Last updated: 2026-05-11

Privacy policy

EnterpriseIQ v/Jesper Sachmann is the data controller. We process only the data we need, keep it for as short a time as possible, and give you full GDPR rights.

§ 01

Collection

Which personal data we process

When you contact us: Name, email, phone (optional), company (optional) and message content, via contact form, email or booking.
When you subscribe to the newsletter: Email. Unsubscribe with one click in every email.
When you download lead magnets: Email (EU AI Act checklist and similar resources).
When we have a client relationship: Contact details, company information, interview answers, meeting recordings (with consent). Governed by a separate Data Processing Agreement (DPA).

§ 02

GDPR Art. 6

Purposes and legal bases

Respond to enquiries: GDPR Art. 6(1)(b): contract or pre-contractual
Deliver newsletter and content: Art. 6(1)(a): consent
Execute client-related analyses and engagements: Contract + consent for sensitive categories where relevant
Accounting and statutory documentation: Art. 6(1)(c): legal obligation
Security, anti-spam, basic website analytics: Art. 6(1)(f): legitimate interest

§ 03

Retention

How long we keep data

Contact enquiries with no further engagement: 2 years
Newsletter subscription: Until unsubscribe
Client data (accounting): 5 years (bookkeeping requirement)
Sensitive engagement data (transcripts, documents): 90 days after delivery
Anonymised aggregated insight: Until further notice

§ 04

Third parties

Processors we use

All comply with GDPR requirements. A detailed list is in the separate Data Processing Agreement (DPA) for client engagements.

Google Workspace: Mail, docs, drive, calendar and meet (EU residency)
Anthropic Claude API: EU region where possible
OpenAI / ChatGPT: Only non-sensitive data, or with a separate agreement
Billy: Bookkeeping (Danish provider)
Cloudflare: CDN and DDoS protection (EU residency)
Self-hosted services in Proxmox-LXC: SuiteCRM, Listmonk, DocuSeal, Mattermost, Plane and others on our own hardware in Denmark

§ 05

AI tools

Use of AI

We use AI tools in our engagements. A detailed policy is available at AI transparency. Short version: sensitive personal data is processed only under a DPA, and self-hosted mode is available as an opt-in.

§ 06

GDPR

Your rights

Enquiries are answered within 30 days. Write to jesper@enterpriseiq.dk.

→ Access to the data we hold about you
→ Rectification if data is incorrect
→ Erasure (the right to be forgotten)
→ Restriction of processing
→ Data portability
→ Objection to processing
→ Withdrawal of consent
→ Complaint to the Danish Data Protection Authority (datatilsynet.dk)

§ 07

Security

Technical and organisational measures

We apply measures appropriate to the risk: TLS encryption, multi-factor authentication on all internal services, daily backups, immutable audit logs, single sign-on via Authentik, isolated client data in separate LXCs where relevant.