Privacy policy

Scope

This policy applies to personal data processed by Cava in the context of: Visitors to our website (cava.as), Customers who engage our services, Participants in qualitative research and testing studies.

Data we collect

• Website visitors: We collect the minimal necessary information automatically when you use our website, including: IP address, Device type, operating system, browser, Basic cookies, including those provided by WordPress and plugins.
• Customers: We collect basic information to manage our business relationship: Name, Company, CVR, Email address, Phone number, Other identifiers needed for account creation or communications.
• Participants in studies: We collect only what is necessary for the particular study or payment processing, such as: First name, Age, Email address, Survey responses, Optional: photography, video, audio recordings, Additional demographic or cultural information if relevant to specific studies.

How data is collected

• Data is collected via: Website forms (customer signup/contact, participant registration), Automated site tracking using WordPress and plugins, Standard cookie-based session data.

Purposes of data processing

• Customers: Personal data is processed to: Communicate about services, Manage the business relationship, Fulfill contractual and legal requirements.
• Study Participants: Personal data is processed to: Communicate about studies and payments, Conduct, analyze, and enrich qualitative studies and insights, Fulfill contractual and legal requirements.
• All processing is based on your consent, as documented during signup, participation, or contract acceptance.

Data sharing

• We do not share data with third parties except: Names, demographic data, and study answers from participants may be shared with the specific customer commissioning that study.
• No data is transferred, processed, or stored outside the EU.

Data subject rights

• You have the right to: Access, correct, delete, or request export of your personal data (unless that data is already transferred to the client, which is outside our control), Withdraw consent at any time, Lodge complaints with the Danish Data Protection Authority.
• To exercise your rights, email info@cava.as.

Data storage and retention

• Personal data is stored securely in cloud systems located in the EU. Data is retained only for as long as necessary to fulfill the purpose for which it was collected, in accordance with Danish legal requirements and applicable guidelines.

Security measures

Cava implements technical and organizational measures including: Encryption of data in transit and at rest, Access controls limiting data exposure to only those with a business need, Secure cloud storage providers approved for EU data residency, Regular review of access permissions. While we aim to protect your data, no system is 100% secure. Any breach will be managed according to applicable law.

Children’s privacy

Cava does not knowingly collect personal data from children under 16. If it is found that such data has been collected, it will be deleted in accordance with legal requirements.

Cookies and tracking

We use only standard tracking and cookies supplied by WordPress and its plugins. No advertising cookies or third-party marketing trackers are employed. No user profiling takes place.

Marketing communications

Cava does not send marketing communications.

Account creation

Customers are not required to create an account to view reports; this feature is optional. Participants do not need an account, but must provide an email address to receive study payments.

Contact

If you have any questions about this policy or your personal data, please email info@cava.as.