Prices

All prices provided by Dansk Audit Institut are stated in Danish kroner (DKK) or in another currency converted to Danish kroner and include applicable VAT and duties. Dansk Audit Institut reserves the right to change prices without prior notice.

Payment

Payment is made via bank transfer in accordance with the concluded agreement.

Delivery

Delivery of services takes place in accordance with the agreement.

Right of Complaint

A 2-year right of complaint is provided in accordance with the Danish Sale of Goods Act. The right of complaint covers defects in the delivered material or services. The right of complaint does not cover errors caused by the customer’s own circumstances, including misuse or lack of prerequisites for the use of the material. Complaints must be submitted within a reasonable time after the defect has been discovered.

Refunds

In the event of an agreed refund, the customer must provide bank details (registration and account number) so the amount can be transferred. This information may be submitted by e-mail or in electronic form, as long as it does not contain sensitive personal data. The information will only be used to complete the refund.

Right of Withdrawal

Dansk Audit Institut provides services exclusively to business customers (B2B). The rules on the right of withdrawal under the Danish Consumer Contracts Act therefore do not apply. Any cancellation or change of an agreement must be confirmed in writing.

ISSUANCE AND USE OF CERTIFICATES

Certification Basis

Dansk Audit Institut issues certificates as an accredited certification body under DANAK (the Danish Accreditation Fund) in accordance with international requirements, including ISO/IEC 17021-1. Certificates are issued following an independent certification decision, based on completed audits and documented compliance with the relevant standard (e.g., ISO/IEC 27001). A certificate is a declaration that the organization’s management system, at the time of the decision, meets the requirements. However, it does not constitute a guarantee against errors or future incidents.

Validity and Conditions

A certificate is valid for the period stated in the document, provided that the organization carries out follow-up and surveillance audits, addresses any deviations in due time, and fulfills payment obligations. Significant changes in processes, structure, or ownership must be reported immediately, as this may require an additional audit.

Ownership and Use

Certificates and any associated marks remain the property of Dansk Audit Institut. The organization has a time-limited right to use them during the period of validity and only in relation to the certified scope. Certificates must not be used in a way that creates the impression of product certification, regulatory approval, or any guarantee.

Detailed rules for the use of certificates and certification marks, including examples of correct and incorrect use, are provided in Annex 2 of the contract.

Suspension, Restriction and Withdrawal

Dansk Audit Institut may suspend, restrict, or withdraw a certificate in cases of non-compliance with requirements, missing audits, non-payment, or misuse of the certificate. In such cases, the organization must immediately cease using the certificate and related marks.

Complaints and Appeals

Organizations may submit complaints about the audit process or appeal a certification decision in accordance with Dansk Audit Institut’s applicable procedure. Complaints and appeals are handled independently and in accordance with international requirements.

Privacy Policy

We have established this privacy policy to explain how we collect, process, and store your personal data.

Data Controller

Dansk Audit Institut Aps

Roskildevej 333

2610 Rødovre

Denmark

Phone: +45 535 27000

Email:  contact@danskauditinstitut.com

Contact: Claus Thomsen / Partner & CISO

We respect your privacy and your rights to the protection of your personal information. We are committed to processing your data lawfully, fairly, and transparently — no matter where or why we have received your information.

Personal data refers to any information that can identify an individual. This typically includes first and last name, address, email address, telephone number, and other contact information — whether personal or professional.

We process your personal data to deliver the services you request from us — whether through our website or at physical locations. We also collect data for marketing purposes unless otherwise specified. We only collect the general personal datanecessary for the purpose of our services.

• When you use our website’s contact form, we collect your contact details including name, phone number, and email address. We also use cookies on our website. If you do not enter into further engagement with us, your data will generally be retained for 2 years from the last contact.

• When you become a client and purchase our advisory services, we may require additional information. In such cases, you will receive a separate privacy notice. If no further engagement is established afterward, we typically retain your data for 5 years from the end of the client relationship.

• When you contact us directly in other contexts, your contact details will be processed in our telephone and/or IT systems.
• If no further engagement is made, we may retain the data for up to 5 years, depending on the nature of the contact.

We will never collect sensitive personal data without your explicit consent.

You may request insight into the data we hold about you at any time by contacting us.

We share your personal data with partners only when necessary for the performance of our services.

Når du besøger danskauditinstitut.com indsamler vi personoplysninger via Cookies. Formålet med at behandle oplysninger om dig i cookies er at tilbyde en relevant og optimal hjemmeside.

Cookies may contain data such as your name, contact details, IP address, visit time, the pages you visit, and your time spent on the site.

You choose which types of cookies you wish to consent to — however, necessary cookies are always set, as the site cannot function without them. You may review and change your cookie preferences at any time, or block cookies in your browser. You can manage your consents and learn more in the Privacy section at the bottom of the website.

Det retlige grundlag er derfor dit samtykke, jf. art. 6 (1) (a), dog for nødvendige cookies interesseafvejningsreglen i art. 6 (1) (f), da disse oplysninger behandles med henblik på, at kunne tilbyde dig en hjemmeside, som fungerer optimalt.

Hvis du giver samtykke til cookies til brug for markedsføring, samtykker du samtidig i, at vi må anvende forskellige medie-plugins (f.eks. LinkedIn og Facebook, google og Zoho). Dansk Audit Institut og udbyderen af de respektive medie plugin er dermed fælles dataansvarlige for behandlingen af dine oplysninger i relation til det sociale medie og dataindsamling.

