Privacy Policy

March 14, 2024 / version 2.0

Why have we created this privacy policy?

Advice and Forte Advice prioritize confidentiality and data security highly. This privacy policy applies to our processing of personal data as data controllers and outlines the guidelines for how Advice and Forte Advice process your personal data.

This privacy policy provides you with the information you are entitled to receive under applicable data protection legislation.

You should read the privacy policy before sharing your personal data with Advice or Forte Advice.

Data controllers and contact information

Advice consists of two companies in Denmark. Which company is the data controller for your personal data under this privacy policy depends on which company you and your business have entered into an agreement with, have contacted, or otherwise interacted with (e.g., subscribing to newsletters or visiting our websites).

With this in mind, the data controller for your personal data (each data controller referred to individually as “Advice”, “we”, “us” or “our”):

Advice Management & Communication Consulting A/S
CVR no.: 20 21 22 09
Gammel Kongevej 3E, 4.
1610 Copenhagen V
+45 33 42 21 00
connect@adviceas.dk

Forte Advice ApS
CVR no.: 43 51 38 93
Gammel Kongevej 3E, 4.
1610 Copenhagen V
+45 33 42 21 00
connect@forteadvice.com

Data controller or data processor

Advice acts as the data controller for your personal data under this privacy policy.

In order to provide services to our customers, Advice also acts as a data processor. The scope of the data processing activities that Advice performs as a data processor is described in the data processing agreement entered into between the customer as data controller and Advice as data processor. The data processing agreement is based on the standard agreement prepared by the Danish Data Protection Agency.

Both Advice Management & Communication Consulting A/S and Forte Advice ApS will appear as independent data processors on behalf of the customer, who is the data controller. This is due to the fact that employees from both companies contribute to delivering the necessary services under the main agreement between Advice and the customer in most projects.

From where do we collect personal data about you?

Advice may collect and process personal data about you from the following sources:

– Directly from you.

– From your device through your actions.

– From your employer if you are employed by our customers, business partners, or suppliers.

– From publicly available websites when we build a database of relevant contacts in connection with future presentations, conferences, and other events.

Purpose, types of personal data, legal basis, and deletion

Advice's processing of personal data depends on the customer agreement, your interactions, given consents, and your behavior. First, read “Which individuals are covered?” to clarify the relevance for you.

5.1. Cookies, pixels, and social plug-ins

Processing activity: Cookies, pixels, and social plug-ins

Which individuals are covered? Visitors to the website who have given consent via the cookie banner.

Purpose: Marketing, statistics, preferences, and providing features (see the cookie banner).

Types of personal data: User ID, geographical location, interests, IP address, operating system, browser type, device type, website behavior, MAC address, click behavior, interaction with ads, and search history.

Legal basis: Necessary cookies are processed to enable the use of features on the website (Article 6(1)(b) GDPR). Marketing/preference cookies are processed based on consent (Article 6(1)(a) GDPR). We always obtain valid cookie consent before placing cookies.

Deletion: See the cookie banner for expiration periods. The icon is shown on the website.

5.2. Customer agreements

Processing activity: Customer agreements

Which individuals are covered? Employees of customers.

Purpose: Conclusion and fulfillment of customer agreements.

Types of personal data: Name, email, phone number, work address, position, role, purchased services, and signature.

Legal basis: Conclusion and fulfillment of contract (Article 6(1)(b) GDPR) and legitimate interest in fulfilling the contract entered into with your employer (Article 6(1)(f) GDPR).

Deletion: 5 years after last contact.

5.3. Newsletter

Processing activity: Newsletter

Which individuals are covered? Individuals who have given consent to receive newsletters.

Purpose: Sending marketing as described in the consent.

Types of personal data: Email, name, role, and workplace.

Legal basis: Consent (Article 6(1)(a) GDPR).

Deletion: 2 years after withdrawal of consent.

5.4. Telephone marketing

Processing activity: Telephone marketing

Which individuals are covered? Contacts at potential customers.

Purpose: Marketing of Advice's services.

Types of personal data: Name, position, phone number, and trade.

Legal basis: Legitimate interest in being able to sell our services (Article 6(1)(f) GDPR).

Deletion: 2 years after last contact.

5.5. Profiling for marketing purposes

Processing activity: Profiling for marketing purposes

Which individuals are covered? Individuals with newsletter consent.

Purpose: Targeted advertising, including personal emails and newsletters.

Types of personal data: Email, name, click behavior regarding sent material, and preferences.

Legal basis: Legitimate interest in improving and developing our services (Article 6(1)(f) GDPR).

Deletion: As long as newsletter consent is active.

5.6. Christmas cards

Processing activity: Christmas cards

Which individuals are covered? Employees of customers.

