Privacy Policy

1. Data Controller

Dreamstate
CVR: 43627805
Email: pdm@dreamstate.dk
Phone: +45 61750924

2. What Personal Information Do We Collect?

We collect the following categories of personal information:

  • Contact information: Name, email, phone number, company name
  • Technical data: IP address, browser type, device information
  • Usage data: How you interact with our website
  • Communication: Emails, messages via contact forms

3. Purpose of Processing

We process your personal information for the following purposes:

  • Delivery of our services (web development, hosting, support)
  • Customer service and support
  • Billing and accounting
  • Marketing (only with your consent)
  • Improvement of our services
  • Compliance with legal requirements

4. Legal Basis

We process your personal information based on the following legal grounds:

  • Contract fulfillment: Necessary to deliver our services
  • Legitimate interests: To improve our services and security
  • Consent: For marketing and certain cookies
  • Legal obligation: Bookkeeping Act requires 5 years retention of accounting data

5. Cookies

We use the following types of cookies:

  • Necessary cookies: Ensures the website's basic functionality
  • Analytical cookies: Helps us understand how visitors use the website
  • Functional cookies: Remembers your preferences

You can change your cookie preferences at any time via our cookie banner.

6. Data Sharing

We only share your personal information with:

  • Hosting providers: Vercel (USA) - we have entered into a data processing agreement
  • Email service: EmailJS for contact forms
  • Payment processors: For secure payment handling
  • Authorities: If required by law

We never sell your personal information to third parties.

7. International Data Transfer

Some of our vendors are based outside the EU. We ensure that these vendors comply with GDPR through:

  • EU's standard contractual clauses
  • Privacy Shield certification (where relevant)
  • Adequacy decisions from the EU Commission

8. Retention Periods

  • Customer data: As long as you are a customer + 1 year
  • Accounting data: 5 years in accordance with the Bookkeeping Act
  • Marketing data: Until consent is withdrawn
  • Technical logs: 90 days

9. Your Rights

Under GDPR, you have the following rights:

  • Access: Right to see what data we have about you
  • Rectification: Right to have incorrect information corrected
  • Erasure: Right to have your data deleted ("right to be forgotten")
  • Restriction: Right to restrict processing
  • Data portability: Right to receive your data in a machine-readable format
  • Objection: Right to object to processing
  • Withdrawal of consent: You can withdraw your consent at any time

To exercise your rights, contact us at pdm@dreamstate.dk. We respond within 30 days.

10. Security

We implement appropriate technical and organizational security measures, including:

  • Encryption of data in transit (SSL/TLS)
  • Access control and authentication
  • Regular security updates
  • Backup and disaster recovery procedures
  • Employee training in data protection

11. Data Breaches

In case of a data breach that poses a risk to your rights and freedoms, we will notify you within 72 hours and inform the Data Protection Agency as required.

12. Complaints

If you are dissatisfied with our handling of your personal information, you have the right to complain to:

Danish Data Protection Agency
Carl Jacobsens vej 35
2500 Valby
Phone: 33 19 32 00
Email: dt@datatilsynet.dk

We encourage you to contact us directly first so we can try to resolve the issue.

13. Changes to Privacy Policy

We reserve the right to update this privacy policy. In case of significant changes, we will inform you via email or a prominent notice on our website.

Last updated: December 10, 2025

Version: 1.0