Privacy
How we handle your data.
This privacy policy explains what personal data GRØNBLÅ A/S collects, how we use it, and your rights under the General Data Protection Regulation (GDPR).
1. Data controller
GRØNBLÅ A/S, CVR 43905880, Valby, Copenhagen, Denmark. For all data protection enquiries: info@gronbla.com.
2. What we collect
- Contact form submissions: name, company, email address, topic, and message content, submitted voluntarily through our contact form.
- Server logs: IP address, browser user agent, timestamp, and the page requested. Collected automatically by our hosting provider (Netlify) for security and performance.
- Email correspondence: the content of email exchanges initiated by you.
We do not currently use analytics cookies, tracking pixels, or behavioural profiling.
3. Purpose and lawful basis
- Responding to enquiries: legitimate interest (GDPR Art. 6(1)(f)) and, where relevant, performance of pre-contractual measures (Art. 6(1)(b)).
- Security and abuse prevention: legitimate interest (Art. 6(1)(f)).
- Legal compliance: accounting, tax, and other statutory obligations (Art. 6(1)(c)).
4. Recipients and processors
We share personal data only with processors strictly necessary to operate the site and our business:
- Netlify, Inc.: hosting and CDN. Servers in the EU/EEA where available.
- Google LLC: Google Fonts CDN. When you load our pages, your IP address is transmitted to Google to deliver the fonts. Google may log this information. See Google's privacy policy.
- Email providers we use for business correspondence (currently Google Workspace).
All processors are bound by Data Processing Agreements (DPAs) compliant with GDPR Art. 28. Transfers outside the EU/EEA are covered by EU Standard Contractual Clauses or equivalent safeguards.
5. Retention
- Contact form submissions: up to 24 months after the last communication, unless a longer retention is required by law (e.g. invoicing or bookkeeping: 5 years per Danish bookkeeping law).
- Server logs: 30 days unless investigating an incident.
6. Your rights
Under GDPR you have the right to:
- access the personal data we hold about you (Art. 15);
- have inaccurate data corrected (Art. 16);
- have your data erased where the legal basis no longer applies (Art. 17);
- restrict processing (Art. 18);
- receive your data in a portable format (Art. 20);
- object to processing based on legitimate interest (Art. 21);
- withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, email info@gronbla.com. We respond within 30 days.
7. Complaints
You may lodge a complaint with the Danish Data Protection Authority (Datatilsynet), Carl Jacobsens Vej 35, 2500 Valby, datatilsynet.dk, or your local supervisory authority within the EU/EEA.
8. Updates
This policy was last updated on 14 May 2026. We may update it when our services change. Material changes will be flagged on this page.
