Privacy Policy

Last updated: 12/06/2025

This Privacy Policy describes how Mikkeller ApS (“Mikkeller”, “we”, “us” or “our”) collects, uses, and discloses your personal information when you visit or use our websites, make a purchase from our online store, or otherwise interact with us (collectively, the “Services”). For purposes of this Privacy Policy, “you” refers to any individual using our Services – for example, as a customer, website visitor, or other person whose information we process.

Please read this Privacy Policy carefully to understand how and why we process your personal data. It also explains your rights regarding your personal data and how you can exercise those rights. If you have any questions about our privacy practices, please contact us using the details provided at the end of this Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make updates, we will post the revised Privacy Policy on our website and update the “Last updated” date above, and we will take any other steps required by applicable law (for example, notifying you if required). We encourage you to review this Policy periodically for the latest information on our privacy practices.

Personal Information We Collect

What is Personal Information: In this Policy, “personal information” (or “personal data”) means any information that identifies, relates to, describes, or can be associated with an individual. The types of personal information we collect about you will depend on how you interact with us and our Services. Below we describe the categories of personal information we collect and the sources of that information.

Information You Provide Directly

We collect personal information that you provide to us directly. For example, this includes:
‍

• Basic Identifiers and Contact Details: Such as your name, postal address, email address, phone number, and other contact information you may provide.
  ‍
• Order and Transaction Information: When you make a purchase or place an order, we collect details such as the items ordered, billing and shipping address, email, phone number, payment confirmation and payment details (handled via our payment processor), and any communications about your order.
  ‍
• Account Information: If you create an account on our Site, we collect login credentials (like username and password) and any profile details or preferences associated with your account.
  ‍
• Customer Support and Communications: If you contact us or communicate with us (for example, via customer support emails or by filling out forms on our Site), we will collect the information you choose to share in those interactions. This may include the content of messages or requests you send us and any contact details you provide for follow-up.
  ‍

Providing certain personal information is often necessary for us to supply the Services you request (for example, we need your payment and address information to process an order and deliver products). You may choose not to provide optional personal data; however, doing so might limit your ability to use some features of the Services.

Information We Collect Automatically (Cookies and Usage Data)

When you interact with our Services, we automatically collect certain information about your device and usage of our Site through cookies and similar tracking technologies (“Cookies”). This Usage Data can include:
‍

• Device and Browser Information: IP address, browser type and version, device identifiers, operating system, language settings, and other technical information about the device you use to access our Site.
  ‍
• Usage and Interaction Data: Details about how you use our website or app – for example, which pages or products you view, how you navigate the Site, time and duration of visits, referring URLs, clickstream data, and information about your interactions with our emails or ads.
  ‍

We use Cookies and similar technologies to collect this information. Cookies are small text files placed on your device that help store preferences and record data about your visit (see the Cookies section below for more details on the types of Cookies we use). This automatic collection helps us understand how users interact with our Services, enables certain site functionalities (like remembering your cart or preferences), and aids us in improving our offerings. Where required by law, we will obtain your consent before using non-essential Cookies on your device.

Information from Third Parties

We may also receive personal information about you from third-party sources, such as:
‍

• Service Providers: Third parties that support our online store and Services. For example, our e-commerce platform provider (such as Shopify) may collect certain data on our behalf to power our website and sales. Likewise, payment processors collect payment details (e.g. credit card number, billing address) in order to process transactions – this is necessary to perform our contract with you (to fulfill your order) and to screen for fraud.
  ‍
• Analytics and Advertising Partners: We work with partners who provide analytics or advertising services. For instance, when you visit our Site or interact with our emails and advertisements, we or our partners may use pixels, web beacons, software development kits (SDKs), third-party libraries, and Cookies to automatically collect information about your engagement. This information can include your behaviors on our Site or other sites, which helps us measure performance and personalize content and ads.
  ‍
• Other Sources: We could receive information about you from publicly available databases, joint marketing partners, social media platforms (for example, if you connect your social media account to our Services), or other third parties. We may also obtain updated delivery or contact information from carriers or others to correct our records.
  ‍

Any personal information we obtain from third parties will be handled by us in accordance with this Privacy Policy. Please note that we are not responsible for the accuracy of information provided by third parties or for their own practices. (See Third-Party Websites and Links below for more information on handling of data by third-party sites.)

