Privacy policy

Version 1, 26 January 2026

1. Introduction

1.1. With this privacy policy (the “Policy”), we want to give you an overview of how we are processing your personal data and also explain your rights. So in this Policy we set out your privacy rights and how we collect, use, disclose, transfer and store your personal data. 

1.2. When we say “Cerivo”, “we”, “our”, or “us”, we mean Cerivo ApS and our group companies:

(i) Cerivo ApS, Nannasgade 28, 2200 Copenhagen N, Denmark (Company business registration  number 45706133). 

(ii) ComplyCloud ApS, Nannasgade 28, 2200 Copenhagen N, Denmark (Company business registration 35813764). 

(iii) Wired Relations ApS, Nannasgade 28, 2200 Copenhagen N, Denmark (Company business registration 38970585, including its subsidiaries).

(iv) RISMA Systems A/S, Nannasgade 28, 2200 Copenhagen N, Denmark (Company business registration 32769713, including its subsidiaries). 

(v) Openli ApS, Nannasgade 28, 2200 Copenhagen N, Denmark (Company business registration number39587408). 

1.3. We may collect your personal data when you either use our free or paid services, contact us, participate in events and webinars, sign up for communication, such as newsletters, whitepapers, etc., or otherwise use our website. 

1.4. When we refer to “Website”, “Product”, “Platform”, “App” or "Service" in the Policy, we mean all of Cerivo group’s websites, applications, platforms, apps and other services to include www.cerivo.com, www.complycloud.com, www.rismasystems.com, www.wiredrelations.com and www.openli.com. 

1.5. The Cerivo Platforms may contain links to other websites, but that doesn’t mean we endorse those websites. We encourage you to review the privacy policies for these third-party websites because their procedures for collecting, handling and processing personal data might be different to ours.

2. Personal data we process

2.1. The types of personal data we process depend on how you interact with us, for example when you visit our Websites, use our Services or Platforms, contact us, participate in events, or receive communications from us. We may process the following categories of personal data:

2.2. Contact and identification information

This includes information such as your name, job title, company name, email address, telephone number, postal address, country, and other similar contact details.

2.3. Account and user information

When you create an account or use our Services, we may process information such as login credentials, user ID, role, preferences and settings, and other information necessary to administer and secure your account and enable access to our Platform and Services.

2.4. Communication data

This includes information you provide when you contact us or interact with us, such as support requests, emails, chat messages, feedback, survey responses, and communications related to events, webinars, demos, or community activities. It may also include recordings or transcripts of online meetings, where you have given your consent.

2.5. Transaction and billing information

Where relevant, we process information necessary to manage subscriptions, orders, and payments, such as billing contact details, invoicing information, payment status, and transaction history. Payment card details are processed by our payment service providers and are not stored by us.

2.6. Job applications

If you apply for a job with us e.g. via our Websites, Linkedin etc. we will process information such as your resume, CV, cover letter, contact details, exam papers and other information and documentation you provide during the application process. 

2.7. Marketing and event information

This includes information related to your subscriptions to newsletters or other marketing communications, your participation in events, webinars, workshops, or community activities, your marketing preferences, and information about your areas of interest.

2.8. Usage and technical data

When you visit our Websites or use our Services, we may automatically collect technical and usage information, such as IP address, device type, browser type, operating system, log data, timestamps, pages viewed, interactions with features, and other usage statistics. This information is used to operate, secure, and improve our Services and Platforms.

2.9. Social media information

If you interact with us via social media platforms such as LinkedIn, Instagram or Facebook, we may process information made available to us through those platforms, such as your profile name, public profile information, and messages or comments you send to us.

2.10. Compliance and legal information

In certain circumstances, we may process personal data required to comply with legal obligations or to establish, exercise, or defend legal claims, such as documentation related to accounting, audits, regulatory requirements, or dispute resolution.

2.11. Important note

We do not intentionally collect special categories of personal data (such as health data or other sensitive information) unless required by law or explicitly provided by you for a specific purpose. We also do not knowingly collect personal data relating to children.

3. Purposes of processing your personal data

3.1. We process your personal data for the purposes set out below, depending on how you interact with us, including when you use our Website or Platform, use our free or paid Services, contact us, participate in events or webinars, sign up for communications, or otherwise engage with Cerivo.

