Privacy Policy
How SPS Digital Tech processes personal data
Last updated:
This Privacy Policy explains how SPS Digital Tech processes personal data when you visit spsdigitaltech.com or get in touch with us. We process personal data in accordance with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the Danish Data Protection Act (Databeskyttelsesloven, Consolidated Act No. 289 of 8 March 2024).
1. Data controller
The data controller responsible for your personal data is:
- SPS Digital Tech
- CVR (Danish business registration no.): 42962554
- Country: Denmark
- Email: stephan@spsdigitaltech.com
- Responsible contact: Stephan Smuts, Founder
2. What personal data we collect and why
We keep data collection to a minimum. Depending on how you interact with us, we may process:
- Contact data you provide voluntarily — your name, email address and the content of your message — when you email us or connect via LinkedIn. This website does not store contact-form submissions on our servers; enquiries reach us directly by email.
- Server access logs kept by our hosting provider — including your IP address, browser type (user-agent) and the pages you request — which are processed to deliver the website securely and reliably and are retained only for a limited period (around 30 days).
- Anonymous usage statistics collected via Plausible Analytics, a privacy-friendly, cookie-less analytics tool. It does not use cookies, does not collect personal data and does not track you across websites. All data is aggregated and cannot be used to identify you.
- A functional 'locale' cookie that remembers your language preference (English or Danish). It is strictly necessary for the site to work as requested and is not used for tracking or marketing.
3. Legal basis for processing
We rely on the following legal bases under Article 6(1) of the GDPR:
- Responding to your enquiry and taking steps at your request prior to entering into an agreement — Article 6(1)(b) and our legitimate interest under Article 6(1)(f).
- Operating and protecting the website securely and reliably, including server access logs — legitimate interest under Article 6(1)(f).
- Maintaining anonymous, aggregated website statistics to understand and improve our site — legitimate interest under Article 6(1)(f).
- Remembering your language preference — legitimate interest in providing the service you requested under Article 6(1)(f).
4. Recipients and data processors
We do not sell your personal data. We may share it with service providers who act as data processors on our behalf under a data processing agreement pursuant to Article 28 of the GDPR — including our website hosting and content-delivery provider (Netlify, Inc.), our email provider (Google Workspace, provided by Google Ireland Limited) and our privacy-friendly analytics provider. They may only process personal data on our documented instructions.
5. International transfers
Our website is hosted by Netlify, Inc. in the United States, which means some personal data (such as server access logs) is transferred to the US. When you contact us by email, your message is processed through Google Workspace, whose infrastructure may also involve processing in the US. Both Netlify and Google are certified under the EU-U.S. Data Privacy Framework, with the European Commission's Standard Contractual Clauses (Article 46 of the GDPR) as a fallback safeguard. Where any other processor transfers personal data outside the EU/EEA, we likewise rely on an EU adequacy decision or appropriate safeguards.
6. How long we keep your data
We keep correspondence only for as long as necessary to handle your enquiry and any resulting business relationship, and to comply with statutory obligations under Danish law (for example bookkeeping requirements where relevant). When data is no longer needed, it is deleted or anonymised.
7. Your rights
Under the GDPR (Articles 15–22) you have the following rights regarding your personal data:
- The right of access to your personal data.
- The right to rectification of inaccurate data.
- The right to erasure ('right to be forgotten').
- The right to restriction of processing.
- The right to data portability.
- The right to object to processing based on legitimate interests.
- The right to withdraw consent at any time, where processing is based on consent.
To exercise any of these rights, contact us at stephan@spsdigitaltech.com. We will respond within the time limits set out in the GDPR.
8. Complaints to the supervisory authority
If you are dissatisfied with how we process your personal data, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet):
- Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, Denmark
- Email: dt@datatilsynet.dk
- Phone: +45 33 19 32 00
- Website: www.datatilsynet.dk
9. Changes to this policy
We may update this Privacy Policy to reflect changes in our processing activities or in applicable law. The 'last updated' date below indicates when it was last revised.