Get in touch
Home > Privacy Policy

Privacy policy

Agillic website

This privacy policy describes how Agillic A/S processes data obtained via its website. The privacy policy related to the Agillic platform follows below.

Agillic will only process personal data in accordance with this privacy policy and applicable law including the General Data Protection Regulation (hereinafter the “GDPR”).

Data collection, purposes, and legal basis for processing

If a user consents, Agillic places cookies on the user’s browser for these purposes:

  • Cookies for web analytics: The purpose of Agillic’s processing is to perform web analytics and identify which pages are being used. This helps improve the website and services in order to tailor it to the user’s needs. The legal basis for the processing of the collected data is the user’s consent in accordance with Article 6(1)(a) of the Data Protection Regulation. The consent can be withdrawn at any time.
  • Cookies for advertising: The purpose of Agillic’s processing is to target the user’s browser with advertising from Agillic when using other websites or services. The legal basis for the processing of the collected data is the user’s consent in accordance with Article 6(1)(a) of the Data Protection Regulation. The consent can be withdrawn at any time.
  • Newsletter: If a user signs up and receive Agillic’s newsletters, Agillic collects information about the user’s name, email address and potentially mobile number. Agillic register if a user opens the newsletters, what content is clicked on, and what type of device is used. The purpose is to deliver newsletters to the user with commercial content that suits the user’s interest. The legal basis for the processing of the collected data is the user’s consent in accordance with Article 6(1)(a) of the Data Protection Regulation. The consent can be withdrawn at any time.
  • Contact forms: If a user signs up via our forms, Agillic may collect personal data about the user’s name, email address, phone number, and other submitted information. The purpose of processing is to send the user the information or sign the user up for an event. The legal basis for the processing of the collected data is the user’s consent in accordance with Article 6(1)(a) of the Data Protection Regulation. The consent can be withdrawn at any time.
  • Answer bots and help search functions: If a user enters information into an answer bot and/or help search function, this information is collected and processed by Zendesk. The purpose of the processing is to provide the user with the information requested. The legal basis for the processing of the collected data is the user’s consent in accordance with Article 6(1)(a) of the Data Protection Regulation. The consent can be withdrawn at any time.
 

Disclosure of your personal data

Personal data collected through the website will be disclosed to those sub-processors a user has consented to in the cookie information displayed via a popup, when users enter the site or by clicking the icon in the lower left corner of the website. Consents may be withdrawn at any time by deleting your cookies.

Data retention

Personal data about the use of Agillic’s website, cf. section 2.1, will be deleted at the latest, when a user has not used the website for one (1) year.

Personal data collected when a user signed up for Agillic’s newsletters will be deleted when the consent to receive newsletters is withdrawn. However, Agillic retain documentation of the user’s consent two years after withdrawal in accordance with The Danish Statute of Limitations.

Users can opt out of further email communication from Agillic at any time just by clicking the ‘unsubscribe’ link.

Users can change their information preferences. Click the ‘manage subscription’ link at the foot of the email in question and go straight to your personal data overview to submit changes.

Agillic does, however, reserve the right to retain users’ personal data for an extended period if deemed necessary to establish, exercise or defend a legal claim or to meet a legal obligation.

 

The Agillic platform

Under the GDPR, for the purposes of the Agillic platform, Agillic A/S acts as the data processor, while the clients (the organisations using the platform to communicate with their customers) acts as the data controller. 

Introduction and scope

This privacy policy applies specifically to the processing of personal data within the Agillic marketing automation platform. It covers the data of the client’s end-users (the “recipients”) and the client’s authorised employees who use the platform (“Users”).

This policy is governed by the Agillic Terms & Conditions (T&Cs), the Data Processing Agreement (DPA), and the Service Level Agreement (SLA) available under Agillic’s business terms.

Data categories and processing activities

The platform is designed to store and process various types of data as instructed by the client:

  • Person data: Identifiable information about recipients (e.g., name, email, phone number, member ID).
  • One-to-many data: Relational data such as purchase history, loyalty points, or behavioural tracking.
  • Activity sata: Tracking of interactions such as email opens, clicks, SMS deliveries, and app push notifications.
  • User Data: Credentials and log activities of the client’s employees (users) for security and auditing purposes.
 

Purpose of processing

Agillic processes data on behalf of clients for the following purposes:

  • Executing personalised marketing campaigns across multiple channels (email, SMS, App Push, etc.).
  • Data modeling and segmentation to target specific recipient groups.
  • Providing analytics and reporting on campaign performance.
  • Ensuring the security, integrity, and availability of the platform.

