Privacy Policy
Last updated: 19 March 2026
1. Data Controller
The data controller for personal data collected via this website is:
VIRTIQ ApS (hereinafter "VIRTIQ") CVR: 46177568 Email: lucas@virtiq.dk Phone: +45 30 24 06 76
VIRTIQ is a Danish AI consultancy that provides AI Agents, AI Automation, AI Voice Caller, and Software Development services.
2. What Personal Data We Collect
We collect the following categories of personal data:
- Contact details (name, email address, phone number)
- Company information (company name, CVR number)
- Technical data (IP address, browser type, device information, language preference)
- Usage data (pages visited, time spent, click behaviour, scroll depth)
- Communication preferences (newsletter opt-in/out)
- Form submissions (contact requests, demo bookings, website project requests)
- Attribution data (UTM parameters, referral source, landing page)
3. Purposes and Legal Bases
We process your personal data for the following purposes, each with a specified legal basis under GDPR Art. 6:
3.1. Contact and demo requests Purpose: To respond to your enquiry and follow up with relevant information. Legal basis: Consent (Art. 6(1)(a)) — you actively submit the form. Retention: Stored in our CRM (HubSpot) and database (Supabase) for up to 2 years after last contact, then deleted.
3.2. Newsletter and email marketing Purpose: To send you content about AI solutions, automation, and related topics. Legal basis: Consent (Art. 6(1)(a)) — you actively opt in. Retention: Until you unsubscribe. Data is deleted within 30 days of unsubscription. You can unsubscribe at any time via the link in our emails or by contacting lucas@virtiq.dk.
3.3. Analytics and website improvement Purpose: To understand how visitors use our website and improve content and user experience. Legal basis: Consent (Art. 6(1)(a)) — granted via our cookie consent banner. Retention: See Section 8 (Cookies) for details per provider.
3.4. Advertising and remarketing Purpose: To show you relevant ads on third-party platforms (Google, Meta, LinkedIn). Legal basis: Consent (Art. 6(1)(a)) — granted via our cookie consent banner. Retention: See Section 8 (Cookies) for details per provider.
3.5. Service delivery and contract performance Purpose: To deliver agreed services (AI solutions, software development, advertising). Legal basis: Performance of a contract (Art. 6(1)(b)). Retention: For the duration of the contract plus 5 years (Danish limitation period).
3.6. Use of customer logos and anonymised data for marketing Purpose: To showcase our work on our website and in presentations. Legal basis: Legitimate interest (Art. 6(1)(f)) — our interest in marketing our services. You may object at any time (see Section 6). Retention: Until you object or the business relationship ends.
3.7. Accounting and legal obligations Purpose: To comply with bookkeeping requirements and Danish tax law. Legal basis: Legal obligation (Art. 6(1)(c)). Retention: 5 years from the end of the financial year (Danish Bookkeeping Act).
4. Recipients and Third-Party Processors
We share personal data with the following categories of recipients. We ensure that Data Processing Agreements (Art. 28) are established with our processors where required.
4.1. CRM and customer management • HubSpot (HubSpot Inc., USA) — contact management, email marketing, meeting booking. Transfer basis: EU-US Data Privacy Framework (DPF). • Resend (Resend, Inc., USA — email sending infrastructure hosted in the EU/Ireland) — delivery of our newsletter and marketing emails. Transfer basis: Standard Contractual Clauses (SCCs).
4.2. Database and hosting • Supabase (Supabase Inc., USA, hosting in EU — eu-north-1) — form submissions and demo requests. Data stored in the EU. • Vercel (Vercel Inc., USA) — website hosting and deployment, region Frankfurt (eu). Transfer basis: EU-US DPF + SCCs.
4.3. Analytics • Google Analytics 4 (Google LLC, USA) — website traffic analysis. Transfer basis: EU-US DPF. • Vercel Analytics (Vercel Inc., USA) — performance monitoring. Transfer basis: EU-US DPF + SCCs.
