Skip to main content

Privacy Policy

How we collect, process and protect personal data in accordance with the General Data Protection Regulation (GDPR).

Last updated: 7 July 2026 · contact@justparity.com

1. Data controller and data processor

Just Parity ApS is the data controller for the processing of personal data relating to visitors to justparity.com, contact persons at our customers, and platform users (HR staff and managers).

For the pay and HR data that customers upload to the platform, Just Parity ApS acts as a data processor. In these cases, the data controller is the customer's organisation, and requests concerning employee data should be directed there.

Just Parity ApS

Company reg. no. (CVR): 46363906

Vesterbrogade 208, DK-1800 Frederiksberg C, Denmark

Email: contact@justparity.com

Data Protection Officer (DPO): Just Parity ApS has not currently appointed a DPO, as the scope of our processing does not presently trigger the obligation under Article 37 GDPR. Questions concerning data protection should be directed to contact@justparity.com.

2. Purposes of processing

We process personal data for the following purposes:

  • delivery of the JustParity compliance platform
  • customer support and communication
  • invoicing and accounting
  • operation, maintenance and improvement of the service
  • marketing (only with consent)
  • compliance with legal requirements
  • sending proposals in B2B relationships, including measuring whether the recipient has opened the email (read receipt via a 1x1 pixel image)

3. Categories of personal data

We process the following categories of personal data:

  • Contact details: name, email, phone number, company, job title
  • Usage data: log data, IP address, browser information, device information
  • Customer data (as data processor): pay and HR data uploaded to the platform by customers

Pay data and special categories. Pay data is processed as ordinary personal data (Article 6). However, the processing may include data falling within the special categories (Article 9):

  • gender, processed for pay gap analysis pursuant to EU Directive 2023/970 (Article 9(2)(b))
  • trade union membership, which may appear indirectly in imported payroll datasets (Article 9(2)(b))

Danish civil registration numbers (CPR numbers) may be received transiently from connected payroll systems (e.g. Intect) and used solely to technically derive gender for the pay gap analysis (last digit). The CPR number is not stored in JustParity's database (only gender and date of birth are stored). The data controller is responsible for the legal basis for the transfer.

These data are stored in separate tables with additional safeguards and strict access control.

5. Recipients of personal data

We may share personal data with:

Sub-processors:

Sub-processorProcessingLocationTransfer basis
Supabase Inc.Database, hosting, authenticationEU (Frankfurt)SCCs
Netlify Inc.Web hosting and CDNEU CDNEU-US DPF and SCCs
Google Ireland LimitedTransactional emailsEU/USEU-US DPF and SCCs
Slack Technologies (Salesforce Inc.)Internal notifications on user creationEUEU-US DPF and SCCs
Functional Software (Sentry)Error monitoring (browser)EU/USEU region, otherwise EU-US DPF and SCCs
Redis provider (e.g. Upstash)Rate limiting (IP addresses)EUEU region, otherwise SCCs

Public authorities: where required by law.

Transfers to third countries outside the EU/EEA only take place where appropriate safeguards are in place, typically the EU Standard Contractual Clauses (SCCs) pursuant to Article 46(2)(c) GDPR. Where a sub-processor's parent company has potential access from the United States, SCCs have been entered into.

Consent-based marketing tools: Google Analytics and Google Ads (statistics and ad measurement) are used only with your consent and are not sub-processors of the platform's personal data. Data may be transferred to the USA on the basis of the EU-US Data Privacy Framework and standard contractual clauses (SCCs).

6. Retention periods

We retain personal data for as long as necessary for the purposes for which it was collected:

  • Customer data in the platform: deleted no later than 30 days after termination of the agreement
  • Contact details: 3 years after the end of the customer relationship, corresponding to the limitation period for contractual claims (Section 3 of the Danish Limitation Act)
  • Accounting data: 5 years (Section 12 of the Danish Bookkeeping Act)
  • Proposals and proposal audit data: 5 years pursuant to Section 10 of the Danish Bookkeeping Act. Pseudonymised after this period (PII fields are replaced with a hash; the identifier and event timestamp are retained for audit purposes).
  • Marketing data: until consent is withdrawn
  • Log data: 90 days
  • Read receipts on B2B proposals: time of opening, IP address and browser type are stored together with the proposal (5 years) pursuant to the Danish Bookkeeping Act and pseudonymised thereafter

7. Data subject rights

As a data subject, you have the following rights under Chapter III of the GDPR:

  • right of access (Article 15)
  • right to rectification (Article 16)
  • right to erasure, "the right to be forgotten" (Article 17)
  • right to restriction of processing (Article 18)
  • right to notification regarding rectification or erasure (Article 19)
  • right to data portability (Article 20)
  • right to object (Article 21)
  • right not to be subject to automated decision-making (Article 22)

For data in respect of which JustParity is a data processor (employee data uploaded to the platform), requests must be directed to the data controller, i.e. the organisation that uploaded the data. For other data (contact details, user data), rights may be exercised by contacting contact@justparity.com. We respond to requests within 30 days.

8. Security (Article 32)

We have implemented appropriate technical and organisational measures to protect personal data, including:

  • encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • role-based access control (RBAC) and multi-factor authentication
  • logging and monitoring of access to personal data
  • ongoing vulnerability scanning and security updates
  • backup, recovery and incident response procedures
  • confidentiality undertakings and periodic security training for staff

Detailed security measures are set out in our data processing agreement (/data-processing-agreement).

9. Complaints

Complaints about the processing of personal data may be lodged with the Danish Data Protection Agency (Datatilsynet):

Datatilsynet

Carl Jacobsens Vej 35, DK-2500 Valby, Denmark

Telephone: +45 33 19 32 00

Email: dt@datatilsynet.dk

Web: datatilsynet.dk

10. Changes

We reserve the right to update this privacy policy. In the event of material changes, data subjects will be informed by email or upon logging in to the platform. The latest version is always available on this page.

Questions about this privacy policy?

Contact us if you have any questions about how we process personal data.