Français Contact

Privacy Policy

VERSION 2.0, JANUARY 12th, 2026

At Signifly ApS (“we”/“our”/“us”), data protection and confidentiality are a high priority.

This Privacy Policy explains what and how we process your personal data when you use our website, www.signifly.com (the “website”). The website is operated by Signifly ApS and is the data controller (i.e., the company that decides the means and purpose for processing your personal data).

Last updated: 12 January 2026

Data controller & contact

Signifly ApS
Vesterbrogade 44, 1.
DK-1620 Copenhagen V
Email: hello@signifly.com

Danish company registration no. (CVR): 33156898

Data Protection Officer (DPO): We have not appointed a Data Protection Officer. If you have privacy questions, contact us at hello@signifly.com.

How we use your personal data

Legal bases (EEA/UK)

Where the GDPR/UK GDPR applies, we rely on the following legal bases:

- Inquiries / pre-contract steps: processing is necessary to take steps at your request prior to entering a contract and/or for our legitimate interests in responding to inquiries and promoting our business.

- Marketing emails: consent where required; and/or legitimate interests where a permitted soft opt-in applies (as described in “Marketing”), and you can opt out at any time.

- Recruitment: our legitimate interests in recruiting and assessing candidates; and where required, compliance with legal obligations.

- Website analytics/ads cookies: consent for non-essential cookies; necessity/legitimate interests only for strictly necessary cookies required to operate the website.

Your inquiries

If you contact us about our services, the email(s) you send / contact form submitted may include information about you, such as your name, address, email address, and your inquiry. We use this information to carry out the following:

In line with the legitimate interest we have in promoting our business, we will process your inquiries to provide you with information about the services we offer.

This might include replying to your inquiry, or sending you invites to our events where permitted under applicable marketing rules (see “Marketing” below).

We use HubSpot and Google Gmail (Google Workspace) to process your email address and information supplied by you in the course of an inquiry through the website and to manage communications.

We may also process inquiries to take steps you ask of us to enter into an agreement to provide you with our services.

You are under no obligation to provide us with any details, but if you don’t provide all relevant information, we may not be able to help.

Marketing

We might use your information to send you marketing emails about our services or events that are similar or related to those you have previously received (or attended, in the case of events) only when permitted under applicable marketing rules, for example:

- where you have given your consent; and/or

- where a soft opt-in applies for existing customers and similar services (where applicable).

You can opt out at any time by clicking unsubscribe at the bottom of each marketing email.

We do not share your name and contact information with affiliates or partners for their own direct marketing unless you have explicitly consented to that. If you would like to be removed from this mailing list, please contact us at hello@signifly.com or click unsubscribe at the bottom of each marketing email.

Recruitment

When you apply for a job on this site, the personal data contained in your application will be collected by us. Your personal data was either provided by yourself or obtained from publicly available sources (e.g. LinkedIn) or provided to us by someone who referred you for potential employment.

Your personal data will be processed to manage our recruitment related activities in line with our legitimate interests, which include evaluating your candidacy/application for employment with us, setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as otherwise needed in the recruitment and hiring processes.

We use Recruitee to manage our recruitment and selection process.

We will retain your personal application data for up to 6 months after the recruitment process ends if you are not hired, unless a longer retention period is required to establish, exercise, or defend legal claims.

If we want to keep your application as part of a talent pool beyond this period, we will ask for your consent first. You can withdraw that consent at any time by contacting hello@signifly.com.

All content you submit to us

If you send us objectionable content or otherwise behave in a disruptive manner when using our website, we may process personal data included in your messages to respond to and stop such behavior.

We only process personal data in this way for the legitimate interests of ensuring that the use of our website is lawful, does not disrupt, does not harass our staff or other individuals, and to enforce our legal rights and to comply with our legal obligations.

Where we reasonably believe you are or may be in breach of the law (for instance, because content you send amounts to harassment or is defamatory), we may use your personal information to inform relevant third parties such as your email/internet provider or law enforcement agencies about the content.

Where we process personal data in this way, we will hold that personal information on our systems for as long as is reasonably necessary to achieve these objectives.

