1. Who we are
DPO Agent ApS (CVR: 46574168) is the data controller for personal data processed in connection with your use of DPO Agent at dpoagent.dk.
If you have questions about how we process your personal data, please contact us at contact@dpoagent.dk.
2. What personal data we collect and why
| Category | Data collected | Purpose | Retention |
|---|---|---|---|
| Authentication | Name, email address (from your Microsoft account) | To verify your identity and provide access to the service Legal basis: Art. 6(1)(b) |
Duration of subscription |
| Service queries | Questions and scenarios you submit in the chat | To generate a response from the knowledge base Legal basis: Art. 6(1)(b) |
Zero retention — not stored after processing |
| Contact form | Name, email, company name, message | To respond to your inquiry or process your order Legal basis: Art. 6(1)(b) / Art. 6(1)(f) |
Up to 3 years |
| Order data | Company name, CVR, billing address, EAN, contact person | To fulfil your subscription and issue invoices Legal basis: Art. 6(1)(b) / Art. 6(1)(c) |
5 years (bookkeeping act) |
3. Zero data retention — your queries are not stored
When you submit a question in DPO Agent, your query is processed in real time to generate a response. We do not store your questions or the AI responses after processing.
Azure OpenAI (our AI provider) is configured with zero data retention — Microsoft does not log or store your queries. This means that even if you include personal data in a scenario description, it is not retained after your session ends.
4. Cookies
DPO Agent uses one technical cookie:
| Cookie | Purpose | Duration |
|---|---|---|
| dpo_preview | Grants access to the website during the pre-launch period. Technical necessity only — no tracking. | Session / until deleted |
We do not use tracking cookies, advertising cookies, or analytics cookies. No third-party cookies are set by dpoagent.dk.
5. Data processors and third-party recipients
We use the following data processors. All processing takes place within the EU/EEA:
| Processor | Service | Location |
|---|---|---|
| Microsoft Azure | Cloud infrastructure, AI processing (Azure OpenAI), authentication (Entra ID), storage | Sweden Central (EU) |
| SendGrid (Twilio) | Email delivery for contact form and order confirmations | EU |
We do not sell your personal data to third parties. We do not transfer personal data outside the EU/EEA.
6. Your rights
Under GDPR, you have the following rights regarding your personal data:
- Right of access (art. 15) — you may request a copy of the personal data we hold about you.
- Right to rectification (art. 16) — you may request that inaccurate data be corrected.
- Right to erasure (art. 17) — you may request that your data be deleted, subject to legal obligations.
- Right to restriction (art. 18) — you may request that processing be restricted in certain circumstances.
- Right to data portability (art. 20) — you may request your data in a structured, machine-readable format.
- Right to object (art. 21) — you may object to processing based on legitimate interests.
To exercise your rights, contact us at contact@dpoagent.dk. We will respond within 30 days.
7. Complaints
If you believe we are processing your personal data in violation of GDPR, you have the right to lodge a complaint with the Danish Data Protection Agency:
- Datatilsynet
- Carl Jacobsens Vej 35, 2500 Valby, Denmark
- dt@datatilsynet.dk · datatilsynet.dk
8. Changes to this policy
We may update this privacy policy from time to time. The current version is always available at dpoagent.dk/privacypolicy/. We will notify active subscribers of material changes by email.