Privacy policy

Overall Policy on Data Protection, Cookies and Marketing

Last updated: 18-11-2025

________________________________________

PART 1: PRIVACY POLICY

1. Introduction

This privacy policy describes how Right People Group ApS ("we", "us", "our") collects and processes personal data in connection with our business, including the provision of consulting services, recruitment, marketing, website visits and other business activities. We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation – GDPR) and the Danish Data Protection Act.

We work continuously to protect your information and ensure transparency about how and why we process it. This policy applies to all persons whose data we process, including customers, consultants, candidates, suppliers, visitors to our website and recipients of marketing material.

________________________________________

2. Data controller

Data controller:

Right People Group ApS

CVR no.: 30590627

Address: Lyngbyvej 2, 2100 Copenhagen Ø

Email: info@rightpeoplegroup.com

Telephone: +45 70 20 89 86

Compliance Officer (COO):

Henrik Deichmann Arent

Email: hda@rightpeoplegroup.com

Telephone: +45 70 20 89 86

________________________________________

3. Processing activities and types of information

We only collect and process personal data that is necessary for specific, legitimate purposes. This information may vary depending on your relationship with us:

• Customers: Contact details, contract data, payment information, correspondence and history.

• Consultants and candidates: Name, contact details, CV, professional experience, references, skills, test results, salary information and, in special cases, health information or criminal record (only with consent).

• Employees: Identity, contact information, salary information, access data, time registration, education and evaluations.

• Suppliers and partners: Contact information, contract information and billing data.

• Website visitors: IP address, device type, browser information, timestamps, page views and cookies (see Part 2 below).

We ensure that all information is treated confidentially and only for legitimate purposes.

________________________________________

4. Purpose and legal basis

We process personal data for the following purposes and on the following legal basis:

Purpose // Legal basis

Provision and administration of consulting and recruitment services // GDPR Art. 6(1)(b) – performance of a contract

Communication and customer service // GDPR Art. 6(1)(f) – legitimate interest

Accounting, tax and statutory registrations // GDPR Art. 6(1)(c) – legal obligation

Candidate assessment and job placement // GDPR Art. 6(1)(b) and Art. 9(2)(a) – consent for sensitive data

Marketing and newsletters // GDPR Art. 6(1)(a) – consent

IT security, risk management and abuse prevention // GDPR Art. 6(1)(f) – legitimate interest

________________________________________

5. Recipients and disclosure

We only disclose personal data when necessary to fulfil a purpose and when done lawfully. Information may be shared with: - Customers and partners as part of task performance. - Public authorities, if required by law. - Auditors, lawyers and advisors under confidentiality. - IT and support providers who act as data processors under contract.

When transferring data to third countries outside the EU/EEA, the European Commission's Standard Contractual Clauses (SCC) or other valid mechanism will be used.

________________________________________

6. Storage and deletion

We only store personal data for as long as necessary for the purpose for which it was collected, or for as long as required by law. After this period, the data is securely deleted or anonymised. Typically, data is stored:

• Customers and suppliers: up to 5 years after termination.

• Employees: up to 5 years after termination of employment.

________________________________________

7. Your rights

You have rights under the GDPR, including:

- The right to access the information we process.

- The right to correct inaccurate information.

- The right to erasure of information where legally possible.

- Right to restriction of processing.

- The right to data portability.

- The right to object to processing based on legitimate interest.

- Right to withdraw consent.

Requests will be answered without undue delay. You can also complain to the Danish Data Protection Agency, Carl Jacobsens Vej 35, 2500 Valby, or via www.datatilsynet.dk.

________________________________________

8. Security

We use appropriate technical and organisational measures, including access control, encryption, backup and ongoing risk assessment, to protect information from unauthorised access, loss or misuse.

________________________________________

PART 2: COOKIE POLICY

9. Use of cookies

We use cookies and similar technologies on our website to ensure that the site functions properly and to offer the best possible user experience. Cookies help us remember your preferences, analyse traffic and present relevant content and advertisements.

Cookies are small text files that are stored on your device (computer, mobile phone or tablet) when you visit our website. We only use the types of cookies that are necessary to maintain the functionality of the website, improve its usability and support our marketing activities.

We use the following categories of cookies:

• Necessary cookies: These cookies are essential for the website to function properly. They enable basic functions such as access to secure areas, session management and form management. These cookies do not require consent.

• Functional cookies: These cookies enable the website to remember your choices and preferences, such as language settings or layout. They are used to improve the functionality and personalisation of the experience. Functional cookies require your consent.

• Marketing cookies: These cookies are used to track visitors across websites. The purpose is to show relevant ads and understand the effectiveness of our marketing. Marketing cookies are only used if you give your consent.

We use an approved consent management tool to manage and document your consent to cookies. You can change or withdraw your consent at any time via the cookie settings on our website.

________________________________________

10. Consent to cookies

When you visit our website for the first time, you will be asked to consent to the use of cookies. You can accept all cookies, select specific categories or reject non-essential cookies.

Your choice will be recorded and stored as documentation that consent has been given in accordance with applicable law.

You can always change your consent by opening the cookie settings at the bottom of the website and updating your choices. Changes take effect immediately and only affect future use of cookies.

________________________________________

11. Third-party cookies and data transfers

We use cookies from trusted partners for statistics and marketing. These partners may use data collected via cookies to analyse web traffic or deliver targeted ads.

If cookies involve the transfer of data to third countries outside the EU/EEA, we ensure that a valid legal basis is established in accordance with the EU Commission's Standard Contractual Clauses (SCC) or, where relevant, to countries with an approved level of protection.

________________________________________

PART 3: MARKETING POLICY

12. Marketing and communication

We will only send you electronic marketing (newsletters, offers, invitations and the like) if you have given your express consent, cf. Section 10 of the Danish Marketing Practices Act.

Consent is given voluntarily, is specific and informed, and can be withdrawn at any time.

When you withdraw your consent, we will immediately stop sending you marketing communications. You can unsubscribe via the link in our emails or by contacting us directly.

________________________________________

13. Documentation of consent

We keep documentation that you have given your consent until you withdraw it.

The purpose is to be able to document the legality of our processing in accordance with GDPR Article 7 and the Marketing Act.

________________________________________

14. Profiling and targeting

We may use data about your preferences and previous interactions to target our communications so that you receive relevant content.

We do not use automated decisions that have legal effect on you.

Any profiling is only based on data you have voluntarily provided or that has been collected through consent-based cookies.

________________________________________

15. Consent for social media and advertising

If you interact with us via social media (e.g. LinkedIn or Meta), information about your actions will be processed in accordance with the platforms' own privacy policies.

We always strive to limit data processing to what is necessary.

________________________________________

PART 4: REVISION AND CONTACT

16. Policy updates

This comprehensive policy is updated at least once a year or in the event of significant changes in legislation, technological solutions or our processing activities.

The latest version will always be available on our website.

________________________________________

17. Contact

Data controller: Right People Group ApS

Email: info@rightpeoplegroup.com

Telephone: +45 70 20 89 86

Data protection officer: Henrik Deichmann Arent

Email: hda@rightpeoplegroup.com

________________________________________

18. Language and validity

This privacy policy was originally written in Danish. In the event of any discrepancy between the Danish version and a translated version, the Danish version shall take precedence and be considered legally valid. The policy is subject to Danish law and supervision by the Danish Data Protection Agency (www.datatilsynet.dk).