Privacy Policy
Bragi & Co. is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and applicable Danish data protection law.
This policy is a draft for a prototype website. It should be reviewed by a qualified legal or data protection professional before publishing to a live domain or processing real personal data.
1. Who we are
The data controller is Bragi & Co. ApS, a Danish private limited company registered in Copenhagen, Denmark. For all data protection enquiries, please contact us at contact@bragiandco.com.
If your concern relates to a potential GDPR violation, you also have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet) at datatilsynet.dk.
2. Personal data we collect
We collect personal data in the following circumstances:
- Website contact forms: When you submit a request via our website, we collect your name, work email address, company name, role, and any optional information you provide in the message field.
- Client engagements: In the course of an advisory engagement, we may process contact information, professional information, and business data relevant to the engagement.
- Website analytics: We may collect anonymised usage data (page views, session duration, referral source) to understand how the site is used. This data is not linked to identifiable individuals.
- Email correspondence: If you contact us by email, we process your email address and any information contained in the message.
We do not collect sensitive personal data (such as health data, financial data, or data relating to political opinions) through this website.
3. Legal basis for processing
We process personal data on the following legal bases under GDPR Article 6:
- Legitimate interests (Art. 6(1)(f)): Processing enquiries submitted through the contact form, responding to emails, and managing business relationships. Our legitimate interest is in operating a lawful business and communicating with prospective and current clients.
- Contractual necessity (Art. 6(1)(b)): Processing necessary to perform or prepare an engagement agreement with a client.
- Legal obligation (Art. 6(1)(c)): Where processing is required to comply with applicable law (such as invoice retention for tax purposes).
4. How we use your data
We use personal data to:
- Respond to your enquiry and assess whether a BRAGI engagement is appropriate
- Deliver advisory services and produce engagement deliverables
- Communicate with you about your engagement and provide updates
- Comply with legal and regulatory obligations
- Improve the quality of our services and website
We do not use personal data for automated decision-making or profiling. We do not sell personal data to third parties.
5. Data sharing
We do not share personal data with third parties except in the following circumstances:
- Service providers: We may use trusted third-party tools (such as email providers or scheduling software) that process personal data on our behalf as data processors. These are contractually bound to protect your data.
- Legal requirements: We may disclose personal data where required by law, court order, or regulatory authority.
- Business transfer: In the event of a merger, acquisition, or sale of the business, personal data may be transferred as part of that transaction with appropriate protections.
Where data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V.
6. Data retention
We retain personal data only as long as necessary for the purposes set out in this policy:
- Enquiry data: Retained for 12 months from the date of last contact if no engagement commences, or for the duration of an engagement plus 3 years.
- Client engagement data: Retained for 5 years following the end of an engagement to comply with legal and contractual obligations.
- Financial records: Retained for 5 years as required by Danish bookkeeping law (Bogføringsloven).
- Website analytics: Anonymised aggregate data may be retained indefinitely.
7. Your rights
Under the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at contact@bragiandco.com. We will respond within 30 days. We do not charge a fee for reasonable requests.
8. Cookies and tracking
This website may use essential cookies required for the site to function (such as session management). We do not use advertising or tracking cookies without your explicit consent.
If we introduce non-essential cookies in the future, we will update this policy and implement appropriate consent mechanisms.
9. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. These include access controls, encryption in transit, and regular review of our data handling practices.
No method of electronic transmission or storage is completely secure. If you become aware of a potential security concern, please notify us immediately at contact@bragiandco.com.
10. Children
Our services are directed at business professionals and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated to active clients. The current version is always available on this page. The effective date at the top indicates when the policy was last updated.
12. Contact and complaints
For any questions about this policy or how we handle your personal data:
- Email: contact@bragiandco.com
- Bragi & Co. ApS, Copenhagen, Denmark
If you are unsatisfied with our response, you have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet): datatilsynet.dk · +45 33 19 32 00.