We only disclose your data when relevant for delivering the service or product you’ve requested.

Additionally, we may share your data with public authorities where required by law.

We do not share your data for marketing purposes without your explicit consent. You may opt out of marketing communication from us or our partners at any time by contacting us.

When other data controllers are involved in processing your information, please note that they may have different privacy practices and policies from ours.

Data Processors / Sub-processors

We engage a number of data processors and sub-processors to handle personal data on our behalf. These third parties are carefully selected and operate under data processing and sub-processing agreements with us, in accordance with the EU General Data Protection Regulation (GDPR) 2018 and the Danish Data Protection Act.

Transfer of Data to Third Countries.
If you accept cookies beyond the necessary ones — such as those from Facebook, Google, and Zoho — you also accept the respective companies’ privacy policies. This means your data may, in some cases, be transferred to a third country.

We safeguard your personal data through technical and organisational measures. These measures protect your data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

Your Rights

Under the GDPR, you have a number of rights in relation to how we process your personal data. If you wish to exercise any of these rights, please contact us.

• Right of access
  You have the right to access the personal data we process about you, along with supplementary information.
• Right to rectification
  You have the right to have inaccurate or incomplete data about yourself corrected.
• Right to erasure ("right to be forgotten")
  In certain circumstances, you have the right to have your data deleted before our standard retention period expires.
• Right to restriction of processing
  In specific cases, you have the right to restrict the processing of your personal data. If processing is restricted, we may still store your data, but further processing may only take place with your consent or for the establishment, exercise or defence of legal claims, or to protect the rights of another person or important public interests.
• Right to object
  You have the right to object to our lawful processing of your personal data in certain cases. This includes the right to object to processing for direct marketing purposes.
• Right to data portability
  In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have it transmitted to another data controller without hindrance.

You can learn more about your rights in the Danish Data Protection Agency’s guide on data subjects’ rights, available at: www.datatilsynet.dk.

If you wish to exercise your rights, please contact:

Email: gdpr@danskauditinstitut.com

Contact: Claus Thomsen / Partner & CISO

You have the right to complain to the Danish Protection Agency, if you are dissatisfied with the way we process your personal data. You can find their contact information at www.datatilsynet.dk.

Safety Breach

If you discover a security breach , we will do our utmost to handle your report in accordance with the guidelines below.

We kindly ask that you familiarise yourself with the following instructions and adhere to the relevant parts if you are reporting a breach.

When Should You Contact Us?

• You should notify us if you believe a security breach has occurred that could lead to misuse of information that appears to be confidential by nature. For example, if you are able to view information about individuals that you should not be able to access.
• In general, we would like to hear about unauthorised access to personal data or sensitive business information, such as:
  • If you have received or accessed personal data of other individuals.
  • If it is possible to change access rights or otherwise access another user’s account or data.
  • If you have discovered vulnerabilities in software or potential exploits that could be used to access otherwise restricted data.

What Information Do We Need?

• Please provide as detailed a description as possible of the issue or error you have encountered.
• Your report should ideally include:
  • How you became aware of the issue
  • A description of the error/security flaw as you perceive it
  • Where the issue/security flaw occurred
  • Screenshots (if possible) of the issue or error
• Your contact details
  • We respect your right to anonymity within the bounds of applicable legislation, but we encourage you to share your contact details. This helps us respond to your inquiry and follow up if clarification is needed.

What Are You Not Allowed to Do?

• You may not exploit the error or breach you have discovered to access data.
  • If you have unintentionally accessed data that does not concern you, do not explore the breach further or attempt to access additional data.
• Once we receive your report, we will act promptly depending on the scope and severity of the breach. We ask that you do not worsen the situation by sharing information about the breach publicly (e.g. in the media or on social media) while we are handling it.
  • Some security breaches could be exploited by others, and it is essential that we are given the chance to resolve the issue before it becomes widely known. This is to minimise harm — especially to individuals who may be affected.
• If you choose to disseminate any data that has unintentionally become accessible due to the breach, we may be forced to treat your actions as complicity in hacking, and legal action may be taken, including reporting the incident to law enforcement.

Where Should You Report the Breach?

• Please send your report to: gdpr@danskauditinstitut.com
• We kindly ask that you notify us as quickly as possible and without undue delay, so we have the opportunity to address the issue immediately.

What Not to Report

• We do not require reports of standard software errors that do not involve unauthorised access to personal data.

What Happens After You Report the Breach?

• We take your report seriously and will begin processing it as soon as we receive it.
• You will receive an acknowledgement of receipt within 1–2 business days, confirming that we have received your message.
• Within 2 weeks, you will receive a response outlining what action has been taken based on your report. This response will also indicate whether you should expect further communication or whether the matter is considered closed.
• In some cases, we may be legally obligated to report the breach to the Danish Data Protection Agency or other authorities. This responsibility lies with the data controller or data processor, not with you as the reporting individual. Once you inform us of the breach, we will take any necessary steps, including notification to the relevant supervisory authorities.

Cookies

We use cookies to enhance your user experience. You can change your consent and cookie preferences at any time by clicking the box in the lower right-hand corner of the screen.

We use the following types of cookies: