top of page

GDPR - Privacy policies

In our privacy policy (“policy”) we’ll explain what information we collect about you, how we process your personal data, what we use it for and how we store and protect it. Furthermore, the policy explains the rights that you have when we process your personal data


The policy was last updated on January 31, 2025.


1. Who are we (we’re the data controller)
We are the company responsible for the processing of your personal data in accordance with this policy which means that we are the data controller.

 

Here’s our information:
Danish Business Angels
Matrikel1
Højbro Plads 10
1200 København K

 

To make the policy more user friendly we use “we”, “us”, “our” etc. to describe our company. When we talk about our “website” we mean https://danban.org/. When we refer to “you” we mean you as a user of our website, member or partner of our organisation or a founder applying for funding.

 

2. When does the policy apply?
The policy is related to the information we collect and process about you when you visit or use our website (see section 1), sign up to our events or online service via the website, when you become a member of DanBAN. 

The policy also applies to founders, startups, and company representatives who submit pitch decks, business plans, or other information to us for the purpose of potential investment, funding, or collaboration.

 

3. Links to other websites etc.

On our website, in our emails and on our social-media profiles, we may have links to other companies, apps or websites (“other websites”) that aren’t ours. This policy doesn’t cover how those other websites process your data and we therefore encourage you to read the privacy notices on the other websites you visit.

 

4. Why, what type of data, what legal basis and for long we process your data

Here is information about us:
Danish Business Angels (DanBAN) is Denmark’s most advanced network of business angels consisting of 300 private investors who invest in startups nationally and internationally.
To give you a better understanding of why, what and for how long we process your data, we’ve divided our processing activities into areas describing the different purposes we process your data for.

 

Deliver our services & products
As mentioned above, we connect capital-seeking companies, partners and individuals who share an interest in scaling ambitious growth companies. To deliver these services, products and platforms to you we process personal data. This includes:

​

For potential members, guests and members (investors)

– Registering your info for event participation

– Registering and identifying you as a member/partner,
– Creating your account and setting up your profile,
– Logging the actions you take when you use our website and platform,
– Delivering the services and/or products as mentioned above,
– Facilitating investments,
– Handling payment transactions,
– Responding to your questions and providing you with support, including sending service related messages to you.

​

For investment screening and startup evaluation

We process personal data from founders and representatives of startups who submit pitch decks, applications, or other materials for investment evaluation or collaboration.

The data we process may include:
– Name, title, email address, phone number, and company affiliation
– Business information included in the submitted materials (e.g. pitch decks, financial summaries, or business plans)

 

Purpose: To evaluate potential investments, communicate with applicants, and manage our investment and due diligence process. Legal basis: Our legitimate interest (GDPR Article 6(1)(f)) in assessing and managing investment opportunities.

Data sharing: Data may be shared with members of the DanBAN network under confidentiality obligations.

Data processors: We use secure, GDPR-compliant platforms such as Dealum and OpenAI (ChatGPT Business / Enterprise) under Data Processing Agreements (DPAs). Data processed via these tools is not used for model training.

Retention: We retain such data only as long as necessary to evaluate the opportunity and for a reasonable documentation period thereafter, in line with our data retention policy.​​

​

The data we process about you in that regard is:

Ordinary personal data:
Your contact and account details, incl. your name, picture, email, title, telephone number, address, country, the company you work for, Criminal records. 

 

Your requests and actions, e.g. sign-up and use of our website, when you accepted our terms & conditions and when you contacted us for support etc. If you email us, we’ll collect the content of your message,
Information about what choices you made when you signed up and how you use our service,
UX research, user feedback etc.,

​

Payment information, incl. billing address, credit or debit card details, and payment and purchase history,
Other types of interactions you will have with us and our service, e.g user interviews, tests, customer feedback etc. 

 

Information required to comply with requirements of public or governmental authorities.

​

Sensitive personal data:
We don’t process sensitive personal data.

Here is the legal basis for our processing of your data:
Your consent (GDPR Article 6.1.a)
To perform our contract with you (GDPR Article 6.1.b)
To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).
We will keep the data for as long as they are necessary for the purposes for which they are being processed and in accordance with our data retention policy. Special circumstances or legal requirements may entail that such periods may be shorter or longer, including for the purpose of complying with legal requirements for the erasure or keeping of data.

