Skip to content
FlareTech

Privacy policy

How we handle your personal data.

We take data protection seriously — both on our website and when we work for clients. This page explains what we collect, why, for how long, and what you can do about it.

Last updated:April 30, 2026

Introduction

This privacy policy describes how FlareTech ("we", "us", "our") processes personal data about visitors to flaretech.dk, about people who contact us, and about clients we work for. We are committed to processing your data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Danish data protection legislation.

The policy covers everything that happens via our marketing website and through ordinary business communication (email, phone, video calls). When we work on a specific project for a client — for example developing or operating a platform — that relationship is typically governed by a separate Data Processing Agreement (DPA). We explain that further in section 6.

Data controller

The data controller for processing of personal data via our website and marketing activities is:

Company
FlareTech
Address
Rs Hansensvej 15, 4520 Svinninge, Denmark
VAT (CVR)
46309162
Email
sales@flaretech.dk
Phone
+45 50 56 90 77

We are not legally required to appoint a Data Protection Officer (DPO), but you are always welcome to email the address above with any questions about how we process personal data.

What personal data we process

We only collect what we need to run our business properly. The amount of data depends on how you interact with us.

Visitor data

When you visit flaretech.dk, we process a limited amount of technical data: IP address (anonymised or truncated where possible), browser type and version, operating system, referring page, which pages you view, and timestamps. This happens via our hosting platform and — if you have given consent — through analytics tools.

Contact details

If you email us, call us or fill in a contact form, we process your name, email address, optional phone number and company name, plus the content you send us. We retain the correspondence for as long as it remains relevant to our dialogue — typically up to 3 years after last contact, so we can find a previous conversation if you reach out again.

Client and project data

When we work on a specific project for a client, we may get access to personal data for which the client is the data controller — for example end users of the client's platform, log data, customer records or test data. In those cases we process the data as a data processor on the client's instructions. This is governed by a separate Data Processing Agreement, not by this policy.

Information about contacts at our clients

To invoice, deliver and communicate about an engagement, we process the name, email, phone number and title of relevant contacts at our clients and partners — for example technical contacts, project managers and billing contacts. This information is retained for the duration of the engagement and for up to 5 years after the last invoice, in accordance with Danish bookkeeping law.

Job applications

If you send an unsolicited application or apply for a posting, we process the information you provide (CV, application, optional portfolio). We delete the application no later than 6 months after a recruitment process has ended, unless you have given consent for us to retain it longer for future positions.

Purposes of processing

We process personal data for the following purposes — and only those:

  • To operate and improve our website and ensure it works technically.
  • To respond to inquiries from prospects, clients, suppliers, candidates and others who contact us.
  • To enter into and perform agreements about development, operations and advisory.
  • To invoice and meet bookkeeping obligations.
  • To send relevant information about ongoing or past engagements (status updates, security notices, changes to services).
  • To analyse use of our website at an aggregated level so we can improve content and structure.
  • To meet legal obligations, e.g. relating to tax, accounting and data protection legislation.

Legal basis for processing

We process personal data on the following lawful grounds under GDPR:

Contract (Art. 6(1)(b))
Processing necessary to enter into or perform a contract with you — for example delivering a development project, operating a platform, or pre-contractual contact at your request.
Legitimate interests (Art. 6(1)(f))
Processing to administer client relationships, secure our systems against abuse, improve our website via aggregated analytics, and communicate about our services with existing clients. We have assessed that our legitimate interests do not override your rights.
Consent (Art. 6(1)(a))
For non-essential cookies, analytics tools and direct marketing to people we don't already have a client relationship with. You may withdraw consent at any time.
Legal obligation (Art. 6(1)(c))
Processing required to comply with a legal obligation — for example retaining accounting records for 5 years under the Danish Bookkeeping Act.

When FlareTech is a data processor

When we develop or operate a platform for a client, we may as part of the work get access to personal data for which the client is the data controller. This may include end users of the client's website, customer data in a SaaS product, or log data from infrastructure.

In those cases we act solely on the client's documented instructions, and the relationship is governed by a separate Data Processing Agreement (DPA). The DPA specifies the purpose, duration, type of personal data, security measures and which sub-processors we use.

If you are an end user of a platform we operate for a client, please contact the relevant client directly to exercise your rights — they are the data controller for the processing. We are happy to forward inquiries, but we cannot act on them ourselves without the client's instruction.

Sub-processors and data sharing

We do not sell personal data to third parties. To run our website and deliver our services, we use a number of vendors that process data on our behalf. All of them are bound by data processing agreements and operate within the EU or with GDPR-compliant safeguards.

Vercel
Hosting and analytics for this website. Processes technical data about visitors (IP, browser, pages). EU region.
Cloudflare
DNS, edge routing and DDoS protection in front of the website. Processes IP addresses and request metadata for security and performance purposes.
EU-based email and calendar provider
For handling correspondence, meetings and documents. We choose providers whose processing takes place within the EU/EEA, or where SCCs and supplementary measures are in place.
Bookkeeping and invoicing
A Danish bookkeeping system for handling invoices, receipts and accounting data, as required by Danish accounting law.

