1. INTRODUCTION

At SKJOLDET Software ApS, CVR-no. 44977605 ("us", "we", or "our"), we understand the importance of treating the personal data of our customers, business partners, visitors to our website, and other persons we interact with in a confidential and private manner. We are committed to following the requirements and obligations in relation to data privacy in accordance with applicable law, including the EU General Data Protection Regulation ("GDPR") and the Danish Data Protection Act. Therefore, we have secure and adequate data processing procedures in place.

We are the data controller for the processing of your personal data. Below, we have provided an overview of the processing activities in which personal data are processed, including among others the purpose thereof and the legal basis.

If you have any question to this privacy and cookie policy (“Privacy Policy”) or you wish to exercise your data subject rights pursuant to Chapter III of the GDPR and according to section 6 of this Privacy Policy, please contact us by e-mail at data@skjoldet.dk.

2. PROCESSING OF PERSONAL DATA

Purpose	Categories of personal data	Legal basis for processing	Recipients of your personal data	Retention period
Website visitors (cookies)
The purpose of using cookies is, for instance, to improve your user experience on our website: skjoldet.dk ("Website"), to provide functionality, to generate statistics, to target the marketing of our products to your needs, and to remember your preferences. Find more information about our use of cookies in section 5 below.	When you visit our Website, we will process personal data about you, for instance, cookies, browser type and version, IP-address, and length of visit.	The legal basis for our use of functionality cookies on our website is our legitimate interests and it is our assessment that our legitimate interests override your interests or fundamental rights and freedoms, cf. Art. 6(1)(f) of the GDPR. The legitimate interests pursued are to provide you with a website that functions. The legal basis for our use of other non-functionality cookies, such as statistical cookies, is your consent, which you will be asked to give when you visit the Website for the first time, cf. Art. 6(1)(a) of the GDPR.	We may share your personal information with business partners or other collaborators for business purposes, e.g. Shopify and Google Analytics. Such third parties include, among others, social media providers, as further described in section 4 below.	Personal data collected via cookies through use of our Website are stored for different periods depending on the type and purpose of the cookie in question. See section 5 below.
Newsletter recipients
The purpose of our newsletter is to brand our products and business. About the technologies used: We use tracking technologies in our newsletters to measure whether our news is opened and read, and which links are clicked. We do this to be able to send more relevant content to you.	If you sign up for our newsletter, we will process personal data about you, for instance, name and surname, subject(s) of interest and your email address in order to tailor the content of and send you our newsletters.	The legal basis for the processing of your personal data in relation to your subscription to our newsletter is your consent, which you will be asked to give when you sign up for the newsletter, cf. Art. 6(1)(a) of the GDPR. To declare that you wish to unsubscribe, you may use the respective link included in all newsletters or by contacting us at data@skjoldet.dk.	Certain third parties, such as the provider of the technical solution that assists with the delivery and management of newsletters (e.g., Sendgrid), process your personal data on our behalf and in accordance with our instructions and the obligations set out in a data processing agreement entered into with us. These data processors are not allowed to process your personal data for their own purposes.	Personal data related to your newsletter account is stored until you withdraw your consent and no longer wish to receive newsletters from us.
Users (customers) of our services – in browser and in app
The purpose of our processing of your personal data when you download and use our app or our browser extension is to deliver the promised service to you, i.e. to help protect against unsafe and fake websites. SKJOLDET always aims to process, access, and store only the minimum amount of personal data that is necessary to provide this service.	When you use our browser extension or app, we occasionally will when scanning, process personal data about you, for instance, browser information, information about your device, IP address, URLs accessed, (automatically assigned ID number), (city and country geolocation), behaviour on the website, including which subpages you visit, content stored in your browser, credit card information, passwords, or any contents shown on the visited website. Temporary cached data (held only during a live scan) everything listed “long-term stored data” URLs accessed specific sub-pages visited full page content Long-term stored data non-personal browser information (type, version, etc.) non-personal device information (OS version, etc.) city- and country-level geolocation (never linked to other identifiers) hostname of the visited site (extracted from the full URL) non-personal behavioural metrics (time on page, click patterns) redirect chains anonymous device token	The legal basis for the processing of your personal data in that regard is Art. 6(1)(b) of the GDPR. This is because the processing is necessary for the performance of a contract to which you are a party. In certain cases, the processing of your personal data is necessary to comply with a legal obligation to which we are subject, such as the retention of accounting records in accordance with the Danish Bookkeeping Act (In Danish: Bogføringsloven). In such cases, the legal basis is Article 6(1)(c) of the GDPR. In rare cases, the processing of your personal data is our legitimate interests, and it is our assessment that our legitimate interests override your interests or fundamental rights and freedoms, cf. Art. 6(1)(f) of the GDPR. The legitimate interests pursued are for us to be able to establish, exercise, or defend against a legal claim.	Certain third parties, such as the provider of the technical solution that assists with the detection of fraudulent websites, process your personal data on our behalf and in accordance with our instructions and the obligations set out in a data processing agreement entered into with us. These data processors are not allowed to process your personal data for their own purposes. We may also disclose your personal data to authorities, if we are legally obliged to do so. In certain specific cases, e.g., in connection with disputes, including when the disclosure of your personal data is necessary for the establishment, exercise or defence of our legal claims, we may disclose your personal data to our advisers or other relevant third parties provided it is deemed necessary and lawful.	We will store personal data about you (i) for as long as you use our services, (ii) until we are no longer legally obliged to do so, or (iii) until it is no longer necessary for the establishment, exercise, or defence of legal claims. Temporary cached data – retained for a maximum of 12 hours, then permanently deleted. Long-term stored data – kept while you use our services and only thereafter for as long as required to establish, exercise, or defend legal claims.