3.2. Delivery and operation of our services

We process your personal data to deliver, operate, and administer our Products, Platforms and Services. This includes registering and identifying you as a user, customer, vendor, or community member, enabling account access and login functionality, processing payments, activating and managing product features, and saving and administering actions you take when using our Websites, Platforms, and Services.

We also process your personal data to carry out demos, training, workshops, webinars, mentoring programs, and other services that can be ordered or accessed through our Websites.

3.3. Communication and support

We process your personal data to communicate with you in connection with our Services and Platforms. This includes responding to inquiries, questions, and complaints, providing customer and technical support, and sending service-related messages, notifications, and product updates.

When you participate in events, we process your personal data to contact you before, during, and after the relevant event. Where applicable, online meetings may be recorded or transcribed, subject to your consent.

3.4. Marketing and Community engagement

We process your personal data for marketing and communication purposes, including sending newsletters and other direct marketing communications via email or social media, tailoring our communications to your interests, and promoting relevant products, services, events, and offers.

If you are a member of the Community, we process your personal data to administer Community activities, including newsletters, webinars, feedback sessions, roundtables, workshops, mentoring programs, and in-person meet-ups. We also process your personal data when you sign up to become a Community member, contributor, or participant in Community events.

We may also process personal data collected through our Facebook and LinkedIn pages for marketing purposes, responding to inquiries, and related communication.

3.5. Analytics, statistics, and business development

We process your personal data to compile statistics on the use of our Websites, Apps, and Services, to conduct data analysis and audits, to identify usage trends, to measure the effectiveness of our marketing activities, and to develop, improve, and expand our products, services, and business operations.

3.6. Improvement, security, and quality control

We process your personal data to improve, optimise, and modify our Websites, Platforms, and Services, to enhance usability and content relevance, and to ensure secure, reliable, and robust performance. This includes processing personal data for quality assurance, internal training, security, and fraud prevention purposes.

3.7. Legal obligations and protection of rights

We process personal data where necessary to comply with applicable legal obligations, including bookkeeping and accounting requirements, and to exercise or defend legal claims. This also includes processing personal data for compliance, regulatory, and auditing purposes.

3.8. Additional Processing

We may process your personal data for other purposes for which we provide specific notice at the time of collection.

4. Legal basis for processing your personal data

4.1. We only process your personal data when we have a legal basis to do so in accordance with the GDPR. Depending on the specific circumstances, the processing of personal data is done on the following legal basis. Some processing activities will be based on one of these legal basis and some of several: 

a) Your consent (GDPR Article 6.1.a).

b) To perform our contract with you (GDPR Article 6.1.b).

c) To comply with our legal obligations (GDPR Article 6.1.c), incl. the Danish Marketing Practices Act, the Danish Bookkeeping Act etc. 

d) To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).

e) For the establishment, exercise or defence of legal claims, where necessary (GDPR Article 9.2.f).

4.2. In circumstances where you have given your explicit consent for us to process your personal data, for example, when subscribing to our marketing material or accepting certain cookies on your device, you can revoke your consent at any time, either by using the functionality provided within the appropriate product feature,by contacting us (see ‘Contact us’ below) or using the unsubscribe links in the marketing email.

4.3. If you withdraw your consent and the processing activity is solely based on this legal basis, the personal data processed will be deleted, unless it can or must be processed in order to comply with legal obligations. 

4.4. Some of these grounds for processing your data overlap, so there may be several bases which can justify us processing your data. 

4.5. If you would like more information about our legal basis for processing your data, feel free to contact us (see ‘Contact us’ below).

5. Who can access your personal data and who is it shared with?

5.1. We use companies (data processors) to help us deliver our services to you, e.g. to provide the hosting environment for our Products, send out newsletters, for hosting webinars, to help us run our Websites, manage payments etc. 

5.2. When we use a processor we make sure that there is a legal agreement in place regarding how they will be processing data on our behalf. We’ll also make sure that they have appropriate security measures in place and if they are located outside the EU, we’ll make sure that there is a legal agreement in place allowing us to give them access to the data (see more below). 

5.3. We share your personal data with:

a) Suppliers and vendors that we work with to assist our company (meaning service providers, technical support, supply services, and financial institutions)

b) Group entities

c) Public authorities

5.4. Please read our cookie policy regarding the suppliers we use for cookie and tracking services. 

5.5. In the event that we are involved in a bankruptcy, merger, acquisition, reorganisation, your information may be transferred as part of that transaction.