How you use our website (analytics, ads, and cookies)

Our website uses cookies and other mechanisms to collect log and analytical information, such as your internet protocol (IP) address, to help analyze how visitors use the site and to compile statistical reports on website activity. We may also use cookies and similar technologies for advertising measurement and marketing.

We process this information to understand how visitors use our website and to compile statistical reports regarding that activity (for example your IP address may be used to approximate the country from which you access our website, and we may aggregate this information together, so we know that, for example, most of the visitors to our website come from a certain country/area).

We use tools including:

- Google Analytics (analytics)

- Google Tag Manager (to manage and deploy website tags)

- Google Ads (advertising measurement/marketing, including conversion tracking)

- Meta Pixel / Meta Ads (advertising measurement/marketing, including conversion tracking)

- HubSpot (website forms, CRM/marketing activities)

- Cookiebot (cookie consent management)

Cookie consent: Where required by applicable law (including in Denmark, the UK, and Canada), we will not set non-essential cookies (including analytics, advertising and marketing cookies/pixels) unless you take a clear action to consent via our cookie banner. Strictly necessary cookies are used to make the website work and do not require consent.

You can withdraw or change your cookie consent at any time via our cookie settings on the website.

Cookie details: For a current list of cookies/trackers, purposes, providers, and expiry periods, please see the cookie declaration available in our cookie settings (powered by Cookiebot).

We do not use this information to identify you directly. We use it primarily to compile statistics and measure the effectiveness of our marketing.

Automated decision-making / profiling: We do not make decisions about you that produce legal (or similarly significant) effects solely by automated means. However, marketing cookies and pixels (e.g., Meta Pixel / Google Ads) may be used to measure campaigns and build audiences, which can involve profiling (e.g., grouping visitors by interests/behaviour for advertising). Where required, this happens only with your consent, and you can withdraw consent at any time in our cookie settings.

Do we share your personal information with anyone else?

Your personal data on our website is used by regional offices, currently located in Copenhagen, Denmark and Montréal, Canada. We keep your information confidential but may share it with our shareholders, affiliates, and business partners only where necessary for the purposes described in this privacy policy and subject to appropriate contractual and confidentiality obligations.

Whenever we transfer your personal data outside of the European Economic Area (EEA) or the UK (where UK rules apply) we ensure that we have appropriate safeguards in place (see the “International data transfers” section below).

We may also disclose it to our personnel, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this privacy policy, provided that they do not make independent use of the information and have agreed to adhere to the rules set out in this privacy statement.

In addition, we may disclose your information to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).

If we are involved in a merger, acquisition, or sale of all or a portion of our business or assets, the information we hold may be included as part of that sale, in which case you may be notified, as appropriate, via email and/or a notice on the website of any changes in ownership or use of your information, as any choices you may have regarding that information.

Our suppliers may use sub-processors. This is governed by data processing agreements and, where relevant, international transfer safeguards (see the “International data transfers” section below).

Except as provided above, we will not provide your information to third parties.

Use of sub-processors

Our website is hosted by Digital Ocean and Amazon Web Services. Although the information may be stored on servers located in the EU/EEA, support and operations may involve access from countries outside the EU/EEA as the companies are located in the United States and otherwise use subcontractors in other countries outside the EU/EEA.

We also use service providers such as Google, Meta, HubSpot, and Cookiebot to support website analytics, marketing, consent management, and communications, and these providers may use sub-processors.

Our transfer of data to subcontractors and service providers is based on appropriate safeguards, such as the EU Commission’s Standard Contractual Clauses (SCCs), and/or (where applicable) an adequacy decision. For UK personal data, where required, we use the UK IDTA or the UK Addendum to the EU SCCs.

Your rights in relation to personal data which we process relating to you

You have the following rights over the way we process personal data relating to you:

- You can ask for a copy of the data we are processing about you, and you can have inaccuracies corrected;

- You can ask us to restrict, stop processing, or to delete your personal data;

- You can request a machine-readable copy of your personal data, which you can use with another service provider. Where it is technically feasible, you can ask us to send this information directly to another provider if you prefer;

- You can make a complaint to a data protection regulator;

- You can object to our processing where it is based on legitimate interests, and you can always object to direct marketing;

- Where processing is based on consent, you can withdraw your consent at any time.

We aim to comply without undue delay and within one month at the latest. Please send your requests to hello@signifly.com.

