Privacy Policy

Introduction

This privacy policy ("policy") explains how we process your personal data, incl. what we use it for and how we store and protect it. Furthermore, the policy explains the rights that you have when we process your personal data.

Who are we

We are Openli ApS, part of the Cerivo group of companies. Cerivo ApS is overall responsible for the processing of your personal data together with Openli ApS. When we say "we", "us", or "our" in this policy, we mean Cerivo ApS and its group companies, including:

  • Cerivo ApS, Nannasgade 28, 2200 Copenhagen N, Denmark (CVR: 45706133)
  • ComplyCloud ApS, Nannasgade 28, 2200 Copenhagen N, Denmark (CVR: 35813764)
  • Wired Relations ApS, Nannasgade 28, 2200 Copenhagen N, Denmark (CVR: 38970585)
  • RISMA Systems A/S, Nannasgade 28, 2200 Copenhagen N, Denmark (CVR: 32769713)
  • Openli ApS, Nannasgade 28, 2200 Copenhagen N, Denmark (CVR: 39587408)

For questions about this policy or to exercise your data subject rights, you may contact us at: Email: privacy@cerivo.com, Phone: +45 70606052

By mail: Cerivo ApS / Openli ApS, Nannasgade 28, 2200 Copenhagen N, Denmark

Links to other websites etc.

On our website, in our emails and on our social-media profiles, we may have links to other companies, apps or websites (“other websites”) that aren’t ours. This policy doesn’t cover how those other websites process your data. We encourage you to read the privacy notices on the other websites you visit.

Why, what and for how long we process your data

We process your personal data for these purposes:

Deliver our service & products

We process your data to deliver our services & products, contact you concerning our platform, carry out demos, workshops, and other services that can be ordered through the website. We also process your data to ensure that you can log into your account (as Customer or Vendor), send you notifications, register and identify you as a customer/vendor/user, process your payment, enable account and product features, and save the actions you take when you use our product and website, respond to your questions and provide you with service and support, including sending service related messages and product updates to you.

Here is the data we process:

  • Your contact details such as name, email, title and telephone/mobile number.
  • The company you work for, incl. their domain, address and country.
  • Purchase history.
  • Your request, e.g. sign-up and use of our product, when you accepted our terms & conditions, when you signed up, when you requested a demo, when you contacted us for support etc.
  • If you email us, we will collect the content of your message.
  • Payment information, e.g. your credit or debit card details and billing address.
  • Login details and verification.
  • What choices you made when you set up your account, when you became a customer or free user, your user role, when you are logging into our product.
  • Other interactions you have with us and our service, e.g customer support, account and product setup, user interviews, UX research, customer feedback etc.
  • Information about how you use our product and what services you and your company are subscribing to.
  • Communication data: recordings or transcripts of online meetings (where consent is given).

We don’t process any sensitive data.

We process your data on these legal bases:

  • Your consent (GDPR Article 6.1.a).
  • To perform our contract with you (GDPR Article 6.1.b).
  • Comply with our legal obligations (GDPR Article 6.1.c), incl. the Danish Marketing Practices Act, the Danish Bookkeeping Act etc.
  • To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).
  • For the establishment, exercise or defence of legal claims, where necessary (GDPR Article 9.2.f).

We will keep these data for as long as they are necessary for the purposes for which they are being processed. As a general rule, data will be kept for as long as you use our product or services or have an account with us plus 5 years following the conclusion of your account / relationship with us. Special circumstances or legal requirements may entail that such periods may be shorter or longer, including for the purpose of complying with legal requirements for the erasure or keeping of data.

If you are employed by one of the customers or vendors, we will keep your data as long as we have a business relationship with that customer/vendor.

From where we collect your personal data:  

  • Directly from you
  • Online sources, e.g. social media that are publicly available (LinkedIn)
  • Public authorities
  • Banks, incl. Stripe
  • If you have a Vendor account, we may receive your contact details from our customers who have added your company as a supplier to their Openli account.

Marketing

We process your data for marketing-related purposes, incl. sending you newsletters, doing demos and webinars, tailoring our communication with you to accommodate your areas of interests and focus and sending you relevant product and service promotion and offers.

