Controller identity
Frozenonthron, Cityringen 4, 2630 Taastrup, Denmark, is the controller for personal data described here. We do not sell personal data and we minimise collection to what the operation reasonably requires.
Summary for busy readers
We collect contact details when you write to us, technical logs when you browse, and richer analytics only if you consent to optional cookies. We store data on EU-centric infrastructure where possible and use contracts when processors sit abroad.
You may ask what we hold, fix mistakes, delete non-essential records, export machine-readable copies, or object to certain processing. We respond within statutory timelines and never charge a fee unless requests become manifestly excessive.
Categories of personal data
- Identity and contact: name, email address, phone number if you provide it, organisation, and message body submitted through forms or email.
- Transaction data: order references, billing address fragments required by payment partners, and delivery email for digital goods.
- Technical data: IP address shortened where feasible, user agent string, device category, approximate region derived from IP, referrer URL, and timestamps.
- Usage data: pages viewed, scroll depth buckets, file downloads, and error codes when analytics cookies are allowed.
- Preference data: cookie consent selections, newsletter topic choices, accessibility settings you save.
Purposes and legal bases
- Delivering the site: legitimate interests in operating a secure publication (Article 6(1)(f) GDPR) combined with strictly necessary processing.
- Answering inquiries: steps prior to contract or contract performance when you request paid help; otherwise legitimate interest in reader support.
- Marketing communications: consent where required; soft transactional notices (receipts, policy updates) under legitimate interest with easy opt-out.
- Analytics and product improvement: consent via the cookie centre.
- Legal compliance: tax, accounting, and regulatory obligations (Article 6(1)(c)).
- Dispute resolution: legitimate interest in defending legal claims.
Retention schedule
Contact form archives remain up to twenty-four months unless a dispute extends the need. Marketing consents and unsubscribe logs stay seven years to demonstrate compliance with marketing law. Analytics pseudonyms expire after fourteen months or sooner when vendors permit. Backup tapes rotate on a thirty-day cycle with encrypted storage. Accounting records follow Danish bookkeeping periods.
Recipients and processors
We rely on vetted providers for hosting, transactional email, payment capture, customer support ticketing, and occasional survey tools. Each relationship is governed by Article 28 data processing agreements listing subprocessors. Law enforcement requests are scrutinised for validity; we notify users when gag orders do not forbid disclosure.
International transfers
Data normally remains within the European Economic Area. If a US-based tool is essential, we implement Standard Contractual Clauses plus supplementary measures such as encryption in transit and access logging. Transfers to the UK rely on adequacy decisions or SCCs as updated after Brexit.
Automated decision-making
We do not make solely automated decisions with legal or similarly significant effects. Spam filters may sort messages heuristically but a human reviews borderline cases.
Security measures
HTTPS everywhere, TLS 1.2 minimum, segregated admin accounts, password managers mandated for staff, annual penetration testing on critical endpoints, and incident response drills. Personal devices may not store reader data without encryption.
Your rights in detail
EU and UK residents may exercise access, rectification, erasure, restriction, portability, and objection. Irish readers may contact the Data Protection Commission; Danish readers may contact Datatilsynet. We verify identity proportionately before releasing sensitive exports. You may lodge a complaint with any EU supervisory authority.
Children
Content targets adults planning meals. We do not solicit data from under-sixteens. If you believe a child submitted personal data, email us and we will delete it promptly after verification.
Online advertising (including Google)
When you opt in to Marketing cookies or similar options in our cookie banner, we or our advertising partners may process technical and usage data to measure campaigns, attribute visits, limit how often you see an ad, or deliver more relevant creative. Google Ireland Limited (and other providers we may use) can receive or process data according to their own policies when those technologies load.
You can withdraw marketing consent at any time via our cookie controls or by clearing stored preferences and reloading the site banner. For Google’s personalised advertising, visit Google Ads Settings. Google explains how advertising technologies work at policies.google.com/technologies/ads. We do not use advertising to promote regulated healthcare products or to make disease-related claims on this editorial site.
Denmark and EU consumers
We trade from Denmark under the identity stated in the controller section. For personal data complaints you may contact Datatilsynet (the Danish Data Protection Agency). For consumer disputes relating to purchases, EU/EEA residents may use the European Commission’s online dispute resolution platform at ec.europa.eu/consumers/odr. We encourage you to email us first using the contact details above so we can try to resolve issues directly.
Changes and notifications
Material updates appear on this page with a refreshed overview in the site news strip when applicable. Continued use after notice constitutes acknowledgement unless the change requires fresh consent.