Privacy Policy

Last updated: February 15, 2026

This privacy policy describes how MNGroup (“we”, “us”) processes personal data when you visit our website, contact us, use our services or use our apps.

1) Data Controller and Contact

Data Controller: MNGroup
Address: 7430 Ikast, Denmark
Email: mail@mngroup.dk
Phone: +45 30 88 10 10

2) What Personal Data We Process

A. When you visit our website

We may process:

  • IP address, device and browser information
  • Browsing patterns (e.g. pages visited, time on page)
  • Cookies/online identifiers (if you accept cookies)

B. When you contact us (email, form, phone, meetings)

We may process:

  • Name, email, phone
  • Company/role (if relevant)
  • Content of your inquiry and our correspondence

C. When we deliver app development services to clients (B2B)

Depending on the project, we may process:

  • Contact person data (name, email, phone)
  • Project data and communication
  • Access credentials/tokens for client systems (if shared with us)

Note: In some projects we act as a data processor on behalf of the client (the client is the data controller). See section 11.

D. When you use our apps

Depending on the app’s features, we may process:

  • Account information (e.g. email, username)
  • Usage data (e.g. features used, time, interactions)
  • Device data (e.g. model, OS version, language, app version)
  • Crash logs and performance data
  • Location data (only if the app uses it, and you grant permission)
  • Push token (if you enable push notifications)

We strive to minimize data processing and only collect what is necessary.

3) Purposes and Legal Basis (GDPR)

We process personal data for the following purposes:

  • To provide and improve the Services (e.g. operation, debugging, security)
    Legal basis: legitimate interest (GDPR Art. 6(1)(f)) and/or performance of a contract (Art. 6(1)(b))
  • To respond to inquiries and customer support
    Legal basis: legitimate interest (Art. 6(1)(f)) and/or performance of a contract (Art. 6(1)(b))
  • Sales, quotes and client administration
    Legal basis: legitimate interest (Art. 6(1)(f)) and/or performance of a contract (Art. 6(1)(b))
  • Invoicing and accounting
    Legal basis: legal obligation (Art. 6(1)(c)) and/or contract (Art. 6(1)(b))
  • Marketing (newsletters, campaigns)
    Legal basis: consent (Art. 6(1)(a)) or legitimate interest (Art. 6(1)(f)) depending on channel and local legislation
  • Cookies and tracking on website
    Legal basis: consent (Art. 6(1)(a)) for non-essential cookies

If we process special categories of data (e.g. health data), we will inform you separately and ensure the appropriate legal basis.

4) Cookies

We use necessary cookies to make the website function. In addition, we may (if you accept) use statistical and/or marketing cookies.

You can change or withdraw your consent at any time via our cookie settings.

5) Sharing of Information (Recipients)

We may share personal data with:

  • Hosting and cloud providers (operation of website, systems, databases)
  • Communication tools (email, support/chat)
  • Analytics and crash reporting (e.g. app performance and errors)
  • Payment providers (only if relevant)
  • Professional advisors (accountant, lawyer) as needed
  • Authorities if we are legally obligated

We do not sell your personal data.

6) Data Processors and Data Processing Agreements

When we use vendors that process personal data on our behalf, we enter into data processing agreements where required, and impose requirements for security and confidentiality.

7) Transfers to Countries Outside the EU/EEA

If we transfer personal data outside the EU/EEA, we ensure a valid transfer mechanism, such as:

  • EU Commission Standard Contractual Clauses (SCC), and/or
  • Transfer to countries with an adequacy decision

You can contact us for more information about transfers and safeguards.

8) Retention (Deletion Periods)

We only retain personal data as long as necessary:

  • Inquiries: typically up to 24 months after conclusion
  • Client relationships/projects: during the contract period and thereafter as needed (e.g. claims/liability)
  • Accounting material: retained in accordance with legal requirements (typically 5 years)
  • Log files/security: typically 30–180 days unless longer is necessary for incident handling
  • App crash/performance data: typically 3–24 months depending on purpose

Specific retention periods may vary depending on legal requirements and purpose.

9) Security

We implement appropriate technical and organizational security measures, including access control, encryption where relevant, logging and internal procedures.

No systems are 100% secure, but we do our best to protect data.

10) Your Rights

You have (with certain exceptions) rights under the GDPR:

  • Access to your personal data
  • Rectification of inaccurate data
  • Erasure (“the right to be forgotten”)
  • Restriction of processing
  • Data portability (in relevant cases)
  • Objection to processing based on legitimate interest
  • Withdrawal of consent (if processing is based on consent)

Contact us at mail@mngroup.dk to exercise your rights.

Complaints

You can file a complaint with your national data protection authority. In Denmark: Datatilsynet (Danish Data Protection Agency).

11) When We Develop Apps for Clients (Data Processor vs. Data Controller)

When we develop or operate an app for a client, it is often the client who determines the purposes and means of processing. In such cases, the client is the data controller and we are the data processor.

In those cases:

  • We only process personal data according to the client’s documented instructions
  • We enter into a data processing agreement (DPA)
  • We assist the client with security, sub-processors, deletion and handling of requests (as agreed)

If you are an end user of a client’s app, please read the client’s privacy policy to understand how your data is used.

12) Children’s Privacy

Our Services are not directed at children under 16 years of age, and we do not knowingly collect personal data from children. If you believe a child has provided us with information, please contact us and we will delete it.

13) Changes to the Privacy Policy

We may update this privacy policy from time to time. The latest version will always be available on our website, and we indicate the “last updated” date at the top.