1. Introduction
Scanditech ApS ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what data we collect, why, and how it is handled, in accordance with the EU General Data Protection Regulation (GDPR).
This policy applies to all users of our B2B SaaS platform for inspection, project, and quality assurance management.
2. Data Controller
Scanditech ApS
CVR: 45479242 — Denmark
kontakt@scanditech.dk
3. Data We Collect
We collect the following personal data:
| Data | Purpose |
|---|---|
| Full name | Account identification |
| Email address | Account access and communication |
| Phone number | Account contact |
| Payment information | Processed via Stripe — we do not store raw card data |
| Device & usage data | Usage monitoring and abuse prevention |
| Analytics data (Google Analytics) | Platform performance and usage insights |
We do not collect data from third-party sources or data brokers.
4. Legal Basis for Processing (GDPR)
We process your data under the following legal bases:
- Contractual necessity (Art. 6(1)(b)) — Name, email, phone, and payment data required to provide the service.
- Legitimate interests (Art. 6(1)(f)) — Device and usage monitoring for security and enforcement of our Terms.
- Consent (Art. 6(1)(a)) — Analytics cookies via Google Analytics, subject to your cookie preferences.
5. How We Use Your Data
- To create and manage your account
- To process subscription payments via Stripe
- To enforce seat-based access and detect misuse
- To send service-related communications (account, billing, updates)
- To analyse platform usage and improve performance (Google Analytics)
We do not use your data for advertising, profiling, or sell it to any third party.
6. Third-Party Processors
We share minimal data with the following processors, strictly to operate the service:
| Processor | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Name, email, payment info |
| Google Analytics | Platform analytics | Anonymised usage data |
These processors are contractually bound to handle your data in compliance with GDPR.
7. Data Isolation
Each organisation (Tenant) operates in a fully isolated workspace. No personal data or user-generated content is shared across tenants. Cross-tenant data access is technically prevented at the platform level.
8. Data Retention
We retain your personal data for as long as your account is active. Upon account termination, account data is retained for a limited period before permanent deletion. Payment records may be retained longer where required by Danish accounting law.
9. Your Rights Under GDPR
As an EU data subject, you have the right to:
- Access — Request a copy of your personal data
- Rectification — Request correction of inaccurate data
- Erasure — Request deletion of your data ("right to be forgotten")
- Restriction — Request we limit processing of your data
- Portability — Receive your data in a structured, machine-readable format
- Object — Object to processing based on legitimate interests
- Withdraw consent — For analytics cookies, at any time via cookie settings
To exercise any of these rights, contact us at kontakt@scanditech.dk. You also have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet).
10. Data Security
We implement appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, and device-based usage monitoring. Payment data is handled exclusively by Stripe and never stored on our servers.
11. International Transfers
Your data is processed within the EU/EEA. Where any processor operates outside the EEA (e.g. Google, Stripe), transfers are governed by EU Standard Contractual Clauses (SCCs) or adequacy decisions.
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you via email or in-platform notice prior to any material changes taking effect.
13. Contact
Scanditech ApS — CVR: 45479242
kontakt@scanditech.dk