+45 36117882 [email protected]
Mon-Fri: 10:00 - 19:00

Privacy Policy

How we collect, use, and protect your personal information

Last Updated: 15 January 2026

Effective Date: 15 January 2026

Introduction

This Privacy Policy explains how krosavelin.top AS ("we," "our," or "us") collects, uses, and protects your personal information when you visit our website krosavelin.top or use our spa client journey analytics services. We are committed to protecting your privacy and handling your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Danish privacy laws.

Data Controller Information

The data controller for your personal information is:

  • Company: krosavelin.top AS
  • Registration Number: CVR25361479
  • VAT Number: DK25749638
  • Address: Vesterbrogade 67, 8039 Aarhus, Central Denmark, DK
  • Email: [email protected]
  • Phone: +45 36117882

Data Collection

We collect personal data in the following ways and for the following purposes:

Information You Provide Directly

When you use our services or contact us, we collect data you voluntarily provide, including:

  • Contact information (name, email address, phone number)
  • Company or spa business information
  • Service enquiry details and consultation requests
  • Communication preferences
  • Any other information you choose to provide in forms or communications

Information Collected Automatically

When you visit our website, we may automatically collect certain technical information, including:

  • IP address and browser information
  • Device type and operating system
  • Pages visited and time spent on our website
  • Referring website information
  • Cookie and tracking technology data (subject to your consent)

How We Use Your Information

We use your personal data for legitimate business purposes, including:

  • Service Provision: To provide our spa analytics consultation services and respond to your enquiries
  • Communication: To communicate with you about our services, appointments, and business matters
  • Business Operations: To manage our client relationships and improve our service delivery
  • Legal Compliance: To comply with applicable laws, regulations, and legal obligations
  • Website Improvement: To analyse website usage and improve user experience
  • Marketing: To send you relevant information about our services (with your consent where required)

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: Where you have given explicit consent for specific processing activities
  • Contract: To perform our contractual obligations in providing analytics services
  • Legitimate Interests: For our legitimate business interests, such as improving our services and website functionality
  • Legal Obligation: To comply with legal requirements and regulations

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner or by visiting our cookie policy page for more detailed information.

Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist us in operating our website and providing our services
  • Legal Requirements: When required by law, regulation, or legal process
  • Business Protection: To protect our rights, property, or safety, or that of our clients or others
  • Business Transfers: In connection with any merger, acquisition, or sale of our business assets

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Generally:

  • Client consultation data is retained for the duration of our business relationship and up to 7 years thereafter for legal and accounting purposes
  • Website analytics data is typically retained for up to 2 years
  • Marketing communication data is retained until you withdraw consent
  • Legal and compliance records are retained as required by applicable law

Your Rights

Under GDPR and applicable privacy laws, you have the following rights regarding your personal data:

  • Access: The right to request access to your personal data
  • Rectification: The right to request correction of inaccurate personal data
  • Erasure: The right to request deletion of your personal data under certain circumstances
  • Restriction: The right to request restriction of processing under certain circumstances
  • Portability: The right to receive your personal data in a structured, machine-readable format
  • Objection: The right to object to processing based on legitimate interests or for marketing purposes
  • Withdraw Consent: The right to withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at [email protected] or +45 36117882.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses approved by the European Commission
  • Other appropriate safeguards as recognised under GDPR

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Staff training on data protection and security
  • Incident response procedures

Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of our services after such changes constitutes acceptance of the updated Privacy Policy.

Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with this Privacy Policy or applicable privacy laws, you have the right to lodge a complaint with the relevant supervisory authority. In Denmark, this is:

Datatilsynet (Danish Data Protection Agency)
Borgergade 28, 5
1300 Copenhagen K
Denmark
Email: [email protected]
Phone: +45 33 19 32 00

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your enquiry within 30 days of receipt.