Legal

Privacy Policy.

Last updated: 28 April 2026

This privacy policy describes how Damgaard Group ApS ("Damgaard Group", "we", "us", "our") collects, uses, and protects personal data when you visit damgaardgroup.com or interact with our services. We are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act.

1. Data controller

The data controller responsible for the personal data processed through this website is:

Damgaard Group ApS
Kildehøjvej 16A
3460 Birkerød, Denmark
Email: kontor@damgaardgroup.com
Phone: +45 45 82 82 82

2. Personal data we collect

Data you provide directly

When you submit an enquiry form on our website, we collect:

• First name and last name
• Email address
• Phone number (optional)
• Professional role and area of interest
• Project information you choose to share

Data collected automatically

When you visit our website, we may automatically collect:

• IP address and approximate geographic location
• Browser type and version
• Device information and operating system
• Pages visited and time spent on each page
• Referring website

This data is collected through cookies and similar technologies. See our Cookie Policy for details.

3. Legal basis for processing

We process your personal data based on the following legal grounds:

• Consent (Article 6(1)(a) GDPR): When you submit an enquiry form or accept non-essential cookies.
• Legitimate interest (Article 6(1)(f) GDPR): For website analytics, security, and to respond to your enquiries about our services.
• Contract performance (Article 6(1)(b) GDPR): When processing is necessary to deliver services you have engaged us for.
• Legal obligation (Article 6(1)(c) GDPR): When required by Danish or EU law to retain certain records.

4. How we use your personal data

We use your personal data to:

• Respond to enquiries and provide the information you request
• Discuss potential pharmaceutical engineering engagements
• Send service-related communications
• Improve our website and services
• Comply with legal obligations
• Protect against fraud and security threats

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Marketing communications

We do not send unsolicited marketing emails. If we communicate with you about services beyond your direct enquiry, it will only be where we have a legitimate basis or your explicit consent. You can opt out of any communication at any time by contacting kontor@damgaardgroup.com.

6. Data sharing and recipients

We share your personal data only with:

• Damgaard Group entities (Damgaard Solutions, Catalyst Reactivate) where relevant to your enquiry
• Service providers who process data on our behalf (web hosting, email service, analytics) under data processing agreements
• Legal and regulatory authorities where required by law

We do not sell, rent, or trade your personal data to third parties.

7. International data transfers

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

8. Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

• Enquiry submissions: 24 months from the date of submission, unless an active engagement results
• Active client communications: Duration of engagement plus 5 years for legal and audit purposes
• Website analytics: 26 months (Google Analytics default)
• Legal records: As required by Danish accounting and corporate law (typically 5 years)

9. Your rights under GDPR

You have the following rights regarding your personal data:

• Right of access: Request a copy of personal data we hold about you
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your data ("right to be forgotten")
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a structured format
• Right to object: Object to processing based on legitimate interest
• Right to withdraw consent: Withdraw consent at any time without affecting prior lawful processing

To exercise any of these rights, contact us at kontor@damgaardgroup.com. We will respond within one month.

10. Right to lodge a complaint

If you believe our processing of your personal data violates GDPR, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet):

Datatilsynet
Carl Jacobsens Vej 35
2500 Valby, Denmark
Website: www.datatilsynet.dk

11. Data security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encrypted data transmission (TLS), access controls, regular security reviews, and staff training on data protection.

12. Children's privacy

Our services are directed at pharmaceutical industry professionals and businesses. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us immediately.

13. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this policy indicates when it was last revised. Material changes will be communicated via the website or by email where appropriate.

14. Contact us

For questions about this privacy policy or our data processing practices, contact us at:

Email: kontor@damgaardgroup.com
Phone: +45 45 82 82 82
Mail: Damgaard Group ApS, Kildehøjvej 16A, 3460 Birkerød, Denmark