Skip to main content

GDPR Compliance

How Justparity complies with the General Data Protection Regulation (GDPR) in connection with pay transparency compliance.

Last updated: 7 July 2026 · contact@justparity.com

1. How we comply with the GDPR

The GDPR is the foundation of how we process personal data. Justparity is built with privacy by design, and we follow the principles of the Regulation in everything from architecture to day-to-day operations.

Privacy by design. Data protection is built in from the start. Our architecture is designed to minimise risk and protect personal data.

Data minimisation. We only collect the data necessary to deliver the service. Nothing more, nothing less.

Purpose limitation. Data is used only for the purposes for which it was collected. We never sell data to third parties.

Right to erasure. Data subjects have the right to have their personal data erased. We have processes in place to handle this efficiently.

Data portability. Data subjects can obtain a copy of their data in a structured, machine-readable format. Export is available directly in the platform.

Access control. Strict role-based access ensures that only authorised individuals can view personal data.

2. What data do we process?

Below is an overview of the types of personal data we process in connection with pay transparency compliance.

User data

  • Name and email of system users
  • Role and permissions in the system
  • Login history and activity log

Legal basis: Performance of a contract (Article 6(1)(b)).

Employee data

  • Name and employee number
  • Job title, department, manager
  • Date of employment

Legal basis: Legal obligation (Article 6(1)(c)) for compliance with EU Directive 2023/970 and the Danish Equal Pay Act.

Pay data and special categories

Pay data is processed as ordinary personal data (Article 6). However, the processing may include data falling within the special categories (Article 9):

  • Gender (for pay gap analysis)
  • Trade union membership (may appear indirectly in payroll datasets)

Legal basis for Article 9 data: Article 9(2)(b), cf. Sections 7(2) and 12 of the Danish Data Protection Act.

Danish civil registration numbers (CPR numbers) are not processed as Article 9 data. CPR numbers may be received transiently from payroll systems and used solely to derive gender; the CPR number is not stored.

Gender and date of birth are stored in separate tables with additional safeguards. CPR numbers are not stored, but may be received transiently to derive gender.

3. Data subject rights

We respect and facilitate all rights under the GDPR. Requests are handled within 30 days, in accordance with Article 12.

  • Right of access (Article 15). Data subjects may request a copy of their personal data.
  • Right to rectification (Article 16). Data subjects may have inaccurate personal data corrected.
  • Right to erasure (Article 17). Data subjects may request the deletion of their data, unless legal requirements prevent this.
  • Right to data portability (Article 20). Data subjects may receive their data in a machine-readable format.
  • Right to restriction (Article 18). Data subjects may request the restriction of processing in certain situations.
  • Right to object (Article 21). Data subjects may object to processing based on legitimate interest.
  • Right to withdraw consent. Where processing is based on consent, it may be withdrawn at any time.

5. Contact regarding the GDPR

Do you have questions about how we process personal data, or would you like to exercise your rights? Fill in the form below.

Just Parity ApS

Company reg. no. (CVR): 46363906

Vesterbrogade 208, DK-1800 Frederiksberg C, Denmark

Email: contact@justparity.com

Contact us

We will handle your request within 30 days, in accordance with Article 12 GDPR.