Privacy Policy

AG Web Studios
Effective date: 11 February 2026
Version: 4.0

This Privacy Policy explains how AG Web Studios processes personal data when you visit our website, contact us, or submit a career inquiry. The policy is written to comply with the EU General Data Protection Regulation (GDPR) and applicable Danish data protection law.

1. Data Controller

AG Web Studios is the data controller responsible for the processing of personal data described in this policy.

• Company: AG Web Studios
• CVR: 45281043
• Address: Kreibergsgade 35, 4800 Nykøbing F, Denmark
• Email: contact@agweb.studio

2. Categories of Personal Data

We process the following categories of personal data:

2.1 Data you provide directly

Contact inquiries

• Name
• Organization or company name
• Email address
• Budget (if provided)
• Message content
• Consent acknowledgement
• Anti-spam metadata

Career inquiries

• Name
• Email address
• Area of expertise or specialty
• Portfolio or reference links
• Summary or message content
• Consent acknowledgement
• Anti-spam metadata

2.2 Technical and usage data

• IP-derived request metadata used for security, abuse prevention, and rate limiting
• Browser and device metadata required to deliver the website securely

2.3 Analytics data (optional)

When you give explicit consent, we process:

• Page views
• Web-vitals and performance events

Analytics is disabled by default and only activated after opt-in.

3. Purposes and Legal Bases

We process personal data for the following purposes and legal bases under GDPR Article 6:

• Responding to contact or career inquiries: Art. 6(1)(b) pre-contractual steps and Art. 6(1)(f) legitimate interest
• Business communication and follow-up: Art. 6(1)(f) legitimate interest
• Website security and abuse prevention: Art. 6(1)(f) legitimate interest
• Analytics and performance measurement: Art. 6(1)(a) consent
• Compliance with legal obligations: Art. 6(1)(c)

Legitimate interest assessments have been conducted to ensure these interests do not override your fundamental rights and freedoms.

4. Consent Management

Non-essential processing is based on your consent.

• Consent is requested via an explicit banner or settings interface
• You may grant, refuse, or withdraw consent at any time
• Withdrawing consent does not affect processing carried out before withdrawal
• Consent preferences are stored locally in your browser.
• Some embedded third-party media (for example maps) may require a separate per-visit activation before loading.

5. Recipients and Data Processors

We may share personal data with the following categories of processors, strictly for the purposes described above:

• Google LLC: Used for Google Analytics 4 and embedded Google Maps. Analytics is loaded only after consent; maps are loaded only after explicit map activation.
• Resend, Inc.: Transactional email delivery for contact and career submissions.
• Hosting and infrastructure providers: Used for website hosting, logging, and secure operation of the service.

All processors act under data processing agreements in accordance with GDPR Article 28.

6. International Data Transfers

Some processors may process personal data outside the EU or EEA, including in the United States.

Where such transfers occur, they are protected using:

• European Commission Standard Contractual Clauses (SCCs)
• Supplementary technical and organizational measures where required

You may request further information about these safeguards by contacting us.

7. Retention Periods

We retain personal data only for as long as necessary for the stated purposes:

• Contact and career inquiries: up to 24 months after last relevant communication
• Security and anti-abuse metadata: up to 1 hour in volatile application memory
• Consent preferences: stored locally in your browser until cleared or updated

Longer retention may apply where required by law or to establish, exercise, or defend legal claims.

8. Your Rights

Under the GDPR, you have the right to:

• Access your personal data
• Rectification of inaccurate or incomplete data
• Erasure of personal data
• Restriction of processing
• Object to processing based on legitimate interests
• Data portability for data you have provided
• Withdraw consent at any time

Requests can be made by contacting contact@agweb.studio. We respond within one month, in accordance with GDPR Article 12.

9. Right to Lodge a Complaint

If you believe our processing infringes data protection law, you may lodge a complaint with a supervisory authority.

In Denmark, the competent authority is Datatilsynet.

10. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

11. Children

This website is not directed at children under the age of 13. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy to reflect legal, technical, or operational changes. The effective date at the top of this page indicates the current version.

13. Contact

For questions about this policy or our data processing practices, contact:

contact@agweb.studio