Co-established Logo

Privacy Policy

This Privacy Policy explains how we process your personal data.

The legal entity responsible for processing your personal data is:

CO-E ApS
CVR: 45 64 67 69
C/O The Blue Office, Ved Lunden 4
8230 Åbyhøj, Denmark
Email: contact@co-established.com
Phone: +45 203 276 07

This Privacy Policy is managed by:
CEO: Clara Otto
Email: co@co-established.com
Phone: +45 203 276 07

Description of Processing

Purpose

Delivery of Services

Personal data is used to contact you in relation to order processing requested through our “Booking” form.

Personal data may also be processed in connection with:

  • Leadership & Employee Development services, where data is handled confidentially between consultant and client
  • Organizational Design and Tailored Programs

Marketing

Personal data collected via the “Booking” form may be used for marketing purposes, including tailoring communication related to specific inquiries or orders such as newsletters.

Website User Experience Optimization

We collect personal data in connection with your use of our website. This data is used solely to improve the user experience and the services we provide.

This is done only through tracking cookies and only with your consent.

For Organizational Design and Tailored Programs, employees may be invited via email after completing a STRUCTURE assessment or the “Booking” form. CO-E ApS does not use these email addresses for direct marketing toward those employees.

However, CO-E ApS reserves the right to market its services to the client organization.

Categories of Personal Data

General Personal Data

We process the following types of personal data:

  • Name, email, phone number
  • Purchase history and use of digital services

Sensitive Data

  • During employee sessions, data is pseudonymized in accordance with GDPR Article 4(5)
  • Audio recordings may be made during sessions to support planning of action plans
  • This only occurs with explicit consent documented through a signed consent form
  • If consent is given, recordings are deleted no later than 30 days after the session, in accordance with GDPR Article 5(1)(e) (storage limitation)
  • In relation to work on relationships and communication, any sensitive personal data is deleted no later than 30 days after project completion.

Sources of Data

We collect personal data from:

  • The customer directly
  • Website activity (only via cookies and with consent)

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • GDPR Article 6(1)(a): Consent
  • GDPR Article 6(1)(b): Necessary for the performance of a contract
  • GDPR Article 9(2)(f): Necessary for the establishment, exercise, or defense of legal claims
  • GDPR Article 9(2)(g): Necessary for reasons of substantial public interest

Recipients

We may share your personal data with: • Partners involved in delivering the specific service.

The customer will be notified prior to any such disclosure. Information about specific recipients can be obtained by contacting the data controller at CO-E ApS.

Retention of Data

We retain personal data only as long as necessary for the stated purposes:

  • Financial records: up to 5 years
  • Order history: retained as long as necessary to fulfill the purpose of collection
  • Contact information: retained as long as we maintain a relationship with you as a customer, supplier, or collaborator

Consequences of Data Breach

In the event of a confirmed error or breach, you will be notified immediately, and the data will be deleted or secured without delay.

Mandatory Information

For Customers

The following information is required. Without it, we cannot provide our services:

  • CVR number (business registration number)
  • Company name
  • Billing address
  • Contact person (email and phone number)

For Collaborators & Consultants

If you work with CO-E ApS (as part of the team or as consultant), the following is required:

  • Name
  • VAT number
  • Address
  • Company bank details

Without this information, we cannot initiate collaboration.

Your Rights

You have the following rights:

  • The right to access, correct, or delete your personal data
  • The right to object to processing and request restriction of processing
  • The right to object to processing for direct marketing purposes
  • The right to withdraw consent at any time (this does not affect prior lawful processing)
  • The right to receive your data in a structured, commonly used, and machine-readable format (data portability)
  • The right to file a complaint with a data protection authority, such as the Danish Data Protection Agency (Datatilsynet)

To exercise your rights, contact: CO-E ApS at contact@co-established.com

Please note that certain conditions or limitations may apply to these rights depending on the specific circumstances of the processing activities.

We reserve the right to amend the Privacy Policy at any time. Any material changes will be communicated to the customer and will take effect from the date of notification.