This policy describes how ARPEDIO SOLUTIONS ApS ("ARPEDIO," "we," "us," "our") processes personal data when you visit arpedio.com, submit a form, attend one of our events, or otherwise interact with us through this website. We operate as a Danish company and comply with the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act.
1. Data controller
The data controller for the processing described in this policy is:
ARPEDIO SOLUTIONS ApS
CVR 34219591
Birkedommervej 27, 2400 København NV, Denmark
Email: privacy@arpedio.com
2. What we collect
We collect only the personal data we need to run arpedio.com, respond to inquiries, and improve what we publish.
Data you provide directly
- Contact form submissions: name, business email, company, role, and the message content you send us.
- Event registrations: name, business email, company, role, and event-specific fields (e.g., dietary requirements for in-person events).
- Assessment and research downloads: name, business email, company, role, CRM (optional), and any answers you provide to the assessment itself.
- Email preferences: your subscription status and topic preferences if you opt in to updates.
Data we collect automatically
- Operational log data: IP address, request path, timestamp, and browser and device type, captured by our hosting and edge-network provider (Cloudflare) for service delivery, security, and bot mitigation.
- Analytics data: aggregated usage of the site (pages viewed, referring sources, rough geography). Visitors who do not consent to analytics are tracked anonymously without cookies; consenting visitors are recognised across sessions via a first-party visitor identifier.
- Marketing-automation identifier: if you consent to marketing cookies, we associate your browsing on arpedio.com with any subsequent form submission you make, so our go-to-market team can follow up with relevant context.
- Consent state: the cookie categories you have accepted or declined, stored in a first-party cookie so we can honour your choice on subsequent visits.
3. How we use your data
- To respond to inquiries, schedule meetings, and handle pre-sales conversations.
- To deliver requested content (research, assessment results, event confirmations).
- To send you occasional updates if you have opted in — you can unsubscribe at any time.
- To understand aggregate patterns of how visitors use the site, so we can improve it.
- To meet our legal obligations, defend legal claims, and prevent fraud.
We do not sell personal data. We do not use it for automated decision-making that produces legal or similarly significant effects.
4. Legal basis for processing
- Consent (Art. 6(1)(a) GDPR) — for non-essential cookies, marketing communications, and optional fields you choose to complete.
- Contract (Art. 6(1)(b)) — to respond to a specific request you make of us, e.g., to schedule a demo.
- Legitimate interests (Art. 6(1)(f)) — to operate and secure the website, analyse aggregate usage, and conduct B2B outreach where you represent a company within our ideal customer profile. We balance these interests against your rights, and you can object at any time.
- Legal obligation (Art. 6(1)(c)) — where we must retain records for tax, audit, or compliance reasons.
5. Cookies and tracking technologies
Strictly-necessary cookies (security, bot mitigation, and consent state) load on every visit. Analytics and marketing cookies load only after you accept them via the consent banner that appears on your first visit. You can change your preferences at any time from our Cookie Policy page using the Manage cookie preferences button. Visitors who decline analytics cookies are still counted in aggregate via a cookieless, server-side session hash; no personal data is processed and no cookie is set.
6. Processors we rely on
We use the following processors to operate the site. Each is bound by a data processing agreement consistent with Art. 28 GDPR, or such an agreement is in the process of being executed.
- Cloudflare, Inc. — hosting, CDN, DDoS protection, bot mitigation, and tag management (Zaraz) for arpedio.com. Zaraz also runs the consent banner and stores your consent state in a first-party cookie.
- Lifecycle Operators LLC — operates our Cloudflare Pages deployment and the server-side form-submission handler that validates and forwards form data. Receives operational request logs. Data Processing Agreement in progress at launch.
- Piwik PRO — first-party site analytics. Loaded for every visitor in a cookieless anonymous mode (server-side session hash, no personal data) and upgraded to full visitor recognition only after you grant Analytics consent. EU-hosted.
- Salesforce (Pardot / Marketing Cloud Account Engagement) — receives and processes form submissions (contact, assessment, and event forms), delivers associated email (autoresponders, opt-in communications), and — if you grant Marketing consent — sets a first-party visitor identifier so we can associate site browsing with later form submissions.
- Slack Technologies — receives a server-to-server notification of each new form submission so our go-to-market team can follow up. No visitor cookie is involved.
7. International transfers
Several of our processors (Cloudflare, Lifecycle Operators, Salesforce, and Slack) are established in the United States and may process data outside the European Economic Area. Where that happens, transfers are protected by the EU–US Data Privacy Framework, the European Commission's Standard Contractual Clauses, or equivalent safeguards required by Chapter V of the GDPR.
8. How long we keep data
- Inquiry and form-submission data: retained for the duration of the active conversation and then for up to 36 months thereafter, so we can respond to follow-ups.
- Marketing-list data: retained while you remain subscribed, plus up to 24 months after your last interaction or unsubscribe, whichever comes first.
- Analytics data: retained in aggregated form for up to 25 months.
- Cookies: see the Cookie Policy for per-cookie durations.
Where we are required by law (e.g., accounting obligations under the Danish Bookkeeping Act), we keep records for the statutory period.
9. Security
We use TLS for all traffic to arpedio.com, restrict access to personal data to staff who need it, and review our processor contracts and practices regularly. No system is entirely impenetrable; if we ever become aware of a personal data breach that is likely to affect your rights, we will notify the Danish Data Protection Agency within 72 hours and, where required, notify you directly.
10. Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion ("right to be forgotten") where no lawful basis requires us to retain it.
- Restrict processing while a question is resolved.
- Object to processing carried out on the basis of legitimate interests, including for direct marketing.
- Receive your data in a portable, machine-readable format.
- Withdraw consent at any time, where processing relies on consent.
To exercise any of these rights, email privacy@arpedio.com. We will respond within one month.
11. Complaints
If you believe we have handled your data in a way that violates the GDPR, you can lodge a complaint with the Danish Data Protection Agency:
Datatilsynet
Carl Jacobsens Vej 35, 2500 Valby, Denmark
datatilsynet.dk · +45 33 19 32 00
12. Children's data
This site is intended for enterprise B2B audiences. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has submitted personal data to us, contact privacy@arpedio.com and we will delete it.
13. Changes to this policy
We may update this policy as our processing or the law evolves. Material changes will be flagged on this page with a new "last updated" date. We encourage you to review it periodically.
For any question about this policy or your personal data:
ARPEDIO SOLUTIONS ApS
Birkedommervej 27, 2400 København NV, Denmark
privacy@arpedio.com