Privacy policy

 

This text was last updated on 29-06-2026

Data Controller

We are the data controller for the processing of personal data that we handle about our customers and business partners. You can find our contact details below:

Nordic microbes A/S
Kochsgade 25 A
5000 Odense C
Denmark

Phone: (+45) 93 60 01 18
Email: info@nordicmicrobes.dk 
CVR no.: 42559997

It is not a requirement for our company to have an external DPO, but if you have any questions regarding the processing of your personal data, you can contact us at info@nordicmicrobes.dk.

Processing Activities

As a data controller under the GDPR, we carry out the following processing activities:

Website Visits

When you visit our website, we use cookies to ensure the website functions properly. You can read more about this in our Cookie Policy.

Communication with Potential Customers

If you have questions about our website or would like to learn more about our services, you can contact us via:

• Contact form
• Email
• Phone

Through this, we process your personal data in order to engage in dialogue with you, for example to respond to questions about our services. We only process the information you provide in connection with our communication.

We will typically process the following general information: name, email, phone number.

The legal basis for processing this personal data is article 6, stk. 1 litra f.

We delete our communication with you when it becomes clear whether you wish to use our services or not.
In special cases, it may be necessary to retain your personal data for a longer period.

Customers

We need to communicate with our customers to ensure that the service is delivered correctly. In this context, we may process information such as name, address, services, special agreements, payment details, and similar information.

The legal basis for processing this personal data is article 6, stk. 1 litra b.

Once the service has been delivered and any outstanding matters have been resolved, we will delete the personal data without undue delay.

However, this does not apply to information used for accounting purposes, which is processed in accordance with article 17, stk. 3 litra b.

Newsletter

We offer a newsletter that you can voluntarily subscribe to, and you can always unsubscribe at the bottom of the newsletter or via an unsubscribe form on our website.

The purpose of the newsletter is to send subscribers emails with new information from the company, which may include new content on the website or promotion of our services.

We will only send you emails if you have given your explicit consent. Initially, this requires you to provide your email address, after which we will send you a confirmation email so that you can verify your subscription. This ensures that you have actively subscribed and given your consent.

The legal basis for processing your personal data (i.e., your email address) in connection with the newsletter is article 6, stk. 1 litra a.

We will process your personal data as long as you remain subscribed to the newsletter. If you unsubscribe, we will stop sending it to you. If we have not sent you a newsletter for 1 year, your consent will lapse due to inactivity.

When you unsubscribe, we will retain your previous consent for 2 years after it was last used, due to limitation requirements in accordance with the Danish Consumer Ombudsman’s spam guidelines, section 11.3.

Accounting

We are required to retain all accounting records in accordance with the Danish Bookkeeping Act. This means that we store invoices and similar documents for accounting purposes. These may contain general personal data such as name, address, and service descriptions.

The legal basis for processing personal data for accounting purposes is article 6, stk. 1 litra c.

We retain this information for a minimum of 5 years after the end of the current financial year.

Job Applications

We welcome job applications in order to assess whether they match our hiring needs.

If you send us a job application, the legal basis for processing your personal data is article 6, stk. 1 litra f.

If you submit an unsolicited application, HR will immediately assess whether your application is relevant and will delete your data if there is no match.

If you apply for a posted position, we will delete your application 6 months after the recruitment process has ended if you are not hired, and shortly after the right candidate has been found. If we wish to keep your application for future positions, we will contact you and request your consent to retain your data for up to 12 months.

If you participate in a recruitment process and/or are hired, you will receive separate information about how we process your personal data in that context.

Data Processors

Few organizations can do everything themselves, and the same applies to us. We therefore work with partners and use suppliers, some of whom may act as data processors.

External suppliers may, for example, provide systems for organizing our work, services, consulting, IT hosting, or marketing.

• Brevo – Newsletter and marketing platform. See their Privacy Policy for more information.
• Mornings ApS – Website platform. See their data policy and privacy policy.

It is our responsibility to ensure that your personal data is processed properly. Therefore, we place high demands on our partners, who must guarantee that your personal data is protected.

We enter into agreements with companies (data processors) that handle personal data on our behalf to ensure a high level of security.

Disclosure of Personal Data

We do not disclose your personal data to third parties.

Profiling and Automated Decisions

We do not carry out profiling or automated decision-making.

Transfers to Third Countries

As a general rule, we use data processors within the EU/EEA or those that store data within the EU/EEA.

In some cases, this may not be possible, and data processors outside the EU/EEA may be used if they can ensure an adequate level of protection for your personal data.

Processing Security

We ensure the security of personal data processing by implementing appropriate technical and organisational measures.

We have conducted risk assessments of our processing activities and have implemented appropriate measures to enhance security, including access controls and regular security audits.

One of our most important measures is to keep our employees updated on GDPR through ongoing awareness training, GDPR courses, and by reviewing our GDPR procedures with them.

Data Subject Rights

Under the GDPR, you have a number of rights regarding our processing of your personal data.
If you wish to exercise your rights, please contact us and we will assist you.

Right of Access

You have the right to access the personal data we process about you, as well as additional information. See contact details under “Data Controller.”

Right to Rectification

You have the right to have inaccurate personal data about you corrected.

Right to Erasure

In certain cases, you have the right to have your personal data deleted before our general deletion deadline.

Right to Restriction of Processing

In certain cases, you have the right to restrict the processing of your personal data. If processing is restricted, we may only process the data — aside from storage — with your consent or for the establishment, exercise, or defense of legal claims, or to protect a person or important public interests.

Right to Object

In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You may also object to the processing of your data for direct marketing purposes. You can submit your objection using the contact details under “Data Controller.”

Right to Data Portability

In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have this data transferred from one controller to another without hindrance.

You can read more about your rights in the Danish Data Protection Agency’s guidance on data subject rights at www.datatilsynet.dk.

Withdrawal of Consent

When our processing of your personal data is based on your consent, you have the right to withdraw that consent.

Complaint to the Danish Data Protection Agency

You have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with how we process your personal data. You can find their contact details at www.datatilsynet.dk.

We generally encourage you to read more about the GDPR to stay informed about the rules.