Contact persons and employees at a customer or another business partner
The purpose of processing your personal data is for us to communicate with you as a contact person.	When we communicate with you, we will process personal data about you, for instance, your name, email address, telephone number, position, etc.	In certain cases, the processing of your personal data is necessary to comply with a legal obligation to which we are subject, such as the retention of accounting records in accordance with the Danish Bookkeeping Act (In Danish: Bogføringsloven). In such cases, the legal basis is Article 6(1)(c) of the GDPR. In other cases, where you are an employee at a company that is our customer or business partner, the legal basis for the processing of your personal data in relation to you being a contact person is our legitimate interests, and it is our assessment that our legitimate interests override your interests or fundamental rights and freedoms, cf. Art. 6(1)(f) of the GDPR. The legitimate interests pursued are to communicate with our customer or business partner where necessary for business and collaboration purposes.	We may disclose your personal data to authorities, if we are legally obliged to do so. In certain specific cases, e.g., in connection with disputes, including when the disclosure of your personal data is necessary for the establishment, exercise or defence of our legal claims, we may disclose your personal data to our advisers or other relevant third parties provided it is deemed necessary and lawful.	We will store personal data about you (i) as long as we communicate with you because you are our point of contact, (ii) until we are no longer obligated to do it, or (iii) until it is no longer necessary for the establishment, exercise, or defence of a legal claim.
Inquiries via the chat function, telephone, or e-mail
The purpose of processing your personal data is for us to communicate with you via the chat function, telephone, or e-mail.	When we communicate with you, we will process personal data about you, for instance, your name, email address, telephone number, position, etc.	The legal basis for the processing of your personal data is our legitimate interests and it is our assessment that our legitimate interests override your interests or fundamental rights and freedoms, cf. Art. 6(1)(f) of the GDPR. The legitimate interests pursued are to be able to handle inquiries. In cases where your inquiry is about becoming a user of our services, the legal basis for the processing of your personal data in that regard is Art. 6(1)(b) of the GDPR. This is because the processing is necessary in order to take steps at the request of you prior to entering into a contract.	In certain specific cases, e.g., in connection with disputes, including when the disclosure of your personal data is necessary for the establishment, exercise or defence of our legal claims, we may disclose your personal data to our advisers or other relevant third parties provided it is deemed necessary and lawful. Certain third parties, such as the provider of our chat solution, tawk.to, process your personal data on our behalf and in accordance with our instructions and the obligations set out in a data processing agreement entered into with us. These data processors are not allowed to process your personal data for their own purposes.	We will store personal data about you (i) as long as we communicate with you or until it is no longer necessary for the establishment, exercise, or defence of a legal claim.
Social media
If you choose to follow or communicate with us on social media (LinkedIn, Facebook and Instagram), we will process your personal data. The purpose of processing personal data on our social media (LinkedIn, Facebook and Instagram) is to communicate and interact with you, as well as to market ourselves to you.	When you interact with us on social media (like, comment, follow, etc.), we gain insight into the personal information you have made available on the social media platform, including, for example, your name, gender, marital status, job, interests, city, comments, visits, and 'likes' on our page or posts.	When we process your personal data on social media, the basis for the processing is our legitimate interest in being able to communicate with and market ourselves to you, as well as to improve our business. We assess that your interests or fundamental rights and freedoms do not override this, in accordance with Article 6(1)(f) of the GDPR.	Providers of the respective online services, Meta Platforms Ireland Limited (Facebook and Instagram), and LinkedIn Corporation (LinkedIn) is data controller for their own processing of your personal data and joint data controllers with us for the sharing of your personal data for the purpose of displaying our news and offers and excluding recipients from irrelevant messages and target groups.	We process your information for our legitimate purposes until you delete it from the respective social media platform, for example, by deleting your comment or your 'like'.
Advisory board members and shareholders
If you are an advisory board member or a shareholder, we will process your personal data to make necessary registrations with relevant authority/-ties. Further, we process information about material from advisory board meetings and minutes from shareholders' meetings, that may include personal data such as e.g. names and resumés of opinions and similar.	When you are registered as an advisory board member or as a shareholder, we gain insight into your contact information, identification data, and CPR number. If you are a shareholder, we also process information about the number of shares you own.	The processing of your personal data is necessary to comply with a legal obligation to which we are subject, such as the duty to register shareholders in the Danish Companies Act (in Danish: Selskabsloven). In such cases, the legal basis is Article 6(1)(c) of the GDPR and Sections11(2)(1) the Danish Data Protection Act (in Danish: Databeskyttelsesloven). When we process your personal data due to you being a part of our advisory board, the legal basis for our processing of your personal data is our legitimate interests, and it is our assessment that our legitimate interests override your interests or fundamental rights and freedoms, cf. Art. 6(1)(f) of the GDPR. The legitimate interests pursued are for us to have a functioning advisory board to improve our business.	The Danish Business Authority (in Danish: Erhvervsstyrelsen) is data controller for their own processing of your personal data. Our disclosure of your personal data includes identification information incl. name and address and CPR number. In this regard, we refer to the Danish Business Authority's privacy policy for more information about their processing of personal data.	Your information is maintained and deleted on an on-going basis. Personal data such as contact information are deleted when you resign. Advisory board materials are kept as long as necessary and as long as it serves a purpose of documentation.

