← Back to home

Legal

Privacy Policy

Last updated: 3 July 2026

1. Who We Are

This Privacy Policy explains how Advermint ("Advermint," "we," "us," or "our"), a digital marketing agency registered in Denmark under CVR no. 43665499, with registered address at C/O Abdulrahman Alturkmani, Asser Rigs Vej 8, st. tv, 5000 Odense C, collects, uses, and protects personal data.

Advermint provides digital marketing services including strategy consulting, paid media management, SEO, creative and content production, conversion rate optimization (CRO), web design, custom digital solutions (e.g. booking and ordering systems), and analytics reporting.

We are the data controller for personal data collected through our own website (advermint.com) and business communications. Where we manage advertising accounts, campaigns, or analytics on behalf of a client, we act as a data processor — see Section 5 for details on this distinction.

If you have questions about this policy or how we handle personal data, contact us at [email protected].

2. Scope of This Policy

This policy applies to:

  • Visitors to our website, including people who fill out contact forms, request a strategy call, book a consultation, or subscribe to communications from us.
  • Prospective and current clients with whom we have a business relationship.
  • Client end-users and audience data that we process on our clients' behalf when managing their advertising accounts, ad platforms, and analytics integrations (Meta/Facebook, Google Ads, Shopify, and similar services). This data is governed primarily by the agreement between Advermint and the relevant client, and by the client's own privacy policy — our role here is described in Section 5.

3. Categories of Personal Data We Process

3.1 Data From Website Visitors and Prospective Clients (Advermint as Controller)

  • Contact details: name, email address, phone number, company name, job title.
  • Contact form and booking data: information submitted via contact forms, strategy-call booking tools, or consultation requests, including any message content you provide.
  • Communication data: records of emails, calls, or meeting notes related to our correspondence with you.
  • Technical and usage data: IP address, browser type, device information, pages visited, referral source, and similar data collected via cookies and analytics tools (see Section 9).
  • Marketing preferences: whether you have opted in to receive newsletters or marketing communications.

3.2 Data Processed on Behalf of Clients (Advermint as Processor)

When engaged to manage a client's advertising and marketing operations, we may access and process, strictly on that client's instructions and for that client's ad accounts:

  • Ad account and campaign data: campaign structures, budgets, targeting settings, ad creative, and account configuration within Meta (Facebook/Instagram), Google Ads, and similar platforms.
  • Performance and analytics metrics: impressions, clicks, conversions, spend, reach, and other aggregated performance metrics.
  • Audience and custom audience data: audience segments, custom audiences, and lookalike audiences created or accessed via the Meta Marketing API or Google Ads API, which may include hashed identifiers (e.g. hashed email addresses or phone numbers) supplied by the client.
  • Shopify store and order data: product catalogs, order and transaction data, and customer data relevant to advertising and reporting, accessed via the Shopify API.

We do not use client ad-account data, audience data, or Shopify data for any purpose other than delivering the agreed services to that client, and we do not sell this data.

4. Purposes of Processing

PurposeData Involved
Responding to inquiries and providing quotesContact details, message content
Scheduling and conducting strategy/consultation callsContact details, booking data
Delivering contracted marketing services (paid media, SEO, CRO, web design, custom solutions)Client ad-account, campaign, and analytics data
Reporting on campaign and website performancePerformance metrics, analytics data
Operating and improving our websiteTechnical/usage data, cookies
Sending marketing communications (with consent)Contact details, marketing preferences
Complying with legal, accounting, and tax obligationsContact and billing details
Detecting and preventing fraud or misuse of connected platformsAccount activity logs

5. Controller vs. Processor: Our Role Explained

It is important to understand the two distinct roles Advermint plays:

As a Controller — For data collected through our own website, contact forms, booking tools, and direct business communications with prospective and current clients, Advermint determines the purposes and means of processing and is the data controller under the GDPR.

As a Processor — When a client engages us to manage their Meta (Facebook/Instagram), Google Ads, Shopify, or other advertising and analytics accounts, the client remains the data controller for the data in those accounts (including any end-customer or audience data). Advermint acts solely as a data processor, processing that data only on the client's documented instructions, under the terms of a service agreement and, where required, a Data Processing Agreement (DPA) between Advermint and the client.

If you are an end customer or website visitor of one of our clients, and your data is processed within that client's advertising accounts, please refer to that client's own privacy policy for information about how your data is used. Requests regarding such data should generally be directed to the relevant client; Advermint will assist the client in responding as required by our processor obligations.

6. Legal Basis for Processing (GDPR Article 6)

PurposeLegal Basis
Responding to contact form submissions and inquiriesLegitimate interest (Art. 6(1)(f))
Providing quotes, negotiating, and performing a service contractContract (Art. 6(1)(b))
Delivering services under a client agreement, including processing client ad-account dataContract (Art. 6(1)(b)) / processor instructions under a DPA
Sending marketing emails and newslettersConsent (Art. 6(1)(a))
Website analytics and performance improvementLegitimate interest (Art. 6(1)(f)) or consent, depending on cookie type
Fraud prevention and platform securityLegitimate interest (Art. 6(1)(f))
Accounting, invoicing, and tax record-keepingLegal obligation (Art. 6(1)(c))

Where processing relies on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

7. Third-Party Processors and Recipients

We share personal data with the following categories of third parties, each acting under appropriate data processing terms:

RecipientRolePrivacy/Data Policy
Meta Platforms, Inc. (Facebook/Instagram)Advertising platform, Marketing API accessfacebook.com/privacy/policy
Google LLC (Google Ads, Google Analytics)Advertising and analytics platformpolicies.google.com/privacy
Shopify Inc.E-commerce platform integrationshopify.com/legal/privacy
Hosting providerWebsite hosting and infrastructureProvided on request
Email service providerTransactional and marketing email deliveryProvided on request
Booking/scheduling tool providerStrategy call and consultation schedulingProvided on request
Accounting/invoicing software providerBilling and financial record-keepingProvided on request

We only share personal data with third parties that provide sufficient guarantees of GDPR-compliant processing, and we enter into data processing agreements where required.