4.4. Advertising platforms • Google Ads (Google LLC, USA) — conversion tracking and remarketing. Transfer basis: EU-US DPF. • Meta / Facebook (Meta Platforms Inc., USA) — conversion tracking via Facebook Pixel. Transfer basis: EU-US DPF + SCCs. • LinkedIn (LinkedIn Ireland Unlimited Company, Ireland / Microsoft Corp., USA) — conversion tracking via LinkedIn Insight Tag. Transfer basis: EU-US DPF.
4.5. Customer reviews • Trustpilot (Trustpilot A/S, Denmark) — review widget. Data processed in the EU.
4.6. AI service providers • Voiceflow (Voiceflow Inc., Canada) — AI chatbot on our website. Transfer basis: EU adequacy decision for Canada.
We do not sell your personal data to third parties.
5. International Data Transfers
Some of our processors are based outside the EU/EEA, primarily in the USA. For all such transfers we rely on one or more of the following mechanisms (Art. 44-49):
- EU-US Data Privacy Framework (DPF) — for US providers certified under the framework. We verify certification status at dataprivacyframework.gov.
- Standard Contractual Clauses (SCCs) — Commission Implementing Decision (EU) 2021/914.
- EU adequacy decisions — for countries recognised by the European Commission (e.g. Canada, UK).
We conduct Transfer Impact Assessments where required to ensure that supplementary measures are adequate.
6. Your Rights
Under the GDPR you have the following rights:
- Right of access (Art. 15) — obtain a copy of your personal data.
- Right to rectification (Art. 16) — correct inaccurate data.
- Right to erasure (Art. 17) — request deletion of your data.
- Right to restriction (Art. 18) — limit how we process your data.
- Right to data portability (Art. 20) — receive your data in a machine-readable format.
- Right to object (Art. 21) — object to processing based on legitimate interest, including use of your logo/data for marketing.
- Right to withdraw consent — at any time, without affecting the lawfulness of processing prior to withdrawal.
To exercise any of these rights, contact us at: Email: lucas@virtiq.dk Phone: +45 30 24 06 76
We will respond within one month of receiving your request (Art. 12).
You also have the right to lodge a complaint with the Danish Data Protection Agency:
Datatilsynet Carl Jacobsens Vej 35 2500 Valby Email: dt@datatilsynet.dk Website: datatilsynet.dk
7. Automated Decision-Making and AI
7.1. AI chatbot Our website uses an AI-powered chatbot (provided by Voiceflow) to assist visitors. The chatbot is clearly identified as AI-powered. It does not make decisions with legal or similarly significant effect on you. Conversations may be logged to improve the service; logs are deleted after 90 days.
7.2. AI services for customers VIRTIQ provides AI-based services (AI Agents, AI Voice Caller, AI Automation) to business customers. When these services process personal data on behalf of our customers, VIRTIQ acts as a data processor and the customer is the data controller. Separate Data Processing Agreements govern this relationship.
7.3. No automated decisions with legal effect We do not use automated decision-making, including profiling, that produces legal effects or similarly significantly affects you (Art. 22).
7.4. EU AI Act transparency In accordance with Regulation (EU) 2024/1689 (the EU AI Act), we disclose that the chatbot on this website is an AI system. Users interacting with it are informed of this at the point of interaction (Art. 50). VIRTIQ does not deploy any AI systems classified as high-risk under Annex III of the AI Act on this website.
8. Cookies
Our website uses cookies and similar technologies. For full details, including specific cookies, their purposes, and how to manage them, please see our separate Cookie Policy.
9. Security
We take appropriate technical and organisational measures to protect your personal data (Art. 32), including:
- TLS encryption for all data in transit
- Encryption at rest for database storage
- Role-based access control (RBAC)
- API keys stored in secure secret managers
- Regular review of access permissions
10. Changes to This Policy
We may update this privacy policy to reflect changes in our data processing or legal requirements. The date at the top indicates when the policy was last revised. We encourage you to review this page periodically.