Privacy and Cookie Policy (privatlivs- og cookiepolitik)

(Bemærk at Accel Complys privatlivs- og cookiepolitik kun er beskrevet på engelsk)

Accel Comply ("we" or "us") is committed to protecting your privacy. We comply with the EU General Data Protection Regulation (GDPR) and Danish data protection laws. This Privacy and Cookie Policy explains how we collect, use, and share your personal data when you use our website or services. Our services are aimed at businesses and individuals in the EU/EEA and are not directed to children, and we do not knowingly collect personal data from anyone under 16 years of age.

Personal Data We Collect

• Information you provide to us: If you contact us via a form, email, or otherwise, we collect the personal details you provide. This typically includes your name, business contact information (such as email address and phone number), and the content of your enquiry or message.
• Website usage data (analytics): When you visit our website, we use cookies and similar tracking technologies to automatically collect certain data about your device and browsing actions. This may include your IP address, browser type, pages viewed, how long you spend on pages, and the referring site or URL. We use Google Analytics (deployed via Google Tag Manager) to gather this usage information and help us understand website traffic and improve our content. We do not collect analytics data unless you have given consent through our cookie banner (see "Cookies and Tracking" below).
• Third-party tool data: If you use interactive features on our site provided by third parties, we collect the information you submit through those tools. For example, if we integrate a scheduling tool (such as Calendly) to book meetings, any information you enter to schedule a meeting (like your name, email, and meeting details) will be collected via that service and shared with us. We use such information only for the purpose you provided it (e.g. arranging the meeting or responding to your request).
• Data via HubSpot: We use HubSpot (HubSpot, Inc.) to collect and store personal data when you voluntarily submit information via forms or sign up for our newsletter, and to track how you interact with our website (if you consent to cookies). This may include your name, business contact information, company name, your message or enquiry, as well as website usage data (page views, session data, device/browser information). We only collect this data if you consent via our cookie banner. HubSpot acts as a data processor on our behalf (we remain the data controller).

We do not collect any sensitive personal data (such as national identification numbers, health information, or payment details) via our website. We also do not sell or rent any personal data to third parties. All personal data is collected for specific purposes and processed lawfully in accordance with GDPR.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to ensure the site functions properly and to analyse how users interact with it. A cookie is a small text file placed on your device that helps remember your preferences and activity. When you first visit our site, you will see a cookie consent banner that allows you to accept or decline non-essential cookies (such as analytics cookies).

• Necessary cookies: These cookies are required for the website to operate (for example, to load core features or remember your cookie preferences). They do not collect personal data and are set based on our legitimate interest in providing a functional website. We do not require consent for necessary cookies.
• Analytics cookies: We use Google Analytics to collect statistical information about how visitors use our site (e.g. which pages are most visited, what country visitors are in). We also use HubSpot tracking cookies for CRM, marketing automation, and lead capture functions, subject to your consent. This helps us improve our services and user experience. Google Analytics uses first-party cookies to gather this data. These analytics cookies will only be set if you give consent via the cookie banner. Google Analytics may collect identifiers like your IP address and device information; however, we have configured it in compliance with GDPR (for instance, by honouring your consent and enabling IP anonymisation where applicable).

Google Analytics sets first-party cookies (for example, _ga to recognise unique visitors, which expires after 2 years, and _gid for daily visitor tracking, which expires after 24 hours) to help analyse website traffic. HubSpot may set cookies such as __hstc (the main tracking cookie, expires after 6 months) and hubspotutk (keeps track of a visitor's identity, expires after 6 months) to monitor your engagement with our site. The LinkedIn Insight Tag may also set LinkedIn cookies (for example, UserMatchHistory and AnalyticsSyncHistory, which last around 30 days) to track ad conversions and provide us with aggregated analytics. These analytics and marketing cookies are only deployed if you have consented to them.

Cookie preferences: Our cookie banner lets you accept all or only certain categories of cookies. If you choose "Accept All," you consent to all cookies we use; if you choose to decline or customise, we will only set cookies according to your selection. You can change your cookie settings at any time. To do so, you can click the "Cookie Settings" link (if available) to adjust your preferences, or modify your browser settings to delete or block cookies. For more general information about cookies and how to control them, you can visit AllAboutCookies.org. Please note that if you disable cookies, some features of our site (such as embedded videos or forms) may not function properly.

