Privacy policy
Last updated: 13 May 2026
This privacy policy explains how Kholvexxdrghod.world (“we”, “us”) processes personal data when you use this website, correspond with us, or participate in coaching-related activities. We are established in Denmark (CVR 39233738) and primarily serve people in Denmark and the EU/EEA; the same standards apply when you contact us from elsewhere. We act as a data controller under Regulation (EU) 2016/679 (GDPR) and the Danish Data Protection Act (Databeskyttelsesloven), which supplements the GDPR with national rules on processing.
Where this policy refers to “personal data”, it has the same meaning as in Article 4(1) GDPR.
1. Data controller and contact
Controller: Kholvexxdrghod.world
Address: Kongensgade 31, a 2, 5000 Odense, Denmark
CVR (CVR-nummer): 39233738
Email: connectuse@kholvexxdrghod.world
Phone: +45 60 17 52 58
We have not appointed a data protection officer (DPO), as we are not required to do so under Articles 37–39 GDPR. For any question about processing, contact us at the email above.
You have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet), the independent supervisory authority in Denmark: Carl Jacobsens Vej 35, 2500 Valby, Denmark; website datatilsynet.dk; e-mail: dt@datatilsynet.dk; telephone: +45 33 19 32 00 (see Datatilsynet’s website for opening hours). You may also complain to another EU/EEA supervisory authority where you live or work, but Datatilsynet is the lead authority for processing carried out by us in Denmark.
We are registered in the Danish Central Business Register (CVR) under number 39233738. The CVR also appears in the site footer, on key legal pages, and on invoices or contracts where required.
2. Categories of personal data
Depending on how you interact with us, we may process:
- Identity and contact data: name, email address, phone number if you provide it, postal address if relevant for invoicing or events.
- Communication content: messages you send through forms or email, including optional details you choose to share about lifestyle or food preferences.
- Technical data: IP address, browser type, device identifiers, timestamps, and pages visited, collected through server logs or optional analytics cookies if you consent.
- Cookie and preference data: information about your cookie choices stored locally in your browser (essential for remembering consent). See our cookie policy.
- Payment and billing data (if you buy services): transaction references, amount, and payment status as received from our payment service provider; we do not store full card numbers on our own servers when payment is handled by a certified provider.
We do not intentionally collect special categories of personal data (so-called sensitive data). If you voluntarily include such information in a message, we will only process it to handle your enquiry unless separate consent or another lawful basis clearly applies.
We do not collect Danish CPR numbers (civil registration numbers) through this website. If a CPR number is strictly necessary for a specific statutory purpose (for example certain reimbursements), we will only request it through a secure channel and where permitted by law.
3. Purposes and legal bases
- Responding to enquiries (Art. 6(1)(b) GDPR – steps prior to a contract, or (f) legitimate interests): to answer questions, schedule sessions, and provide requested information.
- Delivering coaching services (Art. 6(1)(b) GDPR): if you purchase or book services, to perform the contract, including administration and client support.
- Website operation and security (Art. 6(1)(f) GDPR – legitimate interests): to maintain uptime, detect abuse, and protect our systems.
- Analytics or marketing technologies (Art. 6(1)(a) GDPR – consent): only where you opt in via the cookie banner; you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
- Direct marketing (Art. 6(1)(f) GDPR and section 10 of the Danish Marketing Practices Act, markedsføringsloven): if we send electronic marketing to existing customers or contacts, we will only do so where permitted by law and, where required, with your prior consent; you may object to direct marketing at any time (see section 6).
- Legal compliance (Art. 6(1)(c) GDPR): where we must retain or disclose records for accounting, tax, bookkeeping, court orders, or regulatory obligations under EU or Danish law.
Where we rely on legitimate interests (Article 6(1)(f) GDPR), we balance our interests against your rights; you may object on grounds relating to your particular situation as described in the GDPR.
4. Recipients and transfers
We use service providers (for example, hosting providers or email delivery services) who process data on our instructions under Article 28 GDPR (data processing agreements where required). Providers may include companies established in Denmark, the EU/EEA, or elsewhere.
Transfers outside the EU/EEA: if a processor is located in a country not covered by an EU adequacy decision, we ensure appropriate safeguards under Chapter V GDPR (for example EU Standard Contractual Clauses approved by the European Commission) unless another legal basis for transfer applies.
We do not sell personal data. We do not share data for unrelated third-party marketing without a valid legal basis and, where required, your consent.
If we use advertising platforms (for example Google Ads), we configure them to respect your cookie choices where the technology allows, and we aim to send traffic only to pages that describe our services as general education and coaching—not clinical care.
5. Retention
We retain enquiry emails and related correspondence for up to 24 months after our last meaningful contact, unless a longer period is needed to document pre-contractual negotiations, active services, or legal claims.
Accounting vouchers, invoices, and similar material are kept for at least five years from the end of the financial year to which they relate, in line with the Danish Bookkeeping Act (bogføringsloven), unless another Danish or EU rule requires a longer period for specific categories.
Server logs are typically rotated within 90 days unless a longer retention is justified for security, abuse prevention, or legal proceedings. Cookie preference data stored in your browser can be deleted by you at any time via browser settings or by clearing site data.
6. Your rights
Under the GDPR and the Danish Data Protection Act, and subject to the conditions set out therein, you have the following rights in respect of your personal data:
- Right of access (Art. 15): confirmation whether we process your data and a copy of the main information.
- Right to rectification (Art. 16): correction of inaccurate data.
- Right to erasure (“right to be forgotten”) (Art. 17): where applicable, deletion of data that is no longer necessary or where you withdraw consent and there is no other legal ground.
- Right to restriction of processing (Art. 18): in the situations described in the GDPR.
- Right to data portability (Art. 20): where processing is based on consent or contract and is carried out by automated means.
- Right to object (Art. 21): to processing based on legitimate interests, and to object at any time to processing for direct marketing purposes, including profiling related to such marketing (see also section 3 on markedsføringsloven).
- Right not to be subject to solely automated decisions (Art. 22): we do not use such decisions (see section 8).
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
To exercise your rights, contact us using the email or postal address in section 1. We will respond within one month as a general rule, in line with Article 12 GDPR, unless the complexity of the request requires an extension as permitted by law.
You may lodge a complaint with Datatilsynet at any time if you consider that our processing infringes applicable law.
Without prejudice to that administrative remedy, you have the right to an effective judicial remedy before the competent Danish courts against a legally binding decision of Datatilsynet concerning you, and where applicable against us if you consider your rights under the GDPR have been infringed (Articles 77–79 GDPR).
7. Security and personal data breaches
We apply appropriate technical and organisational measures under Article 32 GDPR, including access limitations, secure transmission where supported by infrastructure, malware monitoring at hosting level where available, and instructions on confidentiality for anyone who processes data on our behalf.
In the event of a personal data breach likely to result in a risk to your rights, we will notify Datatilsynet without undue delay and, where feasible, within 72 hours, and notify affected individuals when required by Articles 33–34 GDPR.
No online transmission is completely risk-free; please use strong passwords and avoid sending unnecessary sensitive information in unencrypted email.
8. Automated decision-making
We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.
9. Children
This website is not directed at children under 16. We do not knowingly collect personal data from children for profiling or marketing. If you are a parent or guardian and believe we have collected a child’s data, contact us and we will delete it promptly where required by Danish and EU law.
10. Data sources and profiling
We generally receive personal data directly from you (forms, email, phone, contracts). We do not buy marketing lists. We do not carry out systematic profiling that produces legal or similarly significant effects on you.
11. Updates
We may update this policy to reflect legal, technical, or organisational changes. The “last updated” date will change accordingly. Material changes may be highlighted on the website or communicated where appropriate.