Here is the data we process:

  • Your contact details such as name, email, title and telephone/mobile number
  • The company you work for, incl. their domain, address and country
  • Purchase history, interest areas and use of our digital services
  • What newsletters you signed up for, when you asked to receive email marketing, when you asked to receive a demo
  • When you gave consent
  • Which events you have participated in, signed up for etc.  
  • Social media information: data received via LinkedIn, Instagram, or Facebook pages.

We don’t process any sensitive data.

We process your personal data on these legal bases:

  • Your consent (GDPR Article 6.1.a).
  • Comply with our legal obligations (GDPR Article 6.1.c), incl. the Danish Marketing Practises Act.
  • To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).
  • For the establishment, exercise or defence of legal claims, where necessary (GDPR Article 9.2.f).

We keep your data for as long as you are subscribing to our newsletters, email marketing etc. If you ask us to unsubscribe you, we will keep your data for two years after your request so we can show that we have honoured your request and to make sure that you aren’t receiving the material.

We keep your information for up to two years after our most recent contact with you.

If we have collected publicly accessible information about you for the purpose of being able to carry out marketing activities, we will keep such data for as long as the relevant activity is ongoing and for two years after that.

Regarding events, seminars, courses etc. we’ll keep your personal data as long as they are necessary for the purposes of the course, the event or seminar in question and for evaluating them.

From where we collect your personal data:  

  • Directly from you
  • Online sources, e.g. social media that are publicly available (LinkedIn)

Openli Community

If you are a member of Openli Community (the “Community”), we process your data to run the Community activities, incl. sending you newsletters, and information about events e.g. webinars, feedback sessions, in person meet-ups, roundtables, workshops, etc. We also process your data when you sign up to become a Community member, and/or a Community contributor or if you wish to sign up for a Community event, mentoring program, or other Community activities.

Here is the data we process:

  • Your contact details such as name, email, title, seniority level, management experience, and the city where you are based;
  • The company you work for, incl. their domain, address and country;
  • When you apply to join the Community, we ask if you are IAPP certified to keep you informed about our IAPP approved events and to help you to claim your IAPP points;
  • As part of the application process to join the Community, we might also ask you to select which topics you are interested in. This is to help us to organise events and create content that is relevant to our Community members.  
  • Your login details - including here: name, email address - and verification; e.g. when you activate your account and/or log in to the Community Portal and accept the Openli Community Terms of Use;
  • If you sign up to become a Community contributor, we may also process your professional background description, LinkedIn profile link, and a profile photo;
  • Which events you have participated in, signed up for etc;
  • We might log the questions asked in the Community Slack Channel.

We don’t process any sensitive data.

We process your personal data on these legal bases:

  • To perform our contract with you (GDPR Article 6.1.b).
  • To pursue legitimate business interests of our own related to running the Openli Community and offer the relevant community related activities and events to you as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).
  • Comply with our legal obligations (GDPR Article 6.1.c), incl. the Danish Marketing Practises Act.
  • For the establishment, exercise or defence of legal claims, where necessary (GDPR Article 9.2.f).

We keep your data for as long as you are a member of theCommunity or/and a Community contributor. If you ask us to remove your membership, we will keep your data for 2 years after your request so we can show that we have honoured your request and to make sure that you aren’t receiving the materials from the Community.

We keep your information for up to 2 years  after our most recent contact with you.

Regarding events, seminars, courses, workshops, roundtables, etc. we’ll keep your personal data as long as they are necessary for the purposes of the event, seminar, course, workshop, roundtables in question and for evaluating them.

From where we collect your personal data:  

  • Directly from you

Improve, optimise or modify the experience on our website, online service and apps

We process your data to improve and optimise the experience on our website, the services and in the product etc. We use the data to operate our services, enhance and protect the security and ensure their secure, reliable, and robust performance, to improve the content we show you, determine what content is most helpful and the usability of our website, apps and online services.

You can read about the cookies we use on our website here.

Here is the data we process:

  • When you visit our website, our servers may automatically log the standard data provided by your web browser. It includes your computer’s Internet Protocol (IP) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
  • Cookie information: We use cookies and similar technologies to collect additional website usage data and to operate our services.
  • We receive information when you interact with our services, e.g. when you visit our websites, when you sign into your account, or when you interact with email subscriptions. This includes information such as your IP address, browser type, browser language, operating system, the referring web page, pages visited, location, device information, and cookie information.

