Privacy Policy

1. Introduction

Sonorous Digital ("we," "us," or "our") is a business automation consultancy based in Copenhagen, Denmark. We are committed to protecting your privacy and handling your personal data in a transparent, lawful manner.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website at sonorousdigital.com and use our services, including the Profit Leak Calculator and consultation booking system. It is designed to comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Danish Data Protection Act (Databeskyttelsesloven, Act No. 502 of 23 May 2018), and other applicable data protection legislation.

Please read this Privacy Policy carefully. By using our website, you acknowledge that you have read and understood this policy. Where we rely on consent as the legal basis for processing, we will obtain your explicit consent at the point of data collection.

2. Data Controller

The data controller responsible for your personal data is:

If you have any questions about this Privacy Policy or how we handle your personal data, or if you wish to exercise any of your data subject rights, please contact us using the details above.

3. What Data We Collect and How

Our website has distinct features with very different data practices. This section provides a clear overview of what data is and is not collected for each feature.

4. Legal Bases for Processing

We process personal data only where we have a valid legal basis under the GDPR. The legal bases we rely on are:

• Consent (Art. 6(1)(a)) — Where you have given clear, informed consent for a specific purpose, such as booking a consultation or subscribing to communications. You may withdraw consent at any time.
• Contract Performance (Art. 6(1)(b)) — Where processing is necessary for the performance of a contract with you, or to take steps at your request prior to entering into a contract, such as preparing for a booked consultation.
• Legitimate Interest (Art. 6(1)(f)) — Where processing is necessary for our legitimate interests (such as website security, fraud prevention, and service improvement), provided those interests are not overridden by your rights and freedoms. We conduct a balancing test for each legitimate interest processing activity.
• Legal Obligation (Art. 6(1)(c)) — Where processing is necessary to comply with applicable legal obligations, such as tax, accounting, or regulatory requirements under Danish law.

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

We may share your personal data with the following categories of recipients, only to the extent necessary and under appropriate safeguards:

• Service Providers — Third-party providers who perform services on our behalf, such as hosting providers, scheduling platforms, email delivery services, and analytics tools. These providers are bound by data processing agreements and may only process your data on our instructions.
• Professional Advisors — Lawyers, accountants, and other professional advisors where necessary for the conduct of our business.
• Legal and Regulatory Authorities — Where required by applicable law, regulation, legal process, or enforceable governmental request, including by the Danish Data Protection Agency (Datatilsynet).

All third-party service providers are contractually obligated to process personal data in accordance with the GDPR and to implement appropriate technical and organizational security measures.

6. Cookie Policy

Our website uses cookies and similar tracking technologies. A cookie is a small text file placed on your device by our website.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our specific retention periods are:

• Booking and Consultation Data — Retained for the duration of the business relationship and for a period of five (5) years thereafter, or as required by Danish tax and commercial law.
• Contact Form Submissions — Retained for two (2) years from the date of the last interaction, unless a business relationship is established.
• Server Logs — Retained for a maximum of ninety (90) days and then permanently deleted or anonymized.
• Cookie Data — Retained in accordance with the specific cookie’s expiration period as disclosed in our cookie consent tool.
• Calculator Data — Not applicable. No data is collected or retained.

When personal data is no longer needed, it is securely deleted or irreversibly anonymized.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include but are not limited to:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest
• Access controls limiting data access to authorized personnel only
• Regular security assessments and vulnerability testing
• Staff training on data protection and information security

While we strive to protect your personal data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to implementing and maintaining industry-standard protections.

9. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). In the event that we transfer personal data to a country outside the EEA, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, an adequacy decision by the European Commission for the receiving country, or other legally recognized transfer mechanisms under Chapter V of the GDPR.

Where our service providers are based outside the EEA, we conduct transfer impact assessments and implement supplementary measures as necessary to ensure an adequate level of data protection.

10. Your Rights Under GDPR

Under the GDPR and the Danish Data Protection Act, you have the following rights regarding your personal data:

• Right of Access (Art. 15)You have the right to request a copy of the personal data we hold about you and to obtain information about how it is processed.
• Right to Rectification (Art. 16)You have the right to request correction of inaccurate personal data or completion of incomplete data.
• Right to Erasure (Art. 17)You have the right to request deletion of your personal data where it is no longer necessary for the purpose it was collected, or where you withdraw consent and no other legal basis applies.
• Right to Restriction of Processing (Art. 18)You have the right to request that we restrict processing of your personal data in certain circumstances.
• Right to Data Portability (Art. 20)You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
• Right to Object (Art. 21)You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease such processing without exception.
• Right to Withdraw ConsentWhere processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
• Right to Lodge a ComplaintYou have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) at datatilsynet.dk, or with the supervisory authority in the EU Member State of your habitual residence.

To exercise any of these rights, please contact us at contact@sonorousdigital.com. We will respond to your request within one (1) month, as required by the GDPR. This period may be extended by two additional months for complex requests, in which case we will inform you of the extension and the reasons for the delay.

We will not charge a fee for processing your request unless the request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.

11. Children’s Privacy

Our Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a person under 18 without appropriate parental consent, we will take immediate steps to delete that data. Under the Danish Data Protection Act, the age of digital consent is 13 years; however, our services are targeted at business professionals and we do not intentionally collect data from anyone under 18.

12. Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you. The Profit Leak Calculator provides general estimates based on your inputs and industry averages, but this does not constitute automated decision-making under Article 22 of the GDPR, as no personal data is processed and no decisions with legal or significant effects are made.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes, we will post the updated policy on our website with a new effective date and, where appropriate, notify you by email or through a prominent notice on the website.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

14. Supervisory Authority

The competent supervisory authority for data protection matters relating to Sonorous Digital is:

15. Contact Information

For any questions regarding this Privacy Policy or to exercise your data subject rights: