Privacy Policy: For Users
Last Updated:March 2025
Learn how we process and protect your personal data here at Project Hafnia. We value your privacy, and are committed to safeguarding it. We also strive to be fully transparent about our processes.
This notice aims to inform you about how we process personal data in our business, the rights you have regarding its processing, and key contact information in compliance with the General Data Protection Regulation (GDPR).
- For information on our processing activities, please refer to
- For information on how we use personal data to innovate, generate new knowledge, and develop products, please refer to:
- For information about other Milestone’ processing of personal data, kindly refer to the
- Our contact details can be found
- Contact details to the relevant data protection authority can be found
How We Collect Your Personal Data
We process personal data related to potential and existing customers, community members, newsletter subscribers, website visitors, vendors, and partners. This data is typically collected when you:
- Buy or use our products or services (freemium or paid).
- Subscribe to our newsletter.
- Respond to one of our surveys.
- Provide us with your contact details, such as sharing your business card.
- Contact us via phone, text, email, social media, or our websites.
- Browse or otherwise use our websites, such as exploring our catalog.
Providing your personal data is voluntary, but without it, we may not be able to offer you our services. Rest assured, we do not rent, buy, or sell your personal data to or from others.
Please note that there is a separate process for managing data stored in the Project Hafnia Data Library. For more details, refer to
or reach out to us athafnia@milestonesys.com
How We Process Your Personal Data
We only process your personal data when we have a clear purpose, a defined retention strategy, and a lawful basis as outlined inArticle 6(1) of GDPR.In our case, this includes:
- Your consent:For example, to send you our newsletter or marketing materials.
- Contractual obligation:When we have a contract with you, such as delivering our services.
- Legal obligation:Typically for compliance with accounting, bookkeeping, tax, or other business operations.
- Legitimate interest:When we have a reasonable interest, such as improving our services and running an effective business.
Details on the Processing of Your Personal Data
Concerned Persons:Registered users of our platform, whether on a free or paid plan.
- Type of Data:
- Contact details: Name, email address, IP address, profile picture, company association, address, telephone number, country, or region.
- For paid users: Additional data such as order information, payment details, and purchase history.
- Activity:
- Registering on our platform.
- Purchasing or subscribing to our products or services.
- Purpose:
- To provide access to our products or services.
- To offer product support. on our platform.
- Legal Basis:
- Performance of a contract, as per Article 6(1)(b) of the GDPR.
- Retention
- Personal data is retained for the duration of the collaboration with the customer, partner, technology partner, or supplier, and for up to five years after the collaboration ends.
Concerned Persons:Prospects, customers, users, website visitors, community members, vendors, providers.
- Type of Data:
- Contact details, including name, email, phone number, social media profiles, business cards, and company association.
- Activity:
- When you contact us directly.
- When we contact you using publicly available information for purposes such as prospecting, potential partnership, knowledge exchange, or collaboration.
- Purpose:
- To respond to inquiries and maintain communication.
- To keep records for potential complaints or legal claims.
- Legal Basis:
- Legitimate interest, as per Article 6(1)(f) of the GDPR.
- Retention
- Personal data is retained for the duration of the collaboration and up to five years if required for legal obligations related to accounting or bookkeeping.
Concerned Persons:Platform users, website visitors.
- Type of Data:
- A unique UserID associated with your session.
- Note: The same individual may not retain the same Hotjar UserID if they access the website through different browsers or clear their browser cookies between sessions.
- Activity:
- When you visit and interact with our website or platform using a web browser (e.g. Edge, Chrome, Arc)
- Purpose:
- To continuously improve our website and services.
- Legal Basis:
- Consent, as per Article 6(1)(a) of GDPR.
- Legitimate interest, as per Article 6(1)(f) of GDPR.
- Retention
- Some data is kept for the duration of the session. If consent is given the data could be retain for up to 1 year.
Concerned Persons:VLM as a service users
- Type of Data:
- Footage, image, video, visuals that might contain: Face. body shapes, movements, action performed, identifiable clothing or accessories. Vehicles license plates or unique number.
- Note: Not all material uploaded will contain personal information, however we consider it good practice to consider it the default scenario.
- Activity:
- When you use the VLM as a service, uploading a video to obtain a summary in return.
- Purpose:
- To provide our service.
- Legal Basis:
- Performance of a contract, as per Article 6(1)(b) of the GDPR.
- Retention
- Videos will be available on the platform for review for up to 30 days before deletion.
Concerned Persons:Receivers, readers and listeners of the Project Hafnia Newsletter.
- Type of Data:
- Name.
- Email address.
- Phone number (in some cases).
- Activity:
- After subscribing, we send you our newsletter.
- Purpose:
- To provide and deliver our newsletter.
- Legal Basis:
- Consent, as per Article 6(1)(a) of the GDPR.
- Retention
- Personal data is retained on our newsletter lists for as long as your consent remains valid.
Disclosure of Personal Data
To operate our business, we may share your personal data with the following parties:
- Public Authorities: When required by law or regulation.
- Vendors: To provide specific services on our behalf.
- Milestone Group Companies: When necessary for business operations.
- IT Support: When required to resolve technical issues or maintain systems.
Personal Data Processors Tasks
| Processor Namesorted ascending | Description | Location |
|---|---|---|
Amplitude | Analytics | EU |
AWS | Hosting and Storage | EU |
Behiiv | Newsletter | US |
Hotjar | Analytics | US |
Slack | Community | EU |
Stripe | Payment | US |
Tally.so | Surveys | EU |
Data Transfers Outside the EU/EEAIn certain cases, we transfer personal data to recipients located outside the EU and EEA. We ensure adequate protection through:
- EU Standard Contractual Clauses: Approved by the European Commission.
- EU-U.S. Data Privacy Framework: For recipients in the U.S., ensuring an adequate level of protection for EU data transfers.
Due Diligence and Data Processing Agreements:
- We conduct thorough due diligence before engaging any processor, ensuring compliance with GDPR standards.
- Regular audits are performed on existing processors, following the guidance from the Danish Data Protection Agency[Vejledning om tilsyn med databehandlere]
- We establish a Data Processing Agreement (DPA) with each processor, as required byArticle 28(3) of GDPR.
Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of Access:You can request access to the personal data we process about you.
- Right to Rectification:You can have inaccurate or incomplete data about you corrected.
- Right to Erasure:In certain cases, you can request that your personal data be deleted before our standard retention and erasure periods apply.
- Right to Restriction of Processing:You can request restricted processing of your data in specific circumstances. In such cases, we will limit processing to:
- Activities based on your consent.
- The establishment, exercise, or defense of legal claims.
- Protection of a person or important public interests. Note: Even if processing is restricted, we may still store your personal data.
- Right to Object:In specific situations, you can object to our lawful processing of your personal data.
- Right to Data Portability:You can request your personal data in a structured, commonly used, and machine-readable format, and ask for it to be transferred to another controller where applicable.
- Right to Complain:You can file a complaint about how we process your personal data with the national data protection authority(Authorities Contact). However, we encourage you to contact us first, as we are confident we can resolve any issues you may have. If you wish to exercise your rights, kindly reach out to us athafnia@milestonesys.com.
Contacts
Legal entity processing your personal data:
Milestone Systems A/S
Company Registration No: 20341130
Banemarksvej 50
2605 Brøndby, Denmark
Tel.: +45 88 30 03 00
If you have any questions or concerns about our processing of personal data or wish to withdraw your consent, please reach out to us athafnia@milestonesys.com.
Authorities Contact
Datatilsynet (Danish Data Protection Agency)
Carl Jacobsensvej 35
DK-2500 Valby
Denmark
phone + 45 33 19 32 00
For other relevant European supervisory authorities, please seehere.
Changes to this Privacy Policy
We regularly update our privacy policy to reflect new privacy practices or changes to our policies. We recommend that customers, partners, and website visitors revisit this Privacy Policy periodically to stay informed.
If you have any questions about this policy or wish to exercise your rights, please contact us athafnia@milestonesys.com. We are committed to responding to your inquiries within one month, though we strive to reply sooner.
This Privacy Policy was last updated in March 2025.