Privacy Policy

Version 1 of Privacy Policy – October 2025

This privacy policy describes how Milestone Company ApS, which owns and operates msco.dk, collects and processes information.

Our privacy policy explains which data is collected, what it is used for, who it is shared with, and your rights regarding access, portability, and deletion of personal data.

The privacy policy applies to personal data that you provide to us when you are in contact with us. We collect and process personal data when you do the following:

  • Visit our website
  • Use our contact form or otherwise contact us
  • Interact with our social media

Data Controller

The data controller for the collection, processing, and use of your personal data is:

Milestone Company ApS
Kokholm 13A
DK-6000 Kolding

CVR no. 39916282
Tel.: +45 81 77 30 42
Email: info@msco.dk

If you have questions about the processing of your personal data, you can always contact us using the contact details above.

Data Protection Officer (DPO)

MSCO is not required to appoint a DPO, but all inquiries about data protection can be directed to info@msco.dk.

Legal Basis and Purpose of Processing

Consent Management
When our processing of your personal data is based on your consent, we ensure that the consent is given freely, specifically, informed, and unambiguously. This means you must actively accept the processing—for example, when you choose cookies via our cookie banner or submit a form.

You can withdraw your consent at any time. Withdrawal is carried out in the same simple way as when consent was given:

  • Cookies can be managed or withdrawn via our cookie banner or your browser settings.


Withdrawal of consent does not affect the lawfulness of processing that took place while consent was valid. When you withdraw your consent, we stop that processing unless another legal basis exists to continue it.

Website visits – cookies

Msco.dk places cookies in your browser. These are considered personal data because they can provide MSCO with information about your activity on our website. You choose which cookies we may set. Some are necessary (technical) and required for the website to function, while others require your consent.

Purpose

  • To optimize your and the general user experience – as well as functionality.
  • To create accurate statistics
  • To ensure easy access to us so we can answer your questions, e.g., via forms
  • To carry out personalized marketing
 

Legal basis for processing

  • GDPR Art. 6(1)(a)
  • GDPR Art. 6(1)(f)
 

Retention/Deletion

Information collected about your use of msco.dk is deleted according to the rules in our Cookie Policy. Expiration periods are listed under the “Show details” tab, and you can read more about how to delete cookies yourself whenever you wish.

Communication regarding our services
We primarily process personal data on msco.dk in order to fulfill an agreement with you. We collect non-sensitive information – this may include:

  • Name
  • Company address
  • Phone/mobile number
  • Email address
  • Geolocation
  • Information about the IP address from which you visit us
  • Device information – browser and operating system
  • Any information about inquiries

We process personal data in the following contexts:

Communication via contact form, email, and telephone

  • Contact form
    On msco.dk you can write to us via various contact forms. These include at minimum your name, company address, email address, and your message. Here we process personal data about you, which ends up in our info mail inbox.
  • Email
    You can contact us via email. Here we process, at minimum, your email address and any other contact details you may provide.
  • Telephone
    You can contact us by telephone. Here we process the contact details you may provide.
 

Purpose

  • So we can respond to your inquiries
  • To contact you regarding relevant information about the product/service you requested
  • To pursue our legitimate interest in preventing fraud
 

Legal basis for processing

  • GDPR Art. 6(1)(b)
  • GDPR Art. 6(1)(c)
  • GDPR Art. 6(1)(f)
  • GDPR Art. 6(1)(a)
 

Data minimization and storage periods
We only collect and process the personal data necessary for the purposes described in this policy. This means that we continuously assess the scope of the data we collect and ensure we do not process more data than necessary.

We only store your information for as long as is necessary for the purposes for which it was collected, or for as long as we are required to do so by law. This means, among other things:

  • Contact and inquiry information (e.g., from forms, emails, and phone calls) is, as a rule, deleted no later than after 2 years unless there is an ongoing case or collaboration that makes longer storage necessary.
  • Customer and supplier information, including billing data, is stored for up to 5 years in accordance with the Danish Bookkeeping Act.
  • Information collected via cookies is deleted according to the expiration periods stated in our Cookie Policy.


When the storage period expires, or the purpose is no longer present, the information is deleted or anonymized in a secure manner.

