Privacy Policy

Privacy policy

14 March 2024 / version 2.0

1. Why did we create this privacy policy?

Advice gives high priority to confidentiality and data security. This privacy policy applies to our processing of personal data as data controller and establishes guidelines for the way Advice processes your personal data.

This privacy policy provides you with the information that you are entitled to receive under applicable data protection laws

You should read the privacy policy before you hand over your personal data to Advice.

2. Data controllers and contact information

Advice in Denmark is made up by two companies. Which Advice company that will be the data controller of your personal data pursuant to this privacy policy depends on which Advice company you or your company has or is entering into agreement with, has contacted or in any way has interacted with (e.g., when signing up for the newsletter or when visiting our two different websites).

Bearing this in mind, the data controller of your personal data is (hereafter each Advice data controller will be individually referred to as “Advice” "we", "us" or "our"):

Advice Ledelses- & Kommunikationsrådgivning A/S

CVR no.: 20 21 22 09
Gammel Kongevej 3E, 4.
1610 Copenhagen V
+45 33 42 21 00
connect@adviceas.dk

Forte Advice ApS

CVR no.: 43 51 38 93
Gammel Kongevej 3E, 4.
1610 Copenhagen V
+45 33 42 21 00
connect@forteadvice.com

3. Data controller or data processor

Advice acts as data controller for your personal data pursuant to this privacy policy.

For the purpose of providing services to our customers, Advice also acts as a data processor. The scope of the data processing activities Advice will carry out as data processor is described in the data processing agreement entered into between the customer as data controller and Advice as data processor. The data processing agreement is based on the standard data processing agreement from the Danish Data Protection Agency.

Both Advice Ledelses- & Kommunikationsrådgivning A/S and Forte Advice ApS will act as separate data processors on behalf of the customer acting as data controller. The reason for this is that both employees from Advice Ledelses- & Kommunikationsrådgivning A/S and Forte Advice ApS in most projects will assist with providing the required services in accordance with the main agreement entered into between Advice and the customer.

4. From where do we collect personal data about you?

Advice may potentially collect and process personal data about you from the following sources:

  • Directly from you.
  • From your device through your actions.
  • From your employer if you are an employee of our customer, business partners or suppliers.
  • From public websites when we are creating a database for relevant contact persons in relation to future lectures, conferences, and other events.

5. Purpose, types of personal data, legal basis, and deletion

Advice’s processing of personal data will depend on the customer agreement, your interaction, consents given, and behaviour. Therefore, you should start by reading the column "Which persons are covered?" to clarify whether the processing activity, the purposes in question, types of personal data, legal bases and deletion deadlines are relevant to you:

5.1. Cookies, pixels, and social plug-ins.

Processing activity

Cookies, pixels, and social plug-ins.

Which persons are covered?

Website visitors who have provided consent via the cookie banner.

For what purposes is the personal data used?

Marketing, statistics, preferences, and providing functions. You can read more about the purposes via the cookie banner.

What types of personal data are used?

User ID, geographical location, interests, IP address, operating system, browser type, device type, behaviour on the website, MAC address, click behaviour, interaction with ads, and search history.

What is the legal basis for the processing?

The processing of personal data in relation to necessary cookies takes place based on a contract to be able to use the functions of the website (Article 6(1)(b) of the GDPR). The processing of personal data in relation to statistical and preference cookies takes place as a result of our legitimate interest in offering you the best possible products and services (Article 6(1)(f) of the GDPR). The processing of personal data in relation to marketing cookies, including based on your preferences, takes place on the basis of your prior consent (Article 6(1)(a) of the GDPR). In addition, we always obtain a valid cookie consent in accordance with the Executive Order on Cookies before cookies are placed via your terminal equipment.

When will the personal data be deleted?

See the cookie banner where the deletion periods (expiration periods) are indicated. You can open the cookie banner by clicking on the icon left on the website.

5.2. Customer agreements

Processing activity

Customer agreements.

Which persons are covered?

Employees of customers.

For what purposes is the personal data used?

Enter into customer agreements and complying with customer agreements.

What types of personal data are used?

Name, e-mail, phone number, work address, position, role services your company has purchased and signature.

What is the legal basis for the processing?

Enter into a contract and complying with the contract (Article 6(1)(b) of the GDPR). Legitimate interest in being able to comply with the contract entered into with your employer (Article 6(1)(f) of the GDPR).

