Data Privacy Policy

How we collect, use, and protect your personal information

Last Updated: 1st January 2026

Effective Date: 1st January 2026

1. Introduction

nanonovae AS ("we", "us", "our") is committed to protecting your privacy and ensuring the security of your personal data. This privacy policy explains how we collect, use, process, and safeguard your personal information when you visit our website at nanonovae.world or use our spa analytics services.

As the data controller, nanonovae is responsible for ensuring that all personal data we collect is processed in accordance with the General Data Protection Regulation (GDPR) and Danish data protection legislation.

2. Data Controller Information

The data controller responsible for your personal data is:

3. Data We Collect

We collect and process various types of personal data depending on how you interact with our services. The data we collect includes:

3.1 Information You Provide Directly

  • Contact details (name, email address, phone number)
  • Business information (company name, industry, business size)
  • Communication preferences and consent records
  • Enquiry details and service requirements
  • Feedback and correspondence with our team

3.2 Information Collected Automatically

  • Website usage data (pages visited, time spent, click patterns)
  • Technical information (IP address, browser type, device information)
  • Cookie data and tracking preferences
  • Referral sources and marketing attribution data

3.3 Business Analytics Data

For our analytics service clients, we process business data that may include customer information, transaction records, and operational metrics as necessary to provide our analytics services.

4. How We Use Your Information

We use of your data is based on legitimate legal grounds under GDPR. We process your personal information for the following purposes:

4.1 Service Provision

  • Responding to enquiries and providing customer support
  • Delivering our analytics services and maintaining client relationships
  • Processing service requests and managing accounts
  • Providing technical support and troubleshooting

4.2 Business Operations

  • Improving our website functionality and user experience
  • Conducting business analysis and service development
  • Maintaining security and preventing fraud
  • Complying with legal obligations and regulatory requirements

4.3 Marketing and Communications

  • Sending service updates and important notifications
  • Providing industry insights and relevant content (with consent)
  • Conducting market research and customer satisfaction surveys
  • Delivering targeted marketing communications (where consented)

5. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: Where you have given explicit consent for marketing communications or cookie usage
  • Contract: To fulfil our contractual obligations in providing analytics services
  • Legitimate Interest: For business operations, security, and improving our services
  • Legal Obligation: To comply with applicable laws and regulations

6. Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about our cookie usage, please refer to our Cookie Policy.

7. Data Sharing and Third Parties

We do not sell or rent your personal data to third parties. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party providers who assist in delivering our services (cloud hosting, analytics platforms)
  • Legal Requirements: When required by law, court order, or regulatory authority
  • Business Transfers: In the event of a merger, acquisition, or sale of business assets
  • Consent: Where you have provided explicit consent for specific sharing purposes

All third-party providers are contractually bound to protect your data and use it only for specified purposes.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When such transfers occur, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognising equivalent data protection standards
  • Binding Corporate Rules for multinational service providers

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy. Our retention periods are based on:

  • Active Clients: Throughout the duration of our service relationship and for 7 years after termination for legal and tax purposes
  • Prospects and Enquiries: Up to 3 years from last contact or until you request deletion
  • Website Analytics: Up to 26 months for Google Analytics data
  • Marketing Data: Until consent is withdrawn or up to 3 years of inactivity

After the retention period expires, we securely delete or anonymise your personal data.

10. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data under certain circumstances
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for marketing purposes
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at privacy@nanonovae.world or +45 35541060.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and staff training on data protection
  • Secure hosting environments with monitoring and backup systems
  • Incident response procedures for data breaches

12. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

13. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. For significant changes, we may also provide additional notice through email or other communication channels.

14. Contact Information

If you have any questions, concerns, or requests regarding this privacy policy or our data processing practices, please contact us:

  • Privacy Officer: privacy@nanonovae.world
  • Phone: +45 35541060
  • Post: nanonovae AS, Gothersgade 111, 8080 Aarhus, Central Denmark
  • Business Hours: Monday - Friday, 10:00 - 19:00

15. Supervisory Authority

If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with the relevant supervisory authority. In Denmark, this is:

  • Danish Data Protection Agency (Datatilsynet)
  • Website: www.datatilsynet.dk
  • Email: dt@datatilsynet.dk
  • Phone: +45 33 19 32 00