This policy describes how ARPEDIO SOLUTIONS ApS ("ARPEDIO," "we," "us," "our") processes personal data when you visit arpedio.com, submit a form, attend one of our events, or otherwise interact with us through this website. We operate as a Danish company and comply with the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act.
1. Data controller
The data controller for the processing described in this policy is:
ARPEDIO SOLUTIONS ApS
CVR 34219591
Birkedommervej 27, 2400 København NV, Denmark
Email: privacy@arpedio.com
2. What we collect
We collect only the personal data we need to run arpedio.com, respond to inquiries, and improve what we publish.
Data you provide directly
- Contact form submissions: name, business email, company, role, and the message content you send us.
- Event registrations: name, business email, company, role, and event-specific fields (e.g., dietary requirements for in-person events).
- Assessment and research downloads: name, business email, company, role, CRM (optional), and any answers you provide to the assessment itself.
- Email preferences: your subscription status and topic preferences if you opt in to updates.
Data we collect automatically
- Operational log data: IP address, request path, timestamp, and browser and device type, captured by our hosting and edge-network provider (Cloudflare) for service delivery, security, and bot mitigation.
3. How we use your data
- To respond to inquiries, schedule meetings, and handle pre-sales conversations.
- To deliver requested content (research, assessment results, event confirmations).
- To send you occasional updates if you have opted in — you can unsubscribe at any time.
- To understand aggregate patterns of how visitors use the site, so we can improve it.
- To meet our legal obligations, defend legal claims, and prevent fraud.
We do not sell personal data. We do not use it for automated decision-making that produces legal or similarly significant effects.
4. Legal basis for processing
- Consent (Art. 6(1)(a) GDPR) — for non-essential cookies, marketing communications, and optional fields you choose to complete.
- Contract (Art. 6(1)(b)) — to respond to a specific request you make of us, e.g., to schedule a demo.
- Legitimate interests (Art. 6(1)(f)) — to operate and secure the website, analyse aggregate usage, and conduct B2B outreach where you represent a company within our ideal customer profile. We balance these interests against your rights, and you can object at any time.
- Legal obligation (Art. 6(1)(c)) — where we must retain records for tax, audit, or compliance reasons.
5. Cookies and tracking technologies
We currently use only strictly-necessary cookies set by our hosting provider (Cloudflare) for security, bot mitigation, and service reliability. We do not load analytics or marketing cookies on arpedio.com at this time. A consent management tool will be introduced alongside our analytics and marketing-automation tooling at a later stage, at which point those categories will load only after you accept them via a consent banner. For the current cookie inventory, see our Cookie Policy.
6. Processors we rely on
We use the following processors to operate the site. Each is bound by a data processing agreement consistent with Art. 28 GDPR, or such an agreement is in the process of being executed.
- Cloudflare, Inc. — hosting, CDN, DDoS protection, and bot mitigation for arpedio.com.
- Lifecycle Operators LLC — operates our Cloudflare Pages deployment and the server-side form-submission handler that validates and forwards form data. Receives operational request logs. Data Processing Agreement in progress at launch.
- Salesforce (Pardot / Marketing Cloud Account Engagement) — receives and processes form submissions (contact and assessment forms) and delivers associated email (autoresponders, opt-in communications).
- Slack Technologies — receives a server-to-server notification of each new form submission so our go-to-market team can follow up. No visitor cookie is involved.
7. International transfers
Several of our processors (Cloudflare, Lifecycle Operators, Salesforce, and Slack) are established in the United States and may process data outside the European Economic Area. Where that happens, transfers are protected by the EU–US Data Privacy Framework, the European Commission's Standard Contractual Clauses, or equivalent safeguards required by Chapter V of the GDPR.
8. How long we keep data
- Inquiry and form-submission data: retained for the duration of the active conversation and then for up to 36 months thereafter, so we can respond to follow-ups.
- Marketing-list data: retained while you remain subscribed, plus up to 24 months after your last interaction or unsubscribe, whichever comes first.
- Analytics data: retained in aggregated form for up to 25 months.
- Cookies: see the Cookie Policy for per-cookie durations.
Where we are required by law (e.g., accounting obligations under the Danish Bookkeeping Act), we keep records for the statutory period.
9. Security
We use TLS for all traffic to arpedio.com, restrict access to personal data to staff who need it, and review our processor contracts and practices regularly. No system is entirely impenetrable; if we ever become aware of a personal data breach that is likely to affect your rights, we will notify the Danish Data Protection Agency within 72 hours and, where required, notify you directly.
10. Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion ("right to be forgotten") where no lawful basis requires us to retain it.
- Restrict processing while a question is resolved.
- Object to processing carried out on the basis of legitimate interests, including for direct marketing.
- Receive your data in a portable, machine-readable format.
- Withdraw consent at any time, where processing relies on consent.
To exercise any of these rights, email privacy@arpedio.com. We will respond within one month.
11. Complaints
If you believe we have handled your data in a way that violates the GDPR, you can lodge a complaint with the Danish Data Protection Agency:
Datatilsynet
Carl Jacobsens Vej 35, 2500 Valby, Denmark
datatilsynet.dk · +45 33 19 32 00
12. Children's data
This site is intended for enterprise B2B audiences. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has submitted personal data to us, contact privacy@arpedio.com and we will delete it.
13. Changes to this policy
We may update this policy as our processing or the law evolves. Material changes will be flagged on this page with a new "last updated" date. We encourage you to review it periodically.
For any question about this policy or your personal data:
ARPEDIO SOLUTIONS ApS
Birkedommervej 27, 2400 København NV, Denmark
privacy@arpedio.com