Book a Discovery Call

Privacy Policy

Last updated: 29 June 2026

Nordics Consulting is a trading name of Nordic Corporate Services ApS. In this Privacy Policy, “Nordics Consulting,” “we,” “our,” or “us” refers to Nordic Corporate Services ApS.

We respect your privacy and are committed to protecting personal data. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you:

  • Visit our website

  • Contact us or book a discovery call

  • Request an AI readiness assessment

  • Subscribe to updates or marketing communications

  • Engage us for consulting, development, training, infrastructure, or embedded-team services

  • Work with us as a customer, prospect, partner, supplier, consultant, or business contact

For personal data processed for our own business purposes, Nordic Corporate Services ApS generally acts as the data controller.

1. Company and Controller Information

Legal company name: Nordic Corporate Services ApS
Trading name: Nordics Consulting
CVR number: 46583248
EUID: DKCVR.46583248
Registered office address: Østergade 3, 8500 Grenaa, Denmark
Email: contact@nordics.consulting

2. Age Verification

Our website and services are intended for business and professional users.

You must be at least 18 years old to request services, enter into an agreement in your own name, or submit information to us for contractual purposes.

If you act on behalf of a company or other organization, you confirm that you have the authority to provide information and communicate with us on its behalf.

We do not knowingly market our services to children or intentionally collect personal data from children.

3. Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data.

Identity and Contact Data

This may include:

  • Name

  • Business email address

  • Telephone number

  • Job title

  • Employer or company name

  • Business address

  • Professional profile information

Enquiry and Communication Data

This may include:

  • Discovery-call requests

  • Contact-form submissions

  • Emails and other correspondence

  • Meeting notes

  • Project enquiries

  • Feedback

  • Support requests

  • Records of business communications

Customer and Contract Data

This may include:

  • Company and stakeholder information

  • Project requirements

  • Statements of work

  • Proposals

  • Contracts

  • Service preferences

  • Delivery plans

  • Account and access details

  • Billing contacts

  • Invoice and payment status information

Technical and Usage Data

This may include:

  • IP address

  • Browser type

  • Device type

  • Operating system

  • Referral source

  • Pages visited

  • Session duration

  • Timestamps

  • Website interaction information

  • Security, diagnostic, and performance logs

Marketing and Preference Data

This may include:

  • Newsletter preferences

  • Marketing consent records

  • Communication preferences

  • Event or webinar registrations

  • Responses to surveys or assessments

Project and Customer Content

When providing services, customers may give us access to:

  • Business documents

  • Technical documentation

  • Source code

  • Application data

  • Infrastructure information

  • System logs

  • Customer records

  • Prompts and AI-generated outputs

  • Workflow information

  • Training materials

  • Internal policies

  • Data used for AI audits, prototypes, or development

The exact information processed depends on the agreed service and project scope.

4. How We Collect Personal Data

We may collect personal data:

  • Directly from you

  • From your employer or organization

  • Through website forms and discovery-call bookings

  • During meetings, assessments, workshops, and project delivery

  • From authorized account administrators

  • From applications, platforms, and systems you authorize us to access

  • From cookies and similar technologies

  • From professional networking platforms and publicly available business sources

  • From implementation, referral, or commercial partners where lawful

5. How and Why We Use Personal Data

We may process personal data for the following purposes.

Responding to Enquiries and Discovery-Call Requests

We use information to respond to questions, understand business requirements, arrange meetings, and prepare proposals.

Legal basis: Steps taken before entering into a contract and our legitimate interest in developing and operating our business.

Delivering Consulting and Professional Services

We use information to provide:

  • AI strategy and readiness assessments

  • AI audits and transformation roadmaps

  • AI-powered product development

  • Embedded engineering and consulting teams

  • Enterprise AI training

  • Cloud and infrastructure services

  • Agentic AI and workflow automation

  • Technical support and advisory services

Legal basis: Performance of a contract and our legitimate interest in delivering effective professional services.

Managing Projects and Customer Relationships

We process information to manage project delivery, allocate consultants, communicate with stakeholders, track progress, provide support, and maintain project records.

Legal basis: Performance of a contract and legitimate interests in managing customer relationships.

Billing and Business Administration

We use relevant information to issue invoices, maintain accounting records, manage payments, handle commercial correspondence, and meet financial obligations.

Legal basis: Performance of a contract, legal obligations, and legitimate interests in managing our business.

Security and Service Improvement

We may process technical and usage information to secure our website and systems, prevent misuse, troubleshoot issues, monitor performance, and improve our services.

Legal basis: Legitimate interests in security, service reliability, fraud prevention, and business improvement.

Marketing Communications

Where permitted, we may send information about our services, events, insights, or business updates.

You can unsubscribe or object to marketing communications at any time.

Legal basis: Consent where required or legitimate interests where permitted by applicable law.

Legal Compliance and Disputes

We may process information to comply with legal obligations, protect our rights, maintain evidence, respond to lawful requests, and manage claims or disputes.

Legal basis: Legal obligations and legitimate interests in establishing, exercising, or defending legal rights.

6. Controller and Processor Roles

Our data-protection role depends on the context.

When We Act as Controller

We generally act as controller for information used for:

  • Operating our website

  • Responding to enquiries

  • Business development

  • Contract and account administration

  • Billing and accounting

  • Marketing

  • Security and fraud prevention

  • Internal operations

  • Legal compliance

When We Act as Processor

When we process personal data solely on a customer’s documented instructions during a consulting, development, infrastructure, automation, or embedded-team engagement, we may act as a data processor.