 

Legal Basis

Agillic processes recipient data solely on the documented instructions of the client (the controller). The client is responsible for ensuring a valid legal basis (e.g. consent) for such processing.

 

Data security and privacy by design

Agillic employs “Privacy by Design” principles to protect data:

  • Hosting: All data is hosted at high-security data centers located within the European Union (EU), conforming to ISO 27001 standards.
  • Encryption: Data is encrypted both in transit (TLS/SSL) and at rest.
  • Access control: Access is granted based on the “Principle of Least Privilege.” 
  • Anonymisation: The platform offers a “Privacy Protection” feature allowing clients to choose between full monitoring, anonymous reporting, or disabled tracking for recipients.
  • Audits: Agillic undergoes annual independent ISAE 3000 Type II audits to verify GDPR compliance and security controls.

 

Sub-processors

Agillic engages a limited number of sub-processors to provide infrastructure and specialised services. Agillic ensures that sub-processors are bound by the same data protection obligations as set out in the DPA.

Clients are notified at least thirty (30) days in advance of any changes to sub-processors.

Agillic’s sub-processors are:

  • Code4Nord, Romania, reg. no. RO33361133, for code development.
  • GlobalConnect, Denmark, reg. no. 26759722, for network and hosting.
  • SAC-IT, Denmark, reg. no. 28892977, for hosting.
  • Unit IT, Denmark, reg. no. 44298937, for hosting and backup.
  • Optional: Amazon Web Services, Ireland, reg. no. B186284, for hosting.
  • Optional: Arrigoo ApS, Denmark, reg. no. 44660350, for CDP.
  • Optional: LINK Mobility, Norway, reg. no. 984066910, for mobile gateway.
  • Optional: Viatel Sweden, reg. no. 556601-6571, for mobile gateway.

 

Data subject rights (recipient rights)

The platform includes native tools to help clients fulfil recipient requests under GDPR:

  • Right of access/portability: “GDPR Export” tools allow clients to export all data related to a specific recipient into a machine-readable format.
  • Right to be forgotten: Deleting a recipient instantly removes them from the production system. Agillic uses a proprietary method to ensure that if a backup is restored, previously deleted recipients are automatically re-deleted.
  • Right to correction: Clients can update Recipient data directly via the UI or API.
  • Right to object/restrict: Permission fields allow for immediate opt-outs and suppression of processing.

 

Data retention and deletion

  • Production data: Data is retained for the duration of the client agreement. Upon termination, Agillic will delete or return the data at the client’s choice.
  • Backups: Daily backups are stored for thirty (30) days off-premise at multiple sites for disaster recovery purposes.
  • Audit logs: System logs and security data are retained according to Agillic’s internal security policies to ensure accountability.

 

International data transfers

Agillic only uses EU-based processing. Should any data be transferred outside the EEA by a sub-processor, Agillic ensures that appropriate safeguards (such as Standard Contractual Clauses) are in place to provide an equivalent level of protection.

 

Google API disclosure

The platform uses the Agillic Google Ads Connector to retrieve data from clients’ Google Ads accounts (https://www.googleapis.com/auth/adwords) to provide reporting and automation within the Agillic platform. Our use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Google Ads API data will not be used for any purpose other than providing or improving the features of the Agillic platform. Agillic does not allow humans to read user data unless specifically required for security or support with the user’s consent. Google Ads data is stored on Agillic’s servers until deleted by clients or at the end of the contract.

 

Meta API disclosure and data deletion

The Agillic platform integrates with Meta APIs (Facebook and Instagram) to provide reporting and marketing automation. We process Platform Data in accordance with the Meta Platform Terms and Developer Policies.

 

How to delete your data: If you wish to remove Agillic’s access to your Meta data or request the deletion of data processed via the Meta APIs, you can do so through the following methods:

  • Via the Agillic Platform: Navigate to the “Integrations” or “Connectors” menu, locate the Meta/Facebook connector, and select “Disconnect” or “Remove.” This will stop further data collection and initiate the deletion of associated Meta platform data from our production systems.
  • Via Facebook Settings: You can remove our app’s access directly through your Facebook account under Settings & Privacy > Settings > Apps and Websites.
  • Manual request: You may also submit a formal data deletion request by emailing privacy@agillic.com. We will process your request and delete all associated Meta data within 30 days, unless a longer retention period is required by law.

 

Contact information

Agillic A/S, Masnedøgade 22, 2100 Copenhagen, Denmark, privacy@agillic.com

Get in touch

Ready to explore how Agillic can make your personalisation perform? Fill out the form below to connect with Sales or book a personalised demo.