Privacy Policy
Last updated: 28/01/2026
1. Introduction
This Privacy Policy explains how Hecta ApS ("Hecta", "we", "us", or "our") collects and processes personal data in connection with our products, services, website, and business operations.
This Privacy Policy applies when Hecta is the data controller, when we determine the purposes and means of processing personal data. We also process personal data on behalf of our customers as a data processor, in accordance with applicable data processing agreements in place between our customers and us.
We process personal data in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).
Company details
Hecta ApS
Njalsgade 76, 4.
2300 Copenhagen, Denmark
Company registration number (CVR): DK45817504
Contact email: hello@hecta.app
2. What personal data we collect
Information you provide to us
We collect personal data provided to us if you create an account to use our services or communicate with us as follows:
- User account information. We require everyone with access to our platform to have an account with us. When you or your employer creates a Hecta account for you, we collect personal data including your name, email address, role, language preferences and account credentials.
- Communication information. When you contact us for customer support, feedback, or inquiries, we collect your name, email address, phone number, and any other information you provide us with to assist you or resolve your issue. Hecta may monitor and record conversations or email communications between you and Hecta for quality assurance purposes. We may receive a confirmation when you open or click on content in an email from us, which helps us make our communications to you more useful and interesting.
- Social media information. When you interact with our social media, we will collect personal data that you elect to provide to us, such as your contact details and third parties that host our social media may provide us with aggregate information and analytics regarding your use of our social media.
- Customer stories and testimonials. We may display personal testimonials or reviews from satisfied users if you have consented to it. If you wish to update or delete your testimonial or review, you can contact us.
Information we automatically collect
When you visit, use, and interact with our services, we will collect certain information about your visit, use, or interactions indirectly, including through automated means from your computer or device, including the following:
- Log data. Whenever you visit our website or platform, your browser will automatically send us your IP address, browser type and settings, the date and time of your request, and how you interacted with our services.
- Device information. We automatically collect information about the device you are using to access our services, including name of the device, operating system, browser, referring/exit pages, operating systems, date/time stamps, and clickstream data. The information collected may depend on the type of device you use and its settings.
- Usage data. We automatically collect information about your use of our services, including, name, email address, the features you use, actions you take, your time zone, location, the dates and times of access, amount of time spent within the services and types and volumes of queries you submit.
- Cookies. We collect Cookie data when you visit our website. See section 6 for more information.
Information collected from third parties
We may collect information about you from third parties, such as marketing vendors and event organizers. We may combine this information with information we collect from you and use it as described in this privacy policy.
Publicly available information
We provide access to publicly available tenders within our platform. Some of this information may contain personal data. We may process personal data obtained from publicly available sources, including EU public procurement portals (such as TED), where this is relevant for providing and developing our services, understanding market activity, and communicating about solutions related to public procurement and tender processes.
Hecta also collects publicly available information about customers and prospects, including name, email address, phone number and other contact details.
3. How we process your personal data
We may use your personal data for the following purposes:
- to provide, administer, maintain, and/or improve our services;
- to provide you with support services, resolve issues or reply to your queries;
- to manage and remember your preferences and customize the services;
- to communicate with you, including to send you information or marketing about our services and events;
- to analyze and study the effectiveness of our services and to develop new features and services;
- to verify your identity, prevent fraud, criminal activity and to ensure the security of our IT systems, architecture, and networks;
- to prevent misuse of the services and enforce our legal terms;
- to comply with legal obligations and legal processes, and;
- to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
The following table provides additional information about the categories of personal data we collect, the type of data, and how each category of personal data is used.