When will the personal data be deleted?

5 years from last contact.

5.3. Newsletter

Processing activity

Newsletter.

Which persons are covered?

Persons who have consented to receive newsletters.

For what purposes is the personal data used?

Send marketing as further described in the consent.

What types of personal data are used?

Email, name, role, and place of employment.

What is the legal basis for the processing?

Consent (Article 6(1)(a) of the GDPR).

When will the personal data be deleted?

2 years after withdrawal of consent.

5.4. Phone marketing

Processing activity

Phone marketing.

Which persons are covered?

Contact persons of potential customers.

For what purposes is the personal data used?

Marketing og Advice’s services.

What types of personal data are used?

Name, position, phone number and profession.

What is the legal basis for the processing?

Legitimate interest in being able to sell our services (Article 6(1)(f) of the GDPR).

When will the personal data be deleted?

2 years from last contact.

5.5. Profiling for marketing purposes

Processing activity

Profiling for marketing purposes.

Which persons are covered?

Persons who have consented to receive newsletters.

For what purposes is the personal data used?

Targeted advertising, including by sending personalised emails and newsletters.

What types of personal data are used?

Email, name, click behaviour in relation to forwarding material, and preferences.

What is the legal basis for the processing?

Legitimate interests in being able to improve and develop our services (Article 6(1)(f) of the GDPR).

When will the personal data be deleted?

As long as your consent to receive newsletters is active.

5.6. Christmas cards

Processing activity

Christmas cards.

Which persons are covered?

Employees of customers.

For what purposes is the personal data used?

Forwarding a Christmas card

What types of personal data are used?

E-mail and position.

What is the legal basis for the processing?

Legitimate interests in being able to maintain a great relationship with our customers (Article 6(1)(f) of the GDPR).

When will the personal data be deleted?

End of customer relationship.

5.7. Customer service and general communication

Processing activity

Customer service and general communication.

Which persons are covered?

People who contact customer service or otherwise communicate with us.

For what purposes is the personal data used?

Handling your inquiry and possibly your agreement, observing your rights, general communication as well as statistics and analysis.

What types of personal data are used?

E-mail, name, telephone number, what your inquiry relates to, date of inquiry and other information you provide.

What is the legal basis for the processing?

We may process your personal data based on our legitimate interests in handling your inquiry, communicating with you, and developing our products and services (Article 6(1)(f) of the GDPR). If your inquiry concerns a (potential) conclusion of a contract, we process your data to be able to carry out pre-contractual measures (Article 6(1)(b) of the GDPR).

When will the personal data be deleted?

General inquiries and cases are generally stored for 2 years, but the storage time may vary depending on the content of the cases.

5.8. Film production

Processing activity

Film production.

Which persons are covered?

Models and extras. Potentially also parent or guardian of persons under the age of 13.

For what purposes is the personal data used?

Use models and extras in film production. Pay the agreed fee.

What types of personal data are used?

Name, address, e-mail, phone number, pictures, and videos as well as social registration number in some cases. If the model is under 13, the social registration number and contact details regarding parent and guardian will be obtained. Approval from the police will also be obtained.

What is the legal basis for the processing?

A model contract (Article 6(1)(b) of the GDPR) or a consent (Article 6(1)(a). Social registration number for the purpose of tax purposes will be processed based on section 11 (2) (1) of the Danish Data Protection Act. Further personal data regarding a model under 13 years of age will be processed based on a legal obligation (Article 6(1)(c) of the GDPR) and section 11 (2) (1) of the Danish Data Protection Act cf. executive order regarding children’s work).

When will the personal data be deleted?

3 months after the end of the project.

5.9. Market research and surveys

Processing activity

Market research and surveys using Norstat and Epinion (Advice’s own license)

Which persons are covered?

Participants.

For what purposes is the personal data used?

Analysis, interviews and focus groups/workshops. Conducting interviews, user tests, focus groups/workshops, where participants talk about their needs, behavior and wishes and possibly try out digital solutions.

What types of personal data are used?

Name, contact information and statements regarding the survey. In some cases, sensitive personal data and social registration numbers may be processed. This is only the case if it is relevant for the survey.

What is the legal basis for the processing?

Consent (Article 6(1)(a) og the GDPR, Article 9(2)(a) of the GDPR and section 11 (2) (2) of the Danish Data Protection Act.

When will the personal data be deleted?

6 months after the end of the project.