Sensitive Personal Data

We do not actively collect any sensitive personal data about you in the ordinary course of business. Sensitive personal data refers to special categories of personal information that receive higher protection under law, such as details about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation, genetic or biometric data, or information about criminal convictions. We ask that you do not provide us with such sensitive information unless it is necessary for a specific purpose and you consent to our processing of it.
‍

In limited circumstances, we might process sensitive personal data if you choose to provide it. For example, if you are attending a Mikkeller event and inform us of specific dietary requirements or mobility accommodations, this could reveal health information or religious beliefs (e.g. requesting a kosher/halal meal). In such cases, we will only use this information for the purpose of meeting your request and ensuring your safe and comfortable participation. We will process any sensitive data on an appropriate legal basis – for instance, with your explicit consent or as otherwise permitted by law – and with additional safeguards to protect its confidentiality.

How We Use Your Personal Information

We use personal information for the purposes described below, and we ensure that each use of your data has a valid legal basis under the General Data Protection Regulation (GDPR) or other applicable laws. Under European data protection laws, we must have a specific legal basis (lawful ground) for processing your personal data. In the list of purposes below, we explain how we use your information and, in parentheses, the legal basis that allows each type of processing.
‍

• Providing and Improving Our Services (Contractual and Legitimate Interests): We use your personal information to provide you with the products and services you request and to carry out our obligations under any contracts with you. This includes processing and fulfilling your orders, delivering products, processing payments, providing you with receipts and order updates, facilitating returns or exchanges, and providing related customer service. It also includes creating and managing your user account and allowing you to post reviews or feedback. The legal basis for this use is contract performance – we need to process your data in order to execute the sales contract or provide the service you have asked for (Article 6(1)(b) GDPR). In addition, we have a legitimate interest in improving and personalizing our Services, so we may use information about how you use our Site and Services to enhance your user experience, fix issues, and develop new features (Article 6(1)(f) GDPR). For example, we might analyze which products are most popular or review customer feedback to improve our product offerings.
  ‍
• Communicating with You (Contractual and Legitimate Interests): We use your contact information and other personal data to communicate with you about your account or transactions, to respond to your inquiries, provide customer support, and send you important notices (such as updates about your order, delivery status, or changes to our terms or policies). When we are responding to your requests or providing information you asked for, the legal basis is the performance of a contract or pre-contractual steps (if your inquiry relates to an order or service) or our legitimate interest in providing timely and effective customer service (Article 6(1)(f) GDPR). We have a legitimate interest in staying responsive to our users and maintaining our relationship with you by ensuring your questions or concerns are addressed.
  ‍
• Marketing and Promotional Communications (Consent and Legitimate Interests): We may use your personal information to send you marketing and promotional communications about our products, services, events, or offers. This might include newsletters, special offers, or event invitations sent via email, text message, or postal mail. We may also use your data to tailor the advertising and content you see on our Site and on third-party platforms to be more relevant to your interests. We will only send you marketing emails or texts if we have obtained your consent to do so, or if you are an existing customer and applicable law allows us to contact you on an opt-out basis. (For example, in some cases we may rely on our legitimate interest in promoting our products to customers who have made a purchase, but we will always respect your opt-out or unsubscribe choices.) In any case, you have the right to withdraw your consent or opt out of marketing communications at any time (see Your Rights and Choices below).
  ‍
• Advertising and Analytics (Consent and Legitimate Interests): We engage in online advertising to inform people about our products and to grow our business. As part of this, we and our advertising partners may use cookies and similar technologies to collect information about your online activities and show you relevant ads (this is known as interest-based advertising). For example, we might use analytics services (like Google Analytics) to understand how users interact with our Site and advertising cookies to deliver personalized ads on other websites. Where required by law, we will obtain your consent for setting advertising or analytics cookies on your device. In other cases, our use of data for analytics and advertising may be based on our legitimate interests in understanding our business and reaching potential customers (Article 6(1)(f) GDPR). We will do so only where these interests are not overridden by your rights and freedoms. You can find more information on how to opt out of certain online ads in the Interest-Based Advertising section of this Policy.
  ‍
• Security and Fraud Prevention (Legitimate Interests and Legal Obligation): We use personal information to maintain the security of our Services, to prevent, detect and investigate fraud, abuse, security incidents, and other harmful or unlawful activities. This includes monitoring for suspicious activity and enforcing our terms and policies. For example, we may use certain data to verify accounts and user actions in order to protect against fraudulent transactions or unauthorized access. The legal basis for this processing is our legitimate interest in protecting our business, Services, and users (Article 6(1)(f) GDPR). In some cases, we may also be under a legal obligation to process certain data for this purpose – for instance, complying with laws that require us to implement appropriate security measures or to report illegal activities (Article 6(1)(c) GDPR).
  ‍
• Legal Compliance and Obligations (Legal Obligation): We process personal information as needed to comply with our legal and regulatory obligations. This includes using data to satisfy tax and accounting requirements, to maintain business records, to comply with lawful requests by public authorities, or to meet other duties under applicable laws. For example, we retain transaction records and related personal data for a certain period in order to comply with Danish bookkeeping and tax laws (which generally require keeping accounting records for five years). The legal basis for such processing is compliance with a legal obligation (Article 6(1)(c) GDPR). We may also process personal information to establish, exercise, or defend our legal rights or in connection with claims, which is permitted under both legal obligation and our legitimate interests as necessary.
  ‍
• Other Legitimate Interests: Where necessary, we may also process your personal information for additional purposes in our legitimate interests, provided such interests are not overridden by your data protection rights. These legitimate interests may include operating and expanding our business; conducting product research and development; internal analytics; mergers, acquisitions, or asset sales; or facilitating corporate transactions (if we ever engage in a reorganization or transfer of our business, as described further below). If we rely on legitimate interests for processing, we will ensure to consider and balance any potential impact on you and your rights.
  ‍

