Privacy Policy
Version: 1.1 (Deletion Policy v1; Breach Procedure v6)
Last updated: Dec 17, 2025
Confirma etrack A/S ("we", "us" or "our") is fully committed to protecting your individual rights and keeping your personal data secure. This Privacy Policy describes our collection, use, storage, sharing, deletion, and breach-handling practices for personal data.
1. Data Controller
The data controller for your personal data on our websites and services is:
Company: Confirma etrack A/S
Address: Langhøjvej 1, 8381 Tilst, Denmark
VAT (CVR) Number: DK26940958
When we refer to "you" in this policy, we mean you as a customer, potential customer, your employer (if you are our customer’s employee), or any other relevant party.
2. Categories of Personal Data Collected
We collect and process your personal data directly from you or as generated by your use of our services. The categories include:
Identification Information: national ID number, name
Contact Information: postal address, phone number, email address
Financial Information: agreement type, assets and debts
Profile Information: nationality, demographics, marital status, occupation
Relationship Information: history of your relationship with Confirma etrack A/S
Special Categories: health-related data, criminal records (where applicable)
2.1 Data Provided Directly by You
Account registration: name, email, phone
Support inquiries: emails, chat messages
2.2 Data from Third Parties
Name, email, postal address, browser data, and other relevant details obtained through integrations or data processors
3. Purposes of Processing & Legal Basis
We use your personal data:
To perform contracts: account setup, invoicing, customer service, legal claims and debt collection
To comply with legal obligations: bookkeeping, tax and regulatory reporting, insurance risk management
For legitimate interests: marketing, product/customer analysis, system and business development, profiling for relevant offers and support
With your consent: when you contact our support hotline or for direct marketing communications (you may withdraw consent at any time)
4. Data Retention & Deletion
We retain your data only as long as needed for the purposes collected or as required by law. Key retention periods under Danish law include:
Data Type | Retention Period |
Bookkeeping records | Up to 10 years after calendar year-end |
Payment services documentation | 5 years |
Insurance-related records | Up to 11 years |
Unaccepted offers | 6 months after offer expiration |
Contract performance details | 5 years after end of the customer relationship |
Employee contracts and HR files | 5 years after employment ends |
Health and occupational injury records | Up to 5 years post-collection; may be longer if necessary for legal claims |
Vacation and payroll records | 5 years after relevant fiscal year |
Tax returns and salary documentation | 5 years after fiscal year |
CRM and professional relations | 3 years after relationship ends (or 3 years after each case conclusion per client request) |
Employee email accounts (non-critical e-mails) | 1 year after employment ends (subject to archiving exceptions for business-critical information) |
Marketing consents | Until withdrawal of consent |
All digital media are securely deleted, overwritten, or sanitized according to our procedures. Physical documents are shredded or otherwise destroyed to prevent unauthorized access.
If you request erasure or restriction, we will comply unless there is a statutory or contractual obligation to retain data (e.g., pending legal claims).
5. Sub-processors and Third-Party Sharing
We may share your personal data with:
Authorities: tax, police, and supervisory bodies in Denmark as required by law
Service providers: Unit IT A/S and other approved sub‑processors for development, hosting, maintenance, and support
Insurance companies: only with your consent or as permitted by law
We do not transfer your data to third countries outside the EEA.
6. Data Breach Procedure
Version: 6.0
Effective date: May 20, 2025
In the event of a personal data breach, our internal Brudansvarlige (Breach Responsible), currently Thomas Drewes (CEO), will:
Detect & Contain: Follow our emergency response plan to stop and mitigate the breach.
Document: Record all relevant details of the incident in the ComplyCloud application.
Notify Supervisory Authority: If the breach poses a risk to individuals’ rights and freedoms, we will notify the Danish Data Protection Agency without undue delay, and no later than 72 hours after becoming aware. If full details are not available within 72 hours, we will provide them in phases.
Notify Affected Individuals: When the breach is likely to result in a high risk to their rights, we will inform affected persons promptly, describing:
Nature of the breach
Contact details of our Data Protection Officer or Brudansvarlige
Likely consequences and measures taken or proposed to address the breach
Notifications will be by direct means (email, SMS, or letter) unless exceptional circumstances justify alternative methods.
Evaluate & Improve: Conduct a root cause analysis and update policies to prevent recurrence.
7. Your Privacy Rights
As a data subject, you have the right to:
Access: request a copy of your personal data
Rectify: correct incomplete or inaccurate data
Erase: request deletion when no overriding legal grounds exist
Restrict processing: when you contest accuracy or legality of processing
Object: to processing for direct marketing or profiling
Data portability: receive your data in a machine-readable format and have it transmitted to another controller where technically feasible
Requests will be handled in accordance with GDPR timelines and may be subject to limits where statutory obligations require retention.
8. Cookies & Tracking
We use cookies and similar technologies to provide a secure online environment, personalize content, analyze site performance, and manage marketing. We do not identify individual visitors through cookies, except for etrack1 customers.
You may manage cookies via your browser settings; however, rejecting cookies may limit functionality on our site.
8.b Tracking with AI
We use automated text analysis to a limited extent, including sentiment analysis, as part of our customer service. The analysis is used solely to improve response times, prioritise enquiries, and support the quality of our service. The analysis is not used for automated decision-making or profiling of individuals.
9. Policy Updates
We may update this Privacy Policy and our Cookie policies. Changes will be published here with a revised date. Significant changes will be communicated directly to affected users.
10. Contact Information
For questions or requests regarding this policy, please contact:
Thomas Drewes
CEO, Confirma etrack A/S
info@etrack1.com
Ønsker du ikke længere, at vi skal behandle dine personoplysninger, ønsker oplyst hvilke oplysninger vi har registreret eller at vi skal begrænse behandlingen af dine personoplysninger, kan du sende os en anmodning herom.