Applicable to: conphora.com
This privacy policy describes how Conphora ApS (“Conphora”, “we”, “us”) processes personal data when you visit our website conphora.com, sign up for early access/waitlist, or contact us. This policy has been prepared with the aim of being audit-ready and in compliance with the General Data Protection Regulation (GDPR) and Danish data protection legislation.
1. Data Controller
Conphora ApS Address: Copenhagen, Denmark CVR: 43489968 E-mail: contact@conphora.com Phone: +45 71 74 11 12
2. What personal data do we collect?
We only process personal data that is relevant and necessary for the purposes described in section 3. Depending on your use of the site, we may process:
- Contact information (e.g. e-mail and, if you provide it yourself, name/company) when signing up for early access/waitlist.
- Content of enquiries (e.g. e-mail correspondence, information you send to us yourself).
- Technical information about your visit (e.g. IP address, device type, browser, timestamp and user behaviour), to the extent this is collected via cookies/analytics or server logs. We ask that you do not send us sensitive personal data (e.g. health information). If we receive such information inadvertently, we will seek to delete it as soon as possible.
3. Purposes, legal basis and data categories (GDPR Art. 6)
We process personal data for the following purposes: Early access/waitlist: Managing your registration and sending you information about beta, access, updates and launch. Data types: Contact information, company information where applicable, metadata. Legal basis: Consent (GDPR Art. 6(1)(a)) and/or legitimate interest (GDPR Art. 6(1)(f)). Contact and support: Responding to your enquiry and following up. Data types: Contact information and content of enquiry. Legal basis: Contract/pre-contractual measures (GDPR Art. 6(1)(b)) or legitimate interest (GDPR Art. 6(1)(f)). Website operation and security: Operation, troubleshooting, security, prevention of misuse and improvement of the website. Data types: Technical information (e.g. IP address, log data). Legal basis: Legitimate interest (GDPR Art. 6(1)(f)). Statistics and performance (cookies/analytics): Understanding traffic and use of the website and improving content (only if analytics cookies are enabled/selected). Data types: Cookies/online identifiers and usage data. Legal basis: Consent for non-essential cookies (GDPR Art. 6(1)(a)) and legitimate interest for essential cookies (GDPR Art. 6(1)(f)).
4. Data processors and sharing
We do not sell your personal data. We may share data with trusted vendors (data processors) who process data on our behalf and under our instructions. We enter into data processing agreements where required. Known data processors in relation to conphora.com: Vercel Inc. (website hosting and edge network). Vercel hosts our static website and may process technical information (IP addresses, request metadata) as part of delivering the website. Vercel is subject to their Data Processing Addendum (DPA) and processes data on our behalf. If we add additional services (e.g. analytics or form handling), this list will be updated. If you click on external links (e.g. to LinkedIn), you leave our website. The relevant third party is an independent data controller for its own processing.
5. Transfers to countries outside the EU/EEA
Vercel Inc. is based in the USA. Transfers to the USA are made on the basis of the European Commission’s Standard Contractual Clauses (SCC) and the EU-U.S. Data Privacy Framework, under which Vercel is certified. If we use other vendors outside the EU/EEA, we ensure an equivalent lawful transfer mechanism.
6. Retention and deletion
We retain personal data for as long as necessary for the purpose and in accordance with applicable legislation. Indicative retention periods:
- Early access/waitlist: until launch/early access has been handled, or until you unsubscribe/withdraw your consent. Thereafter, the data will be deleted or anonymised within a reasonable period.
- Enquiries: typically 12–24 months after the conclusion of the dialogue, unless there is a legitimate need for longer retention (e.g. documentation).
- Security and server logs: typically retained for a shorter period (weeks/months) for operational and security purposes.
7. Cookies and similar technologies
conphora.com is a static website hosted on Vercel. By default, the website only sets technically necessary cookies (e.g. for security and basic functionality). We do not currently use third-party analytics cookies. If we add analytics or marketing cookies in the future, these will only be activated after your active consent via a cookie banner. You can manage cookies at any time through your browser settings.
8. Your rights
Under the GDPR, you have the following rights (subject to the limitations provided by law):
- Right of access to the personal data we process about you.
- Right to rectification of inaccurate or incomplete data.
- Right to erasure (“the right to be forgotten”).
- Right to restriction of processing.
- Right to data portability (where applicable).
- Right to object to processing based on legitimate interest.
- Right to withdraw consent (if processing is based on consent). Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal. You can exercise your rights by contacting us at contact@conphora.com. We may request additional information to verify your identity.
9. Complaint to the Danish Data Protection Agency
If you wish to lodge a complaint about our processing of your personal data, you can contact the Danish Data Protection Agency (Datatilsynet): www.datatilsynet.dk
10. Security
We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, loss, misuse or alteration. Access to data is restricted to relevant persons and vendors.
11. Changes to this privacy policy
We may update this privacy policy from time to time. The latest version will always be available on conphora.com with an updated date.