Privacy Policy
1. Full Overview
PRIVACY POLICY
Effective Date: [09-10-25] Version: 1.0
1. BACKGROUND
This policy sets out the basis on which we (Cernel ApS, CVR 44052857)collect and process personal data, in accordance with the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. This policy applies to all visitors to our website, clients, and individuals interacting with our services, regardless of citizenship or residence, to the extent applicable under relevant data protection law.
For the purpose of the EU General Data Protection Regulation 2016/679 (GDPR), the controller of your data is Cernel, incorporated and registered in Denmark with CVR 44052857 whose office is at Inge Lehmanns Gade 10, 6, Denmark
All personal data will be held and processed in accordance with applicable data protection and privacy law, including the GDPR and the Danish Data Protection Act
2. Your information
We may collect and process the following data about you:
Information you give us.: You may give us information about you by filling in forms on our website or by corresponding with us by phone, social media or email. This includes information you provide when you register to use our site, onboard as a client to our services, provide any information to our site, make an enquiry, provide feedback, correspondence with us, and when you report a problem with our site.
The information you give us may include your name; address; e-mail address; social media, phone number; billing information; personal identification (such as passports, driving licenses and other information required for us to carry out client background checks); date of birth; country of residence; photographs; organisation details (if relevant); or other personally identifiable information in documents that you send us.
Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
information about your visit, including the full URL clickstream to, through and from our site (including date and time); pages you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page; internet protocol (IP) address, your location data, login data, browser type and version, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
Information we receive from other sources. We also work with third parties (including, for example, clients, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers,) and may receive information about you from them.
We do not collect special categories of personal data (Article 9 GDPR) unless strictly required by law (e.g. for identity verification). In such cases, we rely on legal obligations as the lawful basis.
3. Cookies
Our website uses cookies to distinguish you from other users. We use essential cookies (strictly necessary for the functioning of the website) and non-essential cookies (such as marketing and analytics cookies) to improve your experience.
When you visit our site, a cookie consent banner allows you to accept, reject, or manage non-essential cookies. We will only set marketing and analytics cookies if you provide consent. You may withdraw consent at any time by adjusting your cookie preferences through the banner or your browser settings.
For detailed information about the types of cookies we use, their purposes, and retention periods, please see our [Cookie Policy] or the cookie consent panel on our website.
4. Uses made of the Information
We process your personal data only where we have a lawful basis to do so, including contract performance, legal obligations, legitimate interests, and—where applicable—your consent.We use information held about you in the following ways:
Information you give to us. We will use this information:
• to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
• to perform anonymised analytics on our clients and community members to ensure we are providing the best possible client service;
• to aggregate (in an anonymised form) for drawing conclusions about our services and relevant industry trends including those relating to ESG reporting and other impact measurements;
• to provide you with information about other services we offer that are similar to those that you have already purchased;
• to collect feedback from people and businesses and for staff training purposes;
• to provide you with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means information about services similar to those which were the subject of a previous sale to you, and you will be given an option to unsubscribe with each communication. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data;
• to notify you about changes to our service;
• to ensure that content from our site is presented in the most effective manner for you and for your computer; and
• for any purposes required by law such as for tax, legal, reporting and auditing obligations.
Information we collect about you. We will use this information:
• to administer our site, services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• to improve our site and services to ensure that content is presented in the most effective manner for you and for your computer;
• to allow you to participate in interactive features of our service, when you choose to do so;
• as part of our efforts to keep our site safe and secure;
• to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
• to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
• Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).
We do not carry out any automated decision-making or profiling under Article 22 GDPR.
5. The Legal Basis for Processing your Information (for the UK and the EEA)
In accordance with GDPR, the main grounds that we rely upon in order to process your information are as follows:
• Necessary for entering into or performing a contract. In order to perform obligations which arise under any contract we have entered into with you, it will be necessary for us to process your information.
• Necessary for compliance with a legal obligation. We are subject to certain legal requirements which may require us to process your information. We may also be obliged by law to disclose your information to a regulatory body or law enforcement agency.
• Necessary for the purposes of legitimate interests. Either we or a third party will need to process your information for the purposes of our (or a third party’s) legitimate interests, provided that we have established that those interests are not overridden by your rights and freedoms (including your right to have your information protected). Our legitimate interests include responding to requests and enquiries from you or a third party, optimising our website and user experience, informing you about our services and ensuring that our operations are conducted in an appropriate and efficient manner.
