Privacy Policy
Last Updated: March 18, 2026
1. Introduction and Controller Identity
This Privacy Policy explains how V & B Holding ApS (“V & B Holding ApS”, “we”, “our”, or “us”) collects, uses, and protects personal data when you visit our website and use our services available to clients across Canada. This policy applies to information collected through this website and any related contact or enrollment interactions initiated through the site.
Data Controller: V & B Holding ApS, Koralvej 15, Horsens Municipality, 8700 Horsens, Denmark. Contact email: [email protected].
We provide business education, organizational learning, and professional development programs. Your trust matters, and we handle personal data with transparency and restraint. Where applicable, this policy incorporates disclosures required by the GDPR, the UK GDPR, and Canadian privacy laws including the Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial laws.
2. Personal Data We Collect
We collect only the information necessary to deliver our educational services, respond to inquiries, and improve our website. Categories include:
- Identity and contact details: full name, email address, telephone number.
- Enrollment and inquiry data: selected program, organization name (if provided), goals, timelines, and free‑text messages submitted via forms.
- Technical data: IP address, browser type and version, device and operating system information, language preference, and approximate geolocation derived from IP.
- Usage data: pages viewed, time on page, navigation paths, and referral source.
- Cookies and identifiers: essential session identifiers and, with consent where required, analytics and marketing identifiers. See Section 4 and our Cookies Policy.
- Conversion events: form submissions and related event metadata necessary to measure site performance once consent has been obtained for non‑essential cookies.
We do not intentionally collect special-category data (such as health information, religious or political views), financial account details, or government IDs through this website. Please do not include sensitive information in contact messages or enrollment forms.
3. Why We Process Personal Data and Legal Bases
- Responding to inquiries and providing requested information about programs: performance of a contract or steps prior to entering into a contract (GDPR Art. 6(1)(b)) and consent where applicable (Art. 6(1)(a)).
- Enrollment coordination and participant support: performance of a contract (Art. 6(1)(b)).
- Analytics to improve website content and navigation: consent (Art. 6(1)(a)).
- Marketing measurement and remarketing lists: consent (Art. 6(1)(a)).
- Security, fraud prevention, and system integrity (e.g., rate limiting and spam filtering): legitimate interests (Art. 6(1)(f)).
- Legal compliance (e.g., record-keeping): legal obligation (Art. 6(1)(c)).
Automated decision-making: We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.
4. Cookies and Tracking Technologies
Our site uses cookies and similar technologies to operate, understand website usage, and, where permitted, measure marketing performance. We honor consent requirements in the EEA and UK, and we provide clear management controls for all visitors.
- Essential cookies: required for the site to function (e.g., session continuity, consent record). These do not require consent.
- Analytics cookies: with consent, help us understand aggregate behavior such as page views and navigation paths. Implemented with IP anonymization where applicable.
- Marketing cookies: with consent, support advertising reach and conversion measurement.
You can manage preferences at any time via the “Manage cookie preferences” link provided in the site footer. For detailed cookie names, lifetimes, and purposes, see our Cookies Policy at /cookie-policy/.
5. Consent Management (EEA/UK and General Controls)
Visitors in the EEA and UK are shown a consent prompt. Analytics and marketing cookies remain inactive until you provide explicit, informed consent. Your selection is stored in a browser cookie and remains in effect until it expires or you change it. You may withdraw consent at any time using the on‑site controls. Withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
6. Sharing with Service Providers and Advertising Partners
We do not sell personal data. We share limited information with service providers who help us operate the website and deliver requested services. These providers may only use personal data as instructed by us and not for their independent purposes. Typical categories include:
- Analytics and advertising measurement providers: cookie or device identifiers, page views, and conversion events, activated only after consent where required.
- Hosting, content delivery, and security providers: IP address and technical log data for uptime, caching, and threat mitigation.
- Communication tools supporting email delivery and form handling: contact information necessary to respond to your inquiry.
We require appropriate contractual safeguards with service providers, including confidentiality and security obligations aligned with applicable laws.
7. International Data Transfers
Where personal data is transferred outside your jurisdiction, we rely on available legal mechanisms. For transfers from the EEA/UK to countries without an adequacy decision, we may use the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, and, where relevant, participation by providers in recognized frameworks. We also perform supplementary measures when appropriate to protect data in transit and at rest.
8. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy or as required by law. Typical retention periods include:
- Inquiry and enrollment correspondence: up to 2 years from last interaction.
- Analytics records: generally 14 months in aggregated systems, subject to your consent status.
- Marketing cookies: per the lifetime of each cookie when consented.
- Server logs: approximately 90 days for security and diagnostic needs.
- Legal and tax records: as required by applicable law.
9. Your Rights
Your privacy rights depend on your location. Without limiting any broader rights you may have, we aim to honor the following upon verified request:
- Access: request a copy of personal data we hold about you.
- Rectification: ask us to correct inaccurate or incomplete information.
- Erasure: request deletion where no longer necessary, subject to legal exceptions.
- Restriction: request restricted processing in certain circumstances.
- Portability: receive certain data in a portable format, where technically feasible.
- Objection: object to processing based on legitimate interests where applicable.
