Privacy Policy

Your privacy is important for Phases and an essence to our service. This Privacy Policy explains what information we collect about you and why, what we do with that information, and how we handle that information.

At Phases, we care about the confidentiality and privacy of your data and are fully committed to protecting it. This is something that will never change. Phases is not in the business of selling or renting your information. Phases shall not sell your personal data to third parties and shall only share it when necessary for the rendering of the service as stated below.

1. Introduction

This Privacy Policy establishes the conditions for the processing of personal data of users (the “User” or “you”) of the services by Phases Aps, as well as the conditions for the processing of personal data by Phases Aps on behalf of Users within the Services.

Phases shall process personal data in accordance with European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) and applicable data protection laws.

2. Processing of personal data of processors by Phases as Controller
  • This Section explains the processing of personal data of Users by Phases as a controller, that is, when Phases decides about the purposes and means for the processing of the data.
  • Personal data of Users processed by Phases for the above purposes may include contact information, such as name or email address, language preferences, current location for the proper price/currency displaying, payment data, and other personal data provided by the User in the context of the provision of the Service.
  • The legal basis for the processing of personal data of Users is the contractual relationship between the processors and Phases for the Services and also the legitimate interest of Phases of informing processors about the Services and the company, unless they opt out to receive this information .
  • Personal data of the Users will be processed by Phases throughout the term of the contractual relationship for the Services and subsequently for the period during which applicable regulations require such personal data be he held thereafter.
  • Phases may share the personal data with third parties, some of which may be located outside of the European Economic Area, only for the provision of the Service and at all times subject to the guarantees and requirements provided by applicable data protection laws.
  • Phases has appointed a data protection officer (DPO), and you are welcome to contact our DPO with any questions or other queries you may have about our processing of personal data. You can contact our DPO at privacy@phases.dk. The Processors may at all times exercise their rights to access, rectification, erasure and restriction of processing and data portability as provided in the GDPR and applicable regulations by contacting Phases at Melby Enghavevej 64,3370 Melby: or, by sending an email to privacy@phases.dk. The User may also lodge a complaint before the Danish Data Protection Authority at dt@datatilsynet.dk.
3. Processing of personal data on behalf of controllers by Phases as Data Processor
  • This Section explains the processing of personal data by Phases on behalf of Data Controllers, as a data processor, that is, when the purposes and means for the processing of the data are decided by the Controller and Phases only access the data for the rendering of the Service and on behalf of the Data Controller.

    The Service may imply the access and processing by Phases of personal data controlled by the Controller and generated within the scope of the services, sent by the controller as part of the services. In such cases, Phases shall be deemed as the data processor and shall process such personal data only on behalf of the controller and not for its own purposes.

  • Accordingly, Phases shall:

    • not process the Accessed Data for a purpose other than the provision of the Services requested by the Data controller and shall not transfer such data, not even for their storage, to unauthorized parties.
    • process the Accessed Data only on documented instructions from the data controllers; and if Phases is aware that or of the opinion that any instruction given by the Controller breaches the data protection regulations, Phases shall immediately inform the User.
    • notify the Controller promptly if it becomes aware of any data breach and shall provide full details of the relevant breach.
    • ensure that persons authorized to process the Accessed Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
    • taking into account the nature of the processing, assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Users’ obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR.
    • take all measures required pursuant to Article 32 of the GDPR (Security of Processing).
  • Phases shall not subcontract third parties for the processing operations which may imply access to the Accessed Data without the authorization of the User.

In this respect, the following sub-processors are deemed as authorized by the User:

Cloud Tools
  • Google Apps - We use Google apps internally for Emails, Documents, Calendar and all other file drive needs.
  • CITRIX Podio - We use Podio for all project management and collaboration.
Web Servers
  • Google Cloud Platform - We have web servers in GCP for application deployment.
  • Amazon Cloud - We have web servers in AWS for application deployment.
  • FAB-IT (Denmark) - We have web servers in FAB for application deployment.
  • CloudVps (Netherlands) - We have web servers in CloudVps for application deployment.
  • Contabo (Germany) - We have web servers in Contabo for application deployment.
  • Linode (US) - We have web servers in Linode for application deployment.
SMTP - Email Servers
  • Sendgrid - It is a cloud-based SMTP provider that we use to send and receive emails from applications.
  • Mailgun - It is a cloud-based SMTP provider that we use to send and receive emails from applications.
  • Amazon Simple Email Service: It is a cloud-based SMTP provider that we use to send and receive emails from applications.
Version control tools
  • Gitlab - We use Gitlab as version control in development stage.
Analytics
  • Google Analytics - We use Google Analytics to track website traffic.
  • Phases shall guarantee the confidentiality of the Accessed Data, even after the termination of the Service.
  • The Controller is the only one deciding the purposes and means for the processing of Accessed Data, so Phases does not use Accessed Data for its own purposes and only uses them for the rendering of the Services and on behalf of the controller. To such extent, the controller shall have to comply with applicable obligations under data protection regulations, including relying on an appropriate legal basis for the processing of personal data Accessed as part of the Services.The controller, and not Phases, shall be solely responsible for the compliance with such obligations.
  • The Controller acknowledges and agrees that the use of the Service and the processing of the Accessed Data as a result of the same is its own free and exclusive decision and has verified that the conditions of the Service and the processing of the Accessed Data are in line with its interests.
4. Security

Phases shall process all personal data in the strictest confidentiality and implement the appropriate technical and organisational measures as required by applicable regulations.

We use industry-standard encryption to protect your data in transit.