Skip to content
Close
SEARCH
CONTACT
PHONE HOTLINE: +4570276279E-MAIL: info@peakbiotech.com
Contact
PHONE HOTLINE: +4570276279E-MAIL: info@peakbiotech.com
Contact

Privacy Policy

TABLE OF CONTENTS
loading...

Privacy Policy

Peak Biotech A/S

Last updated: May 2026

1. Introduction

At Peak Biotech A/S, we are committed to protecting the personal data we process and to complying with the General Data Protection Regulation (GDPR) and applicable Danish data protection legislation. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have in relation to your data.

This policy applies to our website (www.peakbiotech.com), our business relationships with customers, suppliers and partners, our recruitment activities, and our social media presence.

2. Data Controller

The data controller responsible for your personal data is:

Company: Peak Biotech A/S

CVR: 28892152

Address: Bøgeskovvej 18A, 3490 Kvistgård, Denmark

Phone: +45 70 276 279

Email: info@peakbiotech.com

Website: www.peakbiotech.com

Our designated data protection contact is:

Name: Kim Vind

Email: kim.vind@peakbiotech.com

Phone: +45 61 335 340

Peak Biotech A/S has not appointed a formal Data Protection Officer (DPO), as we are not required to do so under Article 37 of the GDPR.

3. Personal Data We Process

Because Peak Biotech A/S is a business-to-business (B2B) company, most of the personal data we process relates to contact persons at our customer, supplier and partner companies — not to private individuals. Below we describe the different categories of data we process and the purpose of each.

3.1 Business Contacts (Customers, Suppliers and Partners)

When we engage with customers, suppliers and business partners, we collect professional contact information for the individuals who represent those organisations. This includes:

  • Name and job title
  • Work email address
  • Work telephone number
  • HubSpot, Inc. – CRM platform used for storing and managing customer and prospect contact data, and for marketing communication. HubSpot processes data under a data processing agreement and operates within the EU/EEA or with appropriate safeguards.
  • Microsoft Corporation (Microsoft 365) – Cloud-based productivity and storage platform used for email, documents and data storage. Data is processed under the EU Standard Contractual Clauses (EU Model Clauses), which ensure GDPR-compliant data transfer.
  • Google LLC (Google Tag Manager and Google Analytics 4) – GTM is used to manage tracking scripts on our website; GA4 is used to analyse website traffic and visitor behaviour. Data may be transferred outside the EU/EEA under EU Standard Contractual Clauses. IP anonymisation is enabled. Google acts as a data processor for GA4 data collected through our website.
  • Danløn – Payroll processing system for employee salary administration.
  • Team Plus – External accounting provider for internal financial administration.
  • E-boks – Secure digital document distribution service.
  • SKAT (the Danish Tax Authority) – Public authority to which we are required by law to report certain employee and payroll data.
  • Pension and insurance providers – For the administration of mandatory employee benefit schemes.
  • Nordania Leasing – For the administration of company vehicle leasing agreements.
  • Right of access – You have the right to request a copy of the personal data we hold about you.
  • Right to rectification – You have the right to request that we correct inaccurate or incomplete data.
  • Right to erasure – In certain circumstances, you have the right to request that we delete your personal data.
  • Right to restriction of processing – You have the right to request that we restrict how we use your data in certain circumstances.
  • Right to data portability – Where processing is based on consent or a contract, you have the right to receive your data in a structured, commonly used and machine-readable format.
  • Right to object – Where processing is based on our legitimate interests, you have the right to object. We will cease processing unless we have compelling legitimate grounds that override your interests.
  • Right to withdraw consent – Where processing is based on your consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Password protection on all company devices; device passwords for data controllers are rotated on a quarterly basis.
  • Restricted access to sensitive data folders, limited to authorised personnel only.
  • Encryption of personal data in transit and at rest within our cloud systems.
  • Secure cloud storage via Microsoft 365, which operates under EU Standard Contractual Clauses.
  • Email correspondences containing sensitive data are stored in password-protected secure folders or deleted by the data controller.
  • Physical documents containing personal data are kept locked when not in use and destroyed securely when no longer needed.
  • Essential cookies – Necessary for the website to function and to manage your cookie consent preferences. These cannot be disabled.
  • Analytical cookies – Help us understand how visitors interact with our site. We use Google Analytics 4 (GA4), deployed via Google Tag Manager, to collect data such as pages visited, time on site, geographic region and device type. GA4 data is anonymised at IP level. These cookies are only placed with your consent.
  • Marketing and social media cookies – Used to track engagement from social media platforms and measure the effectiveness of our outreach. These cookies are only placed with your consent.

We collect this information in order to communicate, manage our business relationships, fulfil contracts, send relevant product and service information, and process orders and invoices. This data is stored in our CRM system (HubSpot) and in Microsoft 365.

The legal basis for this processing is our legitimate interest (Article 6(1)(f) GDPR) in maintaining effective business relationships, and where applicable, the performance of a contract (Article 6(1)(b) GDPR).