We process your data on these legal bases:

  • Your consent (GDPR Article 6.1.a).
  • Comply with our legal obligations (GDPR Article 6.1.c), incl. the Danish Marketing Practices Act and the ePrivacy Directive.
  • To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).
  • For the establishment, exercise or defence of legal claims, where necessary (GDPR Article 9.2.f).

We keep this data for up to 2 years and cookie information is kept in accordance with the cookie policy.

From where we collect your personal data:  

  • Directly from you
  • Online sources, e.g. social media that are publicly available (LinkedIn)
  • From the use of the cookies which you were presented with in visiting our website
  • From your computer or device automatically as you use our services — such as information about the device and browser you're using to access your account, or your usage information, such as your interaction with our product or emails.

Business and product development

We process your data to do data analysis, audits, developing new products and services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.

Here is the data we process:

  • Your contact details such as name, email, title and telephone/mobile number
  • The company you work for, incl. their domain, address and country
  • How you are using our products and services
  • Purchase history, interest areas and use of our digital services.

We process your data on these legal bases:

  • To perform our contract with you (GDPR Article 6.1.b).
  • To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).

From where we collect your personal data:  

  • Directly from you
  • Online sources, e.g. social media that are publicly available
  • From your computer or device automatically as you use our services — such as information about the device and browser you're using to access your account, or your usage information, such as your interaction with our product or emails.

We will retain data processed for this purpose for:

  • For as long as you have an account with us plus up to 3 years from when you are no longer using our services.

Statistics

We process your data to compile statistics for the use of our website and apps.

Here is the data we process:

  • When you visit our website or apps, our servers may automatically log the standard data provided by your web browser. It includes your computer’s Internet Protocol (IP) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
  • Cookie information: We use cookies and similar technologies to collect additional website usage data and to operate our services.
  • We receive information when you interact with our services, e.g. when you visit our websites, when you sign into your account, or when you interact with email subscriptions. This includes information such as your IP address, browser type, browser language, operating system, the referring web page, pages visited, location, device information, and cookie information.

We process your data on these legal bases:

  • Your consent (GDPR Article 6.1.a).
  • Comply with our legal obligations (GDPR Article 6.1.c), incl. the ePrivacy Directive.
  • To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).

From where we collect your personal data:  

  • Directly from you
  • Online sources, e.g. social media that are publicly available (LinkedIn)
  • The use of cookies as described when you visited our website (of course depending on your acceptance of the different cookie categories)
  • From your computer or device automatically as you use our services — such as information about the device and browser you're using to access your account, or your usage information, such as your interaction with our product or emails.

We will retain your data up to 3 years from when you visited our website and/or used our services & products.

Comply with obligations

Data is processed to comply with legal obligations and requirements, requests from public and governmental authorities, relevant industry standards and our internal policies, and protect our operations and our rights.  

Here is the data we process:

  • Your contact details such as name, email, title and telephone/mobile number
  • The company you work for, incl. their domain, address and country
  • Information required to comply with public and governmental authorities
  • Purchase history and use of our digital services.
  • Compliance and legal information: documentation related to accounting, audits, and regulatory requirements.

The data retention period will be based on statutory requirements.

We process your data on these legal bases:

  • Comply with our legal obligations (GDPR Article 6.1.c).

Additional information

We do not sell or rent your data to marketers or third parties.

Some of these grounds for processing your data overlap, so there may be several bases which can justify us processing your data.

We may also use your data in other ways but we will inform you about these purposes when we collect your data.

If you would like more information about our legal basis for processing your data, feel free to contact us (see our details in the beginning of the policy).

Please note that special circumstances or legal requirements may mean that such periods may be shorter or longer, depending on the purpose of complying with legal requirements for the erasure or keeping of information.

Keeping your data safe

We use reasonable organisational, technical and administrative measures to protect your data within our company.

The Internet is not a 100% secure environment and that means we cannot guarantee the security of the data you transmit to us. Emails sent via the Internet might not be encrypted, so we advise you not to include any confidential or sensitive information in your emails to us.

To learn more about our current practises and policies regarding security, here’s a link to more information: https://openli.com/legal/data-privacy-and-security-practices

Third parties and processors

We use companies (processors) to help us deliver our services to you, e.g. to provide the hosting environment for our product, send out newsletters, to help us run our website, manage our payment etc.