Purpose: Sending Christmas cards.

Types of personal data: Email and position.

Legal basis: Legitimate interest in maintaining good customer relationships (Article 6(1)(f) GDPR).

Deletion: Upon termination of the customer relationship.

5.7. Customer service and general communication

Processing activity: Customer service and general communication

Which individuals are covered? Individuals who contact us.

Purpose: Handling inquiries and agreements, safeguarding rights, general communication, statistics, and analysis.

Types of personal data: Email, name, phone number, subject of inquiry, date, and other information you provide.

Legal basis: Legitimate interest in handling inquiries, communicating, and developing our products (Article 6(1)(f) GDPR). In case of (potential) contract: preliminary measures (Article 6(1)(b) GDPR).

Deletion: As a rule, 2 years, depending on the content of the case.

5.8. Film production

Processing activity: Film production

Which individuals are covered? Models and extras (and if applicable, parents/guardians for individuals under 13 years).

Purpose: Use of models and extras in film production and payment of fees.

Types of personal data: Name, address, email, phone number, images/videos, and CPR number in certain cases. For individuals under 13 years, also parent/guardian information and police approval.

Legal basis: Model contract (Article 6(1)(b) GDPR) or consent (Article 6(1)(a) GDPR). The CPR number is processed for tax purposes under the Data Protection Act § 11, subsection 2, no. 1. Further information about minors is processed according to legal obligation (Article 6(1)(c) GDPR) and the Data Protection Act § 11, subsection 2, no. 1.

Deletion: 3 months after the project’s completion.

5.9. Market research and surveys

Processing activity: Market research and survey (via Norstat/Epinion)

Which individuals are covered? Participants

Purpose: Analysis, interviews, focus groups, user tests, and workshops.

Types of personal data: Name, contact information, and statements. In certain cases, sensitive information and CPR numbers if relevant to the survey.

Legal basis: Consent (Article 6(1)(a) GDPR, Article 9(2)(a) GDPR, and the Data Protection Act § 11, subsection 2, no. 2).

Deletion: 6 months after project completion.

5.10. Events and webinars

Processing activity: Holding events/webinars and building contact database

Which individuals are covered? Participants and relevant stakeholders from public sources

Purpose: Registration, administration, and telephone marketing after holding; inquiries about participation.

Types of personal data: Contact information, role, position, and information about participation.

Legal basis: Agreement on participation (Article 6(1)(b) GDPR) and legitimate interest in subsequent contact/marketing (Article 6(1)(f) GDPR).

Deletion: 5 years after latest use.

5.11. Use of images and videos

Processing activity: Use for own marketing

Which individuals are covered? Models and employees of customers

Purpose: Marketing

Types of personal data: Images/videos, contact information, signature, and copy of contract

Legal basis: Consent (Article 6(1)(a) GDPR) or contract (Article 6(1)(b) GDPR)

Deletion: When consent is withdrawn or the contract expires.

5.12. Legal claims and lawsuits

Processing activity: Legal claims and lawsuits

Which individuals are covered? Employees of customers and suppliers

Purpose: To determine, exercise, or defend legal claims

Types of personal data: Information relevant to the claim as well as contact details

Legal basis: Legitimate interest (Article 6(1)(f) GDPR)

Deletion: When the matter is completed or in accordance with other storage periods.

5.13. Satisfaction surveys and market analysis

Processing activity: Sending satisfaction surveys and market analyses; improving services

Which individuals are covered? Employees of customers who have purchased services

Purpose: Improve products/services, ensure customer satisfaction, and marketing

Types of personal data: Contact information and position

Legal basis: Legitimate interest in statistics/analysis and follow-up (Article 6(1)(f) GDPR). Participation is voluntary.

Deletion: 5 years after the termination of the contract.

5.14. Accounting Act

Processing activity: Compliance with the Accounting Act

Which individuals are covered? Contacts at customers

Purpose: Documentation of customer agreements according to the Accounting Act

Types of personal data: Transaction information

Legal basis: Legal obligation (Article 6(1)(c) GDPR)

Deletion: Up to 6 years.

5.15. Collaboration with companies

Processing activity: Collaboration with suppliers and partners

Which individuals are covered? Suppliers and collaboration partners

Purpose: Planning, execution, and administration of collaborations; payments; credit assessment; accounting; support; product/service development; statistics; conflict resolution

Types of personal data: Name, email, phone, other contact details; language; company information; job title; workplace/country; contract information; financial information (for sole proprietorships)

Legal basis: Contract (Article 6(1)(b) GDPR), legitimate interest in everyday operations and development (Article 6(1)(f) GDPR) as well as legal obligations (Article 6(1)(c) GDPR)

Deletion: 3 years after last contact.

