Your privacy is important to us. This policy explains how we collect, use, and protect your information.
Privacy Policy for WaveLinks
Effective Date: 15 September 2025
1. Introduction
Welcome to WaveLinks ("WaveLinks", "we", "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application. We are committed to protecting your personal data and your right to privacy in compliance with the General Data Protection Regulation (GDPR).
This policy should be read in conjunction with our Terms & Conditions. By using our services, you agree to the collection and use of information in accordance with this policy.
2. Who we are and data controller
WaveLinks is a platform funded by the European Union. For the purpose of the GDPR, the data controller is WaveLinks.
If you have any questions about this privacy policy or our privacy practices, including any requests to exercise your legal rights, please contact us using the details below:
Email: wavelinks@sdu.dk
3. Information we collect
We may collect and process the following types of personal data about you:
a. Information you provide to us:
- Account information: When you register for an account, we may collect your name, email address, username, and password.
- User content: We collect the information you voluntarily provide by submitting content to our web application, including text, images, and other materials.
- Communications: If you contact us directly, we may receive additional information about you such as your name, email address, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.
b. Information we collect automatically:
- Usage data: We may collect information about your interactions with our service, such as the pages you visit, the features you use, and the time, frequency, and duration of your activities.
- Device and connection information: We collect information about your computer or mobile device, including your IP address, operating system, browser type, and device identifiers.
4. How we use your information and legal basis for processing
We use your data for the following purposes, based on a lawful ground for processing under GDPR:
| Purpose | Type of Data | Lawful Basis for Processing |
|---|---|---|
| To register you as a new user and manage your account. | Account Information | Performance of a contract with you. |
| To provide, operate, and maintain our services. | Account Information, User Content, Usage Data | Performance of a contract with you. |
| To improve, personalize, and expand our services. | Usage Data, Device Information | Legitimate interest (to improve our service for users). |
| To communicate with you, including responding to your comments, questions, and requests. | Account Information, Communications | Legitimate interest (to respond to your queries). |
| To comply with legal obligations and for security purposes. | All applicable data types | Compliance with a legal obligation. |
| To provide anonymized or aggregated data for reporting to our funding bodies (the European Union). | Usage Data, User Content | Legitimate interest (to fulfill our grant agreement obligations). |
5. Data sharing and disclosure
We do not sell your personal data. We may share your information in the following limited circumstances:
- With your consent: We may share your information with your consent or at your direction.
- Service providers: We may share information with third-party vendors and services that work on our behalf and require access to your information to do that work, such as hosting services. These providers are contractually obligated to safeguard your data and are not permitted to use it for their own purposes.
- Legal requirements: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, or in urgent circumstances to protect the personal safety of users of the Service or the public.
- Funding bodies: We may share aggregated and anonymized data with the European Union as part of our reporting obligations under our grant agreement. This data will not personally identify you.
6. International data transfers
Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction. As we operate within the EU, we will primarily store and process data within the European Economic Area (EEA). If we do transfer personal data outside the EEA, we will ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards are in place, such as using Standard Contractual Clauses approved by the European Commission.
7. Data retention
We will only retain your personal data for as long as is necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, and the purposes for which we process your data.
8. Your data protection rights under GDPR
Under GDPR, you have the following rights:
- The right to access – You have the right to request copies of your personal data.
- The right to rectification – You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
- The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
- The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
To exercise any of these rights, please contact us at wavelinks@sdu.dk.
9. Data security
We have put in place appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed.
10. Children's Privacy
Our service is not intended for use by children under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If we become aware that we have collected Personal Data from a child under 13 without verification of parental consent, we will take steps to remove that information from our servers.
11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. You are advised to review this Privacy Policy periodically for any changes.
12. Right to lodge a complaint
You have the right to make a complaint at any time to the Danish Data Protection Agency (Datatilsynet), the Danish supervisory authority for data protection issues (www.datatilsynet.dk). We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.
Last Updated: 15 September 2025