Privacy Policy

Last updated: October 8, 2025

1. Introduction and Scope

BREQ ("Company," "we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy informs you as to how we look after your personal data when you visit our website, use our cold chain monitoring services, or interact with our IoT devices and applications. It also tells you about your privacy rights and how the law protects you.

This Privacy Policy applies to all users of our services, including website visitors, customers, and business partners. By using our services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller and Contact Information

Data Controller: BREQ
Address: Southern Denmark University (SDU), Denmark
Email: privacy@breq.live
Data Protection Officer: Available upon request

3. Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: Where you have given clear consent for us to process your personal data for specific purposes
• Contract: Where processing is necessary for the performance of a contract with you
• Legal obligation: Where processing is necessary for compliance with legal obligations
• Legitimate interests: Where processing is necessary for our legitimate interests or those of a third party, provided your rights do not override these interests

4. Categories of Personal Data We Collect

4.1 Identity and Contact Data

• Name, email address, postal address, telephone numbers
• Company information and job title
• Account credentials and authentication data

4.2 Technical and Device Data

• IP addresses, browser type and version, operating system
• Device identifiers, MAC addresses, and hardware specifications
• Temperature, humidity, and environmental sensor readings
• Location data from GPS-enabled devices
• Device performance metrics and diagnostic information

4.3 Usage and Analytics Data

• Website usage patterns, page views, and navigation paths
• Service usage statistics and feature interactions
• System logs and error reports
• Communications metadata

5. How We Collect Your Data

We collect personal data through:

• Direct interactions: When you register, contact us, subscribe to services, or provide feedback
• Automated technologies: Through cookies, web beacons, and similar technologies
• IoT devices: From our monitoring equipment and sensors
• Third parties: From analytics providers, advertising networks, and business partners
• Public sources: From publicly available databases and registries

6. Purposes of Data Processing

We process your personal data for the following purposes:

• Service provision: To provide, maintain, and improve our cold chain monitoring services
• Communication: To send service notifications, alerts, and support communications
• Analytics and research: To analyze usage patterns and develop new features
• Marketing: To provide relevant information about our services (with consent)
• Legal compliance: To comply with legal obligations and resolve disputes
• Security: To protect against fraud, unauthorized access, and security threats

7. Data Sharing and Third-Party Disclosures

7.1 Service Providers

We may share data with trusted third-party service providers who assist us in:

• Cloud hosting and data storage services
• Payment processing and financial services
• Customer support and communication platforms
• Analytics and performance monitoring tools

7.2 Legal Disclosures

We may disclose your information when required by law or in good faith belief that such disclosure is necessary to:

• Comply with legal process or government requests
• Enforce our terms of service
• Protect the rights, property, or safety of BREQ, our users, or others
• Investigate potential violations of law or our policies

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). Where such transfers occur, we ensure adequate protection through appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or certification schemes approved by supervisory authorities.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

• Account data: Duration of account plus 2 years
• Monitoring data: 7 years from collection date
• Communication records: 3 years from last contact
• Legal compliance data: As required by applicable law

10. Data Security Measures

We implement comprehensive security measures including:

• Technical safeguards: Encryption, access controls, and secure transmission protocols
• Administrative safeguards: Staff training, access policies, and regular security assessments
• Physical safeguards: Secure facilities and controlled access to hardware
• Incident response: Procedures for detecting, investigating, and responding to security incidents

11. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of access: Request copies of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your data under certain circumstances
• Right to restrict processing: Request limitation of data processing
• Right to data portability: Request transfer of data to another controller
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for consent-based processing
• Right to lodge a complaint: File complaints with supervisory authorities

To exercise these rights, contact us at privacy@breq.live. We will respond within one month of receipt of your request.

12. Cookies and Tracking Technologies

Our website uses cookies and similar technologies for:

• Essential cookies: Required for website functionality
• Performance cookies: To analyze website usage and improve performance
• Functional cookies: To remember your preferences and settings
• Marketing cookies: To deliver relevant advertisements (with consent)

You can manage cookie preferences through your browser settings or our cookie consent tool.

13. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will take steps to delete it promptly.

14. Automated Decision-Making and Profiling

We may use automated decision-making for fraud prevention and service optimization. You have the right to request human intervention, express your point of view, and contest decisions made through automated processing.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will notify you of material changes through email, website notices, or other appropriate means. The updated policy will be effective upon posting unless otherwise specified.

16. Governing Law and Jurisdiction

This Privacy Policy is governed by Danish law and the laws of the European Union. Any disputes arising from this Privacy Policy will be subject to the exclusive jurisdiction of Danish courts.

17. Contact Information

For questions about this Privacy Policy or to exercise your rights, contact us: