Privacy Policy

Privacy Policy – Scope & Legal Basis

1. Controller and Contact Details

Data Controller:
SOAK A/S (Søren Agerbo A/S)
Klamsagervej 35, 8230 Åbyhøj, Denmark
CVR: 31274486
Email: info@soak.dk

You can contact us regarding all privacy inquiries, including access, correction, and deletion requests.

2. Scope of This Privacy Policy

This Privacy Policy explains how and why we collect, process, store, and disclose personal data about you in compliance with the EU General Data Protection Regulation (GDPR), the Danish Data Protection Act, and other applicable Danish and EU data protection laws.

It applies when you:

A. Visit or interact with our websites:

B. Use our Microsoft Dynamics 365 Business Central extensions:

  • SOAK Cares
  • SOAK Connect
  • SOAK Taxes

C. Use our Power BI visuals:

  • Financial Matrix
  • Winner Matric

D. Engage with our support, customer portals, product dashboards, or other digital services.

This policy applies regardless of the device or interface you use.

3. What Types of Personal Data We Collect

Personal data is information that identifies you or that can be reasonably linked to you.

We may collect and process:

Technical & Usage Data

  • IP addresses and connection data
  • Device, browser, and operating system information
  • Activity logs and usage patterns
  • Cookies, tracking identifiers, and analytics

Identity & Contact Data

  • Name, email address, phone number
  • Company name, role, and business contact details

Service Data

  • Login credentials (hashed/secured)
  • Dynamics 365 Business Central installation identifiers
  • Power BI workspace/tenant identifiers
  • Support tickets and communications

Operational & Billing Data

  • License or subscription records
  • Payment transaction information (where applicable)

Azure Processing and Storage

For products such as SOAK Connect and other backend services, we may process and store:

  • Usage logs
  • Configuration data
  • Job execution data
  • Diagnostic and monitoring data

These are hosted on Microsoft Azure and processed in accordance with Microsoft’s GDPR-compliant standards.

4. Legal Basis for Processing

We process personal data on the following lawful bases:

Contract Performance

To provide products, services, and support you have requested.

Legal Obligations

To comply with applicable laws, audits, and regulatory obligations.

Legitimate Interests

To operate, secure, and improve our services (e.g., analytics, fraud prevention, product optimization), unless overridden by your privacy rights.

Consent

Where required (e.g., cookies, marketing emails), we collect your prior consent before processing.

You have the right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

5. How We Use Your Data

We use personal data to:

  • Deliver, maintain, and improve our products and digital services
  • Enable secure login and access control
  • Provide support, notifications, and service messages
  • Protect against fraud, abuse, and security threats
  • Comply with legal requirements
  • Conduct analytics and performance measurement
  • Send marketing communications (where consent is given)

We only collect and use the minimum data necessary for these purposes.

6. Use of Cookies and Similar Technologies (Web Only)

Our websites use cookies and similar technologies for:

  • Essential site functionality
  • Preference and session management
  • Analytics and performance measurement
  • Advertising personalization

You can manage or delete cookies via your browser settings. Disabling cookies may reduce website functionality.

7. Third-Party Processors

We use trusted third parties to process data on our behalf, including:

  • Microsoft Azure (data hosting, analytics, logging, monitoring)
  • Analytics and marketing partners (e.g., Google, Meta, Microsoft)

We ensure:

  • GDPR-compliant data processing agreements
  • Data processors only act on our instructions
  • Data is transferred outside the EU/EEA only with appropriate safeguards (e.g., EU Standard Contractual Clauses) when applicable

8. International Data Transfers

Data may be processed or stored outside the EU/EEA (for example, by Microsoft Azure in compliance with GDPR).

Where international transfers occur, we ensure:

  • Adequate data protection safeguards
  • EU Standard Contractual Clauses or equivalent legal mechanisms

9. Data Retention

We retain personal data only as long as necessary for:

  • The purpose it was collected
  • Legal, contractual, or compliance requirements

Retention periods vary by data type and processing purpose.

10. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Request correction or deletion
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time
  • Lodge a complaint with the Danish Data Protection Authority (Datatilsynet)

To exercise your rights, contact us at info@soak.dk.