Privacy Policy
We respect your privacy and protect your personal data. This privacy policy explains how we collect, use and protect your data in accordance with GDPR.
Data Controller
Contact Information
Data Controller: Bondtofte Holding ApS
VAT No: DK34560311
Address: Frederiksberg Allé 4, 6th floor
Postal Code: 1621 Copenhagen V
Country: Denmark
Phone: +45 28 33 82 05
Email: henrik@linkbuildingbogen.dk
Data Protection Officer
Contact Person: Henrik Bondtofte
Email: henrik@linkbuildingbogen.dk
Response Time: Within 72 hours
Supervisory Authority: Danish Data Protection Agency
Authority Website: datatilsynet.dk
EU Representative: Available upon request
What Information Do We Collect?
Information you provide directly
- Name and email: When purchasing, contacting us, or subscribing to newsletter
- Delivery address: When purchasing physical products
- Payment information: Handled by Stripe (we do not store card details)
- Correspondence: Emails, messages and support inquiries
Information we collect automatically
- IP address: Anonymized after 30 days
- Browser information: Type, version and settings
- Device information: Screen resolution, operating system
- Usage data: Pages visited, time on site, click data
Why Do We Use Your Information?
Necessary purposes
- • Process and deliver your orders
- • Send purchase confirmations and receipts
- • Handle customer service and support
- • Fulfill legal obligations
- • Prevent fraud and abuse
Legitimate interests
- • Improve website functionality
- • Analyze user behavior (anonymized)
- • Optimize user experience
- • Technical troubleshooting and security
- • Marketing to existing customers
With your consent
- • Newsletter and SEO tips
- • Marketing cookies
- • Personalized content
- • Product recommendations
- • Tailored communication
We NEVER use data for
- • Selling to third parties
- • Spam or unwanted marketing
- • Profiling without consent
- • Sharing with competitors
- • Automated decision-making
Do We Share Your Information?
Data processors (necessary only)
Stripe (Payments)
- • Processes all payments securely
- • PCI DSS Level 1 certified
- • We never receive card details
- • Location: USA (adequacy decision)
Vercel (Hosting)
- • Hosts website and handles traffic
- • Anonymized log files
- • GDPR compliance certified
- • Location: EU and USA
PostNord (Delivery)
- • Only name and delivery address
- • Only for physical deliveries
- • Nordic company (GDPR compliant)
- • Data deleted after delivery
Google Analytics
- • Anonymized user statistics
- • IP addresses are masked
- • Only aggregated data
- • Can be opted out via cookies
We NEVER share with:
- • Advertising agencies
- • Marketing companies
- • Data brokers or collectors
- • Social media platforms
- • Competitors
- • Foreign authorities
How Long Do We Keep Your Data?
Data retention
Customer data:
- • Order history: 5 years (accounting law)
- • Contact information: 3 years after last purchase
- • Newsletter subscriptions: Until unsubscribed
- • Support correspondence: 2 years
Technical data:
- • IP addresses: 30 days (then anonymized)
- • Server log files: 90 days
- • Cookies: Up to 2 years (depends on type)
- • Analytics data: Anonymized, 26 months
Automatic deletion
We have implemented automatic deletion procedures to ensure your data is not kept longer than necessary:
- Inactive customer accounts are automatically deleted after 3 years of inactivity
- IP addresses are automatically anonymized after 30 days
- Newsletter unsubscriptions result in immediate deletion
Your Rights Under GDPR
Right to access
You can obtain all personal data we process about you, as well as information about how we process it.
Right to rectification
You can have incorrect or incomplete personal data we process about you corrected.
Right to erasure
You can have your personal data deleted if it is no longer necessary or lawfully processed.
Right to restriction
You can have the processing of your personal data restricted in certain situations.
Right to data portability
You can have your personal data provided in a structured, commonly used and machine-readable format.
Right to object
You can object to processing of your personal data based on legitimate interests.
How to exercise your rights:
Email: henrik@linkbuildingbogen.dk
Phone: +45 28 33 82 05
Response time: Within 72 hours
Full processing: Within 30 days
Data Security
Technical security measures
- SSL/TLS encryption on all connections
- Encrypted database with access control
- Regular security updates
- Automatic backup and disaster recovery
- Continuous security monitoring
- Limited staff access (need-to-know)
Data breaches
In case of any data security breaches, we will immediately implement security procedures, report to the Data Protection Agency within 72 hours and inform affected individuals if there is high risk.
Complaints and Dispute Resolution
Contact us first
If you have questions or complaints about our processing of your personal data, we encourage you to contact us directly first.
Email: henrik@linkbuildingbogen.dk
Phone: +45 28 33 82 05
Response time: Within 72 hours
Supervisory authorities
You always have the right to lodge a complaint with the relevant data protection authority.
Danish Data Protection Agency
Carl Jacobsens Vej 35, 2500 Valby, Denmark
Email: dt@datatilsynet.dk
Website: datatilsynet.dk
EU ODR Platform: ec.europa.eu/consumers/odr
Updates to Privacy Policy
Ongoing updates
We update this privacy policy regularly to ensure it reflects our current data practices and complies with applicable legislation.
For significant changes:
- • Information via email to registered users
- • Visible notice on website
- • Option to withdraw consent
- • 30 days notice before changes take effect
Version history:
- • Version 3.0: January 2025 (GDPR update)
- • Version 2.1: August 2024 (Cookie policy)
- • Version 2.0: May 2023 (Major revision)
- • Version 1.0: June 2021 (Initial)
Questions About Your Data?
We are committed to protecting your privacy. Contact us if you have any questions.
Last updated: January 2025 | Version 3.0 | Applicable to linkbuildingbogen.dk