Privacy Policy
Last Updated: March 12, 2026
This Privacy Policy explains how Fj Holding ApS (“we”, “us”, “our”) collects, uses, and protects personal data when you visit our website. Fj Holding ApS provides business strategy and professional development education for learners across Canada through online and blended learning formats. This website is operated from Denmark and our registered address is Horsevænget 68, 4130 Viby Sjælland, Denmark.
For the purposes of the EU General Data Protection Regulation (“GDPR”), Fj Holding ApS is the data controller responsible for processing your personal data. You can contact us at [email protected] or by phone at +45 41 73 68 29.
1. Introduction & Controller Identity
Fj Holding ApS is committed to handling personal data in a transparent and responsible way. This policy describes what data we collect, why we collect it, how long we keep it, and the choices you have. It also explains how cookies and similar technologies are used on this website, including for analytics and advertising measurement where consent is given.
Data Controller: Fj Holding ApS
Registered Address: Horsevænget 68, 4130 Viby Sjælland, Denmark
Email: [email protected]
Phone: +45 41 73 68 29
We do not appoint a Data Protection Officer (DPO) as a matter of course. If our processing changes and a DPO becomes required, we will publish the DPO contact details here.
2. Personal Data We Collect
The personal data we collect depends on how you interact with the website. We aim to limit collection to what is necessary for the relevant purpose. The categories below may apply:
- Identity and contact data: name, email address, phone number, and any contact details you provide.
- Form content: messages and information you submit when requesting information about courses, programmes, workshops, or organisational learning options.
- Technical data: IP address, browser type and version, device type, operating system, and language settings.
- Usage data: pages viewed, time spent on pages, referrer URL, and click paths within the site.
- Cookies and identifiers: cookie identifiers and consent signals (see Section 4).
- Conversion events: basic events indicating that a form submission occurred or that a page was viewed, used for measurement and to improve content, where consent is provided.
We do not intentionally collect special-category personal data (such as health data, biometric data, religious beliefs, or political opinions). We also do not request government identification numbers or financial account details through this website. Please avoid including sensitive information in free-text fields.
3. Why We Process Personal Data & Legal Basis (GDPR Art. 6)
We process personal data only where we have a valid legal basis under GDPR. Depending on the context, the legal basis may be:
- Contact and information requests: to respond to enquiries, provide requested information, and discuss programme options. Legal basis: GDPR Art. 6(1)(b) (steps prior to entering into a contract) and Art. 6(1)(a) (consent where required by your submission and preferences).
- Analytics and site improvement: to understand how the website is used and to improve content and navigation. Legal basis: GDPR Art. 6(1)(a) (consent).
- Marketing and advertising measurement: to measure conversions, manage remarketing audiences, and evaluate campaign effectiveness. Legal basis: GDPR Art. 6(1)(a) (consent).
- Security and fraud prevention: to protect the website, prevent abuse, and maintain availability. Legal basis: GDPR Art. 6(1)(f) (legitimate interests).
- Legal compliance: to comply with applicable laws, respond to lawful requests, and establish or defend legal claims. Legal basis: GDPR Art. 6(1)(c) (legal obligation) and Art. 6(1)(f) (legitimate interests), as appropriate.
Automated decision-making (GDPR Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for individuals.
4. Cookies & Tracking
Cookies are small text files stored on your device. We use cookies and similar technologies to keep the website functioning, remember your cookie preferences, and—if you provide consent—understand website usage and measure advertising performance.
Our cookie categories are:
Essential cookies (always active)
These cookies are necessary for the website to function and cannot be switched off in our systems. They include cookies used for session continuity and storing your consent selection. Typical retention ranges from session-only to up to 12 months.
Analytics cookies (consent required)
With your permission, analytics cookies help us understand which pages are visited and how visitors navigate the site. We may use Google Analytics 4 (GA4) with IP anonymization. We use analytics reports to improve content and usability. Analytics data retention is typically 14 months in our settings, and the GA4 cookies may persist for up to 2 years, depending on the cookie.
Marketing cookies (consent required)
With your permission, marketing cookies help us measure advertising performance and may support remarketing. These cookies may be set by platforms such as Google Ads and Meta. They can record that you visited our site, and they may link that information to an identifier used by the provider. Typical retention for marketing cookies is around 90 days.
In addition to cookies, some providers use pixel tags or similar code that sends event data (such as a page view or a form submission). Where used, such technologies are activated only when you consent to the relevant category through our cookie controls.
5. Consent and Your Cookie Choices (EEA/UK)
Users in the European Economic Area (EEA) and the United Kingdom receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies are activated only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Your consent choice is recorded in the cookie_consent cookie (stored for 12 months).
You can withdraw or change consent at any time by using the “Manage cookie preferences” link in the footer. You can also clear cookies in your browser settings. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
6. Sharing With Advertising & Service Partners
We share personal data only as necessary for the purposes described in this policy. We do not sell personal data. Where consent is provided, we may share limited data with the following categories of partners:
- Google LLC: Google Analytics 4 and Google Ads measurement/remarketing. Data may include cookie identifiers, usage data, and conversion events. Provider privacy policy: https://policies.google.com/privacy
- Meta Platforms, Inc.: Meta Pixel and related advertising measurement, custom audiences, and lookalike audiences. Data may include page views, conversions, and audience membership signals. Provider privacy policy: https://www.facebook.com/privacy/policy
- Cloudflare: content delivery network and security services that may process IP addresses for threat detection and performance. Provider privacy policy: https://www.cloudflare.com/privacypolicy/
We do not permit these providers to use site data for their own independent commercial purposes beyond providing services to us, subject to the provider terms and applicable law. If we add or change providers materially, we will update this policy.