Note: Where we rely on your consent as a legal basis (for example, for certain marketing or cookie usages), you have the right to withdraw that consent at any time, as described in Your Rights and Choices. If you withdraw consent, it will not affect the lawfulness of processing already carried out but will stop future processing of that kind.

Job Applicants and Recruitment

When you apply for a job at Mikkeller, we collect and process your personal data for the purpose of assessing your application and managing the recruitment process. This includes information such as your name, contact details, CV, cover letter, work and education history, and any other information you provide in your application.
‍

We process this data based on our legitimate interest in evaluating and hiring qualified candidates, and where applicable, to take steps at your request prior to entering into an employment contract. If your application is successful, your data will be used to facilitate the onboarding process and form part of your employee record.
‍

If your application is not successful, we will delete your data when the recruitment process has concluded unless you have given us explicit consent to retain your application materials for consideration for future job opportunities. If you choose to give this consent, your data will be stored securely for a maximum of 6 months and then deleted automatically unless renewed. This consent is entirely voluntary and not a condition for your application. If you do not consent, it will have no effect on your chances of being considered for the current role.
‍

We use a third-party recruitment platform, HR-ON, to handle applications on our behalf. While your application is submitted through their system, Mikkeller remains the data controller. You can read more about HR-ON’s privacy practices here.
‍

If you have any questions about how we process job applicant data, or if you wish to withdraw your consent for future data retention, you can contact us using the details listed under the “Contact” section of this Privacy Policy.

