Legal · Privacy

Privacy policy

How Lai Solutions ApS collects, processes and protects personal data. This notice covers visitors to this website, prospects who contact us, and individuals at our client and partner organisations.

Last updated: 29 April 2026 · Version 1.0 · Language: English (Danish version on request)

1. Data controller

The data controller for personal data processed in connection with this website and our services is:

Lai Solutions ApS
2500 Valby
CVR: Loading
Email: bastian@laisolutions.dk
Phone: +45 31 12 34 56

Privacy questions go to bastian@laisolutions.dk or the address above.

2. What we collect and why

2.1 Website visitors

By default this website does not set tracking cookies and does not run third-party analytics. The only data automatically collected is what is required to deliver the page (HTTP request logs at the hosting layer, retained for 30 days for security and abuse prevention). Legal basis: legitimate interest (GDPR Art. 6(1)(f)) in operating a secure service.

2.2 The "Take the AI test" form

When you complete the diagnostic test, we collect the answers you provide, plus your name, work email, company and (optionally) phone. Purpose: to send you the requested AI plan and follow up about a potential engagement. Legal basis: pre-contractual measures at your request (GDPR Art. 6(1)(b)) and your consent for ongoing marketing communications (Art. 6(1)(a) — withdrawable at any time).

Retention: 24 months from last interaction. Stored in our CRM (see §6). You can request deletion at any time.

2.3 Email and direct enquiries

Emails sent to us, calendar bookings, and information shared in calls are stored as long as needed to handle the conversation and any resulting engagement, plus the bookkeeping retention period required by Danish law (5 years from the end of the financial year, per Bogføringsloven).

2.4 Client engagements

When you become a client, the personal data we process on your behalf (e.g. prospect lists, employee data in internal tools) is governed by a Data Processing Agreement signed with you, where we act as your data processor. This privacy notice does not cover that processing.

The personal data of your employees who are our day-to-day contacts (names, work emails, work phone, role) is processed by us as a controller under contract (Art. 6(1)(b)) for the purpose of delivering the engagement.

3. Sub-processors and third parties

We share personal data with the following categories of sub-processors. The full list of named sub-processors with versions and locations is provided to clients on request.

  • Hosting and CDN — Cloudflare Pages. Region: EU.
  • Email and calendar — Google Workspace. Region: EU/US.
  • CRM and outreach automation — HubSpot CRM.
  • LLM API providers (when used in delivery) — OpenAI, Anthropic. Default: customer data is not used to train these providers' models, per their API terms.
  • Bookkeeping and invoicing — Dinero.

4. International transfers

Some sub-processors are based outside the EU/EEA (primarily the US). Transfers are safeguarded via:

  • The EU–US Data Privacy Framework (where the recipient is certified)
  • Standard Contractual Clauses (2021/914) plus supplementary measures where required

You can request a copy of the relevant transfer mechanism for any specific sub-processor by emailing bastian@laisolutions.dk.

5. Cookies and similar technologies

This site currently uses only strictly necessary technical state (no analytics cookies, no marketing pixels, no tracking). When that changes — for example if we add Plausible Analytics or a LinkedIn Insight Tag — a cookie consent banner will be added and this section updated.

6. Your rights

Under GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion (right to erasure)
  • Restrict processing
  • Receive your data in a portable format
  • Object to processing based on legitimate interest, including direct marketing
  • Withdraw consent at any time (where consent is the legal basis)
  • Lodge a complaint with the supervisory authority

To exercise any of these, email bastian@laisolutions.dk. We respond within 30 days (extendable by 60 days for complex requests, with notice).

The Danish supervisory authority is Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, datatilsynet.dk.

7. Security

We use technical and organisational measures appropriate to the risk, including encryption in transit (TLS 1.2+), encryption at rest where applicable, access control, logging, and regular review.

8. Automated decision-making

The "Take the AI test" produces a recommendation based on your answers. This is not a decision with legal or similarly significant effects on you (it's a marketing-tier recommendation), and it does not constitute automated decision-making under GDPR Art. 22. Human review takes place before any subsequent commercial proposal.

9. Children

This is a B2B service. We do not knowingly collect data from anyone under 18.

10. Changes to this policy

Material changes will be communicated by email to active clients and posted on this page with an updated "last updated" date. The current version is always the one shown here.

11. Contact

Privacy questions, requests, complaints: bastian@laisolutions.dk

General contact: bastian@laisolutions.dk