Privacy Policy
1. Information about the processing of personal data
Your data security is important to us, and we take great care to ensure that your personal data is handled responsibly. Below you can read how GLUU ApS (hereinafter “Gluu”, “we”, “us” or “our”) processes personal data about you when we act as data controller. You can also read about your rights in relation to our processing.
2. Gluu’s role as data controller
In connection with the operation of our business, we process certain personal data. We do this in order to serve you in the best possible way. We mainly collect and process general (non-sensitive) personal data.
When you use the Gluu platform, the personal data of your own users is processed by Gluu as a data processor on your behalf. That processing is governed by our Data Processing Agreement, not by this Privacy Policy. This policy covers only the situations in which Gluu acts as data controller.
If you have any questions regarding our processing of your personal data, please contact Gluu here:
GLUU ApS
VAT no.: DK33886349
Svanevej 22, DK-2400 Copenhagen NV, Denmark
Privacy contact:
Name: Søren Pommer
Phone: +45 7230 2070
E-mail: spommer@gluu.biz
3. What personal data do we collect, and why
We process personal data about you in a number of different situations. Read more about our processing in each situation below.
3.1 Visitors to Gluu’s website and users of Gluu’s online services
When you visit Gluu’s website (e.g. https://gluu.biz) or use our other online services (on, for example, LinkedIn, Facebook and YouTube), Gluu may process information about your IP address as well as information about your computer, device and browser.
We also process information about your visit (for example, how you access our websites, how you navigate around them, which pages you visit, content you view, your searches and advertisements you have seen). Personal data is collected through cookies, log files and other technologies. You can read more about our use of cookies in our Cookie Policy.
We also process personal data that you provide to us in connection with your use of the website or our online services — for example, when you use our online chat or contact form. This includes your name, telephone number, email address, product interest and any other information you provide.
We use your personal data to make relevant products, supplies, benefits and services (“Services”) available to you, and to improve your experience of our websites, online services and the Services we offer. We also use personal data to show you content on our own and other sites based on your activities and preferences, and to limit the number of times you see the same content.
The legal basis for processing is our legitimate interest in making our website and online services available to you (Article 6(1)(f) GDPR) or your consent (Article 6(1)(a) GDPR and Section 3 of the Danish Executive Order on Cookies).
We store personal data collected in connection with your visit to our website for up to 12 months.
3.2 Marketing recipients
When you receive marketing communications, including newsletters from Gluu, we process personal data about your name, telephone number, email address, title and product interest. We also process information about your marketing and communication preferences, your use of the marketing we send you (including, for example, whether you have opened an email, whether it has been read and which links you have opened), and any other information you provide.
We process your personal data to market our company and Services, and to set up and manage your marketing subscription. We use data about your preferences and usage to understand how customers receive our marketing messages and to improve our marketing going forward.
We will only send you marketing material by email, text message or other electronic means once we have obtained your consent where this is required under the Danish Marketing Practices Act.
We also use personal data to show you content on our own and other sites based on your activities and preferences, to limit the number of times you see the same content, and to measure the effectiveness of our content and marketing. For this purpose, we may upload your email address to advertising tools provided by, for example, Google or Meta (Facebook) in order to send targeted marketing messages. Where such tools involve a transfer of personal data outside the EU/EEA, that transfer is covered by the safeguards described in section 5.
The legal basis for processing is your consent, where required under the Danish Marketing Practices Act (Article 6(1)(a) GDPR), and otherwise our legitimate interest in marketing our Services to you (Article 6(1)(f) GDPR).
We store personal data about recipients of marketing communications for 2 years.
3.3 Participants in competitions
When you participate in competitions, we process personal data about your name, telephone number, email address, responses to the competition and profile name.
We process this personal data to manage competitions, draw winners and contact them.
The legal basis for processing is your consent (Article 6(1)(a) GDPR) or our legitimate interest in running the competition and contacting the winner (Article 6(1)(f) GDPR).
We store personal data collected in connection with competitions for 2 years.
