Privacy Policy

Last updated:

May 22, 2025

1. Introduction

At Polly Technologies ApS (“Polly,” “we,” “our,” or “us”), your privacy is our priority. We are committed to protecting your personal data and maintaining transparency about how we use it. As a platform dedicated to innovation in production planning, we strive to set a higher standard for data privacy.

We believe in data minimization and collect only the information necessary to provide and improve our services. We prioritize practices that protect your privacy.

This Privacy Policy explains how we collect, use, and safeguard your information as a data controller. If you would like to understand how we act as a data processor, please contact our support team to review our Data Processing Addendum (DPA).

2. Personal Data We Process

We collect and process personal data depending on your interaction with us:

When you use our platform, we collect information such as your email address and general contact details to facilitate communication and identify you within your team. We also collect data about platform usage to troubleshoot issues, improve services, and ensure a smooth user experience.

For business operations, we process data about our employees, including contractual details, contact information, bank details, and other information required by law or necessary for operational purposes. Similarly, we collect data about suppliers, customers, and partners, such as contact and payment details, to manage relationships, fulfill contractual obligations, and meet legal requirements.

To support our communication efforts, we process contact information for current and prospective customers. Additionally, we collect device access logs and other security-related information to protect our tools and applications from unauthorized access.

Cookies

We use only essential and functional cookies on our website and platform. These cookies are necessary to enable core functionalities such as secure login, session management, and user preferences. They do not track personal behavior or serve advertising purposes. By limiting our use to strictly necessary cookies, we support a privacy-first experience for all users.

3. How We Use Your Data

We use personal data to provide, maintain, and improve our platform and services. This includes troubleshooting, responding to customer inquiries, and improving the platform’s functionality. For operational purposes, data is processed to meet legal obligations, fulfill contracts, manage relationships with stakeholders, and ensure the security of our systems.

Legal Bases for Processing

We process personal data based on one or more of the following lawful bases under GDPR:

Contractual Necessity: To fulfill our obligations under a contract with you or your organization (e.g., account setup, support, service delivery).
Legitimate Interests: To analyze platform usage, detect fraud, improve services, or maintain security—provided these interests do not override your fundamental rights.
Legal Obligation: To comply with applicable laws and regulations, including tax, employment, and financial reporting.
Consent: For optional activities such as marketing communications, where consent is requested in advance. You may withdraw your consent at any time.

4. Ethical Data Principles

We are committed to handling personal data in a responsible, lawful, and transparent manner. The following principles underpin our approach to data protection and guide all relevant decisions:

Transparency: We clearly communicate the purposes and associated risks.
Data Minimization and Access Control: We collect only the personal data that is necessary to fulfill specific, legitimate purposes and ensure that access is restricted to authorized personnel.
Fairness and Non-Discrimination: We take reasonable steps to avoid unintended bias, particularly in cases involving automation or analytics.
Accountability and Oversight: Our Data Protection Officer (DPO) oversees compliance with applicable laws and internal policies.

5. Third-Party Data Processors

To deliver our services, we collaborate with trusted third-party providers. These providers act as data processors, and we ensure that they comply with GDPR by signing Data Processing Agreements (DPAs).

Some of our third-party providers may transfer personal data outside the EU/EEA. In such cases, we implement safeguards like Standard Contractual Clauses (SCCs) to ensure data protection. We also retain the right to audit our processors and request updated compliance reports regularly.

6. Data Retention

We retain personal data only as long as necessary for legal, operational, or legitimate purposes. For example, data required for accounting is stored as per Danish law, while other types of data are deleted or anonymized when no longer needed.

Our retention policies prioritize balancing legitimate business interests with individuals’ privacy rights.

7. Your GDPR Rights

As an EU data subject, you have the right to:

Access your data
Correct or delete your data
Object to or restrict data processing
Withdraw consent (if given)
Request data portability

Contact our DPO at frederik@polly.works to exercise your rights. All requests are handled in full compliance with GDPR.

8. Security and Risk Management

We employ industry-standard security measures to protect your personal data. This includes encryption for data in transit and at rest, access controls to limit unauthorized access, and regular audits to identify and address potential vulnerabilities.

Data Breach Notification

In the unlikely event of a personal data breach, we follow a structured incident response plan:

If the breach poses a high risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours in accordance with GDPR Article 33.
If required, we will also inform affected individuals without undue delay.
After resolving the incident, we analyze root causes, update procedures, and apply lessons learned to prevent recurrence.