5.10. Organising events and webinars

Processing activity

Organising events, webinar and creating a database with relevant contacts for future lectures, conferences and other events.

Which persons are covered?

Participants in events, and webinars as well as relevant stakeholders on public websites

For what purposes is the personal data used?

Registration, administration, and phone marketing after end of event or webinar. Asking stakeholder to participate in an event.

What types of personal data are used?

Contact information, role, position, and information about participation in the event or webinar.

What is the legal basis for the processing?

Enter into an agreement regarding participating in the webinar, event or conference etc. (Article 6(1)(b) of the GDPR). Legitimate interest in being able to contact persons through phone for marketing purposes and for collaboration purposes (Article 6(1)(f) of the GDPR).

When will the personal data be deleted?

5 years from last used.

5.11. Use of images and videos

Processing activity

Use of images and videos for own marketing.

Which persons are covered?

Models and employees of customers.

For what purposes is the personal data used?

Marketing.

What types of personal data are used?

Photos/videos and contact information. Your signature and copy of contract.

What is the legal basis for the processing?

Article 6(1)(a) of the GDPR (consent) or Article 6(1)(b) of the GDPR (contract).

When will the personal data be deleted?

When consent is revoked or when the contract expires.

5.12. Legal claims and lawsuits

Processing activity

Legal claims and lawsuits

Which persons are covered?

Employees of customers and suppliers.

For what purposes is the personal data used?

Defend, exercise, and establish legal claims.

What types of personal data are used?

Description of the claim and contact details.

What is the legal basis for the processing?

Legitimate interest in establishing, defending, and asserting legal claims, (Article 6(1)(f) of the GDPR).

When will the personal data be deleted?

When the lawsuit is finished or same retention periods as stated above.

5.13. Satisfaction surveys and market research

Processing activity

Send satisfaction surveys and market research and generally improve our products and services.

Which persons are covered?

Employees of customers who have purchased services from us.

For what purposes is the personal data used?

Improve our products and services and marketing. In addition, to generally ensure customer satisfaction.

What types of personal data are used?

Contact information and position.

What is the legal basis for the processing?

We base the processing of your personal data on our legitimate interest in being able to keep statistics and analysis to develop and improve our products and services and to contact you if your response indicates that you have had a bad experience with us. Participation in the survey is voluntary (Article 6(1)(f) of the GDPR).

When will the personal data be deleted?

5 years after end of contract.

5.14. The Danish Consolidated Bookkeeping Act

Processing activity

Comply with the Danish Consolidated Bookkeeping Act.

Which persons are covered?

Contact persons of customers.

For what purposes is the personal data used?

Ensure documentation of the costumer contract in accordance with The Danish Consolidated Bookkeeping Act.

What types of personal data are used?

Transaction Information.

What is the legal basis for the processing?

Legal obligation cf. the Danish Consolidated Bookkeeping Act (Article 6(1)(c) of the GDPR).

When will the personal data be deleted?

Accounting material, including personal data, which we are obliged to store in accordance with the Danish Consolidated Bookkeeping Act, is stored for up to 6 years.

5.15. Cooperation with companies

Processing activity

Cooperation with companies.

Which persons are covered?

Suppliers and partners.

For what purposes is the personal data used?

General planning, fulfilment, and administration of collaborations, including contracts. Administration such as processing payments, evaluating credit ratings, accounting, auditing, as well as providing support. Product and service development. Statistics and analysis. Conflict management.

What types of personal data are used?

Name, email address, telephone number and corresponding contact details. Individual information, such as preferred languages Organizational information such as company name and address, job title, area of employment, primary place and country of work. Contractual information such as orders, invoices, contracts, and other agreements between your company that may include, for example, your contact information. Financial information, such as payment terms, bank details and credit ratings (in the case of a sole proprietorship).

What is the legal basis for the processing?

In certain cases, the processing of your personal data is necessary for the performance of a contract (Article 6(1)(b) of the GDPR). We may process your personal data on the basis of our legitimate interests in, for example, managing day-to-day operations in accordance with lawful and fair business practices, including planning, executing and administering the cooperation or our legitimate interest in, for example, carrying out credit ratings, statistics, analyses, marketing activities (where consent is not required), providing support, improvement and development of our products and services. The processing may also be necessary for our legitimate interest in preventing fraud or establishing, defending, or asserting legal claims (Article 6(1)(f) of the GDPR). The processing of your personal data will in some cases be necessary for compliance with legal obligations, such as our obligation to prevent illegal activities (Article 6(1)(c) of the GDPR).