• Consent. In some circumstances, we may ask for your consent to process your information in a particular way.
Where we rely on legitimate interests, these include operating and improving our website and services, responding to your enquiries, ensuring network security, and providing information about our services in a way that does not override your rights and freedoms.
6. Your Rights (for the UK and EEA)
You have certain rights in relation to the personal data that we hold about you. Details of these rights and how to exercise them are set out below. Please note we will require evidence of your identity before we are able to respond to your request.
• Right of Access. You have the right at any time to ask us for a copy of the personal information that we hold about you and to check that we are lawfully processing it. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
• Right of Correction or Completion. If personal information we hold about you is not accurate or is out of date and requires amendment or correction you have a right to have the data rectified or completed.
• Right of Erasure. In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.
• Right to Object to or Restrict Processing. In certain circumstances, you have the right to object to our processing of your personal information. For example, if we are processing your information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information and during the period where we are verifying its accuracy.
• Right of Data Portability. In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format.
• In such circumstances, you can ask us to transmit that information to you or directly to a third party organisation.
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems. We are also unable to comply with requests that relate to personal information of others without their consent.
You can exercise any of these rights at any time by contacting us using the details in the ‘Contact’ section below. We will respond to rights requests without undue delay and in any event within one month of receipt, in accordance with Article 12(3) GDPR. This may be extended by two further months where necessary, taking into account the complexity and number of requests.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliate such as our Facebook, Twitter, Instagram, LinkedIn or other social media pages. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
7. Right to Withdraw Consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. You can do this by contacting us using the details in the ‘Contact’ section below.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
8. How we process your information
Disclosure of your Information
We may share your personal information with any member of our group from time to time, which means our subsidiaries, our ultimate holding company and its subsidiaries as defined in the Danish Companies Act.
We may share your information with selected third parties including:
• Business partners, suppliers, regulatory bodies, membership organisations and sub-contractors for the performance of any contract we enter into with them or you.
• Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others.
• Analytics and search engine providers that assist us in the improvement and optimisation of our site.
• Credit reference agencies or background checking service providers for the purpose of assessing your credit score where this is a condition of us entering a contract with you.
• Should it be reasonably necessary, professional advisors including debt recovery organisations.
• In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
• If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about iourcustomers will be one of the transferred assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use (as set out on our site) or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Our website may include links to third-party websites, such as Stripe or our Facebook, Twitter, Instagram and/or LinkedIn social media pages. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. You should read any policies and other statements on such websites carefully.
9. Storage and security
The data that we collect about you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your services, the processing of your payment details and the provision of support services. By submitting or otherwise providing your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
To the extent that any of your data is provided to third parties outside the EEA, or accessed by third parties from outside the EEA, we will ensure that appropriate safeguards are in place in accordance with the GDPR (such as the European Commission’s standard contractual clauses).
Unfortunately, the transmission of information via the internet is not completely secure.
Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We implement appropriate technical and organisational measures (TOMs) to protect your data
against unauthorised access, alteration, disclosure or destruction. These include access controls, encryption, secure backups, and internal policies. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with Articles 33–34 GDPR
10. How Long we Hold your Information
We will only retain your information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. The criteria that we use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept, the sensitivity of the data and the potential risk of harm from unauthorised use or disclosure.
In general, we retain personal data for up to 5 years after the end of our relationship with you, unless a longer retention period is required by law (e.g. for accounting or legal obligations). Once data is no longer needed, it will be securely deleted or anonymised
11. Complaints
If you are unhappy about our use of your information, you can contact us using the details in the Contact section below. You are also entitled to lodge a complaint with the Danish Data Protection Agency (www.datatilsynet.dk).
If you live or work outside of Denmark or you have a complaint concerning our activities outside of Denmark, you may prefer to lodge a complaint with a different supervisory authority. A list of relevant authorities in the EEA can be accessed here (http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm).
12. Changes to our Privacy Policy
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy. If we make material changes to this policy, we will notify you by email (where possible) or through a prominent notice on our website, in addition to updating the “Effective Date” above
13. Contact
If you have any questions about how we collect, store or use your information, please contact us at mv@cernel.ai