1. Introduction
Significanz (“we”, “us”, or “our”) is committed to protecting your personal data and your right to privacy. This Privacy Policy explains what information we collect when you visit our website (www.significanz.dk), how we use it, and what rights you have in relation to it.
We process personal data in accordance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the Danish Data Protection Act (Databeskyttelsesloven).
2. Data Controller
The data controller responsible for your personal data is:
| Company name | Significanz |
|---|---|
| CVR number | 28392540 |
| Registered address | C/O Madsen, Gudmevej 11, 2770 Kastrup, Denmark |
| welcome@significanz.dk | |
| Data protection contact | welcome@significanz.dk |
| Website | www.significanz.dk |
3. What Personal Data We Collect
We collect personal data in the following situations:
3.1 Contact Form Submissions
When you reach out to us via our website contact form (powered by Formspark, a Belgian form-backend service) or by emailing welcome@significanz.dk, we collect:
- Your name
- Your email address
- Any personal information you choose to include in your message
Your contact form data is processed by Formspark (Trampoline Software SRL, Belgium), which acts as a data processor on our behalf. Submitted data is stored on servers in Ireland (EU). No personal data is transferred outside the European Economic Area for form submissions. See Formspark's privacy policy at: formspark.io/legal/privacy-policy.
Legal basis: Article 6(1)(f) GDPR — legitimate interests (responding to your enquiry and maintaining our business relationship). Where we enter into a contract with you, we will rely on Article 6(1)(b) GDPR.
3.2 Cookies and Website Analytics
a) Vercel Web Analytics (cookie-free)
Our website is hosted on Vercel and uses Vercel Web Analytics, a privacy-focused analytics tool that does not use cookies and does not collect personally identifiable information. Visitors are identified by an anonymised hash generated from each incoming request, which is automatically discarded after 24 hours and cannot be used to track visitors across websites or days.
Vercel Web Analytics collects the following anonymised, aggregated data:
- Pages visited and page views
- Referring website
- Country and general geographic region (derived from IP, but IP is not stored)
- Browser type and operating system
- Device type
Because Vercel Web Analytics does not use cookies and does not collect personal data, no cookie consent is required for this service under the ePrivacy Directive or GDPR.
Legal basis: Article 6(1)(f) GDPR — legitimate interests (understanding how our website is used). Since no personal data is collected, the processing impact on data subjects is minimal.
b) Google Analytics 4 (requires consent)
We also use Google Analytics 4 (GA4), provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), to gain deeper insights into how visitors use our website. GA4 uses first-party cookies to distinguish users and maintain session state.
When you give consent via our cookie consent banner, Google Analytics collects the following data:
- IP address (automatically truncated/anonymised by GA4)
- Pages visited, time spent on each page, and navigation path
- Browser type and version
- Device type and operating system
- Referring website or search query
- Approximate geographic location (city/country level, derived from anonymised IP)
Google Analytics 4 sets the following first-party cookies:
| Cookie name | Purpose | Duration |
|---|---|---|
_ga | Distinguishes unique visitors with a randomly generated ID | 2 years |
_ga_<container-id> | Persists session state | 2 years |
Google acts as a data processor on our behalf. Data may be transferred to the United States, where Google LLC is certified under the EU–U.S. Data Privacy Framework. We have accepted Google's Data Processing Amendment, which includes Standard Contractual Clauses (SCCs) as an additional safeguard.
We have configured GA4 with the following privacy settings:
- IP anonymisation is enabled (default in GA4)
- Google Signals and advertising features are disabled
- Data retention is set to the minimum available period (2 months)
- Data sharing with Google for benchmarking or other purposes is disabled
Google Analytics is only activated after you provide explicit consent via our cookie consent banner. If you do not consent, or if you withdraw consent, no GA4 cookies will be set and no data will be sent to Google.
Legal basis: Article 6(1)(a) GDPR — your consent, given via our cookie consent banner. You may withdraw consent at any time by adjusting your cookie preferences or your browser settings.
4. Cookies
We use the following categories of cookies on our website:
| Category | Purpose | Consent required? |
|---|---|---|
| Strictly necessary | Enable core site functionality (e.g. security, load balancing) | No — always active |
| Analytics (Google Analytics 4) | Understand how visitors use the site, track page views and sessions | Yes — via cookie consent banner |
Note: Vercel Web Analytics does not use cookies and operates independently of your cookie preferences.
You can manage or delete cookies at any time through your browser settings or by using our cookie preferences tool. If you wish to opt out of Google Analytics specifically, you can install the Google Analytics Opt-Out Browser Add-on.