‍

‍

Cookies and Similar Technologies

Like many websites, we use cookies and similar tracking technologies to provide and improve our Services. Different types of cookies have different purposes. Some cookies are required for technical reasons, while others enable personalization, analytics, or advertising. Below is a summary of the categories of cookies we use on our Site:
‍

• Necessary Cookies: These cookies are essential for the website to function properly. They enable core features such as security, network management, and accessibility. Necessary cookies remember things like your session login or items in your shopping cart. Without these cookies, services you have asked for (e.g. adding products to your cart or checkout process) cannot be provided. These cookies do not require user consent, as they are needed to make our Site work.
  ‍
• Functional Cookies: Functional cookies allow the website to remember choices you have made in the past (such as your username, language or region, and other personal preferences) in order to provide enhanced, more personalized features. They may also be used to provide services you have requested, like watching a video or commenting on a blog. Disabling these may affect some site functionality, but the site will generally still work.
  ‍
• Analytics Cookies: These cookies (sometimes categorized as performance cookies) collect information about how visitors use our Site, such as which pages are visited most often, and if users get error messages on certain pages. The data is aggregated and anonymized, meaning it does not directly identify you. Analytics cookies help us understand usage patterns on our website so we can improve performance and user experience. For example, we use Google Analytics to help analyze site traffic and improve our content; Google’s privacy policy for these cookies can be viewed for more information. We will not set analytics cookies unless you have either consented where required or such cookies are deployed in a privacy-compliant manner. You can always opt out of analytics as described below.
  ‍
• Performance Cookies: Performance cookies are similar to analytics cookies and are used to monitor and improve the performance of our website. They might track things like page load times, system errors, or usage of certain site features. This allows us to identify and fix issues quickly and provide a high-quality experience. Information collected is used in aggregate form to make our web services more efficient.
  ‍
• Advertising Cookies: Advertising (or “targeting”) cookies are used to make advertising messages more relevant to you and your interests. They perform functions like preventing the same ad from continuously reappearing, ensuring ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your browsing activities. These cookies may collect information about your online activities over time and across different websites to infer your interests. We, and third-party advertising networks and social media platforms, may use these cookies to show you ads that are more relevant to your preferences. For instance, if you browse our beer products, you might later see advertisements for our beers on other sites. We will only use advertising cookies with your consent in jurisdictions where consent is required. You can manage your advertising cookie preferences via our cookie consent tool or through settings provided by some of the advertising partners (see Interest-Based Advertising below for opt-out options).
  ‍
• Uncategorized Cookies: From time to time, there may be cookies on our Site that have not yet been classified into one of the above categories (for example, if a new cookie is added by a feature or third-party service we use and we have not categorized it yet). We will update our cookie descriptions once these cookies are categorized. In the meantime, you can rest assured that we still include such cookies in your overall cookie preference settings.
  ‍

Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or alert you when a cookie is being placed on your device. You have the right to decide whether to accept or reject non-essential cookies.

‍Browser Controls: If you do not want to accept cookies, you can adjust your internet browser settings to refuse some or all cookies (see your browser’s help documentation for how to do this). You can also delete cookies that have already been set.

Site Cookie Preferences: If our website offers a cookie consent banner or settings tool, you can use it to customize your preferences by category (e.g., to accept only certain types of cookies).
‍

Please note that if you disable or delete certain cookies, this may affect the functionality of our Site. For example, blocking all cookies might cause some parts of the Services (like the shopping cart, account login, or video content) to not work correctly. Additionally, even if you opt out of personalized advertising cookies, you may still see ads – they just won’t be tailored to your interests.

For detailed information about the specific Cookies we use, please see the Cookie Overview section at the end of this page.

How We Disclose Personal Information

We do not sell your personal data to third parties. However, in the course of running our business, we may share or disclose your personal information to third parties in certain circumstances, as described below. Whenever we share data, we ensure there is a valid reason and appropriate safeguards in place to protect your information.
‍