How We Use Personal Data (Purposes and Legal Basis)

We use the personal data we collect only for clear and legitimate purposes. Under the GDPR, we must also have a legal basis for each use of personal data. Below we describe the purposes for which we process your data and the legal basis for each:

• Providing information and responding to enquiries: If you contact us (for example, by email or through a contact form), we will use your contact details and message to respond to your request or questions. Legal basis: Legitimate interests – it is in both your and our interest to communicate and address your enquiries; alternatively, it may be necessary for pre-contractual steps at your request (if you enquire about our services with the intention of possibly engaging us).
• Newsletter and marketing communications: If you subscribe to our newsletter or ask to receive updates, we will use your name and email to send you the requested communications (such as regulatory updates, compliance tips, or news about our services). Legal basis: Consent – we will only send you marketing emails if you have opted in. You can withdraw your consent at any time by clicking the "unsubscribe" link in our emails or contacting us, after which we will stop sending you newsletters.
• Website analytics and improvement: We analyse aggregated information about how visitors use our website (via Google Analytics and similar tools) to understand what content is most useful and to improve the website's design and functionality. Legal basis: Consent – we only process analytics data if you have consented to analytics cookies (in line with ePrivacy rules and GDPR Art. 6(1)(a)). In cases where minimal technical data (like server logs or a necessary cookie) is processed to ensure the site works and is secure, we rely on our legitimate interests in maintaining the website (GDPR Art. 6(1)(f)). We ensure any analytics we perform respects your privacy (for example, we look at overall trends and do not attempt to identify individual visitors).
• Scheduling meetings or providing services you request: If you choose to book a meeting or consultation with us through an integrated scheduling tool (e.g. Calendly) or you fill out a form to sign up for a service, we will use the information provided to fulfil your request. For example, if you schedule a call, we will use your provided contact details to confirm the appointment and send you reminders. Legal basis: Consent (by voluntarily providing the data and scheduling a meeting, you consent to us using that data for that purpose) and/or performance of a contract or steps prior to entering a contract (GDPR Art. 6(1)(b)) – since scheduling may be the first step in providing our services, processing your data is necessary to take those steps at your request.
• Site operation and security: We may process some data to operate, troubleshoot, and secure our website. This includes using logs of site activity to detect and prevent fraudulent or malicious activity, keeping backups, and debugging errors. Legal basis: Legitimate interests – we have a legitimate interest in ensuring the security and integrity of our website and services. In some cases, processing may also be necessary to comply with a legal obligation (GDPR Art. 6(1)(c)), for example if we are required by law to retain certain information for law enforcement or regulatory purposes.
• CRM, lead management, and communications: If you submit a contact form or newsletter sign-up on our site (which is handled through HubSpot), we process your data (such as name, email, company, and any message) to manage leads, respond to your enquiry, or send you the communications you requested. Legal basis: Consent (for sending marketing/newsletters) and legitimate interests or pre-contractual necessity for responding to business enquiries and following up.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, and in accordance with applicable laws. In practice, this means:

• Contact and enquiry data: If you contact us with a question or request, we will retain your personal data for as long as needed to respond and follow up. Typically, we may keep correspondence (emails or form submissions) for up to 12 months after our last interaction, in case further follow-up is needed or to maintain a record of our communications. After that, we delete or anonymise the data, unless we need to retain it longer for legal reasons (such as ongoing contract discussions or dispute resolution).
• Newsletter subscription data: If you have subscribed to our newsletter or marketing emails, we will keep your contact information on our mailing list until you unsubscribe or ask us to delete it. If you unsubscribe, we will promptly remove you from the active mailing list and cease sending you emails. (We may however retain a record of your initial consent and opt-out request for a brief period to demonstrate compliance, and/or keep your email on a suppression list to ensure we honour your opt-out.) We periodically review our mailing list and remove contacts that are inactive or where consent is no longer valid.
• Analytics data: Data collected through Google Analytics and similar tools is retained according to Google's data retention settings that we control. Currently, we have set Google Analytics to retain user-level and event data for 14 months, after which it is automatically deleted. We may retain aggregated, non-identifiable analytics data for longer to help us understand long-term website performance, but this aggregate data will not personally identify any individual.
• Calendly/scheduling data: If you schedule a meeting via an online calendar tool on our site, we will retain the meeting details (e.g. your name, email, the meeting date/time) for as long as needed to manage that meeting and any related follow-ups. After the meeting, we may keep a record of the appointment and any outcomes for our business records (for example, notes on what was discussed or to avoid duplicate outreach). If you do not become a client, we will periodically delete or anonymise personal scheduling data (for example, purging past meeting invitee details every 6–12 months). If you do become a client, scheduling data may be stored along with your client records.
• Legal obligations and disputes: In some cases, we may need to retain certain personal data for longer periods to comply with legal obligations or to resolve disputes. For example, if a transaction occurs, finance laws may require us to keep certain records for several years. Also, if you exercise a legal right or if there's a dispute, we might retain relevant information until the issue is resolved. In all such cases, we will either securely delete or fully anonymise the data once it is no longer needed for those purposes.

When we no longer need personal data, we ensure it is securely deleted or anonymised so that it can no longer be associated with you. We continuously review the data we hold and erase or anonymise data that is no longer required.

Third-Party Services and International Data Transfers

As part of operating our website and services, we use certain trusted third-party service providers. We only share personal data with these third parties when necessary, and always under appropriate safeguards and contracts. The key third-party tools we use are:

• Google Analytics and Google Tag Manager (Google LLC): These analytics tools are provided by Google, a company based in the United States. When you consent to analytics cookies, Google Analytics will process some of your personal data (online identifiers and website usage data) on our behalf for analytics purposes. Google may process this data on servers outside the EU (including in the U.S.). We have configured Google Analytics to respect EU privacy standards (including honouring the consent you have given or withheld). All data Google processes for us is subject to Google's strict privacy and security controls. We have a Data Processing Agreement with Google to ensure GDPR compliance. Google LLC is certified under the EU-U.S. Data Privacy Framework, which means it commits to protect personal data transferred from the EU to the U.S. in line with EU standards. Additionally, we rely on European Commission Standard Contractual Clauses (SCCs) with Google as needed, providing lawful grounds for international data transfers. In summary, Google may only use the analytics data for our purposes and not for its own; it cannot identify you from the analytics data we collect on our site, and it must safeguard the data per our agreement. (For more details, you can refer to Google's Privacy Policy and Google's documentation on how Google Analytics safeguards data.)