5. How We Use Your Personal Data
We use the data we collect for the following purposes:
- Responding to your enquiries and providing information about our consulting services
- Managing our client and prospective client relationships
- Improving our website performance and user experience (via anonymised and consented analytics)
- Complying with our legal obligations
- Pursuing our legitimate business interests (e.g. understanding how our website is used)
We do not use your personal data for automated decision-making or profiling as defined under Article 22 GDPR.
6. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data. We share data with the following carefully selected third-party service providers who assist us in operating our website and running our business:
| Service provider | Purpose | Data location / safeguards |
|---|---|---|
| Vercel, Inc. (USA) | Website hosting, infrastructure, and privacy-friendly web analytics (no personal data collected) | USA (AWS, Azure, GCP). EU–U.S. Data Privacy Framework + SCCs. |
| GitHub, Inc. (USA) | Source code hosting and deployment pipeline | USA. EU–U.S. Data Privacy Framework + SCCs. |
| Formspark / Trampoline Software SRL (Belgium) | Contact form processing — receives and forwards form submissions | Ireland (EU). No data transfer outside EEA. |
| Google Ireland Ltd / Google LLC | Website analytics via Google Analytics 4 — only activated with user consent | EU/USA. EU–U.S. Data Privacy Framework + SCCs + Data Processing Amendment. |
All third-party processors are bound by data processing agreements and are only permitted to process your data on our documented instructions, in accordance with Article 28 GDPR.
Where any transfer of personal data occurs outside the European Economic Area (EEA), we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the EU–U.S. Data Privacy Framework where applicable.
7. How Long We Keep Your Data
We retain personal data only for as long as necessary for the purposes described in this policy:
| Data type | Retention period |
|---|---|
| Contact form enquiries | Up to 2 years from last contact, unless a client relationship is established |
| Client engagement records | 5 years following end of engagement (Danish bookkeeping requirements) |
| Google Analytics data | Minimum retention period (2 months for user-level data); aggregated reports remain available |
| Vercel Web Analytics data | Anonymised; visitor hash discarded after 24 hours; only aggregated data retained |
8. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
- Right of access (Article 15) — you may request a copy of the personal data we hold about you.
- Right to rectification (Article 16) — you may ask us to correct inaccurate or incomplete data.
- Right to erasure (Article 17) — you may request deletion of your data where there is no overriding legal basis for us to retain it.
- Right to restriction of processing (Article 18) — you may ask us to limit how we use your data in certain circumstances.
- Right to data portability (Article 20) — where processing is based on consent or contract, you may ask us to provide your data in a machine-readable format.
- Right to object (Article 21) — you may object to processing based on our legitimate interests.
- Right to withdraw consent — where we rely on consent (e.g. for analytics cookies), you may withdraw it at any time without affecting the lawfulness of prior processing. You can do this via our cookie preferences tool or by adjusting your browser settings.
To exercise any of these rights, please contact us at: welcome@significanz.dk.
We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.
9. Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet):
| Authority | Datatilsynet (Danish Data Protection Authority) |
|---|---|
| Website | www.datatilsynet.dk |
| dt@datatilsynet.dk | |
| Phone | +45 33 19 32 00 |
| Address | Carl Jacobsens Vej 35, 2500 Valby, Denmark |
10. Data Security
We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your information against unauthorised access, accidental loss, destruction, or disclosure, in accordance with Article 32 GDPR.
These measures include:
- All data in transit is encrypted via HTTPS/TLS
- Our hosting provider (Vercel) maintains SOC 2 Type 2, ISO 27001, and TISAX certifications
- Our form processor (Formspark) stores data in the EU (Ireland) and encrypts data at rest
- Google Analytics data is protected by Google's enterprise-grade security infrastructure
- Access to administrative systems is restricted and protected by multi-factor authentication
However, no method of electronic transmission or storage is 100% secure. If you have reason to believe your interaction with us is no longer secure, please notify us immediately at welcome@significanz.dk.
11. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The effective date at the top of this document will always indicate when the most recent revision was made. We encourage you to review this page periodically.
Where changes are material, we will take reasonable steps to notify you.
12. Contact Us
For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:
| welcome@significanz.dk | |
| Data protection contact | welcome@significanz.dk |
| Website | www.significanz.dk |
| Location | Copenhagen, Denmark |
© 2026 Significanz. All rights reserved. | www.significanz.dk | welcome@significanz.dk