• Service Providers (Processors): We share personal information with third-party vendors and service providers who perform functions on our behalf and under our instructions. These include, for example, companies that assist with website hosting and IT support, payment processing, order fulfillment and shipping, customer service, email delivery, analytics services, and marketing support. These parties are bound by contractual obligations to handle personal information securely and only according to our instructions, and they are not permitted to use your data for their own independent purposes.
  ‍
• Business and Marketing Partners: In some cases, we may share limited information with trusted partners with whom we collaborate to provide our Services or to carry out joint marketing activities. For instance, because our online store is built on the Shopify platform, Shopify will process certain personal data as needed to operate the store and may use it for its own legitimate purposes as described in Shopify’s privacy policy (e.g., to improve their services). We also may share identifiers (like cookies or email hashes) with advertising partners to reach audiences with relevant offers. Any such partners will use your information in accordance with their own privacy notices and applicable law.
  ‍
• Third Parties at Your Direction or With Your Consent: We will disclose your information to third parties when you intentionally direct or authorize us to do so. For example, if you use a social media plug-in or login (such as a “Facebook Login” feature) on our Site, you direct us to share certain data with that social network. Similarly, if you ask us to share your information with a co-sponsor of a contest or you use an integration that requires transferring your data, we will do so with your consent. In these situations, you will typically be prompted to approve the data sharing, or it will be obvious from the context (for instance, information you post in a public forum or review section will be accessible to others by nature).
  ‍
• Affiliates and Corporate Group: We may share your personal information with other companies that are under common ownership or control with Mikkeller (e.g., subsidiaries, sister companies, or parent company, if any). These entities will either treat your information under this Privacy Policy or follow practices at least as protective. Sharing within our corporate group is based on our legitimate interests in conducting our business efficiently and understanding our customers across our brands (Article 6(1)(f) GDPR).
  ‍
• Business Transfers: If we engage in a merger, acquisition, bankruptcy, reorganization, or sale of some or all of our assets, your personal information may be transferred to the successor entity or purchaser as part of that transaction. We will ensure that any such entity is bound to respect your personal information in a manner consistent with this Privacy Policy. If required by law, we will notify you and give you an opportunity to object to or opt out of the transfer.
  ‍
• Legal Compliance and Protection: We may disclose personal information to third parties (such as courts, law enforcement agencies, regulators, or attorneys) when we believe in good faith that such disclosure is necessary to: (a) comply with a legal obligation, process, or request (for example, in response to a subpoena, court order, or government demand); (b) enforce our terms of service or other agreements; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect our rights, property, or safety, or those of our users, customers, or others. This type of sharing may be required by law, and the legal basis for processing in these cases is compliance with a legal obligation (Article 6(1)(c)) and/or our legitimate interest in safeguarding our business and stakeholders (Article 6(1)(f)).
  ‍

Categories of Information Disclosed: In the past 12 months, Mikkeller has disclosed the following categories of personal information to one or more of the above types of third parties for the purposes described in this Policy‍:
‍

• Identifiers and contact information (such as name, email, address, phone number, account ID)
  ‍
• Customer records and commercial information (such as order details, purchase history, customer service communications)
  ‍
• Internet or other electronic activity information (such as usage data, IP address, and device information collected via Cookies)
  ‍

We do not use or disclose what applicable law considers “sensitive personal information” (for example, precise geolocation, financial account login credentials, Social Security number, or information about racial or ethnic origin, health, etc.) for the purpose of inferring characteristics about individuals. In other words, any sensitive information that we may incidentally hold is not used to build profiles or target marketing, and we only use such information for strictly necessary purposes (as described under Sensitive Personal Data above).

User-Generated Content

Our Services may allow you to create or post your own content in certain areas, such as product reviews, comments, or social media posts/tagging. If you choose to submit any User-Generated Content (“UGC”) to public areas of our Services or to our social media pages, please be aware that this content will be visible to others. For example, any personal information you include in a product review on our website or in a public comment on our social media is publicly accessible and can be read, collected, or used by anyone who views it.
‍

We strongly encourage you to exercise caution when sharing personal information in public forums. We do not control who may view or access UGC that you make public, nor how those third parties may use the information. We are not responsible for the privacy or security of any information that you choose to make public through the Services. If you post information publicly about others or share content from our Services on third-party platforms, ensure you have the right to do so.
‍

Keep in mind that any UGC you submit is subject to our website terms and community guidelines. We may remove UGC that violates our terms or intellectual property rights, but we do not have the capacity to remove your content from third-party platforms (if you post a review or comment on a platform we don’t control). If you wish to delete any UGC you provided on our Site, you may contact us for assistance, but removal of content you shared publicly is not always guaranteed (for example, others might have copied or re-shared it).

