Back to overview

Privacy Policy for DigiOps

This Privacy Policy explains what personal data we collect, why we collect it, how we handle it, and how we protect, store, export, and delete it. It applies to all users of the DigiOps platform — a digital service designed to support operational management, standardization, and compliance documentation.

1 Data Controller

The data controller for the processing described in this policy is:

ChangeForce ApS

Pytgade 11, 6400 Sønderborg, Denmark

CVR: 42229830

Email: contact@digiops.eu

If your organization has its own DigiOps account, your organization is the data controller for the personal data entered into the platform. DigiOps acts as data processor on their behalf, as described in our Data Processing Agreement.

2 What Personal Data Do We Process?

Personal data refers to any information that can be used to identify an individual. The types of data DigiOps processes may include:

  • Account data: name, email address, phone number, job title, and role within the organization
  • Usage data: login timestamps, IP address, browser type, actions performed within the platform
  • Content data: standard operating procedures, compliance documents, uploaded files, and messages sent to support
  • AI-feature input: if you use AI-assisted features (such as text refinement), the specific text you submit to that feature, which may include names, roles, or other content you choose to include
  • Billing data: company name, address, VAT number, invoices, and payment details

We do not intentionally process sensitive personal data (GDPR Article 9) and will never ask you to provide such information. If sensitive data is entered into the platform by a user or their organization, the responsibility lies with the data controller.

3 How Do We Collect Personal Data?

We collect personal data through the following channels:

  • Directly from you: when you create an account, use the platform, contact support, or subscribe to communications
  • From your organization: when an administrator creates or manages your user account
  • Automatically: through cookies and similar technologies when you visit our website or use the platform

See our Cookie Policy for details on cookies and tracking technologies.

4 Why Do We Process Personal Data?

We process your data for the following purposes:

  • Deliver, maintain, and operate the DigiOps platform
  • Create and manage user accounts and access permissions
  • Handle subscriptions, invoicing, and customer support
  • Provide AI-assisted features such as text refinement, on your explicit request
  • Send service announcements, updates, and requested information
  • Improve, analyze, and develop our services using anonymized or aggregated data
  • Monitor and respond to security incidents
  • Send marketing communications, where you have given explicit consent

5 Legal Grounds for Processing

We process your data based on the following legal grounds under GDPR Article 6(1):

  • Performance of contract (Art. 6(1)(b)): to fulfill our agreement when you or your organization use our services
  • Consent (Art. 6(1)(a)): for marketing emails, newsletters, and non-essential cookies
  • Legitimate interests (Art. 6(1)(f)): for customer support, platform security, fraud prevention, and service improvement
  • Legal obligation (Art. 6(1)(c)): for bookkeeping, tax records, and regulatory compliance

6 Sharing of Data

We may share your data with the following categories of recipients:

  • Sub-processors: trusted service providers who help us deliver the platform (hosting, analytics, AI-assisted text processing). See the sub-processor list in our Data Processing Agreement, Appendix B
  • Group companies: other entities within the DigiOps group, if applicable, under the same data protection obligations
  • Authorities: public authorities upon valid legal request or court order

All sub-processors are bound by data processing agreements that meet GDPR requirements. We do not sell personal data to third parties.

7 International Transfers

All platform data is stored and processed within the EU. Our hosting partner AzeHosting operates at Hetzner data centers in Falkenstein, Germany. Hetzner is ISO/IEC 27001 certified.

When you use AI-assisted features, the text you submit is sent to OpenAI, L.L.C. (United States) for the sole purpose of generating a response. The transfer takes place under the EU-US Data Privacy Framework. AI-assisted features can be disabled for your organization in the company settings.

If any other transfer outside the EU/EEA is ever necessary, it will only take place with adequate safeguards in accordance with GDPR Chapter V, such as Standard Contractual Clauses (SCC) or an adequacy decision by the European Commission.

8 Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Account data: retained for the duration of the service agreement, plus a reasonable period for data export after termination
  • Platform content: deleted within a reasonable timeframe after termination, unless the user requests earlier deletion
  • Billing data: retained as required by applicable bookkeeping and tax legislation
  • Usage logs: retained for a limited period for security and troubleshooting purposes
  • AI-feature input: text submitted to AI features is retained by the AI sub-processor for up to 30 days for abuse monitoring, then deleted. It is not used to train AI models. DigiOps does not store AI input or output beyond what is saved back into your platform content on your action

After the retention period, data is either permanently deleted or anonymized so that it can no longer be linked to an individual.

9 Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15): obtain confirmation of whether your data is being processed and receive a copy
  • Right to rectification (Art. 16): have inaccurate data corrected
  • Right to erasure (Art. 17): request deletion of your data when it is no longer necessary
  • Right to restriction (Art. 18): limit processing in certain circumstances
  • Right to data portability (Art. 20): receive your data in a structured, machine-readable format
  • Right to object (Art. 21): object to processing based on legitimate interests
  • Right to withdraw consent (Art. 7): withdraw consent at any time without affecting prior processing

To exercise any of these rights, contact us at contact@digiops.eu. We will respond within 30 days.

If you believe your data protection rights have been violated, you have the right to file a complaint with the Danish Data Protection Agency (Datatilsynet), www.datatilsynet.dk.

10 Cookies and Marketing Preferences

We use cookies and similar technologies to operate the platform, analyze usage, and provide relevant content. You can manage your cookie preferences at any time through our Cookie Policy.

Marketing emails are only sent with your explicit consent and include an unsubscribe link in every message.

11 Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

12 Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

ChangeForce ApS

Pytgade 11, 6400 Sønderborg, Denmark

CVR: 42229830

Email: contact@digiops.eu