Privacy Policy

This page describes how Business Essentials processes personal data through businessessentials.dk. The processing is governed by the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act.

Data controller

Business Essentials, CVR DK 41 60 56 85, Nordvænget 3, 2791 Dragør, Denmark. Contact for data-related enquiries: connect@businessessentials.dk. Business Essentials operates as a single-advisor practice. No Data Protection Officer is formally appointed under GDPR Article 37, as the scale of processing does not require it.

Personal data processed

Two categories of personal data are processed through this website. First, email addresses submitted via the subscribe form on the Insights page, used solely to send notifications when new articles are published. Second, contact information and message content submitted to connect@businessessentials.dk, used to respond to enquiries and conduct business correspondence.

Analytics, tracking pixels, third-party marketing tools, and advertising networks are not used.

Cookies

The site does not set non-essential, tracking, or marketing cookies. Essential cookies strictly limited to TLS session establishment may be set transiently by the hosting infrastructure (Simply.com) as a technical requirement for secure delivery. These cookies do not identify visitors and are not retained for analysis or marketing.

Legal basis

Newsletter subscriptions are processed on the basis of consent under GDPR Article 6(1)(a). Direct correspondence is processed on the basis of legitimate interest under GDPR Article 6(1)(f) where no contract exists, or contractual necessity under Article 6(1)(b) where an engagement is being negotiated or fulfilled. A legitimate interest assessment has been conducted confirming that the processing does not override the fundamental rights and freedoms of the data subjects.

Data processors

The following data processors are used. Simply.com (Danish hosting provider) hosts the website and stores subscriber email addresses in a flat file on their EU-based servers. Microsoft (via Microsoft 365) processes correspondence sent to and from connect@businessessentials.dk; data is stored in EU data centres under Microsoft's standard EU data residency commitments.

Retention

Subscriber email addresses are retained until unsubscribe is requested, after which they are deleted within 30 days. The 30-day window is a technical buffer to prevent inadvertent re-subscription. Correspondence is retained according to the following criteria: until a prospective engagement ends without contract (typically 90 days from last contact), throughout the duration of an active engagement, and for the statutory bookkeeping period of 5 years under Danish law where the correspondence relates to invoiced work. Beyond these criteria, correspondence is deleted.

International transfers

Data processing takes place primarily within the EU/EEA. Where processors operate globally (Microsoft), transfers outside the EEA are governed by the EU-US Data Privacy Framework and/or EU Standard Contractual Clauses, providing the safeguards required by GDPR Articles 45 and 46.

Automated decision-making

Business Essentials does not carry out automated decision-making or profiling as defined in GDPR Article 22. All correspondence and engagement decisions involve human judgement.

Your rights

Under GDPR you have the right to access the personal data held about you, to request correction of inaccurate data, to request deletion (subject to statutory retention obligations such as bookkeeping), to restrict processing, to data portability, to object to processing, and to withdraw consent at any time where processing is based on consent. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. To exercise any of these rights, contact connect@businessessentials.dk. Verified requests are responded to within one month.

Complaints

If the processing of your personal data does not comply with GDPR, you have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet), Carl Jacobsens Vej 35, 2500 Valby, Denmark. datatilsynet.dk. This right can be exercised at any time, independently of contacting Business Essentials directly.

Changes to this policy

This policy may be updated to reflect changes in processing practices or in applicable law. The current version date is shown below. Material changes will be communicated to active subscribers.

Last updated: 6 May 2026 (v1.1, GDPR audit revision)