Processing of personal data

This Policy (“Privacy Policy”) describes how we at Nume process your personal data, including the data collected through our website and the provision of our services, when we are acting as the controller of such personal data, in accordance with the rules of the General Data Protection Regulation (the ‘GDPR’).

Nume ApS is a trading name of Scaleup Finance Group ApS, a company registered in Denmark with registration number 41920084. Our registered office is at Nyropsgade 41, 1602, Copenhagen V, Denmark.

This Privacy Policy does not apply to the extent we process your personal data in the role of a processor (within the meaning of Article 28 of the GDPR), when providing our services to businesses, companies and/or other entities who are our customers and who use our platform and services for professional use. The terms on which we process personal data on behalf of our customers are set out in agreements between us and our customers, principally our Terms of Service and separate Data Processing Agreement cf. article 28 (3) GDPR. 

If you have any questions about our processing of your personal data or you wish to exercise your rights, you are always welcome to contact us per email:

gdpr@nume.ai.

Categories of personal data, purpose and governing law

In the course of carrying on our business, including in our direct interactions with you, when providing our services, and through our website, we collect and receive personal data in different ways and from different sources. Below is specified the personal data processed in this connection.

Customer management

In order to administer, manage and cultivate the relationship with our customers, we process personal data about you as a customer or a potential customer. As part of our customer management, the following types of information are processed.

  • Ordinary personal data. These include identification information and contact information such as names, email addresses and postal addresses about customers, owners of the customer and/or contact persons, as well as representatives of the customer. Furthermore, we process information about our relationship with the customer, including correspondence, and information about accounts receivable and outstanding amounts. In certain cases, we collect credit information about customers.
  • The legal basis for the processing is Article 6(1)(b) of the GDPR, according to which personal data can be processed if necessary, for the performance of a contract, in this case the task or the potential task. Furthermore, personal data can be processed if necessary for the purposes of our legitimate interests, including the establishment and cultivation of a relationship with a customer, see Article 6(1)(f) of the GDPR; just as there might be situations where we store your personal data even if we do not enter into an agreement.

Marketing

We process personal data in connection with marketing activities, including provision of courses, events, etc., as well as sending out newsletters. Processing is necessary in order to provide services to interested companies.

  • In this context, ordinary personal data are processed, including name, contact information and possible interests or preference for topics, as well as language.
  • The legal basis for processing of personal data in connection with courses, events, sending out newsletters, etc. is our legitimate interests in marketing its business, see Article 6(1)(f) of the GDPR.
  • We will only send newsletters or other marketing material to you if we receive a request to do so. If you exceptionally receive newsletters or other material from us, without having requested it, or if you no longer wish to receive such information, you may notify us at the contact details above. We will then stop sending you the respective material.

Business operations

In connection with our internal business operations, we process personal data of owners or employees of our suppliers, customers and business partners.

  • In this regard, ordinary personal data are processed, including name, place of work and contact information, as well as information about the relationship and correspondence.
  • The legal basis is Article 6(1)(b) of the GDPR, according to which processing is necessary for the performance of a contract to which the data subject is a party or if necessary for the purposes of our legitimate interests, see Article 6 (1) (f). Where processing is based on our legitimate interest, this is in communicating with suppliers and partners, which is essential to the operation of the business model.

Our website

When you visit our website and cloud-based software, we collect and process information about you in connection with our use of cookies for marketing and statistical purposes, e.g. to optimize our website and target ads.

You can find an outline of the types of cookies used by us and how to delete them, etc. in our Cookie Policy.

  • Ordinary personal data are processed in the form of your IP address in connection with our use of cookies. In addition, we process the following information about you: demography, including gender and age, interests, geography and information about your browser, device and service provider.
  • The legal basis is our legitimate interests in generating statistics and, by this process, analyzing the use of our website, e.g. to optimize it, see Article 6(1)(f) of the GDPR.
  • When you use the contact form on our website, we collect your name and email address. In addition, we collect your telephone number and the company name if you also provide us with this information. We process this data so that you can contact us and so that we can handle your request. The legal basis is usually Article 6 (1)(b) of the GDPR, which permits data processing for the performance or initiation of a contract. If your request is not aimed at concluding a contract with us, the legal basis is Article 6 (1) (f) of the GDPR. In this respect, our legitimate interest follows from the need to open up a low-threshold contact option.

Social media

We are active on several social media, including LinkedIn, Facebook, and Instagram. When you interact with us on these media, you are making information available to us and the social media, e.g. when you respond to our postings, comment on or share them, or follow us on the social media. In addition, ordinary information is processed about you in the form of, for example, identification information, contact information, your profile photo, etc. Furthermore, we will in some cases share, for example, a piece of news in which your identification information (name) is included.

  • The legal basis for the processing is our legitimate interests in marketing us on social media and knowledge sharing in the form of sharing of articles, etc., see Article 6(1)(f) of the GDPR.
  • When using Facebook, Facebook makes use of information collected from our Facebook page, and we and Facebook can be considered as being joint data controllers of the processing of data. You can read more about joint data control with Facebook (Meta) here.
  • Information on social media is deleted when we delete a posting or when you delete your comment, share, reaction or indication that you ‘like’ or follow us.

