Privacy policy

Last Updated: May 16, 2025
1. Introduction
ePact ApS ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our digital signature services.
We understand the importance of your personal data and are committed to processing it responsibly and in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
2. Data Controller Information
ePact ApS is the data controller for personal data collected through our website and services.
Contact Information:
- Company: ePact ApS
- Address: Njalsgade 76, 2300 København
- Email: epact@epact.dk
- Phone: +45 70 60 85 08
3. Information We Collect
We collect several types of information from and about users of our website and services:
3.1 Personal Data You Provide to Us
- Account Information: When you register for an account, we collect your name, email address, company name, and phone number.
- Document and Signature Information: Information contained in documents uploaded for signature, signature data, timestamps, and IP addresses associated with signatures.
- Identification Information: When using our KYC features, we may collect identity verification data such as MitID or NemID verification information.
- Payment Information: If you purchase our services, we collect payment information, though credit card details are processed directly by our payment processors.
- Support Information: Information you provide when contacting our customer support, including communication history.
3.2 Information We Collect Automatically
- Usage Data: Information about how you interact with our website and services, including access dates and times, pages viewed, page response times, and features used.
- Device Information: Information about your device, including IP address, browser type, operating system, and device identifiers.
- Cookies and Similar Technologies: We use cookies and similar tracking technologies to collect information about your browsing activities. For more details, see our Cookie Policy section below.
4. How We Use Your Information
We use the information we collect for various purposes, including:
- Providing, maintaining, and improving our services
- Processing and completing transactions
- Communicating with you about our services, updates, and support
- Personalizing your experience on our website
- Complying with legal obligations
- Detecting, preventing, and addressing technical issues, fraud, or illegal activity
- Analyzing usage patterns to improve our website and services
- Marketing our services to you (where you have given consent)
5. Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary for the performance of our contract with you to provide our services.
- Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services, preventing fraud, and ensuring network security.
- Consent: Processing based on your consent, such as sending marketing communications.
- Legal Obligation: Processing necessary to comply with our legal obligations, such as retention of signature data for legal validity.
6. Google Analytics
We use Google Analytics to analyze the use of our website. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our website. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
Google Analytics places cookies on your device to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
We have implemented the following measures to ensure GDPR compliance when using Google Analytics:
- We use the anonymization feature for IP addresses
- We have signed the Data Processing Amendment with Google
- We have configured Google Analytics to delete data after 14 months
- We only collect data after getting your consent through our cookie banner
You can opt-out of having your activity on the website made available to Google Analytics by installing the Google Analytics opt-out browser add-on (https://tools.google.com/dlpage/gaoptout).
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy
7. Data Sharing and Disclosure
We may share your personal information in the following situations:
- Service Providers: We may share your information with third-party vendors, service providers, and contractors who perform services on our behalf and need access to your information to deliver those services.
- Business Transfers: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
- Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities.
- Protection of Rights: We may disclose your information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
- With Your Consent: We may share your information with your consent.
We do not sell your personal data to third parties.
8. Data Transfers
Some of our third-party service providers may be located outside of the European Economic Area (EEA). When we transfer your personal data outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
9. Data Security
We have implemented appropriate technical and organizational measures designed to secure your personal data from accidental loss and unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on secure servers behind firewalls.
We use industry-standard encryption technologies when transferring and receiving sensitive data exchanged with our site. Documents uploaded to our platform are encrypted using 256-bit AES encryption.
However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
10. Data Retention
We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.
Specific retention periods:
- Account information: Retained for the duration of your account plus 5 years after account closure
- Signature data and signed documents: Retained for 10 years for legal validity purposes
- Log data and analytics: Retained for 14 months
- Marketing communications preferences: Retained until you withdraw consent
11. Your Data Protection Rights
Under the GDPR, you have the following rights:
- Right to Access: The right to request copies of your personal data.
- Right to Rectification: The right to request that we correct any inaccurate or incomplete information.
- Right to Erasure: The right to request that we delete your personal data, under certain conditions.
- Right to Restrict Processing: The right to request that we restrict the processing of your personal data, under certain conditions.
- Right to Object: The right to object to our processing of your personal data, under certain conditions.
- Right to Data Portability: The right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
- Right to Withdraw Consent: The right to withdraw your consent at any time where we relied on your consent to process your personal data.
To exercise any of these rights, please contact us at epact@epact.dk. We will respond to your request within 30 days.
12. Cookies Policy
Our website uses cookies to enhance your browsing experience. Cookies are small text files that are placed on your device when you visit our website. They allow us to recognize your device and remember certain information about your visit.
Types of Cookies We Use:
- Essential Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms.
- Analytics Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and anonymous.
- Functional Cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.
- Targeting Cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites.
Cookie Management:
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
When you first visit our website, we will present you with a cookie banner that allows you to accept or decline non-essential cookies.
13. Children's Privacy
Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us.
14. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. You are advised to review this Privacy Policy periodically for any changes.
15. Contact Us
If you have any questions about this Privacy Policy, please contact us:
- By email: epact@epact.dk
- By phone: +45 70 60 85 08
- By mail: Njalsgade 76, 2300 København
If you have unresolved concerns, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) at www.datatilsynet.dk.