| Processing activity | Purpose | Types of personal data | Legal basis | Data retention |
|---|---|---|---|---|
| Documents relating to public procurements | Hecta compiles and retrieves documents and information concerning public procurements from public databases. The intent is not to process personal data within these documents, but to facilitate access to data concerning public procurements for our customers. | Information of individuals referenced in these documents: Name, Email address, Phone number, Job position, Employer | We base our processing on legitimate interests, in accordance with article 6.1 (f) GDPR. | For the duration necessary to fulfil the purposes of our data processing activities, which is for as long as the procurement data are relevant for the users of our platform. |
| Recordings and transcripts of video calls | We record video meetings by default and create a transcript to ensure a smooth and informative experience. To inform you of this, you can always see that a notetaker is present in the video meeting. You may always object if you prefer not to be recorded or transcribed. We kindly ask you to not share unnecessary personal information. | Information that we are likely to collect about you: Name, Job position, Email address, Voice, Face | We base our processing on legitimate interests, in accordance with article 6.1 (f) GDPR. | Recordings and transcripts are retained for two years. Thereafter, they are deleted. The recordings are generally only available to the Hecta representative you spoke with, and select employees. |
| Our website | When you visit our website, we automatically collect personal information about you to give you a customized experience and ensure the technical functionality of our website. | Information that we automatically collect about you: IP address; Device, browser, and operating system information; Pages visited, time and date of visits, and usage patterns; Approximate location and time zone; Cookie and similar data | We base our processing on legitimate interests, in accordance with article 6.1 (f) GDPR. | Personal data is retained for up to one year. |
| When you contact us | You may voluntarily contact us for customer support, feedback, or other inquiries. To ensure our communication to you is relevant and useful, we process your personal data. | Information we likely collect about you: Name, Email address, Job position, Employer, Phone number | We base our processing on legitimate interests, in accordance with article 6.1 (f) GDPR. | We manage personal data sourced within our customer relationship management system. We only maintain relevant contact details and remove contacts and their personal data if there has been no engagement over the past year, unless there is a specific need to retain information for marketing or sales activities. You may ask us to delete this information at any time. |
| Customer stories and testimonials | You may voluntarily share information with us during an interview (in-person, per call, or email) to share feedback, help us in our marketing effort, and to share stories on our website. | Information that you share with us: Name, Job position, Email address, Employer | We base our processing on consent in accordance with article 6.1 (a) GDPR. | Personal data is deleted within 30 days of you withdrawing your consent. |
| Hecta platform or service | In order to deliver our services to you and/or your employer, we may collect personal information about you from your employer. In this situation, we are a data processor, not the controller. This data processing relationship is governed by the Data Processing Agreement between Hecta and your employer. | Information that we collect about you: User account information, Communication information, Log data, Device information, Usage data, Any other personal data you choose to upload to the Hecta platform | We base our processing on Hecta's need to perform a contract with your employer in accordance with Article 6.1 (b) GDPR. | As governed by the applicable Data Processing Agreement between Hecta and your employer. |
| Social media interactions | When you interact with our social media, we will collect personal data that you provide to us, and third parties that host our social media may provide us with aggregate information and analytics regarding your use of our social media. | Information that we collect about you: Social media profile (including name, job position, contact details, and more) | We base our processing on legitimate interests, in accordance with article 6.1 (f) GDPR. | Personal data is deleted when you inform us that you are not interested in this processing and want to opt-out. |
| Other commercial activities | We process personal data to conduct various commercial activities, such as selling and marketing of our services; creating and maintaining contact with prospects; and informing you about offers, new features, or business updates. | Information that we collect about you: Name, Email address, Phone number, Job position, Employer | We base our processing on legitimate interests, in accordance with article 6.1 (f) GDPR. | We manage personal data sourced within our customer relationship management system. We only maintain relevant contact details and remove contacts and their personal data if there has been no engagement over the past year, unless there is a specific need to retain information for marketing or sales activities. You may ask us to delete this information at any time. |
4. Data storage and retention
We retain your personal data for as long as necessary to fulfill the purposes for which we collected it or longer if that is required under applicable law:
- If you are a Hecta user covered by a subscription agreement between your employer and Hecta, we will delete your data in accordance with that subscription agreement.
- Personal data that Hecta is under a legal obligation to retain, for example under anti-money laundering or bookkeeping laws, is retained for the required periods under applicable laws (generally for 5 or 7 years).
- Personal data which is not used for the purposes of a contractual relationship or where Hecta does not have a legal obligation to retain the data is only retained as long as necessary to fulfil the respective purpose for our data processing (usually 3 months).
More information on data retention is available in the table in section 3 (How we process your personal data).
When we no longer need your personal data, we will remove it from our systems and/or take steps to anonymize it so you can no longer be identified based on this information.
5. Data transfers
Transfers to third parties
- Third parties engaged by us. We may share your personal data with trusted third-party service providers, consultants, and other agents that help us in providing, maintaining, protecting, and improving our products and services as well as our website. These service providers only have access to the personal data necessary to perform these limited functions on our behalf and are required to protect and secure your information. We take required contractual, technical and organizational measures to ensure that third parties only process your personal data to the extent necessary and in accordance with applicable laws.
- Third-party links on our website. Our website may contain links to websites operated by third parties. If you access a third-party website through our website, your personal data may be collected by that third party through its website. We make no representations or warranties in relation to the privacy practices of any third-party provider or website and we are not responsible for the privacy policies or the content of any third-party provider or website. Please contact those websites directly for information on their privacy practices and policies.