We retain contact data for the duration of the business relationship and for up to three years after the last interaction, unless a longer retention period is required by law or for the establishment, exercise or defence of legal claims.

3.2 Website Visitors

When you visit our website at www.peakbiotech.com, we may collect data about your visit through cookies and similar tracking technologies. This may include your IP address, browser type, pages visited, time spent on the site, and the source of your visit.

We use Google Tag Manager (GTM) to manage and deploy tracking scripts on our website, and Google Analytics 4 (GA4) to analyse visitor behaviour and website performance. GA4 collects data such as pages viewed, session duration, geographic location (at country/region level), device type and referral source. This data is processed by Google LLC and may be transferred to servers outside the EU/EEA. We have enabled IP anonymisation and rely on EU Standard Contractual Clauses as the transfer mechanism.

If you submit a contact form on our website, we will collect the information you provide, such as your name, email address, company name and message.

The legal basis for essential cookies is our legitimate interest in operating and securing our website. For analytical cookies (including GA4) and marketing cookies, we rely on your consent (Article 6(1)(a) GDPR), which you can manage through our cookie consent tool. For contact form submissions, the legal basis is the performance of pre-contractual measures or our legitimate interest in responding to business enquiries.

Please see Section 7 (Cookies) for further details.

3.3 Job Applicants

When you apply for a position at Peak Biotech A/S, we process the personal data you provide in your application, including your name, contact details, work history, qualifications and other information included in your CV or cover letter.

The legal basis for this processing is our legitimate interest in evaluating candidates and recruiting for our business (Article 6(1)(f) GDPR).

We retain application data for up to 12 months after the close of the recruitment process. If we wish to retain your application for future opportunities, we will ask for your explicit consent.

3.4 Employees

For our employees, we process a range of personal data necessary for administering the employment relationship. This includes identification data, employment contract details, salary and payroll information, sick leave records, pension and insurance details, and emergency contact information.

The legal basis for employee data processing is the performance of the employment contract (Article 6(1)(b) GDPR), compliance with legal obligations (Article 6(1)(c) GDPR) — such as tax reporting and payroll administration — and where relevant, explicit consent.

We retain employee data for up to 10 years after the end of employment, unless a longer retention period is required by law or to defend legal claims.

3.5 Social Media

We maintain a presence on professional social media platforms, in particular LinkedIn. If you interact with our profile — for example by following our page, commenting on a post, or sending us a message — we may process your name and the content of your interaction.

This processing takes place on the social media platform’s own infrastructure and is also subject to the platform’s own privacy policy. The legal basis for our processing is our legitimate interest in communicating about our business and products (Article 6(1)(f) GDPR).

4. Data Processors and Third Parties

We use a number of trusted third-party service providers who process personal data on our behalf as data processors. We have data processing agreements in place with all processors to ensure your data is handled securely and in accordance with GDPR.

Our main data processors and recipients include:

We do not sell your personal data to third parties. We do not transfer personal data outside the EU/EEA unless appropriate safeguards are in place (such as EU Standard Contractual Clauses).

5. Your Rights

Under the GDPR, you have the following rights in relation to the personal data we hold about you:

To exercise any of these rights, please contact us at:

Email: kim.vind@peakbiotech.com

Post: Peak Biotech A/S, Bøgeskovvej 18A, 3490 Kvistgård, Denmark

We will respond to your request within 30 days. In complex cases, we may extend this period by a further two months, in which case we will notify you.

You also have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet) if you believe we are processing your personal data in breach of the GDPR:

Datatilsynet: Carl Jacobsens Vej 35, 2500 Valby, Denmark

Phone: +45 33 19 32 00

Email: dt@datatilsynet.dk

Website: www.datatilsynet.dk

6. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration or disclosure. These measures include:

7. Cookies

Our website uses cookies and similar tracking technologies. Cookies are small text files placed on your device when you visit a website. They help us operate the site, understand how visitors use it, and in some cases deliver relevant content.

We use the following categories of cookies:

When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or decline non-essential cookies. You can change your preferences at any time through the cookie settings on our website, or by adjusting your browser settings.

Please note that disabling certain cookies may affect the functionality of the website.

8. Data Breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, Peak Biotech A/S will notify the Danish Data Protection Authority (Datatilsynet) without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, unless an exemption applies under Article 34(3) GDPR.

9. Photos and Media

Peak Biotech A/S may use situational photographs in which employees or customers appear (for example on our website or social media) without requiring prior consent where the individual is not the primary subject of the image. If you wish to have a photograph removed in which you appear, please contact us at kim.vind@peakbiotech.com and we will remove it promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing activities or applicable law. The most current version will always be available on our website. The date at the top of this policy indicates when it was last updated.

We encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact:

Peak Biotech A/S

Attn: Kim Vind

Address: Bøgeskovvej 18A, 3490 Kvistgård, Denmark

Email: kim.vind@peakbiotech.com

Phone: +45 61 335 340