- Withdraw consent: withdraw consent at any time for processing based on consent.
To exercise rights, contact: [email protected]. We will respond within 30 days, or as permitted by law, and may extend response times for complex requests. You may also have the right to lodge a complaint with your data protection authority. Canadian residents may contact the Office of the Privacy Commissioner of Canada or the applicable provincial authority; EEA residents may contact their supervisory authority; UK residents may contact the Information Commissioner’s Office. This policy does not limit any statutory rights available to you.
10. Children’s Privacy
Our website and programs are intended for adults and organizational representatives. We do not knowingly collect personal data from individuals under the age of 16. If you believe a child has provided personal data through this website, contact us and we will promptly take appropriate steps to delete such information.
11. Do Not Track
Certain browsers offer a “Do Not Track” setting. Our website does not respond to these signals. Consent tools and cookie preference controls remain the primary mechanism for managing analytics and marketing cookies on this site.
12. Data Deletion and Accountless Services
We operate a lead‑generation and information site without customer accounts. If you would like us to delete information submitted via forms, email your request to [email protected] with the subject line “Data Deletion Request” and include the contact details you used so we can locate the record. We may ask for limited additional information to verify your identity and will complete eligible requests within 30 days unless a longer period is permitted by law for complex requests.
13. Business Transfers
If we engage in a merger, acquisition, restructuring, asset transfer, or insolvency event, personal data may be transferred to a successor or affiliate as part of the transaction. We will ensure any recipient continues to protect personal data in a manner consistent with this policy, and we will notify users via a reasonable site notice if uses materially change as a result of the transfer.
14. California Privacy Disclosures (CCPA/CPRA)
If you are a California resident, the following categories of personal information may be collected and disclosed to service providers for business purposes in the preceding 12 months: identifiers (name, email, phone, IP address), internet or network activity (pages viewed, interactions), and inferences derived for advertising audiences with consent. We do not sell personal information as that term is defined under the CCPA. We may share personal information for cross‑context behavioral advertising once you have consented to marketing cookies. California residents may have the rights to know, correct, delete, and opt out of the sharing of personal information. To exercise these rights, email [email protected] with the relevant request type in the subject line and provide sufficient information to verify your identity.
15. Virginia Privacy Disclosures (VCDPA)
Virginia residents may have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. We do not sell personal data. To submit a request, email [email protected] with “Virginia Privacy Request” in the subject line. If we decline a request, you may submit an appeal by replying with “Appeal of Refusal — Privacy Request.” We will respond within applicable statutory timelines.
16. Nevada Disclosures
Nevada residents may submit a verified request asking us not to sell personal information. We do not currently sell personal information as defined by Nevada law. Requests may be sent to [email protected] with “Nevada Do Not Sell Request” in the subject line.
17. Security Measures
We apply reasonable administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or destruction. These measures may include encrypted transport, strict access controls, input validation, spam filtering, and rate limiting. No method of transmission over the internet or method of electronic storage is perfectly secure; therefore, we cannot guarantee absolute security. If we become aware of a data incident affecting your personal data, we will notify you and regulators as required by law.
18. Changes to This Policy
We may update this Privacy Policy to reflect operational or legal changes. If changes are material, we will provide a notice on the website at least 14 days before the new terms take effect. The “Last Updated” date at the top of this page indicates the most recent revision.
19. Contact
If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:
- V & B Holding ApS
- Koralvej 15, Horsens Municipality, 8700 Horsens, Denmark
- Email: [email protected]
20. Additional Information About Cookies and Preferences
Your cookie preferences can be changed at any time using the “Manage cookie preferences” link in the website footer. For a full list of cookie names, categories, and retention periods used on this site, please review the Cookies Policy available at /cookie-policy/. Where cookies are based on consent, declining or withdrawing consent may affect analytics visibility or advertising relevance but will not limit access to core website content.
21. How We Use Personal Data in the Context of Education Services
We use personal data to correspond with prospective participants, to provide requested information about programs, to coordinate enrollment timing and delivery format, and to maintain a clear record of communications. For organizational clients, contact information may be associated with a team or department to ensure scheduling clarity and documentation of agreed logistics. We do not profile individuals for admission decisions, and we do not use automated tools to make decisions that produce legal effects about you. Our processing is purpose‑limited and consistent with the educational nature of our services.
22. Canadian Privacy Considerations
For Canadian residents, personal information is handled in accordance with PIPEDA principles: accountability, identifying purposes, consent, limiting collection, limiting use/disclosure/retention, accuracy, safeguards, openness, individual access, and challenging compliance. We obtain meaningful consent for non‑essential cookies and for marketing communications. You may request access to your personal information, ask for corrections, or withdraw consent subject to legal or contractual restrictions. We strive to keep personal information accurate and up to date, particularly for enrollment logistics and support communications.
23. Relationship to Terms and Cookies Policies
This Privacy Policy should be read together with our Terms of Use at /terms/ and our Cookies Policy at /cookie-policy/. Those documents provide additional details on acceptable use, intellectual property, and the specific cookies active on our site. If any part of these policies conflicts, the most protective interpretation for the individual will be applied where required by law.