Privacy Policy

Privacy Policy

for Sensade ApS

1. Introduction

This privacy and GDPR policy describes how Sensade ApS (“we”, “us”, “our”) processes personal data.

The purpose is to ensure full compliance with the General Data Protection Regulation (GDPR) and the Danish Data Protection Act, and to provide you — as a user, customer, partner, or applicant — with a clear and transparent overview of how we handle your data. As a general principle, we do not collect sensitive personal data, and our solutions are designed to work primarily with anonymised, aggregated, or technical data wherever possible.

This policy also describes how we handle personal data in the exceptional cases where we may receive or process information of a more sensitive nature.

2. Data Controller

Sensade ApS 

Ølgodvej 3 

9220 Aalborg Øst 

Denmark 

CVR no.: 38847937 

Email: Contact@sensade.com

We are the data controller for the personal data we process about users, customers, partners, and applicants.

3. Types of Data We Process

We primarily process ordinary personal data, such as:

  • Name
  • Email address
  • Phone number
  • Address (e.g. for billing purposes)
  • Information related to the service we provide

We do not process sensitive data (e.g. health information, biometric data, political opinions, etc.).

In our technical solutions, we also process:

  • Technical and operational data
  • Anonymised or aggregated parking, traffic, and capacity data
  • Sensor and IoT measurements
  • System and error logs

If we gain technical access to data that may contain personal information, our principle is that such data is:

  • not used
  • not stored
  • not analysed
  • not disclosed

unless necessary, agreed upon, and lawful.

4. Processing Activities

4.1 Website Visits

When you visit our website, we process technical information such as:

  • IP address
  • Browser and device information
  • Pages visited
  • Cookie preferences

We primarily use necessary cookies required for the website to function. All other types of cookies (e.g. analytics) are only activated if you accept them via our cookie banner.

4.2 Communication and Enquiries

When you contact us by email, phone, or form, we process the information you provide:

  • Name
  • Contact details
  • The content of your enquiry

Purpose: To respond to your enquiry and maintain relevant dialogue. 

Legal basis: Legitimate interest (GDPR Art. 6(1)(f)). 

Retention: Until the enquiry is resolved and no longer necessary.

4.3 Customer Relationships

When we enter into an agreement, we process information such as:

  • Contact details for key contacts
  • Billing and payment information
  • Contract basis and delivery history

Legal basis:

  • Contract (GDPR Art. 6(1)(b))
  • Legitimate interest (Art. 6(1)(f))

Retention: For the duration of the relationship and thereafter as required by law.

4.4 Newsletters

When you subscribe to our newsletter, we process:

  • Name
  • Email address

Purpose: To send news, product updates, case studies, and other relevant communications from Sensade. 

Legal basis: Consent (GDPR Art. 6(1)(a)). 

Retention: For as long as you remain subscribed. 

You may unsubscribe at any time via the link in the newsletter or by contacting us. 

Documentation of consent may be retained for up to 2 years after the last mailing, in accordance with the The Danish Consumer Ombudsman’s guidelines.

4.5 Accounting and Finance

We retain accounting records that may contain ordinary personal data (e.g. the name of a contact person).

Purpose: Compliance with the Danish Bookkeeping Act. 

Legal basis: Legal obligation (Art. 6(1)(c)). 

Retention: Minimum 5 years after the end of the financial year.

4.6 Job Applications

For job applications, we process:

  • Name and contact details
  • CV, cover letter, and any attachments

Purpose: To evaluate candidates. 

Legal basis:

  • Legitimate interest (Art. 6(1)(f))
  • Consent for retention in connection with future positions

Retention: Upon conclusion of the recruitment process, unless otherwise agreed.

4.7 Data from Technical Systems, Apps, APIs, and Sensors

We process technical data necessary for operating and optimising our solutions, including:

  • Anonymised parking and traffic data
  • Flow, time, and load measurements
  • IoT and sensor-based data points
  • System log files

All data used for analysis, statistics, or reporting is anonymised or aggregated and cannot be attributed to individuals.

5. Third-Party Data and API Integrations

We may receive technical access to data from partners, APIs, or external systems.

Our principles are:

  • We only use the data points necessary for the given purpose.
  • Personally identifiable data is not used, even if technically accessible.
  • Inadvertently received personal data is filtered, disregarded, or deleted.

When acting as a data processor, all processing takes place solely on instruction and on the basis of a data processing agreement

6. Server Location and Third-Country Transfers

All our servers and data processors are located within the EU/EEA. We do not transfer personal data to countries outside the EU/EEA.

Should a third-country transfer become necessary in the future, we will apply:

  • EU Standard Contractual Clauses (SCCs), and
  • appropriate supplementary safeguards.

7. Disclosure of Personal Data

We never sell personal data.

Data may be disclosed to:

  • Suppliers and data processors (e.g. IT operations, hosting, auditors, accountants)
  • Public authorities where legally required
  • Advisors such as legal counsel or insurers in connection with legal matters

Data processors are only granted access where necessary and are subject to data processing agreements.

8. Profiling and Automated Decision-Making

We do not carry out profiling or automated decision-making with legal effect or significant impact on individuals.

9. Security

We protect personal data with appropriate technical and organisational measures, including:

  • Access control and permission management
  • Encryption where relevant
  • Logging and monitoring
  • Procedures for handling data breaches
  • Ongoing security and compliance assessments

Only employees with a legitimate need have access to data.

In the event of a personal data breach, we will immediately assess the risk to the individuals concerned and notify the Danish Data Protection Agency and, where applicable, the affected individuals, in accordance with GDPR Art. 33 and 34.

10. Retention Periods

We retain personal data only for as long as necessary to:

  • fulfil the purposes for which it was collected,
  • comply with legal requirements,
  • document processing in accordance with GDPR.

When data is no longer necessary, it is deleted or anonymised.

11. Your Rights

You have rights under the GDPR, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to object
  • Right to data portability
  • Right to withdraw consent

For more information about your rights, please visit the Danish Data Protection Agency: https://www.datatilsynet.dk/borger/hvad-er-dine-rettigheder

To exercise your rights, please contact us at: Contact@sensade.com

12. Right to Lodge a Complaint

If you are dissatisfied with our processing of your personal data, we encourage you to contact us directly first so that we can work towards a resolution: Contact@sensade.com

You also have the right to lodge a complaint with: 

The Danish Data Protection Agency 

Borgergade 28, 5th floor 

1300 Copenhagen K 

www.datatilsynet.dk

13. Updates

This privacy policy is updated on an ongoing basis in response to changes in legislation or our processing activities.

The current version will always be available on our website.