Disclosure and transfer of personal data

We may share your personal data with the following categories of recipients:

  • Trusted service providers acting as data processors who help us operate and support our business operations. Data processing agreements in accordance with Article 28 (3) GDPR have been concluded with these processors to ensure the protection of your data. The data transfers to these processors shall only take place in accordance with the provisions of the agreements concluded. These third parties have limited access to your personal data, may use your data only to perform agreed services, and are prohibited from disclosing or using your data for other purposes.
  • Public authorities, including the Danish courts, the bailiff’s court, the probate court, the registration court, SKAT (the Danish tax authorities), the prosecuting authority, the Danish Rent Tribunal, the Danish Ministry of Justice, etc.
  • Insurance companies and banks.
  • Regulators and other public authorities such as the Danish State Prosecutor for Serious Economic and International Crime (SØIK).
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy. 

In connection with IT operations, including hosting, development and support, we may in certain cases transfer personal data to companies established in a country outside the EU/EEA. When we transfer your personal data to third parties outside the EU and EEA, we ensure that your personal data and data protection rights are adequately protected by ensuring either:

  • The European Commission has taken an adequacy decision;
  • standard contracts approved by the European Commission or the Danish Data Protection Agency are used;
  • the implementation of additional measures for those third countries where the legislation of the country concerned so requires.

You can obtain further information about our transfer of your personal data to third countries by writing to us.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. All of our employees, agents, contractors and other third parties are subject to strict confidentiality, including the processing of personal data. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Erasure

In general, we process your information only as long as it is necessary to fulfil the purpose of the processing. In detail, the following erasure periods apply:

Customer management 

In connection with customer management, we generally store your information for three years from the end of the year in which the case was closed, unless otherwise required according to legislation or in case of original documents, such as, contracts, etc.

For example, any personal data processed for the purpose of bookkeeping material is stored with the bookkeeping material for the current year +5 years.

Business operations 

Information about you as a supplier or cooperating partner is stored for up to three  years after the end of the year during which the delivery took place or the cooperation was terminated.

For example, any personal data processed for the purpose of bookkeeping material is stored with the bookkeeping material for the current year +5 years.

Marketing and website

We store your information for up to six months after you have participated in an event or unsubscribed to our newsletter.

For deletion of cookies, see our Cookie Policy.

Rights

As a data subject, you have certain rights according to the GDPR when your personal data is being processed. Below is a specification of your rights when we process personal data about you. If you want to exercise one or more of your rights as a data subject, you must contact us in writing via the e-mail address indicated above. Please state your full name and your e-mail address. You may be requested to provide further identification. In general, you can exercise your rights at any time. However, exercising your rights must not affect the rights and freedoms of others and in such an event, we may therefore refuse to comply with your rights wholly or in part in compliance with the GDPR and other applicable legislation.

Right of access

As a data subject, you have the right to obtain access to your personal data being processed by us. By contacting us, you can obtain information about the categories of personal data that we as data controller are processing about you, the purpose of the processing, the recipients to whom the personal data have been disclosed, etc. We will provide you with a copy of your personal data undergoing processing. If you request further copies of your personal data undergoing processing, we may charge a reasonable fee based on administrative costs. If the inquiry is manifestly unfounded or excessive, we may either charge a fee for providing the information or reject your request.

Right to rectification

You have the right to obtain rectification of your personal data if these are inaccurate or misleading. If we do not agree that the data are inaccurate, however, we are not obliged to correct them, but to add that you as a data subject do not think that the data are correct.

Right to erasure

In certain cases, you have the right to obtain erasure of your personal data if we no longer have a purpose in processing your personal data or you object to the processing of your personal data for the purposes of direct marketing or pursuant to Article 6(1)(f) of the GDPR. If we can demonstrate overriding legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is necessary for a legal claim to be established, exercised or defended, however, we are not obliged to erase your personal data.

Right to restriction of processing

In certain cases, you have the right to obtain restriction of processing of your personal data, e.g. if you contest the accuracy of the personal data collected about you or if you have objected to the processing of your personal data based on legitimate interests pursuant to Article 6(1)(f) of the GDPR. In such an event, we will only store your personal data until your objection has been considered. If we lift the restriction of our processing of your personal data, you will be notified in advance.

Right to object

On grounds relating to your particular situation, you have the right to object to our processing of your personal data, if the processing is based on legitimate interests, see Article 6(1)(f) of the GDPR. If you object to our processing of your personal data, we are no longer entitled to process your personal data, unless we can demonstrate overriding legitimate grounds for the continued processing that override your interests, rights or freedoms, or the processing is necessary for a legal claim to be established, exercised or defended. You always have the right to object to the processing of your personal data if the processing takes place for the purposes of direct marketing.

Right to data portability

In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have those data transmitted from one data controller to another data controller. This right applies only when the processing of your personal data is based on a contract pursuant to Article 6(1)(b) of the GDPR or your consent, see Article 6(1)(a) of the GDPR or if the processing is carried out by automated means.

Right not to be subject to a decision based solely on automated processing, including profiling

Your personal data are not subject to decisions based solely on automated processing, including profiling.

Right to withdraw your consent

To the extent that we process your personal data based on your consent, you can always withdraw your consent to any future processing. You can withdraw your consent by sending an e-mail to gdpr@nume.ai.

Lodge a complaint with a supervisory authority

As a data subject, you can lodge a complaint with us as data controller if you are not satisfied with the way that we process your personal data. You can find our contact information above.

You can always lodge a complaint with the Danish Data Protection Agency on their website http://www.datatilsynet.dk/, by telephone: +45 33 19 32 00, or by e-mail dt@datatilsynet.dk. You may also lodge a complaint directly with your local data protection authority. 

Changes to this privacy policy

Our Privacy Policy will be updated on an ongoing basis so that it is always up-to-date. Below you can always find the date of the last updated version of this Privacy Policy.

Version date: 08 May 2025