When you visit MSCO® on social media

MSCO® has profiles on Facebook, Instagram, LinkedIn, and Google. When you visit one or more of these profiles, we may process the information you have made available via settings, your reactions and comments, sharing, and inquiries.

Purpose

  • To market MSCO®
  • To respond to inquiries and interact with you

Legal basis for processing

  • GDPR Art. 6(1)(a)
  • GDPR Art. 6(1)(f)

(The social media platforms may also use personal data collected on MSCO® profiles for their own purposes as described in their privacy policies, which you accepted when signing up).

Retention/Deletion
Information you provide on our social media will generally remain on these profiles as part of the page’s history unless you delete it yourself.

Other recipients of personal data – Processors and third parties

At MSCO®, we cannot do everything ourselves. We therefore have partners and use suppliers, some of whom may be data processors. Partners and suppliers may, for example, provide systems to organize our work and services, IT hosting, or marketing.

It is our responsibility to ensure that your personal data is processed properly. Therefore, we set high requirements for our partners, and our partners must guarantee that your personal data is protected.

We therefore enter into agreements with companies (data processors) that handle personal data on our behalf to enhance the security of your personal data.

Information is not disclosed or sold to third parties unless this occurs in connection with a restructuring or a full or partial sale of the company. Any disclosure in such a situation will take place in accordance with the applicable data protection legislation at any time.

As a rule, we use data processors in the EU/EEA or who store data in the EU/EEA. In some cases, this is not possible, and data processors outside the EU/EEA may be used if they can provide adequate protection for your personal data.

The most important processors and third parties are:

  • Hosting and operations: our website is hosted by Dandomain, which provides servers, backups, and security. When you use our WordPress contact forms, the information you enter is therefore processed via Dandomain’s hosting environment.
  • For managing cookies and user preferences, we use iubenda Privacy Controls and Cookie Solution. This solution provides: a cookie banner with prior blocking of non-technical cookies until consent is given; automatic scanning of the website for cookies and trackers; and storage of consent documentation (cookie preferences) for up to 12 months
  • We have also registered our domain and SSL certificate through Punktum, which ensures that the connection to msco.dk is encrypted and secure.
  • Web analytics: we use Google Analytics for statistics and analysis of traffic on msco.dk in accordance with applicable guidelines and with Standard Contractual Clauses (SCCs) when transferring data to third countries.
  • Marketing and social media: we use Meta (Facebook/Instagram) and LinkedIn for marketing and interaction with users.

Security

We have an SSL certificate on MSCO, so we do not send unencrypted information over the internet. This reduces the risk that hackers could potentially intercept information in the contact form, shopping cart, etc.

We have implemented appropriate technical and organizational security measures to prevent personal data from being accidentally or unlawfully destroyed, lost, altered, or impaired, and to prevent it from becoming known to unauthorized persons or being misused.

Only employees who have a genuine need to access your personal data in order to perform their job have access to the data. These employees are instructed on how personal data is processed responsibly.

Your rights as a data subject

Under the GDPR, you have a number of rights in relation to our processing of your information. If you want to exercise your rights, please contact us so we can assist you.

  • Right of access
    You have the right to access the information we process about you, as well as additional information.
  • Right to rectification
    You have the right to have inaccurate information about yourself corrected.
  • Right to erasure
    In special cases, you have the right to have information about you deleted before the time of our general deletion occurs.
  • Right to restriction of processing
    In certain cases, you have the right to have the processing of your personal data restricted. If you are entitled to restriction, we may in future only process the data—apart from storage—with your consent, or for the establishment, exercise, or defense of legal claims, or to protect a person or important public interests.
  • Right to object In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You can also object to the processing of your data for direct marketing
  • Right to data portability In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have those personal data transmitted from one controller to another without hindrance.
  • Right to withdraw consent When our processing of your personal data is based on your consent, you have the right to withdraw your consent.

You can read more about your rights in the Danish Data Protection Agency’s guidance on data subjects’ rights, and you have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data.

You can find the Danish Data Protection Agency’s contact details at www.datatilsynet.dk.

Changes to the privacy policy

This privacy policy is updated regularly. The current version can always be found at www.msco.dk