Allegro IT Allegro IT

Privacy Policy

This privacy policy describes how Allegro IT ApS processes personal data in connection with the use of allegroit.dk. We aim to be transparent about what data we collect, why, and how long we keep it.

Data controller

Allegro IT ApS Fyrrelien 8 8920 Randers NV Denmark

Company reg. no. (CVR): 34593701 Email: [email protected] Phone: +45 22 31 55 02

What information we process

The contact form

When you fill in the contact form on the site, we process the following information:

  • Name — as you provide it
  • Email address — so we can reply to you
  • Subject and message — the content of your enquiry
  • Language — which language version of the site you used
  • IP address — recorded together with the submission as a simple security and abuse log
  • Timestamp — when the submission was sent

Server logs

Our web server keeps standard access logs containing IP address, requested URL, user agent and timestamp. These are necessary for operations, troubleshooting and security.

Cookies

Allegroit.dk does not set any cookies. The site contains no analytics, statistics or marketing tools, and no cookie consent is therefore required.

Purpose and legal basis

  • Responding to enquiries sent via the contact form. Legal basis: GDPR art. 6(1)(b) (steps taken at your request prior to entering into a contract) or (f) (legitimate interest in being able to answer questions and enquiries).

  • Operating, securing and troubleshooting the website (server logs). Legal basis: GDPR art. 6(1)(f) (legitimate interest in operating and protecting the site).

Retention

  • Contact form submissions are retained on the website for up to 12 months, after which they are automatically deleted. This is a fixed rule with no exceptions — no long-term retention of form logs takes place on the website itself.
  • If an enquiry results in a client relationship, the associated email correspondence continues to exist in our Microsoft 365 mailbox ([email protected]), where it is retained in accordance with the Danish Bookkeeping Act (bogføringsloven) requirement to keep accounting records for 5 years from the end of the relevant financial year. This retention takes place separately from the website and is handled as part of our ordinary email and accounting processes.
  • Server logs are rotated automatically by Docker and are not retained long-term. Rotation is size-bounded, which in practice gives a retention horizon of up to a few weeks.

Recipients and data processors

We do not share your information with third parties for marketing purposes. Your data is processed by the following data processors:

  • Hetzner Online GmbH — provides the virtual server that hosts the site. Data centre in Helsinki, Finland. EU-based.
  • Microsoft Ireland Operations Limited — provides Microsoft 365, which acts as both our email platform for [email protected] and as the SMTP relay used by the contact form. Email data is stored in Microsoft's EU data centres under Microsoft's "EU Data Boundary" commitment. Because Microsoft is part of a US-headquartered group, processing takes place under the EU-US Data Privacy Framework (European Commission adequacy decision of 10 July 2023), which provides the legal basis for transferring personal data to certified US data processors. Microsoft is certified under this framework.

Beyond the above, we do not transfer personal data outside the EU/EEA.

Your rights

Under the GDPR you have the right to:

  • request access to the information we process about you,
  • have inaccurate information corrected,
  • have information erased in certain cases (the right to be forgotten),
  • request that processing be restricted in certain cases,
  • object to processing based on legitimate interest,
  • receive your information in a structured, commonly used and machine-readable format (data portability).

To exercise any of these rights, please email [email protected]. We will respond as quickly as possible and no later than 30 days from receipt of your request.

Right to complain

You have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) if you are dissatisfied with the way we process your data:

Datatilsynet Carl Jacobsens Vej 35 2500 Valby Denmark datatilsynet.dk

Changes

We may update this privacy policy from time to time. The current version is always available on this page, and the date below indicates when it was last revised.

Last updated: 15 April 2026