In those cases:

  • The customer generally determines the purpose of processing

  • The customer is responsible for establishing a lawful basis

  • The customer is responsible for providing required privacy information

  • Processing will be governed by the applicable contract or Data Processing Agreement

7. AI Systems and Automated Processing

Our services may involve AI systems, language models, agent frameworks, automated workflows, retrieval systems, development assistants, or related technologies.

Depending on the engagement, these technologies may be used to:

  • Analyze business or technical information

  • Summarize documents

  • Generate drafts or code

  • Develop prototypes

  • Identify patterns or opportunities

  • Automate workflows

  • Support software development

  • Produce recommendations

  • Assist with testing, monitoring, and project delivery

AI-generated outputs may be incomplete, inaccurate, or unsuitable for a particular purpose. Appropriate human review should be applied before outputs are used for important operational, legal, financial, employment, medical, compliance, or similarly significant decisions.

Unless expressly agreed otherwise in writing, customer confidential information will not be used to train generalized third-party foundation models for purposes unrelated to delivering the agreed services.

8. Special Categories and Sensitive Information

We do not request sensitive personal data through ordinary website forms.

Customers should avoid providing sensitive information unless it is necessary for an agreed project, legally permitted, and protected by appropriate contractual, organizational, and technical measures.

Projects involving healthcare, financial, employment, government, or other regulated information may require additional agreements, assessments, or safeguards.

9. Sharing Personal Data

We may share personal data with carefully selected recipients where necessary, including:

  • Cloud hosting and infrastructure providers

  • Communication and collaboration providers

  • AI, development, and model-service providers

  • Analytics and website-performance providers

  • Project-management and customer-support providers

  • Payment, accounting, and invoicing providers

  • Professional advisers, auditors, insurers, and legal counsel

  • Consultants and subcontractors involved in delivering services

  • Public authorities where disclosure is legally required

  • A buyer, successor, or transaction partner during a merger, financing, restructuring, or transfer of business assets

Where providers process personal data on our behalf, we require them to protect it and use it only for authorized purposes.

10. International Data Transfers

Some service providers or project tools may process personal data outside the European Economic Area.

Where personal data is transferred internationally, we will use an appropriate lawful transfer mechanism and safeguards where required. These may include:

  • An adequacy decision

  • Standard contractual clauses

  • Contractual, technical, and organizational protections

  • Another transfer mechanism permitted by applicable law

Customers may contact us for further information about safeguards relevant to their data.

11. Data Retention

We retain personal data only for as long as reasonably necessary for the purpose for which it was collected and to meet legal, accounting, security, contractual, and dispute-handling requirements.

Typical retention periods may include:

Data category Typical retention approach
General enquiries and discovery-call requests Up to 24 months after the last meaningful communication
Marketing records Until consent is withdrawn, an objection is received, or the record is no longer required
Customer and project administration records For the contract period and an appropriate period afterward
Contracts, invoices, and accounting records For the period required under applicable accounting and tax rules
Support and project correspondence Based on project, contractual, and legal requirements
Website security and technical logs For a limited period unless required for investigation or security purposes
Customer project data According to customer instructions, contractual terms, and agreed deletion procedures
Backups Deleted through scheduled backup-rotation processes

Where an exact retention period cannot be specified, we consider the nature of the data, the purpose of processing, legal requirements, security needs, and potential claims.

12. Data Security

We use reasonable technical and organizational safeguards designed to protect personal data.

Depending on the nature of the project, these measures may include:

  • Access controls

  • Authentication measures

  • Encryption where appropriate

  • Secure development practices

  • Logging and monitoring

  • Environment separation

  • Backup controls

  • Confidentiality commitments

  • Vendor and subcontractor reviews

  • Incident-response procedures

No digital transmission or storage method can guarantee absolute security. Customers are also responsible for maintaining appropriate controls over their accounts, systems, credentials, and users.

13. Cookies and Similar Technologies

Our website may use cookies and similar technologies to:

  • Operate essential website functions

  • Maintain security

  • Remember preferences

  • Analyze website performance

  • Understand visitor interactions

  • Support marketing where consent has been provided

Non-essential cookies will be used only where permitted and, where required, after consent.

Further details should be provided through our Cookie Policy and cookie settings tool.

14. Your Data-Protection Rights

Depending on the applicable law and processing context, you may have the right to:

  • Request access to your personal data

  • Request correction of inaccurate or incomplete information

  • Request deletion of personal data

  • Request restriction of processing

  • Object to processing based on legitimate interests

  • Withdraw consent at any time

  • Request data portability where applicable

  • Request information about automated processing

  • Lodge a complaint with a competent data-protection authority

To exercise your rights, contact:

contact@nordics.consulting

We may need to verify your identity before responding.

Where we process information solely on behalf of a customer, we may refer your request to that customer or assist the customer in responding.

15. Complaints

Please contact us first if you have a concern about how we process personal data. We will investigate and attempt to resolve the matter.

You may also have the right to submit a complaint to the competent data-protection authority in Denmark or another authority responsible for the relevant processing.

16. Third-Party Websites and Services

Our website and services may contain links to or integrations with third-party platforms, models, cloud providers, development tools, or other services.

Those third parties may process information under their own terms and privacy notices. We are not responsible for processing performed independently by those third parties.

17. Changes to This Privacy Policy

We may update this Privacy Policy to reflect legal, technical, operational, or business changes.

The updated version will be published on this page with a revised “Last updated” date.

18. Company Contact Information

Legal company name: Nordic Corporate Services ApS
Trading name: Nordics Consulting
CVR number: 46583248
EUID: DKCVR.46583248
Registered office address: Østergade 3, 8500 Grenaa, Denmark
Email: contact@nordics.consulting