- Plug-Ins. When you are using third-party applications and choose to connect your Hecta account with such external third-party applications (for example to use a Microsoft Word plug-in) the providers of those services or products may receive information about you from Hecta or others. Please be aware that when you use third-party sites or services, their own terms and privacy policies will govern your use of those sites or services. Please contact the supplier of such applications directly for information on their privacy practices and policies.
- Business changes. If we are involved in strategic transactions, (such as sale, merger, reorganizations, liquidation, or transition of service to another provider), your personal data and other information may be shared in the diligence process with counterparties and others assisting with the transaction and transferred to a successor or affiliate as part of that transaction along with other assets.
International transfers
We always strive to process your personal data within the EU/EEA. In certain situations, such as when we share your personal data with a third-party engaged by us, your personal data may be transferred outside the EU/EEA. Hecta always ensures that the same high level of protection applies to your personal data according to the relevant data protection laws, even when the data is internationally transferred. Your rights in respect to your personal data are not affected when data is internationally transferred.
When your personal data is transferred internationally, this is always done in accordance with the applicable data protection regulations (such as GDPR). This means that we will only pass on your personal data to countries outside the EU/EEA if the European Union has decided that the third country concerned guarantees an adequate level of protection or if other appropriate safeguards are offered, such as an adequacy decision, the use of Standard Contractual Clauses, or a data privacy framework (such as the EU-US Data Privacy Framework).
6. Use of Cookies and other tracking technologies
We collect Cookie data when you visit our website. Cookies can be used to follow your activity on the website and that information helps us to understand your preferences and improve your website experience. Cookies are also used for such activities as remembering your access credentials for our Services. We may share Cookie data with Google Analytics for the purpose of website analytics and to collect information about how our website is being used. We use Cookies for the following purposes:
- Essential Cookies: these are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website.
- Performance and Analytics Cookies: these include Google Analytics and they keep track of the pages that you visit on our website and the content you access, so we can determine which content is most popular and improve the performance of our website. These cookies primarily record aggregate and anonymous statistical data but may capture a minimal amount of identifiable information.
- Functional Cookies: these cookies remember the choices you make, such as language options or the region you are in. They help to make your visit more personal and are deleted automatically when you close your browser or the session expires.
7. Protection of personal data
We take significant and appropriate steps to protect your personal data in an effort to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction. We use appropriate technical and organizational measures to protect your personal information which may include: access controls, encryption, intrusion detection, and monitoring depending on the nature of the information and the scope of processing.
8. Your rights
You have several rights under applicable data protection laws (including GDPR) related to your control over your personal data and to receive information directly from us on how we process personal data about you. The following explains your rights.
- Right to be forgotten. In some cases, you have the right to have us delete personal data about you. However, there are situations where we cannot delete your personal data, such as when we have a legal obligation to keep it.
- Right to rectification. If you believe that your personal data is inaccurate or incomplete, you have the right to ask for it to be corrected or completed.
- Right to information and access. You have the right to be informed of how we process your personal data and to obtain confirmation from us, whether personal data concerning you are processed, and, where that is the case, access to your personal data, including details of our processing.
- Right to restriction of processing. You have the right to ask that we restrict processing about you in some cases, for example if the information about you is not accurate and you have asked for rectification, or if you have objected to a certain processing.
- Right to object. You have the right to object to the processing of your personal data which is based on our legitimate interest (Article 6(1)(f) GDPR), by referencing your personal circumstances. You can also always object to our processing of your personal data for direct marketing purposes. If you do so, we will turn off marketing for you.
- Right to data portability. If the processing of your personal data is based on consent or performance of a contract, you have the right to data portability, which means that you have the right to transmit your data to another data controller.
- Right to lodge a complaint. If you have objections or concerns about how we process your personal data, you have the right to contact, or lodge a complaint with, the relevant authority for privacy protection, which is the supervisory authority for our personal data processing.
- Right to withdraw consent. You may withdraw your consent at any time when the data processing is based on your consent.
To exercise your rights, please contact us at any time.
9. Changes to this data privacy policy
We may update this Privacy Policy from time to time. If we make changes to this Privacy Policy, we will notify you by publication on our website. If the changes are material, we will provide you additional, prominent notice as appropriate under the circumstances and, where required under applicable law, ask for your consent.
10. How to contact us
If you have any questions about this Privacy Policy or complaints regarding our processing of your personal data, please email us at hello@hecta.app.