Last updated: July 2026
This Privacy Policy describes how VikarStyrken.dk ApS ("VikarStyrken", "we", "us") collects, processes, and protects your personal data when you use our mobile application (the "App").
Data Controller
VikarStyrken.dk ApS, CVR 41886102, Lautruphoj 5, 2750 Ballerup, Denmark, is the data controller responsible for your personal data. Contact: info@vikarstyrken.dk.
Data We Process
- Temp workers: Full name, email, phone number, address, CPR number, industry, experience, student/full-time status, and shift application history.
- Companies: Company name, CVR number, address, industry, contact person name, contact email, contact phone, and created shift data.
- Admin/Owner users: Full name, email, and role.
- Usage data: Device type, app version, and authentication logs necessary for security and operation.
CPR Number (Sensitive Data)
Your CPR number is classified as sensitive personal data under GDPR Article 9. It is encrypted at rest using industry-standard encryption (pgcrypto PGP symmetric encryption) and is only accessible to authorized admin/owner users. CPR data is never exposed to other users, companies, or the public.
Legal Basis
- Contract performance (Art. 6(1)(b)): Creating and managing your account, shift applications, and assignments.
- Legal obligation (Art. 6(1)(c)): Tax and employment record requirements under Danish law.
- Legitimate interest (Art. 6(1)(f)): Platform security, fraud prevention, and service improvement.
- Explicit consent (Art. 9(2)(a)): Processing of CPR numbers, which you provide during profile creation.
Sub-Processors
We use the following third-party providers to operate the platform. Each is bound by data processing agreements:
- Supabase (Supabase Inc.) - Hosting, database, and authentication. Data is stored in the EU region.
- Maileroo - Transactional email delivery (account confirmation, notifications).
- GatewayAPI - SMS delivery for critical shift notifications and reminders.
Data Retention
Your data is retained for as long as your account is active. You may delete your account at any time from within the App (More > Delete Account), which permanently removes your account and associated data. Database backups are retained for 14 days after deletion.
Security Measures
- TLS encryption for all data in transit.
- Row-Level Security (RLS) policies enforce role-based data access.
- CPR numbers are encrypted at rest and restricted to admin access.
- No service role keys or secrets are included in the mobile app.
- Database backups with 14-day retention.
Your Rights Under GDPR
- Right of access: Request a copy of your personal data.
- Right to rectification: Correct inaccurate or incomplete data.
- Right to erasure: Delete your account and all associated data.
- Right to data portability: Receive your data in a machine-readable format.
- Right to object: Object to processing based on legitimate interests.
- Right to withdraw consent: Withdraw consent for CPR processing at any time.
To exercise any of these rights, contact info@vikarstyrken.dk.
International Transfers
Your data is stored and processed within the European Union. Our sub-processors operate under GDPR-compliant agreements including Standard Contractual Clauses where applicable.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the App or email. Continued use after changes constitutes acceptance.
Contact
For privacy questions or requests: info@vikarstyrken.dk