (+45) 4290 1070. Email: dpm@dataandmore.com. CVR: 38185659.

Data & More acts in two distinct roles under GDPR. As a data controller, we determine the purpose and means of processing. This applies when you visit our website, subscribe to our newsletter, contact us, register for an event we host, or engage with us as a prospect, partner, supplier, or job applicant. This privacy policy covers our controller activities.

As a data processor, we process personal data on behalf of our customers when they use the Data & More platform to classify, retain, or delete data in their connected systems. In that scenario, our customer is the controller and Data & More is the processor. The terms of that processing are governed by our Data Processing Agreement (DPA), not by this privacy policy.

When you visit our website, we automatically collect technical data: IP address, browser type and version, operating system, device type, pages visited, referrer, and timestamps. We use this to operate the site, secure it against abuse, and produce aggregated analytics. Our legal basis is legitimate interest (Art. 6(1)(f)) for operations and security, and consent (Art. 6(1)(a)) for any non-essential cookies.

When you contact us, subscribe, or evaluate the platform, we collect the data you give us: name, work email, phone, company, role, country, and the content of your correspondence. We use it to respond to inquiries, qualify leads, schedule demos, and provide support. The legal basis is pre-contractual steps (Art. 6(1)(b)) or legitimate interest (Art. 6(1)(f)). Newsletter sign-up is based on your consent (Art. 6(1)(a)).

When you become a customer, partner, or supplier, we process contract data, billing address, VAT number, payment details, and order history to perform the contract (Art. 6(1)(b)) and meet our legal obligations under tax and accounting law (Art. 6(1)(c)).

We do not knowingly collect special-category data (Art. 9). Please do not include sensitive personal data in inbound correspondence.

Our website uses four categories of cookies and similar storage. Strictly necessary cookies are required to load the site and remember your cookie choices and are set without consent. Functional cookies remember preferences such as language and are set only with consent. Analytics cookies measure aggregated traffic patterns and are set only with consent. Marketing cookies fire only after you opt in and will appear in the cookie banner if we add them.

You can review, change, or withdraw your cookie choices at any time via Cookie Settings in the footer. Withdrawing consent does not affect processing already carried out.

We share personal data only with parties that need it to deliver the services described above. Typical categories include service providers acting as processors on our behalf (hosting and infrastructure, email and CRM, analytics, video conferencing, support tooling, accounting), professional advisors (lawyers, auditors, insurers), and public authorities where legally required, for example tax authorities or in response to a lawful order. We do not sell personal data and we do not share it for third-party advertising.

Our primary hosting and storage is in the EU/EEA. Where a service provider is located outside the EU/EEA, we rely on appropriate safeguards under GDPR Chapter V, typically the European Commission's Standard Contractual Clauses and, where applicable, supplementary technical and organizational measures. You can request a copy of the relevant safeguards from dpm@dataandmore.com.

Under GDPR you have the right to access your data (Art. 15), rectify inaccurate data (Art. 16), erase your data (Art. 17), restrict processing (Art. 18), data portability (Art. 20), object to processing based on legitimate interest, including profiling (Art. 21), and withdraw consent at any time without affecting prior processing.

To exercise any of these rights, email dpm@dataandmore.com. We respond within one month and may extend by up to two further months for complex requests, in which case we will explain why.

You may lodge a complaint with a supervisory authority. Our lead authority is Datatilsynet (the Danish Data Protection Agency), Carl Jacobsens Vej 35, 2500 Valby, Denmark, phone (+45) 33 19 32 00, email dt@datatilsynet.dk. You may also complain to the supervisory authority in your country of residence or place of the alleged infringement.

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing, including profiling.

Retention. Accounting and purchase records are retained for 5 years from the end of the financial year, in line with the Danish Bookkeeping Act. Marketing consent and unsubscribe records are kept until consent is withdrawn, plus 2 further years to evidence consent. Sales and lead correspondence that does not result in a contract is kept for up to 24 months from last meaningful contact. Website server logs are kept for up to 12 months. Analytics data is held in aggregated form only. Cookie consent records are kept for up to 12 months from your last choice. When retention expires, we delete or anonymize the data.

Security. We maintain technical and organizational measures appropriate to the risk, including encryption in transit (TLS) and at rest for sensitive data, role-based access control and least-privilege principles, regular security testing and audits, vendor due diligence with contractually required safeguards, and staff training on data protection. If we become aware of a personal data breach affecting your rights, we notify the supervisory authority and, where required, you, in line with Articles 33 and 34.

Children. Our services are aimed at organizations, not children, and we do not knowingly process personal data of children.

Changes to this policy. We may update this policy as our services, processors, or legal requirements change. Material changes will be highlighted on this page, and the date of the most recent update is shown below.

Last updated: 29 May 2026.