 

Marketing:

We process your data for marketing-related purposes, including:

– sending you newsletters (if you’ve given consent),
– providing you with offers, sending you guides,
– tailoring our communication with you to accommodate your areas of interests and focus,
– sending you relevant promotions,
– If you sign up for an event, webinar etc. we’ll process your data in that regard.

 

The data we process about you in that regard is:

Ordinary personal data:
Your contact and account details, incl. your name, email, title, telephone number, address and country.
Purchase history and use of our services,
What newsletters you signed up for, when you asked to receive email marketing and guides,
What events, webinars, courses and other arrangements you signed up for, and if you provide feedback, the content of your feedback.

 

Sensitive personal data:
We don’t process sensitive personal data.

Here is the legal basis for our processing of your data:

Your consent (GDPR Article 6.1.a)


To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).

​

We collect the data directly from you or via social media, e.g. Linkedin, for the purpose of carrying out the marketing activities.
We keep your data for as long as you are subscribing to our newsletters, email marketing etc. If you ask us to unsubscribe you, we will keep your data for a specific period after your request so we can show that we have dealt with your request and to make sure that you aren’t receiving the material. For the other types of information, we’ll keep such data for as long as the relevant activity is ongoing and for the period after that as outlined in our data retention policy. Regarding events, courses etc. we’ll keep your personal data as long as they are necessary for the purposes of the course or the event in question and for evaluating them.

​

Business- and product development:
We process your data to do data analysis, audits, developing new products and services, identifying usage trends, determining the effectiveness of our campaigns and operating and expanding our business activities.

​

The data we process about you in that regard is:
Your contact and account details, incl. your name, email, title, telephone number, address, country, the company you work for,
How you are using our products and services
Purchase history, interest areas and use of our digital services,
UX research, customer feedback etc.

 

Sensitive personal data:
We don’t process sensitive personal data.

Here is the legal basis for our processing of your data:

 

Your consent (GDPR Article 6.1.a)
To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).
We collect your data directly from you and we’ll keep such data for as long as we provide our services to you.

 

Statistics:
We process your data to compile statistics and analytics for the use of our website and to monitor and analyse usage and trends. The data we process about you in that regard is:

 

Ordinary personal data:
– When you visit our website, our servers may automatically log the standard data provided by your web browser. It includes your computer’s Internet Protocol (IP) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
– Cookie information: We use cookies and similar technologies to collect additional website usage data and to operate our services.
– We receive information when you interact with our website, e.g. when you visit our website, log into your account and receive emails from us. This includes information such as your IP address, browser type, browser language, operating system, the referring web page, pages visited, location, device information etc.

 

Sensitive personal data:
We don’t process sensitive data.

 

We process your data on the following legal basis:
Your consent (GDPR Article 6.1.a)
To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).

 

Please read our cookie policy for more information about the data processors we use, the duration of the different cookies and the purposes for the processing of your data related to statistics. You can find our cookie policy here. We collect the data directly from you and from the cookies and similar technologies.

 

Improve, optimise or modify the experience on our website and online service:
We process your data collected by your use of our website and online services and products to improve the user experience on our website and the services we offer. We use the data to operate our website, enhance the security of our website and services and its reliability and performance. We’ll also use the data to improve the content we show you, incl. determining what content is most helpful and how we can make the experience when visiting our website better.

You can read about the cookies we use on our website here throughout the pop-up. 
https://openli.com/legal/cookie-policy

 

The data we process about you in that regard is:

Ordinary personal data:
When you visit our website, our servers may automatically log the standard data provided by your web browser. It includes your computer’s Internet Protocol (IP) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time spent on each page, and other details.


Cookie information: We use cookies and similar technologies to collect additional website usage data and to operate our services.


We receive information when you interact with our services, e.g. when you visit our websites, when you sign into your account, or when you interact with email subscriptions. This includes information such as your IP address, browser type, browser language, operating system, the referring web page, pages visited, location, device information etc.

 

Sensitive personal data:
We don’t process sensitive personal data.