8. International Data Transfers

Some of our third-party providers (including Meta and Google) may process data outside the European Economic Area (EEA), including in the United States. Where this occurs, we ensure an adequate level of protection through one or more of the following safeguards:

  • The European Commission's adequacy decisions for specific countries or frameworks (e.g. the EU-U.S. Data Privacy Framework, where applicable to the recipient).
  • The European Commission's Standard Contractual Clauses (SCCs).
  • Other safeguards recognized under GDPR Chapter V.

You may request further information about the safeguards used for a specific transfer by contacting us at [email protected].

9. Cookies and Tracking

Our website uses cookies and similar tracking technologies to operate correctly, analyze site traffic, and support advertising measurement (e.g. via Meta Pixel and Google Analytics/Ads tags).

  • Strictly necessary cookies are used without consent, as permitted by law, to enable core website functionality.
  • Analytics and marketing cookies are only set with your consent, collected via a cookie consent banner presented on your first visit.

You can change or withdraw your cookie consent at any time through the cookie settings on our website, or by adjusting your browser settings.

10. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy:

Data CategoryTypical Retention Period
Contact form and inquiry data (no client relationship formed)Up to 12 months from last contact
Client contract and billing recordsDuration of engagement plus 5 years (Danish bookkeeping law)
Marketing consent and communication preferencesUntil consent is withdrawn
Website analytics dataUp to 26 months (or per analytics provider default)
Client ad-account, campaign, and audience data (processor role)Duration of the service agreement; deleted or returned per client instruction upon termination

Retention periods may be extended where required by law (e.g. accounting and tax rules) or to establish, exercise, or defend legal claims.

11. Your Rights and How to Exercise Them (Data Deletion Procedure)

11.1 Your Rights Under GDPR

If you are located in the EU/EEA, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten"), subject to legal exceptions.
  • Restrict processing in certain circumstances.
  • Data portability — receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interest or for direct marketing.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with the Danish Data Protection Agency, Datatilsynet (Carl Jacobsens Vej 35, 2500 Valby, Denmark, datatilsynet.dk), or your local supervisory authority.

11.2 How to Request Deletion of Your Data

To request deletion of your personal data, or to exercise any other right listed above, email [email protected] with: (1) your name and the email address or account associated with your data; (2) a description of your request (e.g. "delete my data," "access my data"); and (3) if applicable, whether your request relates to data connected to a Meta, Google, or Shopify account we manage.

What happens next

  • We will confirm receipt of your request within 5 business days.
  • We will verify your identity before processing sensitive requests, to prevent unauthorized deletion or disclosure.
  • We will complete the request — including deleting relevant data from our internal systems and, where applicable, revoking or deleting data accessed through connected Meta, Google Ads, or Shopify accounts — within 30 days of confirming your identity, or notify you if an extension is required (up to a further 60 days for complex requests, as permitted under the GDPR).
  • Where data is processed on behalf of a client (Section 5), we will forward your request to the relevant client where required and assist them in fulfilling it, since the client is the controller of that data.
  • Some data may be retained beyond deletion where required by law (e.g. financial records) or to defend legal claims; we will inform you if this applies.

11.3 Deletion of Data via Connected Platforms (Meta Platform Requirement)

Where Advermint has accessed data through a client's connected Meta (Facebook/Instagram) account via our Meta Marketing API application, and a valid deletion request is received (from the client, an end user, or via Meta's data deletion callback mechanism), we will:

  • Delete or de-identify the corresponding data from our systems and backups within 30 days.
  • Cease further processing of that data other than as necessary to complete the deletion or comply with law.
  • Confirm completion of the deletion request to the requester upon completion.

12. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encrypted connections (HTTPS/TLS) for our website and data transfers.
  • Access controls limiting data access to personnel who need it to perform their role.
  • Use of reputable, security-vetted third-party platforms (Meta, Google, Shopify, hosting, and email providers).
  • Regular review of access permissions to connected advertising and analytics accounts.
  • Secure storage of credentials and API tokens, with revocation procedures upon end of engagement.

No system is completely secure; if we become aware of a data breach affecting your personal data, we will notify affected individuals and Datatilsynet as required under the GDPR.

13. Children's Data

Our services are directed at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that we have inadvertently collected such data, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. The "Last updated" date at the top of this policy indicates when it was last revised. Material changes will be communicated via our website or, where appropriate, by direct notice.

15. Contact Us

For questions about this Privacy Policy, to exercise your rights, or to request data deletion:

  • Advermint
  • C/O Abdulrahman Alturkmani, Asser Rigs Vej 8, st. tv, 5000 Odense C
  • CVR: 43665499
  • Email: [email protected]

You may also lodge a complaint with Datatilsynet (the Danish Data Protection Agency) at datatilsynet.dk.