Privacy Policy

LEGAL

home.contact_us_section.cta_button

Privacy Policy – Estaid (estaid.com)

Last updated: November 10, 2025

1. Data Controller

Northware ApS, a company in formation under Danish law
Willemoesgade 51, 2100 Copenhagen OE, Denmark
Email: info@estaid.com
CVR: 41365897

We are the controller of your personal data. No Data Protection Officer is appointed (GDPR Art. 37 not triggered).

2. Personal Data We Collect (GDPR Arts. 13–14)

Provided by you:

  • Name
  • Email address
  • Company name
  • Investment data (property addresses, financial figures, portfolios — may contain personal data)

Payment data:

  • Handled by a third-party processor
  • We store only the transaction ID

Technical data:

  • IP address
  • Browser type
  • Device information
  • Usage logs

Analytics:

  • Google Analytics (IP anonymised)

Cookies & trackers:

  • See Cookie Policy at: estaid.com/cookies

Special categories:

  • None collected

Providing data is necessary for the performance of a contract; refusal may prevent account creation or use of the Service.

3. Purposes & Legal Bases (GDPR Art. 6)

Perform contract

  • Deliver the platform
  • Manage subscriptions

Legitimate interests

  • Improve the Service
  • Prevent fraud
  • Security measures (balanced against your rights)
  • Non-essential cookies / analytics
  • Bookkeeping and tax compliance (Danish Bookkeeping Act)

No automated decision-making or profiling (GDPR Art. 22).

4. How We Use Your Data

  • Operate the platform
  • Process subscriptions
  • Send transactional emails
  • Analyse usage
  • Comply with legal obligations

5. Recipients (GDPR Art. 13)

  • Processors: EU hosting providers, third-party payment processors (SCCs), Google Analytics (anonymised, SCCs)
  • Affiliates: under GDPR-compliant agreements
  • Public authorities: when required by law

We do not sell personal data.

6. International Transfers (GDPR Chapter V)

Primary storage and processing occur within the EU/EEA.
Any transfers outside the EU/EEA rely on:

  • Standard Contractual Clauses (SCCs)
  • Adequacy Decisions
  • Binding Corporate Rules

7. Retention Periods

  • Account & investment data: until deletion request + 30 days (or longer if in dispute)
  • Financial transactions: 5 years from end of fiscal year (Danish Bookkeeping Act § 10)
  • Analytics data: 26 months
  • Security logs: 12 months

Data is securely deleted after retention expires.

8. Your Rights (GDPR Chapter III)

  • Access (Art. 15)
  • Rectification (Art. 16)
  • Erasure (Art. 17)
  • Restriction (Art. 18)
  • Data portability (Art. 20)
  • Objection (Art. 21)
  • Withdraw consent (Art. 7)

Exercise your rights free of charge at privacy@estaid.com.
We respond within 1 month (extendable to 3 months for complex requests).

You may also complain to Datatilsynet (datatilsynet.dk) or your local supervisory authority.

9. Security Measures (GDPR Art. 32)

  • TLS encryption in transit
  • Encryption at rest where appropriate
  • Pseudonymisation (hashed passwords)
  • Strict access controls
  • Regular security audits
  • Backups
  • Vulnerability scans
  • Staff training

10. Data Breach Notification (GDPR Arts. 33–34)

  • We notify Datatilsynet within 72 hours unless the breach is unlikely to pose a risk.
  • If a breach poses high risk to your rights, we notify you without undue delay, describing:
    • The nature of the breach
    • Likely consequences
    • Measures taken

11. Children

The Service is not intended for individuals under 18.
We do not knowingly process children’s data. Any discovered data is deleted immediately.

12. Changes to this Policy

Material changes will be notified via email or in-app at least 30 days in advance.
Continued use of the Service constitutes acceptance of the updated policy.

13. Contact

Email: privacy@estaid.com

Northware ApS
Willemoesgade 51, 2100 Copenhagen OE, Denmark