Privacy policy – comundo

17 august 2022

At comundo ApS (“comundo”/”we”/“our”/us”) data protection and confidentiality are a high priority. Please read this privacy policy before submitting or sharing your personal data with us.


1. Data protection roles

Customer as data controller and comundo as data processor

comundo will process personal data regarding tenants on behalf of our customers for the purpose of providing our services consisting of generating complete, digital CO2 accounts based on the actual consumption figures related to each of property as well as providing material for energy optimization purposes and CO2 emission compensation purposes.


In this case, comundo will only process personal data as data processor on documented instructions from our customers in the role as data controllers. Reference is made to the data processing agreement enclosed as Appendix 3 to the Customer Agreement for comundo Services entered into between our customers and comundo. This Privacy Policy does thus not cover these processing activities.

comundo as data controller

comundo also obtains personal data as a separate data controller in different situations. This Privacy Policy sets out the guidelines for comundo’s processing of your personal data in these situations and provides you with the information you have the right to receive according to applicable data protection legislation.

Our contact details are:

comundo ApS

CVR-no. 43309617

Matrikel1 office no. 050

1200 København K


Contact: hello@comundo.io

2. Types of personal data, purposes, legal basis and deletion

We process personal data on various persons that are in contact with comundo. Below, you can see how we may process your personal data as a contact person.

Website visitors

The types of personal data we collect may include:

Your general and identification information (e.g., name, email and/or postal address, telephone number, age, and gender).
Communication with you.

Your personal data is collected in one or more of the following cases:

  • When you book a demo
  • When you enter into an agreement
  • When you sign up for our newsletter
  • When you contact us via email, telephone, or letter


The personal data may be collected and used for the following purposes:

  • To sign up and to receive newsletters
  • Marketing
  • Customer service and general communication
  • Improve products, services and tools on our website and platform
  • Compliance with requirements according to applicable law
  • For the establishment, exercise, or defence of legal claims



Our legal bases for the processing of your personal data for the above purposes are:

  • Consent to collect, share and administrate your personal data through cookies for marketing purposes, which may also be based on you interests and your click behaviour (Article 6(1)(a) of the GDPR).
  • Legitimate in being able to process your personal data in order to provide newsletter (Article 6(1)(f) of the GDPR), provided that you have given a prior marketing consent in accordance with Section 10 (1) of the Danish Marketing Practices Act.
  • Legitimate interest in being able to establish, exercise or defend legal claims (Article 6(1)(f) of the GDPR).


If you signed up for our newsletter, personal data will be stored until you withdraw the marketing consent. Personal data may also be stored as long as is necessary for the purpose for which it was collected, or longer if required under any contract, by applicable law or in order to establish, exercise or defend legal claims. If you have provided a cookie consent, we refer to the pop-up window of cookies in term of the retention periods in relation hereto.

Contact persons of customers and suppliers

The types of personal data we collect may include:

  • Name, job title, work email address, correspondences, signature and work phone number

Your personal data is collected in one or more of the following cases:

  • When you contact us via email, telephone, or letter
  • When we enter into agreements with your organisation


The personal data may be collected and used for the following purposes:

  • The administration of our business relations, including being able to communicate with you
  • When sending conclusion of agreements
  • In connection with invoicing and accounting
  • For the establishment, exercise, or defence of legal claims.



Our legal bases for the processing of your personal data for the above purposes are:

  • Necessary for the performance of a contract between the organisation that you represent and Comundo (Article 6(1)(b) of the GDPR).
  • Legal obligations in relation to the Danish Bookkeeping Act (Article 6(1)(c) of the GDPR).
  • Legitimate interest in being able to run our business and to be able to manage Comun-do’s business relationship, including being able to communicate with you (Article 6(1)(f) of the GDPR).
  • Legitimate interest in being able to establish, exercise or defend legal claims (Article 6(1)(f) of the GDPR).

We will store your personal data as long as it is necessary in order to fulfil the contract and up to 3 years after providing the services or after the termination of a contract. Bookkeeping material will be stored for 5 years from the closing of the current financial year.


3. Disclosure to data processors and transfer to other data controllers

In order to pursue the above-listed purposes, your personal data may be disclosed to third-party data processors (service providers) providing relevant services under contract to us. Such service providers will only process the personal data in accordance with our instructions and pursuant to a data processing agreement, hereunder in order to provide hosting services, marketing services and analytic services.

Furthermore, we may transfer your personal data to relevant authorities, lawyers, accountants, and courts if we are legally obligated to (Article 6 (1)(c) of the GDPR), in order to pursue our legitimate interest in being able to establish, exercise or defend legal claims (Article 6(1)(f) of the GDPR) or in order to fulfil the contract (Article 6(1)(b) of the GDPR). Your consent may also be provided to share personal data with third parties such as social media providers as part of the cookie pop-up banner. Reference is further made to the pop-up window for cookies.

If your personal data is transferred to data controllers or data processors which are located in countries outside the EU/EEA, not ensuring an adequate level of data protection, such transfer will be safeguarded by the EU Commission’s standard contractual clauses (SCC).


4. Security

We and our service providers have implemented security measures to ensure that the procedures meet the required security standards. Accordingly, we strive to protect the quality and integrity of your personal data. This includes encryption of data, use of pseudonymisation, firewalls, logging, audits and password procedures etc.


5. Rights

You have the right to access and erase the personal data we process about you, but with certain legislative exceptions e.g., if the personal data is comprised by the retention period in the Bookkeeping Act. Furthermore, you have the right to have your personal data rectified, or blocked, but with certain legislative exceptions.In certain situations, you have the right to have the data you have submitted to us, handed over in a machine-readable format and to have your data transmitted to another data controller.

Moreover, you have the right to object to the collection and further processing of your data, including processing that is based on our legitimate interest.


6. Contact and complaints

If you want to exercise any of your rights, if you have any questions regarding this Privacy Policy or the processing of your personal data, you may contact: hello@comundo.io.

You may complain about the processing of your personal data to the Danish Supervisory Authority Datatilsynet). Address: Carl Jacobsens Vej 25, 2500 Valby, phone: + 45 33 19 32 00, e-mail: dt@datatilsynet.dk or through their webpage www.datatilsynet.dk.


7. Changes to this privacy policy

We reserve the right to make changes to this Privacy Policy from time to time. The Privacy Policy will be available on our website. In the event of significant changes, we will take the necessary measures to notify you.