Privacy Policy

Published:

Effective date: April 23, 2026
Business name: Decoding Denmark
Owner / Data Controller: Szilvia Schöffer
CVR number: 45247880
Website: decodingdenmark.com
Email: hello@decodingdenmark.com

1. Introduction

At Decoding Denmark, I care about your privacy and handle personal data with care and respect.

This Privacy Policy explains how I collect, use, store, and protect your personal data when you visit this website, contact me, book a call or session, purchase a service, sign up for updates, or otherwise interact with Decoding Denmark.

This Privacy Policy is prepared in accordance with the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act. In Denmark, the supervisory authority is Datatilsynet.

2. Who is responsible for your personal data?

Decoding Denmark is the data controller for the personal data covered by this Privacy Policy.

Data controller:
Szilvia Schöffer / Decoding Denmark
CVR: 45247880
Email: hello@decodingdenmark.com
Website: decodingdenmark.com

3. What personal data I may collect

Depending on how you interact with the website or with me, I may collect:

  • name 
  • email address 
  • phone number 
  • billing information 
  • company details, where relevant 
  • information you share in a contact form, booking form, or email 
  • appointment details 
  • payment-related information 
  • service-related information you choose to share with me 
  • technical data such as IP address, browser type, device information, and website usage data 
  • cookie and analytics data, where relevant 

I only collect personal data that is relevant to the purpose in question.

4. How I collect your personal data

I may collect personal data when you:

  • visit the website 
  • fill in a contact form 
  • book a Discovery Call, Intro Call, or session 
  • contact me by email 
  • purchase a service 
  • sign up for a newsletter or updates 
  • otherwise communicate with Decoding Denmark 

Some data may also be collected automatically through cookies, embedded tools, analytics tools, or website hosting systems, depending on how the website is configured.

5. Why I process your personal data and the legal basis

I process personal data only where there is a lawful basis under the GDPR, such as taking steps before entering into a contract, performing a contract, complying with legal obligations, pursuing legitimate interests, or relying on your consent.

I may process your personal data for the following purposes:

a. To respond to inquiries

If you contact me through the website, by email, or through a booking form, I process your data to respond to your inquiry and communicate with you.

Legal basis:
GDPR Article 6(1)(b) and/or Article 6(1)(f).

b. To schedule calls and sessions

If you book a Discovery Call, Intro Call, or paid session, I process the information needed to arrange and manage the booking.

Legal basis:
GDPR Article 6(1)(b).

c. To deliver services

If you become a client, I process the information necessary to prepare for and deliver career counselling or coaching services.

Legal basis:
GDPR Article 6(1)(b).

d. To process payments and manage accounting obligations

If you purchase a service, I process personal data necessary for payment, invoicing, bookkeeping, and compliance with applicable accounting and tax rules.

Legal basis:
GDPR Article 6(1)(b) and Article 6(1)(c).

e. To improve the website and understand usage

I may use analytics tools to understand how visitors use the website, improve functionality, and maintain security.

Legal basis:
GDPR Article 6(1)(f), and where required, your consent. Guidance from the EDPB also emphasizes that legitimate interest requires a proper balancing assessment.

f. To send newsletters or marketing emails

If you subscribe to a newsletter or explicitly choose to receive updates, I may use your contact details to send relevant content.

Legal basis:
GDPR Article 6(1)(a) — consent.

6. Tools and service providers I use

To operate this website and my business, I may use third-party providers, including:

  • WordPress for website management 
  • Calendly for booking and scheduling 
  • Google Analytics for website analytics 
  • MailerLite for newsletter and email communication 
  • Stripe or another payment provider for payments, where relevant 

These providers may process personal data on my behalf as data processors, or in some cases as independent controllers, depending on their role.

Some of these providers may process data outside the EU/EEA. Where relevant, such transfers must be covered by an appropriate transfer mechanism under the GDPR, such as the European Commission’s Standard Contractual Clauses.

7. Special categories of personal data

Please do not send sensitive personal data unless it is genuinely necessary and relevant to the support you are seeking.

As a general rule, I do not ask for or intentionally process special categories of personal data unless there is a clear reason and a lawful basis for doing so.

8. Who I share your data with

I do not sell your personal data.

I may share personal data only where necessary with trusted providers who help me operate the website and business, such as scheduling, email, analytics, payment, website hosting, and bookkeeping providers.

I only share personal data where necessary and expect service providers to handle personal data securely and appropriately.

9. International data transfers

Some of the service providers I use may process personal data outside the EU/EEA.

If personal data is transferred outside the EU/EEA, I will seek to ensure that appropriate safeguards are in place in accordance with the GDPR, for example the European Commission’s Standard Contractual Clauses or another valid legal mechanism. The GDPR requires transparency about such transfers and safeguards.

10. How long I keep your personal data

I keep personal data only for as long as necessary for the purpose for which it was collected and in accordance with applicable legal requirements. GDPR’s storage-limitation principle requires that personal data not be kept longer than necessary.

In general, I apply the following retention periods:

  • General inquiries and contact form submissions: up to 12 months after the last contact 
  • Discovery Call / Intro Call bookings that do not lead to a client relationship: up to 12 months after the call 
  • Client records related to services: up to 3 years after the end of the client relationship, unless a longer period is necessary for legal, accounting, or dispute-related reasons 
  • Invoices and bookkeeping material: 5 years from the end of the relevant financial year, in line with Danish bookkeeping retention requirements 
  • Newsletter data: until you unsubscribe or withdraw your consent; inactive subscriber data may be deleted earlier as part of list hygiene 
  • Google Analytics data: retained according to the settings used for Google Analytics; Google Analytics supports configurable retention periods, including 14 months, which is a common practical setting 
  • Cookie-related data: according to the relevant tool settings and your cookie preferences 

I may retain data for a longer period where required by law or where necessary to establish, exercise, or defend legal claims.

11. Your rights

Under the GDPR, you may have the right to:

  • request access to your personal data 
  • request correction of inaccurate data 
  • request deletion of your data 
  • request restriction of processing 
  • object to certain processing 
  • request data portability, where applicable 
  • withdraw consent at any time, where processing is based on consent 
  • lodge a complaint with Datatilsynet 

Requests relating to your GDPR rights must generally be handled without undue delay and, in principle, within one month.

If you would like to exercise any of your rights, please contact me at hello@decodingdenmark.com.

12. Cookies and similar technologies

This website may use cookies and similar technologies to support functionality, understand website traffic, improve user experience, and, where relevant, support marketing.

Where required, non-essential cookies will only be used based on your consent.

13. Data security

I take reasonable technical and organisational measures to protect personal data against accidental loss, unauthorised access, misuse, alteration, or disclosure.

The GDPR requires controllers to implement appropriate security measures based on the nature of the risk.

14. Third-party links and embedded tools

This website may contain links to third-party websites or embedded tools, such as Calendly or payment services.

If you interact with those services, their own privacy policies and terms may also apply.

15. Complaints

If you have questions or concerns about how your personal data is handled, please contact me first at hello@decodingdenmark.com.

You also have the right to lodge a complaint with the Danish Data Protection Agency:

Datatilsynet
Carl Jacobsens Vej 35
2500 Valby
Denmark
Website: datatilsynet.dk

16. Changes to this Privacy Policy

I may update this Privacy Policy from time to time to reflect legal, technical, or business changes.

The latest version will always be available on this website.