Skip to main content
C CodeCore File a brief
Return to index
Legal · Privacy

Privacy notice.

What we collect, why, who we share it with, and how to exercise your rights under the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act (Databeskyttelsesloven).

Effective18 Jun 2026
Version1.0

Data controller. CodeCoreAgency ApS, CVR DK 42 18 53 71, registered at Mastruplundvej 67, 9530 Støvring, Denmark. For privacy questions, write to admin@codecoreagency.com.

1. What this notice covers

This notice describes how we collect, use, and protect personal data on the website operated under the domain codecoreagency.com. It does not cover personal data we process on behalf of clients during an engagement; that processing is governed by the separate data-processing agreement signed at the start of every engagement.

2. Personal data we collect

We deliberately collect as little personal data as possible while still operating the studio. The categories below are exhaustive.

2.1 Brief submissions (contact form)

  • Your first and last name
  • Your email address — required to reply
  • Your phone number, country, and company — optional
  • An indicative budget bracket — optional
  • The brief itself — whatever you choose to write
  • The IP address from which the form was submitted, retained for thirty days for spam mitigation

2.2 Booking and payment

When you book a service or hourly pack through this site, payment is processed by Stripe. We never see or store your card details. We receive from Stripe the limited transaction metadata required to fulfil the booking — billing email, country, the amount, and a Stripe session identifier. Stripe is the payment data controller for the card data itself; their privacy notice is at stripe.com/privacy.

2.3 Cookies and local storage

We store one consent flag in your browser's localStorage (cca_consent_v1) and rely on a session cookie (PHPSESSID) for the contact form. We do not run analytics, advertising trackers, fingerprinting, or any third-party telemetry. See the cookie policy for details.

3. Why we process your data — legal basis

  • To reply to your brief — pre-contractual measures (Art. 6(1)(b) GDPR).
  • To deliver and invoice an engagement — contractual necessity (Art. 6(1)(b)) and legal obligation under Danish bookkeeping law (Art. 6(1)(c)).
  • To prevent abuse of the contact form — legitimate interest (Art. 6(1)(f)) in keeping the studio's inbox usable.

4. How long we keep it

  • Brief submissions that do not lead to an engagement are deleted after twelve months.
  • Engagement records are retained for five years after the engagement ends, in line with Danish bookkeeping law (bogføringsloven).
  • The IP address attached to a submission is retained for thirty days, then discarded.

5. Who we share it with

We share personal data only with the processors needed to operate the studio: our email provider (Fastmail Pty Ltd, Australia, with the standard EU data-processing addendum), our payment processor (Stripe Payments Europe Ltd, Ireland), and our hosting provider (selected at deploy time, always within the EU). We do not sell personal data and we do not transfer it to third parties for marketing purposes.

6. Your rights

Under the GDPR you have the right to access, rectify, port, restrict, and erase the personal data we hold about you, and to object to its processing. Send a written request to admin@codecoreagency.com — we reply within thirty days, in writing.

If you believe we are not meeting our obligations, you can complain to the Danish Data Protection Authority (Datatilsynet), Carl Jacobsens Vej 35, 2500 Valby — datatilsynet.dk.

7. Changes

If we materially change this notice we will publish the new version here, with the effective date updated. Trivial wording fixes are made silently.