Privacy policy

Data controller

Indee ApS
CVR: 36411430
Email: kontakt@validi.eu
Phone: +45 71 99 37 71

What data do we collect?

We process personal data in three contexts:

• When you submit the contact form on validi.eu: name, email address, clinic/company (optional), phone number (optional), and the content of your message.
• When you visit our website: technical data such as IP address and browser type, used for spam protection and basic security logging. We also use Umami — an open source, cookieless and privacy-friendly analytics tool that we self-host in the EU. Umami collects aggregated visitor statistics (visits, page views, referrers, browsers, country) without storing cookies, IP addresses or any other personally identifiable data. No profiles are created, and the data is never shared with third parties.
• When you are a customer or user of Validi: data is processed in accordance with the data processing agreement entered into between your organisation and Indee ApS. Processing of client personal data is governed by this separate agreement.

Purpose and legal basis

• Responding to enquiries: processing takes place on the basis of your consent (GDPR art. 6(1)(a)) and our legitimate interest in responding to enquiries (art. 6(1)(f)).
• Security and abuse prevention: processing of IP addresses and rate limiting takes place on the basis of our legitimate interest in protecting the service from spam and misuse (art. 6(1)(f)).
• Performance of contracts: when you or your organisation is a customer, processing takes place on the basis of the contract entered into (art. 6(1)(b)).

Retention period

• Contact form enquiries are generally kept for up to 24 months, after which they are deleted or anonymised — unless the enquiry leads to a customer relationship or other statutory retention.
• Technical logs (IP addresses etc.) are retained for up to 30 days.
• Customer data in the Validi journal system is retained in accordance with the data processing agreement and relevant industry rules (including Danish journal-keeping regulations).

Disclosure of data

We never sell your personal data. Data may be shared with data processors with whom we have written agreements, including hosting and email providers. All sub-processors are located in the EU/EEA, or processing takes place under lawful transfer mechanisms.

Cookies and analytics

Validi.eu only uses technical cookies that are necessary for the website to function correctly (for example, login sessions in the admin area), plus local browser storage to remember that you have dismissed the information banner at the bottom of the page. For visitor statistics we use Umami — a cookieless, open source analytics tool that we self-host within the EU. Umami sets no cookies and stores no IP addresses or other personally identifiable data — only aggregated numbers about page views and referrers. Because no personal data is processed, no consent is required under the Danish cookie regulation or the GDPR. We do not use Google Analytics, the Meta Pixel or any other third-party or marketing cookies.

Your rights

Under GDPR you have the right to:

• Access to the data we process about you.
• Rectification of incorrect or incomplete data.
• Erasure of data ("the right to be forgotten").
• Restriction of processing.
• Data portability.
• Object to processing based on legitimate interest.
• Withdraw consent — without affecting the lawfulness of processing prior to withdrawal.

Contact us at kontakt@validi.eu to exercise your rights.

Complaint

You may lodge a complaint about our processing of your personal data with the Danish Data Protection Agency: datatilsynet.dk.

Changes

This privacy policy may be updated. The current version can always be found on this page, and the date of the latest update appears at the top.