---
title: "Privacy Policy"
lang: "en"
slug: "privacy-policy"
date: "2026-04-15"
featured_image: ""
description: "How Allegro IT ApS processes personal data in accordance with the GDPR and Danish data protection law."
---

This privacy policy describes how **Allegro IT ApS** processes personal data in connection with the use of allegroit.dk. We aim to be transparent about what data we collect, why, and how long we keep it.

## Data controller

**Allegro IT ApS**
Fyrrelien 8
8920 Randers NV
Denmark

Company reg. no. (CVR): 34593701
Email: [kontakt@allegroit.dk](mailto:kontakt@allegroit.dk)
Phone: [+45 22 31 55 02](tel:+4522315502)

## What information we process

### The contact form

When you fill in the contact form on the site, we process the following information:

- **Name** — as you provide it
- **Email address** — so we can reply to you
- **Subject and message** — the content of your enquiry
- **Language** — which language version of the site you used
- **IP address** — recorded together with the submission as a simple security and abuse log
- **Timestamp** — when the submission was sent

### Server logs

Our web server keeps standard access logs containing IP address, requested URL, user agent and timestamp. These are necessary for operations, troubleshooting and security.

### Cookies

**Allegroit.dk does not set any cookies.** The site contains no analytics, statistics or marketing tools, and no cookie consent is therefore required.

## Purpose and legal basis

- **Responding to enquiries sent via the contact form.**
Legal basis: GDPR art. 6(1)(b) (steps taken at your request prior to entering into a contract) or (f) (legitimate interest in being able to answer questions and enquiries).

- **Operating, securing and troubleshooting the website** (server logs).
Legal basis: GDPR art. 6(1)(f) (legitimate interest in operating and protecting the site).

- **Preventing abuse of the contact form** (anti-spam measures, including a blocklist of IP addresses that have demonstrably submitted automated traffic).
Legal basis: GDPR art. 6(1)(f) (legitimate interest in protecting the site against spam, abuse and automated attacks).

## Retention

- **Contact form submissions** are retained on the website for up to **12 months**, after which they are automatically deleted. This is a fixed rule with no exceptions — no long-term retention of form logs takes place on the website itself.
- **If an enquiry results in a client relationship**, the associated email correspondence continues to exist in our Microsoft 365 mailbox (`kontakt@allegroit.dk`), where it is retained in accordance with the **Danish Bookkeeping Act** (*bogføringsloven*) requirement to keep accounting records for **5 years** from the end of the relevant financial year. This retention takes place separately from the website and is handled as part of our ordinary email and accounting processes.
- **Server logs** are rotated automatically by Docker and are not retained long-term. Rotation is size-bounded, which in practice gives a retention horizon of up to a few weeks.
- **Anti-abuse blocklist.** IP addresses that submit traffic clearly identifiable as automated (e.g. that fill hidden form fields invisible to humans, that submit forms within a few seconds of loading, or that repeatedly hit per-IP rate limits) are added to a blocklist and prevented from submitting further requests. Blocklist entries are retained for as long as they are needed for security purposes; you can request removal by contacting us. No personal data beyond the IP address itself is stored on the blocklist.

## Recipients and data processors

We do not share your information with third parties for marketing purposes. Your data is processed by the following data processors:

- **Hetzner Online GmbH** — provides the virtual server that hosts the site. Data centre in **Helsinki, Finland**. EU-based.
- **Microsoft Ireland Operations Limited** — provides Microsoft 365, which acts as both our email platform for `kontakt@allegroit.dk` and as the SMTP relay used by the contact form. Email data is stored in Microsoft's EU data centres under Microsoft's "EU Data Boundary" commitment. Because Microsoft is part of a US-headquartered group, processing takes place under the **EU-US Data Privacy Framework** (European Commission adequacy decision of 10 July 2023), which provides the legal basis for transferring personal data to certified US data processors. Microsoft is certified under this framework.

Beyond the above, we do not transfer personal data outside the EU/EEA.

## Your rights

Under the GDPR you have the right to:

- request **access** to the information we process about you,
- have **inaccurate** information **corrected**,
- have information **erased** in certain cases (the right to be forgotten),
- request that processing be **restricted** in certain cases,
- **object** to processing based on legitimate interest,
- receive your information in a structured, commonly used and machine-readable format (**data portability**).

To exercise any of these rights, please email [kontakt@allegroit.dk](mailto:kontakt@allegroit.dk). We will respond as quickly as possible and no later than 30 days from receipt of your request.

## Right to complain

You have the right to lodge a complaint with the Danish Data Protection Agency (*Datatilsynet*) if you are dissatisfied with the way we process your data:

**Datatilsynet**
Carl Jacobsens Vej 35
2500 Valby
Denmark
[datatilsynet.dk](https://www.datatilsynet.dk/)

## Changes

We may update this privacy policy from time to time. The current version is always available on this page, and the date below indicates when it was last revised.

---

**Last updated:** 15 April 2026