When will the personal data be deleted?

3 years after last contact.

6. To whom do we transfer your personal data?

In some special cases, we transfer your personal data to independent data controllers. In the following table, we have listed the categories of these third parties, what personal data may be transferred about you to the third parties and the legal basis for the transfer.

We note that your personal data may also be transferred with your prior consent, including to third parties, via the cookie consent.

6.1. Lawyers, insurance companies, authorities, police, and courts.

Categories of recipients

Lawyers, insurance companies, authorities, police, and courts.

Types of personal data

Relevant information in relation to a specific dispute.

Legal basis

Article 6(1)(f) of the GDPR (legitimate interest).

6.2. Customers

Categories of recipients

Customers

Types of personal data

Film production material will be transferred to customers which will process the material as a separate data controller.

Legal basis

Article 6(1)(b) of the GDPR (contract).

6.3. Payment acquirers

Categories of recipients

Payment acquirers

Types of personal data

Payment and card information.

Legal basis

Article 6(1)(b) of the GDPR (contract).

6.4. The Danish Customs and Tax Administration

Categories of recipients

The Danish Customs and Tax Administration

Types of personal data

Payment and social registration number regarding models in film production.

Legal basis

Article 6(1)(c) of the GDPR and section 11 (2) (1) of the Danish Data Protection Act (legal obligations)

7. To whom do we entrust your personal data?

Suppliers (third parties) may have access to your personal data based on a contractual relationship with Advice when providing relevant services to Advice, such as hosting providers, providers of conducting satisfaction surveys, providers of sending newsletters, group companies assisting with IT support, providers of placing cookies and for marketing in general. Such suppliers (data processors) will only process personal data based on a data processing agreement and in accordance with our instructions.

8. Do we transfer your personal data to unsafe third countries?

If your personal data is transferred to data processors or data controllers established in countries outside the EU/EEA that do not have an adequate level of protection, such transfer will only take place when a transfer is based on the EU Commission's Standard Contractual Clauses. Transfer of personal data to the USA may also take place based on the EU-US Data Privacy Framework. If you have any questions about the basis for transfers to countries outside the EU/EEA, please contact us.

9. If you visit our profiles otherwise social media pages

This section contains the policy for Advice’s processing of personal data collected through Advice’s profiles or social media pages.

Advice Ledelses- & Kommunikationsrådgivning A/S has profiles or pages on the following social media:

  • Facebook (Meta Platforms Ireland Ltd.)
    • Facebook's privacy policy is available here
    • Meta and Advice are joint data controllers of Facebook pixels, which you can accept via cookies as further described above. Meta's privacy policy and the information in this section also apply to Facebook pixels, except for the information relating solely to our profile on Facebook.
  • YouTube (Google Ireland Ltd.)
    • Google's privacy policy is available here
  • LinkedIn (LinkedIn Ireland Unlimited Company)
    • LinkedIn's privacy policy is available here
  • X (X Corp (X))
    • X’ privacy policy is available here
  • Instagram (Meta Platforms Ireland Ltd.)
    • Instagram's privacy policy is available here

Forte Advice ApS has a profile on the following social media:

  • LinkedIn (LinkedIn Ireland Unlimited Company)
    • LinkedIn's privacy policy is available here

For LinkedIn, Facebook, and Instagram, Advice together with the social media providers are joint data controllers for the processing of personal data collected in connection with your interactions with the profiles, including the profiles' postings.

Advice and the providers of LinkedIn, Facebook, and Instagram have entered into an agreement on the distribution of the data protection tasks. According to these agreements, Advice and the social media providers are each responsible for the tasks associated with the processing they each undertake. However, it has been agreed between Advice and the provider of Facebook and Instagram that the provider is responsible for enabling you to exercise your rights as described in the 'Your rights' section below in connection with the use of Facebook and Instagram, and that it is Advice that is responsible for providing you with the information described below. In addition, it is agreed between Advice and LinkedIn that LinkedIn is responsible for responding to requests from you regarding the rights described in the 'Your Rights' section below.

Advice also uses the provider of YouTube as a data processor in connection with these entities' use of YouTube and in this connection also shares certain information about your interactions, interests, etc. with YouTube. This sharing takes place based on our and Google's legitimate interest in optimizing marketing and the service, including our videos on YouTube (Article 6(1)(f) of the GDPR).

