Contents
1. Who we are
Uwise Agency is a web design studio based in Copenhagen, Denmark. For the purposes of GDPR, we are the data controller for the personal data we collect through this website and through our client engagements.
Uwise Agency
Copenhagen, Denmark
CVR: 43654063
Registered address: [to be added]
Contact: contact@uwise.agency
We have not appointed a Data Protection Officer (DPO) because we are not legally required to do so under Article 37 GDPR. The person responsible for data protection enquiries is the founder, reachable at the email above.
2. What data we collect
2.1 Data you give us directly
- Contact form submissions: name, email address, the plan you are interested in, and the project description you write.
- Email correspondence: any information you send us by email, including signatures and attachments.
- Client engagement data: if you become a client — billing details, content, copy, brand assets, and access credentials needed to deliver the project.
2.2 Data collected automatically
- Server logs: when you visit this website, our hosting provider records standard access logs (IP address, user-agent, request URL, timestamp). These are kept for security and troubleshooting.
- Cookies and similar technologies: see our Cookie Policy. We do not set non-essential cookies without your consent.
2.3 Data we do not collect
We do not buy personal data from third parties, scrape it, or build behavioural profiles. We do not run advertising networks on this site.
3. Why we process it
We process the data above for these specific purposes:
- To respond to enquiries you send through the contact form or by email.
- To deliver the services you have engaged us for, including designing, building, and maintaining your website.
- To send invoices and meet our bookkeeping obligations under Danish tax law.
- To keep this website online, secure, and free from abuse (server logs).
- To send service-related communications (e.g., scheduled maintenance notices, billing reminders) to clients on an active subscription.
We do not use your data for marketing without your prior, separate, opt-in consent. We do not send unsolicited newsletters.
4. Legal basis
Under Article 6 GDPR, every processing activity needs a lawful basis. Ours are:
| Activity | Lawful basis |
|---|---|
| Responding to your enquiry | Pre-contractual measures (Art. 6(1)(b)) |
| Delivering services to a client | Performance of a contract (Art. 6(1)(b)) |
| Issuing invoices & bookkeeping | Legal obligation (Art. 6(1)(c)) under the Danish Bookkeeping Act |
| Server logs & basic security | Legitimate interests (Art. 6(1)(f)) — keeping our service available and protected |
| Optional analytics or marketing | Consent (Art. 6(1)(a)) — and only if you actively opt in |
5. Who we share data with
We do not sell or rent personal data. We share it only with the following categories of recipients, all under appropriate contracts:
- Hosting and infrastructure providers who store website files and emails (acting as our data processors).
- Email and productivity providers we use to communicate with you and store project files.
- Payment and accounting providers we use to invoice clients and meet tax obligations.
- Public authorities if we are legally required to disclose information (e.g., a court order from Danish authorities).
A current list of our subprocessors is available on request — email contact@uwise.agency.
6. International transfers
Some of our service providers may process data outside the European Economic Area (EEA), for example in the United States or the United Kingdom. When that happens, we rely on one of the following GDPR-recognised transfer mechanisms:
- An adequacy decision by the European Commission (e.g., the EU-US Data Privacy Framework, the UK adequacy decision).
- Standard Contractual Clauses (SCCs) approved by the Commission, supplemented where appropriate by additional safeguards.
If you would like a copy of the relevant safeguards for a specific transfer, contact us.
7. How long we keep it
| Data | Retention period |
|---|---|
| Contact form enquiries that don't lead to a project | Up to 12 months, then deleted |
| Active client project data | Duration of engagement plus 12 months |
| Invoices & accounting records | 5 years from end of fiscal year (Danish Bookkeeping Act) |
| Server logs | Up to 90 days |
| Email correspondence | Up to 3 years, unless deletion is requested earlier |
8. Security
We use current industry-standard technical and organisational measures to protect personal data, including:
- HTTPS encryption (TLS) on all web traffic.
- Encrypted password managers, two-factor authentication on all critical accounts.
- Restricted access to client data on a need-to-know basis.
- Regular software updates and backups.
If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Danish Data Protection Authority (Datatilsynet) within 72 hours and inform affected individuals where required by Article 34 GDPR.
9. Your rights
Under GDPR you have these rights regarding your personal data:
- Right of access (Art. 15): get a copy of the personal data we hold about you.
- Right to rectification (Art. 16): have inaccurate data corrected.
- Right to erasure (Art. 17): the "right to be forgotten" in the cases set out in the article.
- Right to restriction (Art. 18): have processing limited in specific circumstances.
- Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
- Right to object (Art. 21): object to processing based on legitimate interests.
- Right to withdraw consent (Art. 7): where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of past processing.
- Right not to be subject to automated decision-making (Art. 22): we do not make decisions about you using automated processing alone.
To exercise any of these rights, email contact@uwise.agency. We will respond within one month and the service is free of charge unless your request is manifestly unfounded or excessive (Article 12 GDPR).
10. Children
Our services are aimed at businesses and adults. We do not knowingly collect personal data from children. Under the Danish Data Protection Act, the age of consent for information society services is 13. If you believe a child has provided us with their data, contact us and we will delete it.
11. Changes to this policy
We may update this policy to reflect changes in our practices or in the law. The date at the top of this page shows the latest revision. Material changes will be flagged on this page; if you are an active client we will email you about them.
12. Contact & complaints
For any privacy-related questions or to exercise your rights, contact contact@uwise.agency.
If you believe we have not handled your personal data in line with the law, you have the right to lodge a complaint with the Danish Data Protection Authority:
Carl Jacobsens Vej 35
2500 Valby, Denmark
Phone: +45 33 19 32 00
Email: dt@datatilsynet.dk
Website: datatilsynet.dk