Your privacy matters. This Privacy Policy explains how Complir ApS processes personal data when you visit our website, interact with us, or use the Complir platform. It also outlines your rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Who We Are and Our Role

Complir ApS
Flæsketorvet 68, 1
1711 Copenhagen, Denmark
VAT: DK44942003
Email: compliance@complir.io

Complir’s role depends on the context in which your personal data is processed:

• Data Controller: Complir acts as a data controller when processing personal data related to website visitors, demo requests, marketing communications, recruitment, and direct interactions with Complir.

• Data Processor: When you use the Complir platform as an employee, contractor, or representative of a customer organization, Complir processes personal data on behalf of that organization. In this context, the customer organization is the data controller and Complir acts as a data processor. Such processing is governed by a Data Processing Agreement between Complir and the customer.

  
  

2. Personal Data We Process and Why

2.1 When You Interact With Us Directly

If you contact us, book a demo, subscribe to updates, or otherwise interact with Complir, we may process personal data such as:

• Name

• Business email address

• Job title and company

• Information you choose to include in your message

Purposes:

• Responding to inquiries and requests

• Providing information about our services

• Managing demo requests and follow-ups

• Improving our communication and services

Legal basis: Performance of a contract or taking steps prior to entering into a contract (Article 6(1)(b) GDPR), legitimate interests (Article 6(1)(f)), or consent where applicable.

2.2 When You Use the Complir Platform

To operate the Complir platform, certain personal data is processed, including:

• User account details (name, business email address, role)

• Authentication data (hashed passwords, tokens)

• User activity logs and audit trails

• Technical information such as IP address, device type, and browser information

Important clarification:
When you use the platform on behalf of a customer organization, Complir processes this data solely on the instructions of that organization. The customer organization determines the purposes and legal bases for processing.

Purposes:

• Providing and operating the Complir platform

• Managing user access and security

• Maintaining audit logs and compliance records

• Providing customer support

Legal basis: Determined by the customer organization as data controller. Complir acts as a data processor under Article 28 GDPR.

Complir does not intentionally process special categories of personal data under Article 9 GDPR or personal data relating to criminal convictions under Article 10 GDPR as part of the standard platform offering.

2.3 Analytics and Service Improvement

We collect aggregated and usage-level information to understand how our website and platform are used, such as feature usage patterns and performance metrics.

Purposes:

• Improving functionality and user experience

• Monitoring performance and reliability

• Ensuring platform security

Legal basis: Legitimate interests (Article 6(1)(f) GDPR).

3. Sharing of Personal Data

We may share personal data with trusted third parties that assist us in operating our services, such as:

• Hosting and cloud infrastructure providers

• Analytics and monitoring providers

• Email and communication service providers

These parties act as processors or sub-processors and are bound by contractual obligations to process personal data only as instructed and to implement appropriate security measures.

Where personal data is transferred outside the EU/EEA, such transfers are conducted in accordance with Chapter V GDPR, including the use of the European Commission’s Standard Contractual Clauses and supplementary safeguards.

4. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy:

• Website and contact data is retained as long as needed to manage the relationship or request.

• Platform account data is retained for the duration of the customer relationship.

• Uploaded documents and files remain on the platform until deleted by the customer.

• Certain records, such as accounting and transaction data, are retained for a minimum of five years in accordance with applicable EU accounting and financial regulations.

When personal data is no longer required, it is securely deleted or anonymized.

5. Your Rights

Under GDPR, you have the right to:

• Access your personal data

• Request correction of inaccurate data

• Request deletion of data in certain circumstances

• Request restriction of processing

• Object to processing based on legitimate interests

• Request data portability where applicable

• Withdraw consent where processing is based on consent

Important clarification:
When Complir acts as a data processor, requests to exercise these rights should generally be directed to the relevant customer organization, which is the data controller. Complir will assist the customer organization in fulfilling such requests where required.

You may exercise your rights by contacting us at privacy@complir.io.

You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet):
Carl Jacobsens Vej 35, 2500 Valby, Denmark
Email: dt@datatilsynet.dk

6. Security Measures

Complir implements appropriate technical and organizational measures to protect personal data, including:

• Encryption of data in transit and at rest

• Role-based access controls and least-privilege principles

• Logging and monitoring of system activity

• Regular security testing and updates

7. Cookies and Tracking

We use cookies and similar technologies to ensure the proper functioning of our website and to understand how it is used. Further information is available in our Cookie Policy.

8. Children’s Data

Complir does not offer services to children and does not knowingly process personal data of individuals under the age of 16. No age verification or parental consent mechanisms are required for the services provided.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated through the website or, where appropriate, through the platform.