For specific client engagements, the list of sub-processors may be different — the actual list is set out in the relevant Data Processing Agreement.

International data transfers

Our primary operating environment is located within the EU/EEA. We aim for all processing of personal data to take place within the EU/EEA, and our hosting, edge networking and email vendors are chosen with that in mind.

If processing in a specific case involves transfer to a third country (countries outside the EU/EEA), it only happens on a valid transfer mechanism — typically the European Commission's Standard Contractual Clauses (SCCs), supplemented by technical and organisational measures that ensure a level of protection equivalent to the EU's. We disclose any such transfers in the relevant Data Processing Agreement.

Cookies and tracking

We use as few cookies as possible and do not process personal data for profiling or behavioural advertising. All non-essential cookies require your active consent via our cookie banner — we don't pre-tick consent, and you can change your choice at any time.

Strictly necessary cookies

We use a small number of technical cookies required for the website to function — for example to remember your language choice and your cookie consent. These cookies cannot be disabled because the site cannot work without them.

Analytics (only with consent)

If you accept analytics in the banner, we collect anonymous, aggregated information about which pages get used and how the site performs. We've chosen tools that respect consent and don't share data with third parties for advertising. The full list of tools lives in our Cookie policy.

No advertising tracking

We do not use the Meta Pixel, the LinkedIn Insight Tag, Google Ads tags or any other form of advertising tracking on flaretech.dk. We do no retargeting and no profiling of visitors.

You can change your cookie choice at any time via the "Cookie preferences" link at the bottom of every page, or via your browser's settings. The full overview lives on our Cookies page.

Retention periods

We only retain personal data for as long as necessary to fulfil the purposes for which it was collected, or for as long as we are legally required to.

Correspondence with prospects and candidates
Up to 3 years after last contact. After that we delete or anonymise.
Job applications
Up to 6 months after the recruitment process has ended, unless we have your consent to keep it longer.
Client relationship data and contracts
For the duration of the agreement and 5 years after termination, in accordance with the Danish Statute of Limitations and Bookkeeping Act.
Accounting records
5 years after the end of the accounting year the record relates to.
Technical log files
Up to 30 days, unless longer retention is required for security investigations.
Aggregated analytics data
Indefinitely, since the data is no longer attributable to an individual.

Security

We use technical and organisational security measures appropriate to the risk of the processing we carry out. In practice that means, among other things:

  • Encryption of data in transit (TLS) and at rest where the vendors support it.
  • Access control following the least-privilege principle — people only get access to what they need for a task.
  • Multi-factor authentication (MFA) on all employee accounts at us and at critical vendors.
  • Use of a password manager and rotation of access keys.
  • Backup and restore procedures for critical systems we operate.
  • Logging and monitoring of access to production environments.
  • A procedure for handling security incidents, including the obligation to notify data controllers and the Danish Data Protection Agency where relevant.

If you discover a vulnerability in one of our systems, we'd like to hear about it — write to security@flaretech.dk or our regular sales address.

Your rights under GDPR

You have a number of rights when we process personal data about you:

  • Right of access — you can be told what personal data we process about you and receive a copy.
  • Right to rectification — you can have inaccurate or incomplete data corrected.
  • Right to erasure ("the right to be forgotten") — in certain cases you can have personal data about you deleted.
  • Right to restriction — you can require that processing be restricted while, e.g., an objection is being resolved.
  • Right to data portability — you can receive the personal data you have provided to us in a structured, commonly used and machine-readable format.
  • Right to object — you can object to our processing based on legitimate interests, including against direct marketing.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to the withdrawal.

You exercise your rights by writing to sales@flaretech.dk. We will respond as quickly as possible and within 30 days at the latest. We may ask for documentation of your identity to make sure we don't disclose data to an unauthorised party.

Complaint to the Danish Data Protection Agency

If you disagree with how we process your personal data, we'd like to hear from you first so we can try to resolve it. You always have the right, however, to lodge a complaint with the Danish Data Protection Agency (Datatilsynet):

Datatilsynet
Carl Jacobsens Vej 35, 2500 Valby, Denmark
Phone
+45 33 19 32 00
Email
dt@datatilsynet.dk
Web
datatilsynet.dk

Children

Our website and services are not directed at children under 16, and we do not knowingly collect personal data about persons under 16. If we become aware that we have received data about a person under 16 without a valid basis, we will delete it as soon as possible.

Changes to this privacy policy

We update this policy when our processing of personal data changes — for example when we change a sub-processor or add a new service. The date at the top of the page shows when the policy was last revised.

Material changes that affect rights for people we have an active relationship with are announced via email at least 14 days before the change takes effect.

Contact us

If you have questions about this privacy policy or want to exercise your rights, write or call us:

FlareTech
Rs Hansensvej 15, 4520 Svinninge, Denmark
VAT (CVR)
46309162
Email
sales@flaretech.dk
Phone
+45 50 56 90 77

Questions?

Happy to answer anything about data protection.

Drop us a few lines about what you want to know. We'll get back within one business day — no forms, no ticket numbers.

Email usCall us +45 50 56 90 77