Privacy Policy

Kombiner ApS (“Kombiner”, “we”, “us”, or “our”) respects your privacy and is committed to protecting personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Danish data protection laws.

This Privacy Policy explains how Kombiner processes personal data when acting as a Data Controller.

1. Who We Are

Kombiner ApS
VAT/CVR: 46281489
Sommerstedgade 34, 1 th
1718 Copenhagen V
Denmark
Email: support@kombiner.com

Kombiner ApS is the data controller for the personal data described in this Privacy Policy.

2. When We Act as Data Controller

Kombiner acts as Data Controller when processing personal data relating to:

  • Visitors to kombiner.com
  • Individuals contacting us directly
  • Account holders (tenant administrators)
  • Billing contacts
  • Newsletter subscribers
  • Business partners

In these cases, Kombiner determines the purposes and means of processing.

3. When We Act as Data Processor

Kombiner provides a SaaS platform that allows customers (tenants) to process personal data of their own customers, partners, or end users.

In those cases:

  • The tenant acts as Data Controller.
  • Kombiner acts solely as Data Processor.

Examples include:

  • Personal data submitted in quote forms
  • Order recipient information
  • B2B buyer details
  • Contact persons added by tenants
  • End-user data within tenant storefronts

Such processing is governed by a separate Data Processing Agreement (DPA).

Kombiner does not use such data for its own purposes.

If you have questions about data submitted to a tenant storefront (e.g., partnershop.tonicopenhagen.com), you must contact the relevant tenant directly.

4. Categories of Data We Collect as Controller

4.1 Account and Contract Data

  • Name
  • Email
  • Phone
  • Company name
  • Business address
  • VAT/CVR number
  • Billing information

Legal basis: GDPR Article 6(1)(b)

4.2 Website and Usage Data

  • IP address
  • Browser type
  • Device information
  • Website interactions
  • Security logs

Legal basis: Article 6(1)(f) – legitimate interest in security and service improvement.

4.3 Support Communications

  • Email correspondence
  • Support tickets
  • Technical logs

Legal basis: Article 6(1)(b) and 6(1)(f)

4.4 Marketing

  • Name
  • Email
  • Company

Legal basis: Article 6(1)(a) – consent.

You may withdraw consent at any time.

5. Data Retention

We retain personal data only as long as necessary for:

  • Contractual obligations
  • Accounting requirements
  • Legal compliance
  • Security purposes

Tenant customer data is retained according to the tenant’s configured retention settings.

6. Sub-Processors

We may use trusted service providers, including:

  • Google Cloud / Firebase
  • SendGrid
  • Hosting providers
  • Analytics tools

We ensure appropriate contractual safeguards are in place. To learn more about our sub-processors, please visit the sub-processors page.

7. International Transfers

Where personal data is transferred outside the EU/EEA, appropriate safeguards such as Standard Contractual Clauses are implemented.

8. Security

We implement appropriate technical and organizational measures, including:

  • Encryption in transit
  • Role-based access control
  • Authentication mechanisms
  • Monitoring and logging

9. Your Rights

Under GDPR, you have the right to:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Portability
  • Object
  • Withdraw consent

Requests may be sent to support@kombiner.com.

If your request relates to data processed by a tenant storefront, you must contact the relevant tenant.

10. Complaints

You may lodge a complaint with:

Datatilsynet
www.datatilsynet.dk

Last updated: 24. February 2026