Privacy Policy

Depending on how you engage with Northbased, use our website or Client Portal, or receive our Services, we may collect and process personal data about you, including:

• Name and contact details, such as your phone number and email address.
• Contact and communication preferences.
• Authentication data, login credentials, and related security information.
• Billing details and payment information where required for invoicing and payment administration.

We do not intentionally collect or process special categories of personal data, such as information concerning your health, racial or ethnic origin, political opinions, or religious beliefs.

You are responsible for ensuring that any personal data you provide to us is accurate, complete, and kept up to date.

We process your personal data only for specified, explicit, and legitimate purposes. Depending on the circumstances, we rely on one or more of the following legal bases under the GDPR:

• Performance of a contract: where processing is necessary to provide the Services you request, manage projects, issue invoices, or provide support, including steps taken before entering into a contract with you.
• Compliance with legal obligations: where we must retain records, satisfy accounting or tax requirements, or respond to lawful requests from public authorities.
• Legitimate interests: where processing is necessary for fraud prevention, network and information security, service improvement, or the marketing of similar services where permitted by law. You may object to such processing at any time where the law gives you that right.
• Consent: where your explicit consent is required, for example for non-essential marketing communications. If you give consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

When you use our website or Client Portal, we may use cookies and similar technologies to enable core functionality, remember your preferences, and analyse usage patterns so that we can improve our services.

For further information about the cookies we use and the options available to you for managing them, please refer to our separate Cookie Policy.

Subject to applicable law, you have the following rights in relation to your personal data:

• Right of access to the personal data we hold about you.
• Right to rectification of inaccurate or incomplete data.
• Right to erasure, sometimes referred to as the “right to be forgotten”.
• Right to restriction of processing.
• Right to object to processing, including direct marketing.
• Right to data portability.
• If you are a California resident and applicable law applies to you, you may also have rights to know, delete, opt out of sale or sharing, and receive equal service without discrimination.

These rights are not absolute and may be limited by legal exceptions, including where we must retain data to comply with our legal obligations.

If you wish to exercise any of your rights, please contact us at legal@northbased.net.

We will respond to verifiable requests without undue delay and, in the ordinary course, within one month. Where permitted by law, that period may be extended by up to two additional months if your request is particularly complex or involves multiple requests.

If you act through an authorised agent, we may ask you to provide written evidence of that authorisation before we process the request.

We retain your personal data only for as long as necessary to fulfil the purposes described in this Policy, or for as long as we are required to do so under applicable law.

For example, certain financial and accounting records must typically be retained for five years under applicable Danish retention rules. When your personal data is no longer required, we will delete, destroy, or irreversibly anonymise it in a secure manner.

If we transfer your personal data outside the EEA, we currently do so only in limited cases involving service providers in the United States.

In such cases, we rely on the EU-U.S. Data Privacy Framework and use service providers that are certified under that framework for the relevant processing activities. Where required, we may also implement supplementary contractual, organisational, and technical safeguards to protect your personal data.

Our website or Client Portal may contain links to third-party websites or services that are not operated by Northbased.

If you follow those links, you do so at your own discretion. We are not responsible for the privacy practices, content, or security of third-party websites, and you should review their privacy notices directly before providing them with your personal data.

Our website and Services are not directed to individuals under 16 years of age, and you must not use them on behalf of a child without a lawful basis and proper authority.

We do not knowingly collect personal data from children. If you believe that a child has provided personal data to us, please contact us immediately so that we can investigate and, where appropriate, delete the data without delay.

If you have any questions about this Privacy Policy, our data practices, or the way in which we process your personal data, please contact us at legal@northbased.net.

You also have the right to lodge a complaint with the supervisory authority in your country or with the Danish Data Protection Authority (Datatilsynet). Further information is available at www.datatilsynet.dk/english.

If you use our Client Portal or receive our Services, we must process certain personal data about you in order to perform our contractual obligations and deliver the services you have requested.

That processing may include account administration, authentication, project coordination, communications, support, invoicing, and related operational activities that are necessary for the proper provision of our Services.