When we use a processor we make sure that there is a legal agreement in place regarding how they will be handling data on our behalf. We’ll also make sure that they have appropriate security measures in place and if they are located outside the EU, we’ll of course make sure that there is a legal agreement in place allowing us to give them access to the data (see more below).

We share your personal data with:

  • Suppliers and vendors that we work with to assist our company (meaning service providers, technical support, supply services, and financial institutions)
  • Group entities within the Cerivo group, including Cerivo ApS, ComplyCloud ApS, Wired Relations ApS and RISMA Systems A/S.
  • Public authorities

Here are some of the suppliers we use:

  • Hubspot as our CRM and marketing system
  • Zendesk as our support tool
  • TwentyThree for webinars
  • Mailchimp to send out emails to our customers
  • Postmark for sending out transactional emails
  • Stripe for payment service
  • Metabase for website and app analytics
  • Amazon Web Services to host a few of our services with AWS. Data is stored within the European Union.
  • Salesforce’s Heroku’s PaaS infrastructure for most parts of our services. Data is stored within the European Union.

See more here: https://openli.com/legal/sub-data-processors/

Read our cookie policy regarding the suppliers we use for those services.

In the event that we are involved in a bankruptcy, merger, acquisition, reorganisation, your information may be transferred as part of that transaction. This policy will continue to apply to your information also after the information has been transferred to the new entity.

Transfer to countries outside the EU/EEA

In some cases, we’ll transfer your data to the countries outside the EU/EEA.

Where a transfer of personal data occurs between Openli and a data processor located outside of the EU/EEA, the transfer of personal data will include one of the following appropriate safeguards, as applicable:

  • The EU - U.S. Data Privacy Framework.
  • The adoption by the parties of the EU model clauses resulting from the EU Commission implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
  • Any other appropriate safeguards recognized by the GDPR such as an adequacy decision, an approved code of conduct or an appropriate certification mechanism.
  • You may obtain a copy of the contract/agreement by contacting us at privacy@cerivo.com.

Your rights

You have these rights:

  1. Your right of access and rectification - You have the right to ask us for copies of your personal data or ask us to rectify information you think is inaccurate. There are some exemptions, which means you may not always receive all the information we process but as a main rule you can always contact us and ask for your information.
  2. Your right to erasure - You can ask us to erase your personal information in certain circumstances.
  3. Your right to withdraw your consent: If processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdraw your consent. You may withdraw your consent by sending an email to privacy@cerivo.com.
  4. Your right to restriction of processing and object to processing - You have the right to ask us to restrict the processing of your information and a similar right to object to processing.
  5. Your right to data portability: You have the right to receive your personal information in a structured, commonly used and machine-readable format (data portability).
  6. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data about you for such marketing.

We will make sure to answer your request without undue delay and in any event within one month of receiving your request.  It can be that the period will be extended by two further months if your request is very complex.

There may be conditions or limitations on these rights. It is therefore not certain e.g. you have the right of data portability in a specific case - this depends on the specific circumstances of the processing activity. You are always welcome to contact us and ask. The same goes for some of the other rights.

Complaints

You can always lodge a complaint with a European data protection authority, for example the Danish Data Protection Agency.

Website: https://www.datatilsynet.dk

Address: Carl Jacobsens Vej 35, 2500 Valby, Tlf. 33 19 32 00, dt@datatilsynet.dk

Assistance and additional information

You can take steps to exercise your rights by using the contact details above. If you have questions about the policy, feel free to contact us by using the contact details in this policy.

How to unsubscribe to email marketing material?

If you’ve subscribed to our newsletters or asked to receive marketing material from us, you can always unsubscribe. In all these emails we include an unsubscribe link and you can always click the link and easily unsubscribe.

You can also unsubscribe by sending us an email to privacy@cerivo.com.

Children and our services

Our services and website aren’t directed to children, and you can’t use our services if you are under the age of 18.

Changes to the policy

Sometimes we need to make changes to this policy to reflect our current practises. We will take reasonable steps to let you know about changes via our website.

If you are a registered user, we will notify you via email if significant changes are being made to the policy using the email address you gave us when you signed up.

If you continue to use our Websites, Platforms or Services after the notification, we will regard this as your acceptance of our privacy practices.

The policy was last updated on April 1st, 2026.

Our product
Processing your data
Service agreements