3. TRANSFER OF YOUR PERSONAL DATA TO A THIRD COUNTRY (OUTSIDE OF EU/EEA)

In certain cases, your personal data may be transferred to countries outside of the EU/EEA. We ensure that such transfer will be carried out in accordance with the applicable data protection laws. This entails that any party outside of the EU/EEA that will receive your personal data will ensure an adequate level of protection, for example, by entering into the EU standard contractual clauses ("SCCs") with us. We will ensure the implementation of supplementary safeguards if deemed necessary in the specific case. You may receive a copy of the legal basis for transfers upon request. Please contact data@skjoldet.dk.

4. SOCIAL MEDIA

Our Website use social media plug-ins ("plug-ins") from the social networking sites Facebook and Instagram. When you visit our social media sites on Facebook and Instagram or our Website, where social media plugins have been installed, our social media service providers collect and process your personal data using pixels, subject to your consent to the service provider, as applicable. Such collection and processing take place even if you have no account on the social media.

If you access our Website using such a plug-in, your browser will contact the server of the underlying social networking site, load the visual presentation of the plug-in, and present it to you. While this is happening, the social networking site receives information concerning your visit to our website, as well as further data such as your IP address. We receive anonymous demographic and geographic statistics from the social media on the visitors on our Website and our social media sites.

We are joint data controller with our social media providers for personal data collected and processed in connection with your visit to our social media sites and our Website. It means, among other things, that you may contact both us and the social media providers to exercise your rights under the GDPR. Facebook and Instagram have primary responsibility for ensuring compliance with the GDPR and responding to requests from visitors on Facebook and Instagram. If you are registered as user of Facebook and/or Instagram, you may exercise your rights via your account settings on Facebook and/or Instagram.

We have no influence on the amount of data that social networking sites collect via an active plug-in. For more information, please consult the relevant data privacy notice:

• Facebook
• Instagram

5. USE OF COOKIES

When you visit our Website for the first time, you will be asked to give your explicit consent to the use of cookies on the Website or decline the use of all or some of the cookies. Please note that the use of functionality cookies does not require your consent, as such cookies are necessary for the function of the Website. We encourage you to accept the cookies used by the Website, because it will help us improve you and other people's experience when visiting the Website. If you decline the use of cookies, there may be a variety of functionalities on the Website, which you cannot utilize.

When you use our Website, we do not register any information that can identify you directly, such as name and address. However, we register how you navigate around the site, so we can learn more about how our site is used, and we register your IP-address, which can identify indirectly.

5.1 What are cookies

A cookie is a text file that is sent to your browser from our Website and saved on your computer, phone or whichever device you use to access the internet. However, the meaning of the word “cookies” in this Privacy Policy and in the consent text also includes other kinds of automated data collection, e.g. Flash-cookies (Local Shared Objects), Web Storage (HTML5), JavaScript’s, pixels, or cookies placed by the use of other kinds of software. The word “cookies” also refers to information about MAC-addresses and other information about your device.

There are basically two types of cookies – so-called session cookies and persistent cookies. Session cookies are information units that are deleted when you close your web browser. Persistent cookies are information units that are stored on your computer until they are deleted. Persistent cookies delete themselves after a certain period but are renewed each time you visit the Website. We use both session and persistent cookies. Read more about this below in section 5.5 where you will also find an overview of the specific cookies we use.