3.4 Business partners and suppliers to Gluu
When you are a business partner or supplier to Gluu, or a contact person for one, we process personal data about your name, email address, work telephone number, company name and title, as well as publicly available information and other information you provide to us.
We process this personal data for contract management, to receive goods and services from our suppliers and business partners, and where appropriate to fulfil agreements with our customers.
The legal basis for processing is our agreement with you (Article 6(1)(b) GDPR) or our legitimate interest in managing the relationship with you or the company you represent (Article 6(1)(f) GDPR).
We store personal data about business partners and suppliers for 2 years after termination of the collaboration.
4. Recipients of your personal data
Gluu may disclose your personal data to other suppliers and service providers in the ordinary course of our business. These act as our data processors and only process your personal data for our purposes and under our instructions.
Some of the tools we use to run our website and business are provided by companies that may process data outside the EU/EEA. Where this is the case, the safeguards described in section 5 apply. Where you use the Gluu platform, the sub-processors involved are listed in our Data Processing Agreement.
Gluu may also disclose your personal data to a public authority where we are specifically obliged to do so under legislation or a notification obligation to which we are subject. We limit the disclosure of personally identifiable information as far as possible.
5. Transfer of personal data to countries outside the EU/EEA
We process your personal data primarily within the EU/EEA. Some of the service providers we rely on — for example, certain analytics and advertising tools — may process personal data in countries outside the EU/EEA, including the United States.
Where such a transfer takes place, we ensure an adequate level of protection through one of the safeguards permitted under Chapter V GDPR: an EU Commission adequacy decision, the recipient’s certification under the EU-U.S. Data Privacy Framework, or the European Commission’s Standard Contractual Clauses. You can obtain a copy of the relevant safeguard by contacting us using the details in section 2.
6. Storage, data integrity and security
When your personal data is no longer needed, we ensure that it is deleted in a secure manner.
It is our policy to protect personal data through adequate technical and organisational security measures. Gluu maintains an information security management system certified to ISO/IEC 27001, and we conduct regular internal reviews of the adequacy of, and compliance with, our policies and measures.
7. Your rights
As a data subject, you have certain rights under the General Data Protection Regulation. If you want to exercise your rights, please contact us using the details in section 2. We will respond without undue delay and within one month of receiving your request. To protect your data, we may need to verify your identity first.
You may — unconditionally and at any time — withdraw a consent you have given. You can do so by sending us an email (see section 2). Withdrawing your consent will not have any negative impact, although it may mean we cannot meet specific requests from you in the future. Withdrawal does not affect the lawfulness of processing carried out before the consent was withdrawn, nor any processing carried out on another lawful basis.
You can also — unconditionally and at any time — object to processing that is based on our legitimate interests.
Your rights also include the following:
- Right of access: You have the right to access the personal data we process about you.
- Right to rectification: You have the right to have inaccurate or incomplete personal data about you corrected.
- Right to erasure (“right to be forgotten”): In certain cases, you have the right to have your personal data erased before the time we would normally delete it.
- Right to restriction of processing: In certain situations, you have the right to restrict the processing of your personal data. Where this right applies, we may then only process your data — apart from storage — with your consent, for the establishment, exercise or defence of legal claims, or to protect an individual or important public interests.
- Right to object: In certain situations, you have the right to object to our processing of your personal data, and always where the processing is for direct marketing purposes.
- Right to data portability: In certain situations, you have the right to receive your personal data in a structured, commonly used and machine-readable format, and to have it transferred from one data controller to another.
- Right to lodge a complaint: You can lodge a complaint at any time with the Danish Data Protection Agency (Datatilsynet) about our processing of personal data. See www.datatilsynet.dk for further information on your rights as a data subject.
8. Automated decision-making
We do not use your personal data for automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you.
9. Updates to our Privacy Policy
From time to time it will be necessary to update this Privacy Policy. We review it regularly to ensure it stays current, valid and in line with applicable legislation and the principles for processing personal data. We publish new versions of the policy on our website.
This policy has version no. 4 and is valid from 1 July 2026.