Privacy Policy
This Privacy Policy explains how Neuroject ApS processes personal data when you visit our website, use our contact form, or submit a request through our pilot wizard. We handle personal data in a lawful, transparent, and secure way.
Controller and contact
1) Personal data we collect
We may collect personal data that you choose to provide and data that is automatically collected when you use the website. In particular:
Contact form (general) may include: topic (software or consultancy), name, work email, company, role, request a live demo (optional), and the content of your message.
Pilot request wizard may include: whether you already use a portfolio management platform (yes or no), role, timeline to start, regions (multi-select), project size, focus (optional), full name, work email, company, and notes (optional).
Usage and device data (when you consent to analytics cookies): pages visited, session information, approximate location (e.g., country or city), device and browser characteristics, and interactions with site content.
2) Purposes and legal bases
We process personal data for the purposes below and based on the following legal grounds under the GDPR:
Responding to inquiries (contact form): to communicate with you, answer questions, and provide requested information.
Legal basis: our legitimate interests in running our business and responding to requests (Art. 6(1)(f)), and or steps prior to entering into a contract (Art. 6(1)(b)) where applicable.
Handling pilot requests (pilot wizard): to assess your context and reply with next steps and a short setup proposal.
Legal basis: legitimate interests (Art. 6(1)(f)) and or pre-contractual steps (Art. 6(1)(b)).
Website analytics (GA4 via Google Tag Manager): to understand website traffic and improve site performance and content.
Legal basis: your consent (Art. 6(1)(a)) via our cookie banner.
Compliance and protection: to meet legal obligations, prevent abuse, and establish, exercise, or defend legal claims.
Legal basis: legal obligations (Art. 6(1)(c)) and or legitimate interests (Art. 6(1)(f)).
3) Cookies and analytics
We use cookies and similar technologies to operate the website and, where you consent, to measure usage through analytics. Our cookie banner and consent management is provided by CookieYes.
Necessary cookies are required for core site functionality and are always active.
Analytics cookies (GA4 via Google Tag Manager) are used only if you choose to enable them.
You can update your choices at any time through the cookie settings link in the banner or by using the cookie preferences control on the site.
4) Sharing and processors
We share personal data only when necessary for the purposes described above, and with appropriate safeguards. Typical recipients include:
Hosting provider: Bluehost (website hosting and infrastructure).
Email services: Google Workspace (to receive and manage inbound requests and respond by email).
Analytics services: Google Analytics (GA4) and Google Tag Manager, enabled based on your consent.
We may also share data with professional advisers (e.g., legal, accounting) and public authorities where required by law.
5) International transfers
Some of our service providers may process data outside the EU and EEA (for example, in the United States). Where this happens, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and additional measures as required by law, or other lawful transfer mechanisms available at the time.
6) Retention
We retain personal data as long as necessary for the purposes for which it was collected, including: responding to your requests, maintaining business records, complying with legal obligations, and defending legal claims.
Analytics data retention is governed by our analytics configuration and your consent choices.
7) Security
We implement technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Measures may include access controls, encryption in transit (HTTPS), and least-privilege internal access to email and systems.
8) Your rights
If the GDPR applies to you, you may have the right to access your data, request rectification, request erasure, restrict processing, object to processing, and request data portability, where applicable.
Where processing is based on consent (e.g., analytics cookies), you may withdraw consent at any time via the cookie settings. Withdrawal does not affect the lawfulness of processing before withdrawal.
To exercise your rights, contact us at info@neuroject.com. We may request additional information to verify your identity before responding.
You also have the right to lodge a complaint with your local data protection authority.
9) Automated decisions
We do not use your website form submissions to make decisions based solely on automated processing that produce legal or similarly significant effects.
10) Changes
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. The “Last updated” date will indicate when changes were made.
