GenieBelt Privacy Policy

Last updated: 03 October, 2025

GenieBelt ApS (“GenieBelt”, “we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share and protect your personal information when you use our websites, applications, and services (the “Services”).

GenieBelt ApS is a Danish company registered under CVR No. 35231129, with registered office at Bryghuspladsen 8, 1473 København, Denmark. GenieBelt acts as the data controller for personal data processed in connection with the Services. This Privacy Policy is governed by the General Data Protection Regulation (GDPR) and Danish data protection law (Databeskyttelsesloven).

1. Data we collect

We collect and process the following categories of personal data:

  • Contact details: name, email address, phone number, language preferences.
  • Professional details: company, job title, sector.
  • Account and profile data: login credentials, profile photo, project role.
  • Transaction data: payment information, billing details.
  • Usage data: log files, IP address, device identifiers, browser type, operating system, activity within the Services.
  • Communications and content: support requests, uploaded documents, photos, messages.
  • Location/time zone information (where relevant for project reporting and account setup).

2. How we collect data

We collect data:

  • Directly from you (when you register, request support, or interact with the Services).
  • Automatically (through cookies, usage logs, and analytics).
  • From other users (if colleagues invite you to projects or share documents with you).

 

3. Legal bases for processing

We process your personal data based on the following GDPR legal grounds:

  • Contract performance (Art. 6(1)(b)) – to provide and manage your account and the Services.
  • Consent (Art. 6(1)(a)) – for optional marketing communications and cookies.
  • Legitimate interest (Art. 6(1)(f)) – to improve our Services, prevent fraud, ensure IT security, and communicate relevant updates.
  • Legal obligation (Art. 6(1)(c)) – to comply with accounting, tax, and regulatory requirements.

 

4. How we use your data

We use your personal data to:

  • Provide and operate the Services (project collaboration, reporting, communication tools).
  • Manage your account and respond to support requests.
  • Process payments and fulfil contracts.
  • Send important updates about the Services.
  • Improve our Services through analytics and feedback.
  • Send marketing communications where you have consented.

5. Cookies and tracking

We use cookies and similar technologies for functionality, analytics, and (with consent) marketing. For more details, please see our Cookie Policy.

6. Sharing of data

We only share your data when necessary and always under appropriate safeguards:

  • Service providers (processors) for hosting, analytics, customer support, email, payment processing, and CRM. Our primary hosting provider is Amazon Web Services (AWS), with servers located in the EU (Ireland, eu-west-1 region).
  • Authorities where required by law or legal process.

We do not transfer personal data outside the EU/EEA.

We do not sell or rent your personal data.

 

7. Data retention

We keep your personal data only for as long as necessary for the purposes described in this Privacy Policy:

  • Account data: as long as you have an active account, and up to 5 years after closure.
    Contract and billing data: 5 years, as required by Danish bookkeeping law.
  • Marketing data: until you withdraw your consent or unsubscribe.
  • Support data and communications: up to 2 years for quality assurance.

Data may be stored longer if required by law or for the establishment, exercise, or defence of legal claims.

8. Your rights

As a data subject, you have the following rights under GDPR:

  • Right of access – to request a copy of your personal data.
  • Right to rectification – to correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) – to request deletion of your data where legally permitted.
  • Right to restriction of processing – to limit how we process your data.
  • Right to data portability – to receive your data in a structured, commonly used format and transfer it to another controller.
  • Right to object – to object to processing based on legitimate interests or to direct marketing.
  • Right to withdraw consent – where processing is based on your consent.

To exercise your rights, please contact us (see section 11 below).

You also have the right to lodge a complaint with Datatilsynet, the Danish Data Protection Agency: https://www.datatilsynet.dk/english

9. Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit and at rest.
  • Access controls and authentication.
  • Regular backups and redundancy.
  • Monitoring and logging of system activity.
  • Staff training and confidentiality obligations.

10. Children’s privacy

Our Services are not directed to individuals under 15 years of age. We do not knowingly collect data from children under this age. If we become aware that we have collected data from a child under 15 without parental consent, we will delete it.

 

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website, with the effective date clearly indicated. If we make material changes, we will notify you in advance by email or through the Services.

12. Contact us

If you have questions about this Privacy Policy, or wish to exercise your rights, you can contact us at:

GenieBelt ApS
Bryghuspladsen 8, 1473 København, Denmark
Email: techsupport@geniebelt.com

Supervisory authority: Datatilsynet (Danish Data Protection Agency)
Borgergade 28, 5.
1300 Copenhagen K, Denmark
https://www.datatilsynet.dk/english