Complaints (Denmark/EEA): Datatilsynet (The Danish Data Protection Agency), Carl Jacobsens Vej 35, 2500 Valby, Denmark, dt@datatilsynet.dk, tel. +45 33 19 32 00
Complaints (UK): Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom, tel. 0303 123 1113
Complaints (Canada): Office of the Privacy Commissioner of Canada (OPC) and/or the relevant provincial authority (where applicable)

Children

We do not use the website to knowingly solicit data from or market to children under the age of 13 (or the age where parental consent is required in the relevant country). If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at hello@signifly.com. We will delete such information within a reasonable time.

Security

We have implemented security measures to ensure that our internal procedures meet our high security policy standards. Accordingly, we strive to protect the quality and integrity of your information.

Changes

This policy may be updated from time to time. We will notify you of any changes by posting the new policy here and, where feasible, by letting you know by email.

International data transfers

As mentioned above, where we transfer your data outside of the EEA (or outside the UK, where UK rules apply), we have agreements in place with those parties, which include standard data protection clauses adopted by a data protection regulator and approved by the European Commission (such as the EU Standard Contractual Clauses) to ensure that appropriate safeguards are in place to protect your personal data.

For transfers of UK personal data, where required, we use the UK IDTA or the UK Addendum to the EU SCCs.

If you would like to find out more about these safeguards, please let us know by writing to hello@signifly.com.

Links to other websites

Our website may contain links to other websites or to integrated sites. We are not responsible for the contents of other companies' websites or for the practices of such companies regarding the collection of personal data. When you visit other websites, you should read the owners' policies on the protection of personal data and other relevant policies.

Retention periods

We will hold your personal information on our systems for as long as is necessary for the relevant purpose, or as otherwise described in this privacy policy.

In general:

- Inquiry-related data is stored for up to 24 months from last contact (unless needed longer for contract discussions or legal claims).

- Marketing data is stored until you unsubscribe/opt out (and we keep a record of your opt-out).

- Recruitment data is stored as described in the “Recruitment” section above.

- Contract and accounting-related data may be stored for up to 5 years (or longer if required by applicable law).

- Security logs (where used) may be stored for up to 12 months, unless needed longer for security investigations.

If you have any questions or comments about this privacy policy, please let us know by email to hello@signifly.com.

UK-specific information

This section applies to individuals in the United Kingdom where the UK GDPR and/or the Privacy and Electronic Communications Regulations (PECR) apply.

Cookies and similar technologies: We will only store or access information on your device (e.g., analytics or marketing cookies) where required and where you have provided consent, except for cookies that are strictly necessary for the service you request.

Direct marketing: Where UK marketing rules apply, we will send marketing emails only where permitted (for example, with your consent and/or where a soft opt-in applies for existing customers). You can opt out at any time, and you can always object to direct marketing.

International transfers from the UK: If we transfer UK personal data to countries that are not subject to a UK adequacy decision, we will use appropriate safeguards under UK law, such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs, together with any required risk assessments and supplementary measures.

UK representative (if required): If we are not established in the UK but are required to appoint a UK representative under UK GDPR Article 27, we will publish the representative’s contact details here.

Canada-specific information

This section applies to individuals in Canada where PIPEDA (and/or substantially similar provincial privacy laws) and CASL (Canada’s Anti-Spam Legislation) apply.

Accountability (Privacy Officer): We are responsible for personal information under our control. You can contact our Privacy Officer at hello@signifly.com (or the address above) with questions, access requests, or complaints.

Marketing emails (CASL): We will send commercial electronic messages only where permitted (e.g., with express consent or implied consent where applicable). Our messages will identify us and include an unsubscribe mechanism. You can unsubscribe at any time.

Cross-border processing: Your personal information may be processed or accessed in countries outside Canada when we use service providers (including Google, Meta, HubSpot, and Cookiebot), and those countries may have different privacy laws. We remain responsible for personal information under our control and use contractual and organizational measures to protect it. When information is processed outside Canada, it may be accessible to courts, law enforcement, and national security authorities in those jurisdictions.

Data breaches: Where Canadian breach notification obligations apply, we will assess security incidents and notify affected individuals and report to the relevant authority where required by law.