6. How long do we store your personal data?

6.1. We only keep your data for as long as we need it, or are required to for legal reasons. For how long we keep the data depends on why it was collected, and if we have a continuing legal basis to do so (such as to fulfil a contract between us, perform a service you requested, meet legal requirements, or for our legitimate interests). 

6.2. As an example personal data collected and kept to comply with the Danish Bookkeeping Act is kept for 5 years after the accounting year in which the data was collected. 

6.3. When we no longer have a valid reason to keep your data, we'll either delete it or anonymise it so that it doesn't identify you. 

6.4. If you have any questions about our retention of personal data, please contact us via the email address mentioned in the last section of this Policy.

7. Transfers to countries outside the EU/EEA

7.1. In some cases, we may transfer your data to the countries outside the EU/EEA.

7.2. Where a transfer of personal data occurs between Cerivo and a third party located outside of the EU/EEA, the transfer of personal data will include one of the following appropriate safeguards, as applicable:

a) The EU - U.S. Data Privacy Framework.

b) The adoption by the parties of the EU model clauses resulting from the EU Commission implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.

c) Any other appropriate safeguards recognized by the GDPR such as an adequacy decision, an approved code of conduct or an appropriate certification mechanism.

8. Your rights

8.1. General information

You have a number of rights in relation to our processing of your personal data. These rights may be subject to limitations and exemptions under applicable data protection laws, for example where fulfilling your request would adversely affect the rights and freedoms of others, or where we are required by law or have an overriding legitimate interest to retain the personal data. In the following, we set out your data protection rights under the GDPR:

8.2. Right of access and rectification

You have the right to request access to your personal data and to receive a copy of the personal data we process about you. You also have the right to request that inaccurate or incomplete personal data be rectified.

Certain exemptions may apply, meaning that you may not always receive all personal data we process. However, you may always contact us to request information about the processing of your personal data.

8.3. Right to erasure

You have the right to request the erasure of your personal data in certain circumstances, for example where the personal data is no longer necessary in relation to the purposes for which it was collected or processed.

8.4. Right to withdraw consent

Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing carried out before the withdrawal.

You may withdraw your consent by using the relevant functionality within the applicable Product, by contacting us (see “Contact Us” below) or using the unsubscribe link in the marketing email.

8.5. Right to restriction of processing and right to object

You have the right to request that we restrict the processing of your personal data in certain circumstances. You also have the right to object to our processing of your personal data where such processing is based on our legitimate interests.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing.

8.6. Right to data portability

You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and, where technically feasible, to have such personal data transmitted to another data controller.

8.7. Exercising your rights

We will respond to your request without undue delay and in any event within one month of receiving your request. This period may be extended by up to two additional months where necessary, taking into account the complexity and number of requests.

If you have any questions regarding the processing of your personal data or wish to exercise your rights, you are welcome to contact us (see “Contact Us” below).

8.8. Right to complaint

If you have unresolved concerns about our processing of your personal data, you have the right to lodge a complaint with a data protection authority. You may lodge a complaint with the data protection authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

In Denmark, this is the Danish Data Protection Agency (Datatilsynet):

Website: https://www.datatilsynet.dk

Carl Jacobsens Vej 35

2500 Valby

Tlf. 33 19 32 00

dt@datatilsynet.dk

9. Security

9.1. We have adopted appropriate technical and organisational measures to ensure that your personal information is not subject to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise unlawfully processed.

9.2. The Internet is not a 100% secure environment and that means we cannot guarantee the security of the data you transmit to us. Emails sent via the Internet might not be encrypted, so we advise you not to include any confidential or sensitive information in your emails to us.

10. Children information

10.1. Our services and website aren’t directed to children, and you can’t use our services if you are under the age of 18. 

11. Changes to this policy

11.1. Sometimes we need to make changes to this policy to reflect our current practices. We will take reasonable steps to let you know about changes via our Websites. 

11.2. If you are a registered user, we will notify you via email if significant changes are being made to the policy using the email address you gave us when you signed up. 

11.3. If you continue to use our Websites, Platforms or Services after the notification, we will regard this as your acceptance of our privacy practices.

12. Contact us

12.1. If you have questions or comments to this Policy or if you would like to invoke one or more data subject rights, please contact us at ama@cerivo.com

12.2. You can reach us by mail at: 

Cerivo ApS

Nannasgade 28, 2200 

Copenhagen N 

Denmark