Personal data & cookie policy

Last updated: 28 May 2025

1. Introduction

This Personal Data and Cookie Policy (“Policy”) explains how Penning Group ApS and Penning Financial Services ApS (“Penning”, “we”, “us”) collects, processes, stores, and shares your personal data when you use the penning.dk platform, including our website, packages, features, and other related functions (“Platform”).

By accessing or using the Platform, you consent to the practices described in this Policy. If you do not accept this Policy, you must refrain from using the Platform.

2. Age Requirement

The Platform is intended exclusively for individuals aged 18 years and older. We do not knowingly collect personal data from individuals under 18. If we become aware of such data, it will be deleted immediately.

3. Cookies

Penning.dk uses cookies to:

• Enhance user experience
• Save user preferences
• Analyse traffic
• Display relevant ads

Cookies are small text files stored on your device. They do not contain viruses or harmful code. You can block or delete cookies through your browser settings, but doing so may affect functionality and user experience.

Third-party cookies may include providers such as:

• Google
• Facebook
• Instagram
• LinkedIn
• YouTube

These providers may place cookies on your device for tracking, analytics, or ad delivery purposes.

4. Types of Personal Data Collected

We collect and process personal data directly from you and from third parties as part of your interaction with the Platform. This includes, but is not limited to:

Identity and contact data

• Full name
• Date of birth
• Nationality
• Residential address
• Email and phone number
• ID documents (e.g., passport, driver's license)
• Proof of address (e.g., utility bill, health insurance card)

Account and onboarding data

• Company registration details (for business users)
• Ultimate Beneficial Owner (UBO) information
• Investment preferences and package selections
• KYC/KYB documentation
• AML screening data (e.g., PEP or sanctions lists)

Financial and transactional data

• Payment method details
• Account balances
• Purchase history and transaction records
• Investment experience and declared risk tolerance

Technical and behavioral data

• IP address and device type
• Browser version and operating system
• Geographic location
• Referrer URLs and navigation path
• Interaction with support, chat, email, surveys, or newsletters

5. How We Use Your Data

We process your personal data for the following purposes:

• To verify your identity (KYC/KYB)
• To comply with Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) obligations
• To evaluate risk profiles
• To manage and improve your access to packages and other platform features, including Broker Services.
• To deliver newsletters, updates, or relevant offers
• To improve Platform usability and performance
• To prevent fraud and misuse of the Platform
• To fulfill legal, regulatory, and contractual obligations

We do not use your personal data for general third-party advertising purposes unrelated to Penning. All data use is limited to the operation and development of the Platform and related packages.

6. Consent and Withdrawal

By using the Platform, you consent to this Policy and to the collection and use of your data as described. You may withdraw your consent at any time. You also have the right to:

• Access your data
• Correct or update inaccurate data
• Request deletion of data
• Object to certain forms of processing

To exercise your rights, please contact us at info@penning.dk.

7. Data Retention

We retain personal data only as long as necessary to fulfill the purpose of its collection and to comply with legal obligations.

• Standard retention: up to 2 years after customer relationship ends
• Extended retention: as required by financial or regulatory law (e.g., AML documentation)

Data is deleted or anonymized when no longer relevant or legally required.

8. Data Security

We implement appropriate technical and organizational measures to secure your data and prevent unauthorized access, alteration, disclosure, or destruction.

All access is strictly controlled, and data is handled confidentially. Sensitive documents and communication are protected using encryption and secure infrastructure.

9. Third-Party Access and Data Processors

We use trusted third-party data processors to help operate the Platform and deliver packages. These include providers for:

• Identity verification
• Hosting and storage
• Analytics and performance tracking
• Communication tools

All processors act only on our behalf, under strict confidentiality and data protection terms.

We only use providers:

• Located in the EU/EEA, or
• Based in jurisdictions approved by the EU Commission (e.g., adequacy decisions)

We do not sell, rent, or disclose personal data to third parties for their own purposes.

10. Marketing Communication

With your consent, we may send you:

• Newsletters
• Product updates
• Relevant invitations or offers

You can opt out at any time by clicking "unsubscribe" in any communication or contacting us directly.

11. Complaints and Contact

If you believe your personal data has been misused, or you wish to file a complaint, you may contact us at: info@penning.dk.

You may also lodge a complaint with the Danish Data Protection Authority (Datatilsynet) or your local supervisory authority if you are located in the EU/EEA.