Privacy Policy
This policy explains how EpiMass ApS ("EpiMass", "we", "us") handles personal data when you visit epimass.com or contact us.
Last updated: July 2026
1. Data controller
EpiMass ApS is the data controller for personal data processed through this website. Our registered address is Ole Maaløes Vej 3, 2200 Copenhagen N, Denmark. For privacy-related inquiries, contact us at contact@epimass.com.
2. Personal data we collect
We may collect: (a) technical data when you visit our site, such as IP address, browser type, device information, pages viewed, and referring URL, typically via server and hosting logs; (b) contact details and message content if you email us or otherwise reach out; and (c) any information you voluntarily provide when communicating with us.
3. How we use personal data
We use personal data to operate and secure the website, understand how visitors use our content, respond to inquiries, communicate with investors, clinical partners, and collaborators, and comply with legal obligations. We do not sell personal data.
4. Legal basis
Under the GDPR, we process personal data based on: (a) our legitimate interests in operating, securing, and improving our website and responding to business inquiries, where those interests are not overridden by your rights; (b) steps taken at your request before entering into a potential agreement when you contact us; and (c) compliance with legal obligations where applicable.
5. Cookies and analytics
This website currently does not use non-essential cookies or third-party analytics tools. If we introduce analytics, marketing cookies, or similar technologies in the future, we will update this policy and, where required, request your consent before placing such cookies.
6. Sharing and processors
We may share personal data with service providers that help us operate the website, such as hosting and infrastructure providers. These providers process data on our instructions and under appropriate agreements. We may also disclose data if required by law or to protect our legal rights.
7. International transfers
Our service providers may process data outside the European Economic Area. Where this occurs, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms as required by applicable law.
8. Retention
We retain personal data only for as long as necessary for the purposes described in this policy, including to respond to inquiries, maintain website security, and meet legal or regulatory requirements. Server logs are retained according to our hosting provider's standard retention periods unless a longer period is required.
9. Your rights
If you are in the European Economic Area, you may have the right to access, rectify, erase, restrict, or object to certain processing of your personal data, and to data portability where applicable. You may also withdraw consent where processing is based on consent, and lodge a complaint with the Danish Data Protection Agency (Datatilsynet) or your local supervisory authority.
10. Changes to this policy
We may update this privacy policy from time to time. The "Last updated" date at the top of this page indicates when it was most recently revised. Material changes will be reflected on this page.
11. Contact
If you have questions about this privacy policy or wish to exercise your rights, contact us at contact@epimass.com or write to EpiMass ApS, Ole Maaløes Vej 3, 2200 Copenhagen N, Denmark.
