Privacy policy

Data Controller
We are the data controller for the processing of personal data that we handle regarding our customers and partners. You can find our contact details below.

Blue Spirit ApS

Mølbækvej 4, 8520 Lystrup

CVR: 42138606

It is not a requirement for our company to have an external DPO (Data Protection Officer), but if you have any questions about the processing of your personal data, you can contact us via [email protected].

Processing Activities
As the data controller according to GDPR, we have the following processing activities:

Website Visits
When you visit our website, we use cookies to ensure the site functions properly, which you can learn more about in our [cookie policy].

Communication with Potential Customers
When you have questions about our site or want to learn more about our services, you can contact us via:

– Contact form
– Email
– Telephone

Through these means, we will process your personal data to engage in a dialogue with you, for example, to answer questions about our services. We only process the information that you provide us during our communication.

We typically process the following general information: name, email, phone number.

Our legal basis for processing these personal data is Article 6(1)(f) of the General Data Protection Regulation.

We delete our communications with you once it is clear whether you wish to use our services or not.

In special cases, there may be a need to store your personal data for a longer period.

We need to communicate with our customers to ensure that the service is delivered correctly. In doing so, we may process information about name, address, services, special agreements, payment information, and similar.

The legal basis for processing these personal data is Article 6(1)(b) of the General Data Protection Regulation.

Once the service is delivered and any outstanding issues are resolved, we will immediately thereafter delete the personal data.

We offer a newsletter, which you can voluntarily subscribe to – and you can unsubscribe at any time.

The purpose of the newsletter is to send subscribed emails with new information from the company, which may include new content on the website, advertising our services.

We will only send you emails if you have given your active consent to this. Initially, it requires that you provide your email address, to which we will subsequently send an email so that you can confirm the subscription. In this way, we ensure that you have indeed subscribed to the newsletter yourself i.e., given active consent.

Our legal basis for processing your personal data (i.e., the email address) in connection with the newsletter is Article 6(1)(a) of the General Data Protection Regulation.

We will process your personal data as long as you are still subscribed to the newsletter. Upon unsubscription, we will also stop sending it to you. If we have not sent you a newsletter for 1 year, your consent expires due to our inactivity.

Upon unsubscription from the newsletter, we will keep your now previous consent for 2 years after it was last used due to limitation requirements according to the Consumer Ombudsman’s spam guidance section 11.3.

We must keep all accounting vouchers according to the accounting laws. This means we store invoices and similar documents for accounting purposes. This may include general personal data such as name, address, description of services.

Our legal basis for processing personal data for accounting is Article 6(1)(c) of the General Data Protection Regulation.

We store these data for at least 5 years after the current fiscal year has ended.

Job Applications
We gladly accept job applications to assess if they match an employment need in our company.

If you send us your job application, our legal basis for processing your personal data is Article 6(1)(f) of the General Data Protection Regulation.

If you send an unsolicited application, HR will immediately assess if your application is relevant and thereafter delete your data again if there is no match.

If you have applied for a posted job, we will dispose of your application in the event that you are not hired, and immediately after the right candidate is found for the job.

If you are involved in a recruitment process and/or hired for the job, we will provide you with specific information on how we process your personal data in this context.

Data Processors
Few can do everything themselves, and the same applies to us. Therefore, we have partners and use suppliers, some of which may be data processors.

External suppliers, for example, provide systems to organize our work, services, consultancy, IT hosting, or marketing.

[List your data processors with the company name + purpose of the processing]

It is our responsibility to ensure that your personal data is properly processed. Therefore, we set high demands on our partners, and our partners must guarantee that your personal data is protected.

Therefore, we enter into agreements with companies (data processors) that handle

personal data on our behalf to enhance the security of your personal data.

Disclosure of Personal Data
We do not disclose your personal data to third parties.

Profiling and Automated Decisions
We do not engage in profiling or make automated decisions.

Transfers to Third Countries
As a rule, we use data processors in the EU/EEA, or those who store data in the EU/EEA.

In some cases, this is not possible, and here data processors outside the EU/EEA may be used if they can provide your personal data with adequate protection.

Processing Security
We keep the processing of personal data secure by implementing appropriate technical and organizational measures.

We have conducted risk assessments of our processing of personal data and have thereafter implemented appropriate technical and organizational measures to increase processing security.

One of our most important measures is to keep our employees updated on GDPR through ongoing awareness training, GDPR courses, and by reviewing our GDPR procedures with the employees.

The Rights of the Data Subjects
Under the General Data Protection Regulation, you have a number of rights regarding our processing of data about you.

If you want to exercise your rights, you should contact us so we can assist you with this.

Right to access (right of access)
You have the right to gain access to the data we process about you, as well as a range of additional information.

Right to rectification (correction)
You have the right to have inaccurate data about yourself corrected.

Right to erasure
In special cases, you have the right to have data about you deleted before the time for our usual general deletion occurs.

Right to restriction of processing
In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to have processing restricted, we may thereafter only process the data – aside from storage – with your consent, or for the establishment, exercise, or defense of legal claims, or to protect a person or important public interests.

Right to object
In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You can also object to the processing of your data for direct marketing purposes.

Right to data portability
In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have those data transferred from one data controller to another without hindrance.

You can read more about your rights in the Data Protection Authority’s guide to the rights of the data subjects, which you can find at

Withdrawal of Consent
When our processing of your personal data is based on your consent, you have the right to withdraw your consent.

Complaint to the Data Protection Authority
You have the right to file a complaint with the Data Protection Authority if you are dissatisfied with the way we process your personal data. You can find the contact details of the Data Protection Authority at

We generally encourage you to read more about GDPR to stay updated on the rules.