 

Here is the legal basis for our processing of your data:
Your consent (GDPR Article 6.1.a)
To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).
We keep this data for as long as it is described in the cookie policy.

​

We collect your data from you and your use of cookies, our website and products.
Comply with legal obligations
Personal data is processed to comply with legal obligations and requirements, requests from public and governmental authorities, relevant industry standards and our internal policies, and protect our operations and our rights. 

Access controls for startup materials: Access to startup submissions (including pitch decks) is restricted to authorised staff and, where relevant, members bound by confidentiality obligations. We apply role-based access, logging, and secure sharing to prevent unauthorised disclosure.

 

Here is the data we process:
Your contact and account details, incl. your name, email, title, telephone number, address, country, the company you work for,
The company you work for, incl. their domain, address and country
Information required to comply with public and governmental authorities
Purchase history and use of our digital services,
The data retention period will be based on national statutory requirements and we collect your data from you, your use of our products, services and platform and from government authorities etc.

​

​

5. Additional information
Some of the grounds for processing your data may overlap, so there may be several reasons which justify us processing your data. We may also use your data in other ways but we will inform you about these purposes when we collect your data.
If you would like more information about our legal basis for processing your data, feel free to contact us.
Please note that special circumstances or legal requirements may mean that such periods can be shorter or longer, depending on the purpose of complying with legal requirements for the erasure or keeping of information.

 

6. Keeping your personal data safe
We use reasonable organisational, technical and administrative measures to protect the personal data that we process about you.
However, the Internet is not a 100% secure environment which means we can’t guarantee the security of the data you transmit to us. Emails sent via the Internet might not be encrypted, so we advise you not to include any confidential or sensitive information in your emails to us.

 

7. Third parties and processors
7.1. Processors (companies helping us, e.g suppliers)
We use companies (processors) to help us, e.g. with payments, send out newsletters, run our website etc. When we use a processor we make sure that there is a legal agreement in place regarding how they will be handling data on our behalf. We’ll also make sure that they have appropriate security measures in place.
Here you can see which processors we are using. They are processing data on our behalf:
 

  • Visma e-conomic A/S – financial and accounting system used for invoicing and payment management.

  • Google Ireland Limited – provider of email, cloud storage and collaboration tools (Google Workspace).

  • Ticketbutler ApS – ticketing and registration platform for events and webinars.

  • Sendible Limited – platform for managing and scheduling posts on our social media channels.

  • Corpay One ApS – system for handling expense management and supplier payments.

  • ActiveCampaign – tool for email marketing (newsletters etc.)

  • Monday.com – CRM/operations platform

  • Dealum OÜ – platform used for collecting, managing, and evaluating startup applications and pitch decks.

  • OpenAI, L.L.C. – provider of ChatGPT Business / Enterprise, used to assist in text analysis and structuring of pitch deck materials under a GDPR-compliant Data Processing Addendum (DPA).

 

Read our cookie policy regarding the processors we use for those services.

​

 

7.1.1 Use of Artificial Intelligence Tools (OpenAI)

We use artificial intelligence (AI) tools provided by OpenAI, L.L.C., including ChatGPT Business / Enterprise, to assist in the internal review and evaluation of pitch decks, startup applications, and related materials submitted to us by founders or companies seeking investment or collaboration.

 

Purpose of processing

The AI tools are used solely to support our internal screening and assessment processes, for example, to help summarise, structure, or analyse text. No automated decision-making or profiling that produces legal or similarly significant effects is carried out.

 

Data processed

Documents and text provided to us may contain personal data such as names, email addresses, telephone numbers, company affiliations, and other business-related information. We ensure that only information necessary for the stated purpose is processed.

​

Legal basis

The processing is based on our legitimate interest (Article 6(1)(f) GDPR) in using secure, efficient, and modern tools to evaluate investment opportunities and manage applications.

 

Data Processing Agreement

We have entered into a Data Processing Addendum (DPA) with OpenAI to ensure that personal data is processed in compliance with the General Data Protection Regulation (GDPR). Under this agreement:

- OpenAI acts as a data processor on our behalf. 

- Data processed through ChatGPT Business / Enterprise is not used for model training.

