Privacy policy for Klitferie

Introduction and purpose

According to the Data Protection Regulation (EU Regulation 2016/679) and the Data Protection Act, Klitferie is obliged to protect personal data that is processed by us.

In this privacy policy, you can read more about how we generally process data and based on what principles.

We give high priority to the correct and legal processing of your personal data. It is crucial to us that you can trust that your information is processed securely and legally.

Who is this privacy policy for?

Our privacy policy is information for everyone about whom we have registered personal information.

At the same time, our privacy policy is an addition to our internal guidelines, which apply to our employees who process personal data.

Our basic principles for processing information about you

We process your information based on the following fundamental principles, which follow from the Data Protection Regulation and which support our goal that everyone we record information about can be safe in our processing:

  1. Legal, transparent, and fair treatment 
    • Our processing must be lawful and fair to the registered persons. It also means that we respect the rights of data subjects.
  2. Limited for defined purposes
    • We only collect personal information when we have a clearly defined purpose for the collection and processing.
  3. Data minimized
    • We only process the personal information that is necessary and sufficient for us to fulfill the processing purposes we have.
  4. Information must be up to date
    • We take all reasonable steps to ensure that the personal data we process is correct and, if necessary, up to date.
  5. Time limited
    • We delete or anonymize personal data when we have fulfilled the purpose of processing collected personal data.
  6. Confidential
    • We protect personal information against unauthorized access – this also means that only those employees who have a work-related need to access information will be granted access.

Processing Activities

As a data controller, we carry out a number of processing activities, which in particular include personnel administration, implementation of agreements with holiday home owner and implementation of rental agreements with our guests as well as marketing activities.

We keep internal records of our processing activities.

Where do we collect the information from?

The personal information we collect and process, we collect primarily from the registered persons themselves. However, we also collect information from other sources to a certain extent.

Who do we share information with?

We share parts of the customer data that we collect with third parties who perform services on our behalf. Some of the third parties that we share personal information with are data processors. A data processor is a party that processes personal data on our instruction and behalf.

We work with selected suppliers that include the processing of personal data on our behalf. Examples include suppliers of IT-development, maintenance, hosting and support but also suppliers who help us with marketing.

When we share your personal information with data processors, we only share it for purposes for which we have collected the information the information (such as the performance of a contract). We check all data processors and ensure that they can provide adequate guarantees in relation to the security and confidentiality of personal data. 

Processing security

We ensure the confidentiality, integrity, and availability of the personal data we process through technical and organizational security measures.

Our technical security measures include the security of the IT support we use in our business. Our organizational security measures include that we have established guidelines and policies that our employees must comply with. We follow up on this, and we train our employees to the appropriate extent.

Our processing security for personal data also includes that we ensure legal processing, including that we comply with the processing principles set out in the personal data legislation, and that we ensure that we have a processing reason for our processing.

Deletion of personal data

The personal information we collect and process, we delete when our processing purpose is fulfilled, and we thus no longer need the information.

Rights of data subjects

The persons we process personal data about have a number of rights under the personal data legislation, which we respect. The rights include

  1. The right to receive information on the processing of personal data
    • You have the right to receive information about what information we process about you, and for what purposes, who we share the information with, etc. You will receive this information as a starting point when we collects the information specifically, or the first time we contact you.
  2. The right of access
    • You have the right to ask for insight into whether we process information about you, and if, also to be informed of what information.

  3. The right of rectification or erasure
    • You have the right to have incorrect information about yourself corrected. This also includes that in some situations you may have the information we have registered about you supplemented.

      In some situations, you also have the right to have the information we process about you deleted before the time we normally would delete the information according to our normal deletion procedures.

  4. The right to have limited processing of information
    • In some situations, you have the right to limit the processing we perform on your personal information. This is especially if you believe the processing is illegal or you are disputing the rightness of the information.

  5. The right to be provided with information about yourself (data portability)
    • In some situations, you have the right to have information about yourself provided in a structured form and in a plain readable format. It is called the right to data portability.

  6. The right to object to processing
    • You have the right to object to our processing. We may then only process the information if we can demonstrate some compelling legitimate reasons for the processing that take precedence over your interests.

  7. The right to withdraw consent
    • If we process information about you based on your consent, you can always withdraw such consent. If you revoke your consent, we may not process the information about you in the future unless we are allowed to continue the processing on the basis of another processing basis. This could be, for example, because we are obligated to do it, or we have an agreement with you that we must fulfill.

If you, as a registered user, want to exercise your rights, you can contact us. Our contact information can be found below.


If you disagree or are dissatisfies with the way we process your personal information, you can complain about the processing. We hope you initially will complain directly to us. Then please send your complaint to

Further contact information you can find below.

You also have the right to complain to the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find their contact information at

Our contact information

Our full contact information is:

Klitferie I/S
Havvej 4
6990 Ulfborg
CVR-nr: 37306215

You are welcome to contact us if you have any questions or if you want to exercise your rights.  

Updates on our Privacy Policy

From time to time, we will need to update this Privacy policy. We regularly review our personal data policy to ensure that it is up to date, accurate and in accordance with applicable legislation and principles for the processing of personal data. We publish new versions on our website

This policy is version no. 2 and is valid from 24.01.2020.