Draft — for review by counsel before publishing

Privacy notice

Controller: OLAS ApS, Copenhagen, Denmark · Last reviewed: [date] · Version 0.2 (draft)

OLAS is built on discretion. We collect as little as possible, we keep it securely within the EU, and we never share the details of those who approach us with partners or sponsors.

Who we are

OLAS ApS (“OLAS”, “we”) is the data controller for the personal data described here. We are a private limited company (ApS) incorporated in Copenhagen, Denmark; our CVR number is pending registration and will be inserted here once issued. For any privacy matter, contact privacy@olasglobal.com.

What we collect, and why

When you ask to be considered for a private invitation, we collect only what we need to assess and respond to your request:

Name, role and organisation

To understand who is approaching us and to consider the request.

Work email

To respond to you.

LinkedIn (optional)

If you provide it, to verify identity and context.

Your note (optional)

Anything you choose to tell us.

Technical data

For security and to prevent abuse of the form, we record the time of submission and a one-way (hashed) representation of your IP address, together with limited browser information. We do not use this to track you, and we do not build a profile.

We do not ask for, and you should not send us, special-category data (such as health information) through this form.

Legal basis

We rely on your consent (which you give by ticking the box on the form) to process your request, and on our legitimate interest in considering enquiries and protecting the form from misuse. Where we later contact you, we do so on the same bases. You can withdraw consent at any time (see Your rights); withdrawal does not affect processing already carried out.

Who can see it

Your details are seen only by the small number of people at OLAS responsible for considering invitations. We never share enquiry or member data with partners, sponsors or any third party for their own purposes. Sponsors and partners meet people in person; they never receive our lists.

To operate OLAS we rely on two service providers, who act as our processors under data-processing agreements and handle data only on our instructions:

Cloudflare

Hosts this site and stores form submissions in a database located in the European Union.

Google (Google Workspace)

Provides the email accounts we use to correspond with you.

Both providers are incorporated in the United States; the safeguards for that are described under International transfers below.

Where it is kept

Submissions are stored in a database located in the European Union (Western Europe region). Transport is encrypted (HTTPS) throughout.

International transfers

Your data is stored in the European Union. However, the two processors named above are incorporated in the United States, so some processing may involve a transfer outside the EU/EEA. Where that occurs, the transfer is protected by appropriate safeguards — the European Commission’s Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework — so that your data continues to receive a level of protection essentially equivalent to that within the EU/EEA. You may ask us for a copy of the relevant safeguards.

How long we keep it

We keep enquiry details only for as long as needed to consider and respond to your request, and for a reasonable period afterwards [retention period to be confirmed with counsel — e.g. up to 12 months from our last contact], after which we delete or anonymise them. If you become a member, your details are governed by the membership privacy terms.

Your rights

Under the GDPR you may ask us to give you access to your data, correct it, delete it, restrict or object to its use, or provide it in a portable form, and you may withdraw consent. To exercise any of these, email privacy@olasglobal.com and we will respond within the statutory time limit.

OLAS is established in Denmark, so our lead supervisory authority is the Danish Data Protection Agency, Datatilsynet. If you are located in another EU or EEA country, you may instead lodge a complaint with the supervisory authority where you live or work.

---

This is a working draft prepared as organisational support, not legal advice. It must be reviewed and finalised by a qualified Danish data-protection lawyer or DPO — and the bracketed items completed — before it is published or relied upon.