Collection of personal data

When you visit or interact with our social media profiles, Advice and the social media provider in question may collect, process and store the following types of personal data about you:

  • Information available on your profile, including your name, gender, marital status, workplace, interests, photo and city
  • Whether you "like" or have used other reactions to our profile
  • Comments you leave on our posts
  • That you have visited our profile
  • Your IP address

Purposes of processing

Advice’s processes your personal data for the following purposes:

  • Improving our products and services, including our social media profiles and pages
  • Statistics and analysis
  • To communicate with you if you comment on a post, leave a review or send us a message
  • Marketing in general

The social media providers process, among other things, your personal data for the following purposes:

  • Improving their ad system
  • To provide Advice with statistics that social media providers compile on the basis of, among other things, your visit to our profiles and pages
  • Advertising and personalization of activities on the Site

Basis for processing

The processing of your personal data is based on the following basis:

  • Legitimate interests: Advice’s the processing of your personal data is based on our legitimate interests in being able to communicate with and market ourselves to you on our social media profiles, as well as our legitimate interest in improving our products and services (Article 6(1)(f) of the GDPR)

Storage period

Your personal data will be stored for 2 years. However, the information may be stored longer in anonymized form.

Please refer to the privacy policy of the individual social media providers for information on how long they keep your personal data.

Who do social media providers share your personal data with?

The social media providers may, among other things, share your personal data with the following categories of recipients:

  • Other entities within the group of which the social media provider is part of
  • External partners providing analysis and survey services
  • Advertisers
  • Other individuals who visit our social media profile or page (to the extent your information is publicly available)
  • Researchers and other academics

You can find more information about who the social media providers share your personal data within the privacy policy of the individual providers.

The social media providers may transfer your personal data to recipients outside the EU/EEA in accordance with applicable data protection legislation. You can read more in the privacy policies of the individual providers.

You can read more about who Advice shares your personal data within the sections above titled "To whom do we disclose your personal data?" and "To whom do we entrust your personal data?". 

10. What rights do you have?

General rights
When Advice processes personal data about you as stated above, you have several rights under applicable data protection legislation:

  1. You have the right to access the personal data we process about you
  2. You have the right to object to our collection and further processing of your personal data
  3. You have the right to rectification and erasure of your personal data, however, with certain statutory exceptions, including the Danish Consolidated Bookkeeping Act
  4. You have the right to request the restriction of the processing of your personal data
  5. In certain circumstances, you can request to receive a copy of your personal data as well as to transmit the personal data you have provided to us to another data controller (data portability)
  6. You can withdraw any consents you may have given at any time. We will then delete your personal data unless we can continue processing on other grounds. Our newsletter can be unsubscribed by clicking on the link at the bottom of the newsletter. Withdrawal of consent will have effect on the future processing of your personal data. Withdrawal of your consent does not affect the lawfulness of the processing we carried out based on the consent before the withdrawal.

Right to object
You always have the right to object to the collection and further processing of your personal data, including the right to object to our processing based on the balancing of interests rule pursuant to Article 6(1)(f) of the GDPR. This applies, among other things, when we process your information for marketing purposes.

11. Do you have questions and do you want to exercise your rights?

If you have any questions about this privacy policy or if you wish to complain about the way we process your personal data, please feel free to contact us as stated in section 2 above.

If your complaint is not resolved by us and you want to proceed with the case, you can complain to the Danish Data Protection Agency:

The Danish Data Protection Agency
Carl Jacobsens Vej 35
DK-2500 Valby
Phone: 33 19 32 00
Email: dt@datatilsynet.dk

12. Links to other websites

Our websites may contain links to other websites. We are not responsible for the content of other websites (third party websites) or for the procedures such third parties have for collecting and processing personal data. When you visit a third-party website, you should read the website owner's privacy policy and other relevant policies.

13. Changes to the privacy policy

This privacy policy does not constitute an agreement between Advice and you, but instead forms the basis of our duty of disclosure under data protection legislation. We reserve the right to make changes to this privacy policy from time to time in accordance with applicable data protection laws. In case of changes, the date and version number at the top of the privacy policy will be changed. The privacy policy in force at any time will always be available via Privacy Policy. In case of material changes to the privacy policy, you will receive an email or other notification with reference to the updated privacy policy.