Whom do we disclose your personal data to?

In specific cases, we disclose personal data to independent data controllers. We may also disclose information with your prior consent (e.g., via cookies).

6.1. Lawyers, insurance companies, authorities, police, and courts

Types: Relevant information in relation to a specific dispute

Legal basis: Legitimate interest (Article 6(1)(f) GDPR)

6.2. Customers

Types: Film production materials are transferred to customers as independent data controllers

Legal basis: Contract (Article 6(1)(b) GDPR)

6.3. Payment processors

Types: Payment and card information

Legal basis: Contract (Article 6(1)(b) GDPR)

6.4. Tax authorities

Types: Payment information and CPR number (models in film production)

Legal basis: Legal obligation (Article 6(1)(c) GDPR) and the Data Protection Act § 11, subsection 2, no. 1

To whom do we delegate your personal data?

Suppliers (data processors) may access personal data based on contract when they provide services to Advice and/or Forte Advice (e.g., hosting, satisfaction surveys, newsletters, IT support, cookies, and marketing). Data processors only process personal data according to the data processing agreement and our instructions.

Do we transfer your personal data to insecure third countries?

If personal data is transferred to data processors or data controllers established in countries outside the EU/EEA without an adequate level of protection, the transfer takes place based on the EU Commission's standard contractual clauses. Transfers to the USA can also occur based on the EU-US Data Privacy Framework. Contact us with questions.

If you visit our profiles or pages on social media

This section covers the processing of personal data collected via Advice's and Forte Advice's profiles/pages on social media.

Advice Management & Communication Consulting A/S has profiles on:

Facebook (Meta Platforms Ireland Ltd.) – see the privacy policy of the provider

YouTube (Google Ireland Ltd.) – see the privacy policy of the provider

LinkedIn (LinkedIn Ireland Unlimited Company) – see the privacy policy of the provider

X (X Corp) – see the privacy policy of the provider

Instagram (Meta Platforms Ireland Ltd.) – see the privacy policy of the provider

Forte Advice ApS has a profile on:

LinkedIn (LinkedIn Ireland Unlimited Company)

For LinkedIn, Facebook, and Instagram, Advice along with the providers are joint data controllers for processing in connection with the interaction with the profiles. The distribution of data protection responsibilities follows the providers’ joint data controller agreements.

Advice also uses YouTube as a data processor in connection with video content and shares certain information about interaction/interests with YouTube based on legitimate interest (Article 6(1)(f) GDPR).

Collection of personal data (social media):

– Information on your profile (name, gender, marital status, workplace, interests, picture, city)

– Reactions to our profiles (likes, etc.)

– Comments on our posts

– Visits to our profiles

– IP address

Purpose (Advice):

– Improving products/services and profiles

– Statistics and analysis

– Communication (comments/messages/reviews)

– General marketing

Purpose (providers):

– Improving advertising systems

– Statistics for Advice based on your visits

– Advertising and personalization

Legal basis (Advice):

– Legitimate interest in communication, marketing, and improving services (Article 6(1)(f) GDPR)

Storage period (Advice):

– 2 years (can be anonymized and stored longer)

Sharing (providers – categories):

– Group companies, analytics partners, advertisers, other users (public information), researchers, etc.

Providers may transfer data outside the EU/EEA in accordance with applicable rules (see the providers’ privacy policies).

What rights do you have?

When Advice processes personal data about you, you have the following rights:

– Insight into the personal data we process about you

– Objection to collection and further processing

– Rectification and deletion (with legal exceptions)

– Restriction of processing

– Data portability in certain cases

– Withdrawal of consent at any time (effective prospectively). Newsletters can be unsubscribed via the link at the bottom of the email.

Right to object:

You can at any time object to processing, including processing based on Article 6(1)(f) GDPR, e.g., for marketing.

Do you have questions or wish to exercise your rights?

Contact us as specified in section 2. If your complaint is not resolved with us, you can contact the Danish Data Protection Agency:

The Danish Data Protection Agency

Carl Jacobsens Vej 35

DK-2500 Valby

Phone: 33 19 32 00

Email: dt@datatilsynet.dk

Links to other websites

Our websites may contain links to other websites. We are not responsible for the content of third-party websites or their procedures for collecting/processing personal data. Always read the privacy policy of the respective website.

Changes to the privacy policy

This privacy policy does not constitute an agreement between Advice and you, but forms the basis for our duty to inform. We may change the privacy policy in accordance with applicable law. The date and version number are updated at the top upon changes. The version in effect at any time is available via "Privacy Policy". For significant changes, you will be informed via email or other notice referring to the updated privacy policy.