7. International Transfers
Fj Holding ApS is established in Denmark. Some of our service providers (such as Google and Meta) may process data outside the EEA/UK, including in the United States. Where international transfers occur, we use appropriate safeguards such as:
- EU–US Data Privacy Framework (DPF), where applicable (primary mechanism since July 2023).
- UK Extension to the EU–US DPF, where applicable.
- Standard Contractual Clauses (EU 2021/914) as a fallback mechanism.
- UK International Data Transfer Agreement (IDTA) as a fallback mechanism.
You can request more information about transfer safeguards by contacting us at [email protected].
8. Data Retention
We keep personal data only as long as necessary for the purposes described in this policy. Retention periods can vary depending on the type of data and context. Typical retention is:
- Contact submissions: up to 2 years from the last meaningful interaction, unless a longer period is needed to manage a relationship or a legal claim.
- Email correspondence: for the duration of the relationship plus up to 1 year, unless a longer retention is required by law.
- Server logs and security events: typically up to 90 days, unless needed longer for incident investigation.
- Analytics data: typically 14 months in analytics settings, with cookie lifetimes as described in Section 4.
- Marketing cookies: retained according to cookie lifetimes (commonly around 90 days).
- Cookie consent record: up to 3 years for audit purposes, where appropriate.
- Legal and tax records: retained as required by applicable Danish and EU law (often 5 years or longer depending on the document type).
9. Your Rights (GDPR & UK GDPR)
If GDPR applies, you may have the following rights, subject to conditions and exceptions:
- Right of access (GDPR Art. 15)
- Right to rectification (GDPR Art. 16)
- Right to erasure (GDPR Art. 17)
- Right to restrict processing (GDPR Art. 18)
- Right to data portability (GDPR Art. 20)
- Right to object (GDPR Art. 21)
- Right to withdraw consent at any time (GDPR Art. 7(3))
- Right to lodge a complaint with a supervisory authority (GDPR Art. 77)
To exercise rights, email [email protected] and include enough information for us to locate the relevant records. We respond within 30 days, and may extend by up to 60 days for complex requests. We may ask for additional information to verify identity before acting on a request.
Supervisory authorities:
- Denmark: Datatilsynet (Danish Data Protection Agency) — https://www.datatilsynet.dk/
- EU guidance: European Data Protection Board — https://edpb.europa.eu/
- UK: Information Commissioner’s Office — https://ico.org.uk/
10. Children
This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that personal data from a child under 16 has been collected without verifiable parental consent, we will delete it promptly.
11. Do Not Track Signals
Some browsers provide a “Do Not Track” (DNT) signal. This website does not respond to DNT browser signals. Third-party providers may have their own handling for DNT or similar signals, and you should review their policies for details.
12. Data Deletion Requests
You may request deletion of personal data by emailing [email protected] with the subject line “Data Deletion Request”. We will process requests within 30 days after verifying identity. We may retain limited information where required by law or where necessary to establish, exercise, or defend legal claims.
13. Business Transfers
In the event of a merger, acquisition, asset sale, financing, reorganisation, or insolvency, personal data may be transferred to a successor entity or professional advisors involved in the transaction. If such a transfer materially changes how personal data is used, we will provide notice on the website.
14. California Privacy Notice (CCPA/CPRA)
This section applies if you are a California resident and the California Consumer Privacy Act (CCPA), as amended by the CPRA, applies to our processing. Over the past 12 months, we may have collected the following categories of personal information:
- Identifiers: such as name, email address, IP address, and cookie IDs.
- Internet or network activity: such as browsing and interaction data on our site.
- Inferences: such as inferred interests based on page visits (used only where consent is given for marketing/analytics cookies).
We do not sell personal information as defined by CCPA. We may share personal information for cross-context behavioral advertising when marketing cookies are enabled by consent. California residents may opt out of such sharing by disabling marketing cookies via “Manage cookie preferences” in the footer.
California residents may have rights to Know, Delete, Correct, and Opt-Out of sale/sharing, and the right to Non-Discrimination. Requests can be submitted by emailing [email protected] with the subject line “California Privacy Request”. We will verify your identity before fulfilling a request. Authorized agents must provide proof of authorization.
15. Virginia Privacy Notice (VCDPA)
If you are a Virginia resident and the Virginia Consumer Data Protection Act (VCDPA) applies, you may have rights to Access, Correct, Delete, and Portability, and to Opt-Out of targeted advertising. We do not sell personal data, and we do not engage in profiling that produces legal or similarly significant effects.
Requests can be submitted by emailing [email protected] with the subject line “Virginia Privacy Request”. If a request is denied, you may appeal by emailing with the subject line “Appeal of Refusal — Privacy Request”. We respond to appeals within 60 days.
16. Nevada Privacy Notice
Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.
17. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, services, or legal requirements. Material changes will be announced via a website notice at least 14 days before they take effect where appropriate. The “Last Updated” date at the top of this page indicates when this policy was last revised.
18. Contact
If you have questions about this Privacy Policy or want to exercise a privacy right, contact:
Fj Holding ApS
Horsevænget 68
4130 Viby Sjælland, Denmark
Email: [email protected]
Phone: +45 41 73 68 29