• Google Fonts: We use Google Fonts on our website to ensure a uniform and professional appearance across different devices. Google Fonts is a service by Google that provides web font files. When you load a page on our site, your browser may download font files from Google's servers (which may be located in the U.S. or EU), which means Google will see your device's IP address and certain technical information (like the font request). We do not collect any personal data through Google Fonts, but Google may receive this minimal data as a result of your browser's request. We consider the use of Google Fonts necessary for delivering our website in a consistent way, and we rely on legitimate interest as the legal basis for this specific data transfer (GDPR Art. 6(1)(f)). The data involved (an IP address for loading a font) is not used by us for any other purpose. Google is obliged to handle such data according to their API Terms and Privacy Policy. If you prefer not to have your browser contact Google's font service, you can configure your browser to block web fonts (note that doing so might cause the site's text to display in a default font instead).
• LinkedIn Insight Tag (LinkedIn Corporation): We use the LinkedIn Insight Tag to track conversions from our LinkedIn ads, retarget website visitors, and gain insights about visitors who may have come from LinkedIn. When you allow marketing/analytics cookies, the LinkedIn Insight Tag will place cookies and a first-party pseudonymous identifier (a LinkedIn Ads ID) in your browser when you visit our site. This allows LinkedIn to collect information about your visit (e.g. which pages you viewed, your IP address, timestamp, and other browser details) and later provide us with aggregated reports about ad performance and website demographics, as well as enable us to show targeted ads on LinkedIn to people who visited our site. LinkedIn will remove or pseudonymise personal identifiers within 7 days, and delete the remaining data within 180 days. Data from the Insight Tag may be transferred to LinkedIn servers in the United States; LinkedIn is certified under the EU-U.S. Data Privacy Framework and also uses Standard Contractual Clauses to safeguard EU data transfers. LinkedIn does not share personally identifying information with us; we only receive aggregated data. LinkedIn acts as an independent data controller for the data it collects via the Insight Tag. You can opt out of the Insight Tag's tracking by refusing marketing cookies on our site or using your LinkedIn account settings to control advertising data.
• HubSpot (HubSpot, Inc.): We use HubSpot as our customer relationship management (CRM) and marketing platform. HubSpot (based in the U.S.) helps us manage contact forms, email subscriptions, and website analytics. When you submit information through our website (such as a contact request or newsletter signup), that data is stored in HubSpot on our behalf. If you consent to analytics cookies, HubSpot's tracking code may also collect data about your visit (similar to Google Analytics) and tie it to your contact profile. We have a Data Processing Agreement with HubSpot. Some of the data processed via HubSpot may be stored or accessed on servers outside the EU/EEA (e.g. in the U.S.); for such transfers, we rely on safeguards like Standard Contractual Clauses. HubSpot only processes your data under our instructions and for our specified purposes (e.g. sending you an email you requested or analysing website use) and is not allowed to use it for other purposes.
• Calendly (Calendly, LLC): We may use Calendly to facilitate online scheduling of meetings or calls. Calendly is a third-party scheduling service based in the U.S. If you choose to book a meeting through a Calendly link or embedded calendar on our site, the information you provide (such as your name, email, and the requested meeting time) will be collected by Calendly and shared with us to arrange the appointment. Calendly may process or store your data on servers outside the EU (e.g. in the U.S.). We have ensured that appropriate safeguards are in place for any such transfer – Calendly's terms incorporate Standard Contractual Clauses for EU data exports, and Calendly has committed to GDPR compliance and protecting user data. In practice, this means your scheduling data is protected by contractual obligations requiring Calendly to keep it secure and use it only for providing the scheduling service to us. Calendly acts as a "data processor" for us, processing your data only on our instructions.

We do not share your personal data with any other third parties except in the following situations: (1) if it is necessary for service providers to perform functions on our behalf (for example, IT hosting or email delivery – and in such cases, they are bound by contracts to protect your data); (2) if required by law or a valid legal process (in which case we would only disclose the minimum data necessary and inform you, unless legally prohibited); or (3) in the event of a business transfer (for example, if our company is involved in a merger, acquisition, or sale, your data may be transferred to the new owner, but still under the same privacy protections).

International data transfers: Whenever we transfer or allow access to your personal data outside of the European Union/EEA, we will ensure that adequate safeguards are in place as required by GDPR Chapter V. This includes, as applicable, using European Commission–approved Standard Contractual Clauses and requiring the recipient to protect the data to EU standards, and verifying if the recipient is certified under an approved framework like the EU-U.S. Data Privacy Framework. We also assess whether additional technical measures (such as encryption) are needed. You can contact us if you have questions about our international data transfers or to obtain a copy of relevant safeguards.

Your Rights as a Data Subject

Under the GDPR, you have various rights concerning your personal data. These include the right to:

• Be informed: To receive clear and transparent information about how we process your personal data (which is the purpose of this Privacy Policy).
• Access your data: To ask for confirmation of whether we are processing your personal data, and if so, to receive a copy of the personal data we hold about you (commonly known as a Subject Access Request), along with information about how we use it.
• Rectification: To have inaccurate personal data corrected, or incomplete data completed, regarding information we hold about you.
• Erasure: To request deletion of your personal data in certain circumstances – for example, if the data is no longer needed for its original purpose, or if you withdraw consent and we have no other legal basis to continue processing. This is sometimes called the "right to be forgotten." We will assess and honour valid requests, and will also notify our processors to erase your data, unless retention is required by law or other legitimate reasons apply (we will inform you if so).
• Restriction of processing: To request that we limit the processing of your data in certain situations (for instance, if you contest the accuracy of your data, or if you want us to preserve data but not actively use it while a legal claim is pending). When processing is restricted, we can still store your data but will not use it until the restriction is lifted, except for legal reasons or with your consent.
• Object to processing: To object to our processing of your personal data when we rely on legitimate interests as our legal basis. You may also object at any time to processing of your data for direct marketing purposes. If you lodge an objection, we will stop the processing in question unless we have compelling legitimate grounds to continue (e.g. an overriding necessity) or if it is needed for legal claims. If you object to direct marketing, we will stop using your data for that immediately.
• Data portability: To receive personal data that you have provided to us in a structured, commonly used, machine-readable format, and to have that data transmitted to another controller, where technically feasible. This right applies only to personal data you have given us, which we process by automated means, and where the processing is based on your consent or on a contract with you.
• Withdraw consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing carried out before withdrawal. For example, you can withdraw your consent to marketing emails by unsubscribing, or revoke consent for analytics cookies by changing your cookie settings.
• Not be subject to automated decisions: The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects for you. (Note: We do not use automated decision-making or profiling in our website services.)
• Complain to a supervisory authority: To lodge a complaint with a Data Protection Authority if you believe we are infringing your data protection rights. Accel Comply is established in Denmark, so our lead supervisory authority is the Danish Data Protection Agency (Datatilsynet) at Carl Jacobsens Vej 35, 2500 Valby, Denmark (tel. +45 33 19 32 00, email [email protected]). If you reside in another country, you may contact your local DPA instead. We would appreciate the chance to address your concerns first, so please consider reaching out to us, but you always have the right to contact the authorities directly.

To exercise any of these rights, you can contact us via the contact details provided below. We may need to verify your identity for security reasons before fulfilling your request (for example, to ensure we only disclose data to the correct person). We will respond to your request as soon as possible and in any event within one month as required by GDPR. If your request is complex or if you have made multiple requests, we may extend this period by up to two further months, but we will inform you of any extension within the initial one-month period. In general, you will not have to pay a fee to exercise your rights. However, if a request is manifestly unfounded or excessive (for instance, repetitive requests), we may charge a reasonable fee or refuse to act on it, in which case we will explain our decision.

How We Protect Your Data

We understand the importance of data security. Accel Comply has implemented appropriate technical and organisational measures to safeguard personal data against unauthorised access, disclosure, alteration, or destruction. These measures include access controls to restrict who in our organisation can access personal information, the use of encryption and secure protocols for data transfer on our site (our website is served over HTTPS), and internal policies to ensure personal data is handled confidentially. We also require our third-party service providers to maintain high standards of security; for example, data sent to our analytics or scheduling providers is encrypted in transit, and we vet these providers for security certifications and compliance.

As a remote-only advisory business, we do not keep physical files of personal data or maintain on-site servers containing personal information. All data is stored in secure cloud services or on the systems of our trusted service providers (like HubSpot or Google) under strict access controls. We do not access client IT systems in the course of our work, which limits the personal data we handle largely to business contact details and information provided through our website or communications.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. However, we continuously review and enhance our security measures to meet or exceed industry best practices. In the unlikely event of a data breach that poses risks to your rights and freedoms, we will notify you and the appropriate authorities as required by law.

Contact Us (Data Controller Details)

Accel Comply is the data controller responsible for your personal data processed via this website. Accel Comply is a Danish sole proprietorship (CVR 37260312). If you have any questions or requests regarding this Privacy and Cookie Policy or how we handle your data, please contact us:

Email: info@accelcomply.com

You can email us at any time, for example to ask about the data we hold on you, to request correction or deletion of your information, or to exercise any of your data rights as explained above. We do not have a designated Data Protection Officer, but the founder of Accel Comply oversees privacy matters and will respond to your enquiry. If you prefer to send a request by mail, please email us to arrange a postal address (as we operate remotely, we will provide a mailing address upon request).

Updates to This Policy

We may update this Privacy and Cookie Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make significant changes, we will notify users via our website or by other appropriate means. We encourage you to review this policy periodically to stay informed about how we protect your personal data. The date below indicates the last revision of this policy.

Last updated: January 2026