- OpenAI implements appropriate technical and organisational security measures in accordance with Article 32 GDPR, including encryption in transit and at rest.

- Where data is transferred to the United States, such transfers are governed by EU Standard Contractual Clauses (SCCs) or other appropriate safeguards under Chapter V of the GDPR.

 

Retention and deletion

Personal data processed through the AI tool is stored only for as long as necessary for the stated purpose. Upon termination of our agreement with OpenAI or upon request, OpenAI is contractually obliged to delete or return all personal data processed on our behalf in accordance with the DPA.

.

7.2 Third parties (e.g. partners)
Danish Business Angels does not share or supply personal information to third parties. We do not sell or rent your personal information to marketers or third parties.
Please note that in the event that we are involved in a bankruptcy, merger, acquisition, reorganisation, your information may be transferred as part of that transaction. This policy will continue to apply to your information also after the information has been transferred to the new entity.

For the purpose of evaluating investment opportunities, we may share founder/startup submissions with members of the DanBAN network under confidentiality obligations. We do not sell or rent personal data.

 

8. Transfer to countries outside the EU/EEA

Some of our service providers and partners process personal data outside the EU/EEA, including in the United States and the United Kingdom.
Where such transfers occur, we ensure that appropriate safeguards are in place to protect your data in accordance with GDPR Chapter V.

These safeguards include the use of the European Commission’s Standard Contractual Clauses (SCCs) or, where applicable, the EU–U.S. Data Privacy Framework or other approved mechanisms ensuring an adequate level of protection.

You can request further information or a copy of the relevant safeguards by contacting us at info@danban.org.

 

9. Your rights
You have the following rights:

Access and rectification:
You have the right to ask us for copies of your personal data or ask us to rectify information you think is inaccurate. We are obligated to inform you whether or not we are processing personal information about you, the purpose of the processing, the categories of the personal information and any other available information as to the source of such data. There are some exemptions, which means you may not always receive all the information we process but as a main rule you can always contact us and ask for your information.

 

Erasure:
You can ask us to erase your personal information in certain circumstances.

 

Withdrawal of consent:
If processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdraw your consent. You may withdraw your consent by sending an email to info@danban.org

 

Objection and restriction:
You have the right to ask us to restrict the processing of your data and a similar right to object to processing. You may at any time object to our processing of the data concerning you. If your objection is justified, we’ll no longer process such information.

 

Data portability:
You have the right to receive your personal information in a structured, commonly used and machine-readable format (data portability).

 

Marketing Purposes:
Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data about you for such marketing.
There may be conditions or limitations on these rights. It is therefore not certain e.g. you have the right of data portability in a specific case – this depends on the specific circumstances of the processing activity. You are always welcome to contact us and ask. The same goes for some of the other rights.
The data protection laws give us one month to respond to you, but we’ll try to respond sooner.

 

9.1.Complaints
If you wish to report an issue or if you feel that we haven’t addressed your concerns in a satisfactory manner, you may contact the Danish Data Protection Agency:
Website: https://www.datatilsynet.dk
Email: dt@datatilsynet.dk
Address: Borgergade 28, 5., 1300 Kbh K
Telephone: +45 33 19 32 00

 

9.2. Assistance and support
You can take steps to exercise your rights by using this email: info@danban.org
If you have questions about the policy, feel free to contact us by using the contact details in this policy.

 

10. How to unsubscribe to email marketing material?
If you have subscribed to our newsletters or asked to receive marketing material from us, you can always unsubscribe. In all these emails, we include an unsubscribe link and you can always click the link and easily unsubscribe.
You can also unsubscribe by sending us an email to info@danban.org or by using the unsubscribe link in the footer of our newsletter.

 

11. Children and our Services
Our services and website are not directed to children, and you must be over 18 years old to use our services and website.

 

12. Questions
Please contact us if you have any questions about our policy.

 

13. Changes to this policy
Sometimes we need to make changes to this policy to reflect our current practises. We will take reasonable steps to let you know about changes via our website.

If you are a registered user, we will notify you via email if significant changes are being made to the policy using the email address you gave us when you signed up. If you continue to use our website or services after the notification, we will regard this as your acceptance of our privacy practises.

​

bottom of page