Privacy Policy

Last updated: 27-11-2025

This Privacy Policy explains how Gnostis ApS processes personal data when you visit our websites. We use a hybrid style – clear for users and fully compliant for legal purposes.

1. Who We Are (Data Controller)

Gnostis ApS
CVR: 45864871
Dam Holme 16
3660 Stenløse, Denmark
Email: contact@gnostis.dk
For US residents: Gnostis ApS is a Danish company and does not sell personal data as defined under CCPA/CPRA.

2. What Personal Data We Collect

A. Automatically Collected Technical Data

Collected through cookies or similar technologies:

  • IP address (shortened/anonymised in GA4)
  • browser and device information
  • operating system
  • time of visit
  • pages viewed
  • clicks and interactions
  • referring source

B. Information You Provide via Email

  • name
  • email address
  • message content

C. Affiliate & Conversion Tracking Data

  • partner ID
  • non-personal conversion data
  • Handled via WeCanTrack and Google Ads.

D. Comments (if enabled)

  • name
  • email
  • comment content
  • IP address

3. Purposes of Processing

  • operating and securing our website
  • understanding and improving traffic and usage
  • advertising measurement (with consent)
  • responding to email inquiries

4. Legal Basis (UK/EU) and Lawful Grounds (US)

GDPR (EU/UK)

  • Legitimate interests – security, basic analytics, communication
  • Consent – analytics, functional and marketing cookies
  • Legal obligation – if required by law

US Law (CCPA/CPRA)

We may process information for:

  • operational purposes
  • debugging and security
  • analytics
  • advertising measurement (not targeted “selling” unless explicitly stated)

We do not sell personal data as defined by California law.

5. Sharing of Data

Google Analytics 4

https://policies.google.com/privacy

Google Tag Manager

https://policies.google.com/privacy

Google Ads

https://policies.google.com/privacy

WeCanTrack

Privacy Statement

Cloudflare

https://www.cloudflare.com/privacypolicy/

All processors comply with GDPR and relevant US/UK standards.

6. Data Retention

  • technical logs: 7–30 days
  • cookie consent: up to 12 months
  • email inquiries: stored only as long as necessary
  • affiliate data: 30–180 days depending on provider

7. Cookies & Consent Management

Our consent management system:

  • displays the cookie banner
  • blocks non-essential cookies until consent is given
  • stores preferences for 12 months
  • allows withdrawal at any time via on-site icon

8. International Transfers

Some providers may process data outside the EU/EEA/UK/US.

We rely on:

  • Standard Contractual Clauses (SCCs)
  • supplementary safeguards
  • provider compliance frameworks (e.g. UK or EU adequacy decisions)

9. Your Rights

EU/UK GDPR rights

  • access
  • rectification
  • erasure
  • restriction
  • data portability
  • objection
  • withdraw consent

US rights (California, CCPA/CPRA)

  • right to know
  • right to delete
  • right to correct
  • right to opt out of “selling/sharing”
  • right to non-discrimination

Contact: contact@gnostis.dk

Complaints: Information Commissioner’s Office (ICO)
https://ico.org.uk

10. Updates to This Privacy Policy

We update this policy when our processing or legal requirements change.
The latest version is always available on this page.

Recommended Reads