5.2 The purpose of cookies

Cookies may be used for a number of purposes, but in essence they are used to save information about your activity on the internet. Cookies contain information that later in time can be read by a web server on the domain that issued the cookie in question. This means that the relevant website remembers you the next time you visit it.

We collect information via cookies in order to improve your user experience on our Website and products, to provide and improve usability and functionality, to generate statistics, analysis and website performance reviews, to remember your preferences, marketing purposes, tracking of your location and to customize our advertising on social media platforms. The benefit for you is that you will save time next time you visit the Website, as you do not have to enter the same information again and that the content will be adjusted to your preferences.

5.3 How long are cookies stored?

Cookies delete themselves after varying periods but are updated automatically when you visit the Website again. Information about your online behaviour, including cookies accepted by you, will be deleted in different intervals as described the cookie declaration below.

5.4 Third party cookies

To further develop and improve the Website, we use cookies from certain third parties. The purposes are preparation of statistics and analyses of online behaviour. The third parties place the cookies on your computer on our behalf and prepare the statistics, etc. Third parties used are listed in the cookie declaration below.

5.5 Cookie declaration

Cookie declaration last updated on 1 April 2025 by Shopify Cookie Solution:

The following is a non-exhaustive list of cookies we use:

Cookie name	Operator	Purpose	Retention periods
Reporting & Analytics: Google Analytics.	Google. More information can be found here.	We use Google Analytics to help measure how users interact with our websites.	Session
Social media: Facebook Connect	Meta	We use Facebook Connect to allow visitors to our website to interact with and share content via Facebook’s social media platform.	—
Social media: Instagram CDN	Meta	Shopify uses Instagram CDN to provide content to user.	—
Cookies Necessary for the Functioning of the Sites: Cloudflare	Cloudflare	Shopify uses Cloudflare Network as a Service for edge routing.	—

5.6 Removal of cookies

You can always reject or deselect the location of cookies on your computer by changing the settings in your browser or by visiting the permanent representation of the cookie banner available here:

Please note that if you opt out, there are many features and services on our Website that you cannot use because they require the Website to remember the choices you make.

Cookies that you have previously accepted can easily be deleted subsequently. If you use a computer with a newer browser, you can delete your cookies using the shortcut keys: CTRL + SHIFT + Delete. If the shortcut keys do not work and/or if you use a MAC, you must start by finding out which browser you are using, and then click on the relevant link with guidelines on how to opt out of cookies:

• Guidance - Firefox
• Guidance - Google Chrome
• Guidance - Edge
• Guidance - Safari
• Guidance - Explorer

Note that if you use multiple internet browsers, you must delete cookies in all your browsers.

6. YOUR RIGHTS

We have implemented a number of measures to protect your personal data and ensure your rights. As a data subject, you can exercise the rights listed below. Please note that certain limitations may apply to your ability to exercise these rights, for example, when your right to obtain the information is found to be overwritten by essential considerations of private interests.

The Danish Data Protection Agency has prepared guidelines regarding the data subjects’ rights. The guidelines can be accessed here. However, please note that the guidelines are only available in Danish.

As a data subject you have the following specific rights, unless otherwise exceptionally provided by the data protection legislation:

• Right of access
• Right of rectification
• Right of erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object

Right to complain to the Data Protection Agency, Datatilsynet
If you disagree with the way in which we process your personal data, you may file a complaint with the Danish Data Protection Agency, using the contact details that are available at datatilsynet.dk. However, we hope that you will contact us first, using the below contact details, so that we may reach agreement.

Right to withdraw a consent
If the processing of your personal data is based on your consent, cf. Art. 6(1)(a) of the GDPR, you have the right to withdraw your consent at any time. Please note that your withdrawal does not affect the lawfulness of the previous processing of your personal data which until your withdrawal has been based on your consent.

If you wish to exercise any of the above-mentioned rights, or if you wish to withdraw a former consent, you are welcome to contact us at data@skjoldet.dk.

7. QUESTIONS OR COMPLAINTS

If you have any questions relating to this Privacy Policy, you wish to exercise your rights as mentioned above, or you disagree with the way we process your personal data, you can contact us at data@skjoldet.dk.

You can also file a complaint to the Danish Data Protection Agency, which is an independent public authority that, inter alia, is responsible for monitoring and enforcing the application of the GDPR. The Danish Data Protection Agency's contact information is available on its website: Datatilsynet.dk.

8. AMENDMENTS TO THIS PRIVACY POLICY

We have the right to modify this Privacy Policy regarding new technologies, regulatory requirements, or other purposes. For this reason, please visit this page periodically. Below is highlighted the date when the last version of this Privacy Policy has been uploaded.

Date of the most recent version of this Privacy Policy: 1 April 2025

9. CHANGE LOG

Here you can see all changes made to this Privacy Policy.

Previous version	Changed from	Changed to	Reason for change
— No changes recorded yet —