Third-Party Websites and Links

Our Site and communications may contain links to websites, plug-ins, or services that are operated by third parties (for example, an embedded Instagram feed, a payment processor’s checkout page, or a partner brand’s site). If you click on a third-party link or otherwise leave our Site for another site, please be aware that this Privacy Policy no longer applies. Your browsing and interaction on any other website, or your dealings with any third-party service provider, are subject to that third party’s own rules and policies.
‍

We are not responsible for the privacy practices or content of third-party sites. We encourage you to review the privacy policies of any external sites or services you visit from our links to understand how those third parties collect and use personal information. Inclusion of a link to a third-party website or service in our Site does not imply that we endorse or have reviewed their privacy practices. If you have questions about how other sites handle your data, please contact those sites directly.

Children’s Data

Our Services are not directed to, nor intended for use by, children. We do not knowingly collect personal information from anyone under the age of 16 (and in some jurisdictions, under 13) without verifiable parental consent. If you are under the relevant minimum age in your location, you should not use our Site or provide any personal information about yourself to us.
‍

Parents or guardians: if you become aware that a child under your care has provided us with personal information without your consent, please contact us and we will take steps to delete such information. We will promptly delete or anonymize any personal data we believe was collected from a child under the applicable age threshold, unless we are legally obligated to retain it.
‍

Given the nature of our business (which includes alcoholic beverages), we also take steps to ensure that users of our Services are of legal purchasing age. For example, our website may ask you to confirm that you are of local legal drinking age to enter. We do not knowingly sell to or gather information from individuals who are under the legal age for purchasing our products in their country.

Data Security

We take the security of your personal information seriously. We implement a variety of technical and organizational measures designed to protect your information from unauthorized access, use, alteration, or destruction. These measures include encryption of sensitive data, access controls to restrict who within our organization can access your information, firewalls and intrusion detection systems, and security training for our staff.

While we strive to protect your data, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of information, and any data transmission is at your own risk. However, we continuously review and enhance our security practices to mitigate risks. If we become aware of a data breach that affects your personal information, we will notify you and the relevant authorities as required by law.
‍

Your responsibility: It is important for you to also play a role in keeping your personal data secure. Choose strong, unique passwords for any accounts and do not share your login credentials with others. If you suspect any unauthorized access to your account or information, please notify us immediately so we can investigate and assist.

Additionally, please be cautious about the information you send to us via email or other internet channels. For your own protection, avoid including sensitive personal or financial information in unencrypted emails or chats with us, as those communications might not be secure in transit. We will never ask you to send us passwords or payment card details via email.

Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In determining how long to keep personal data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it and whether we can achieve those purposes through other means, and applicable legal requirements.

In general, this means that we keep your personal data for the duration of your relationship with us and thereafter only as required by law or reasonably necessary for our legitimate business interests. For example:
‍

• Orders and Transaction Records: We retain records of your purchases and related personal data for as long as required by tax and accounting laws. In Denmark, bookkeeping regulations typically require us to keep accounting records (including invoices and transaction data) for five years after the end of the financial year to which they relate. Therefore, your order details may be kept for up to five years (or slightly longer, depending on timing) after your purchase, to comply with these obligations. We may retain transaction data longer if necessary in the context of a legal claim, such as for the statute of limitations on contract claims, but we will restrict access to it after the standard retention period.
  ‍
• Customer Accounts: If you have an online account with us, we will retain your account information while your account is active. If you choose to delete your account or if your account remains inactive for an extended period, we will delete or anonymize your account data after a reasonable period of inactivity. (We currently define “extended inactivity” as no account log-in or order for 24 months, but this period may be adjusted based on business needs.) We retain logged data about account activity (like order history) as long as needed for our internal record-keeping and to comply with legal obligations, but we will associate such data with an anonymous identifier once your account is deleted.
  ‍
• Marketing Data: We retain information used for email marketing or other direct marketing purposes until you opt out or unsubscribe from marketing communications. When you unsubscribe, we will stop sending you marketing messages, but we may keep your contact details on a suppression list to ensure we honor your no-contact request. We may also retain records of any consents you gave for marketing (and the withdrawal of consent) for a period of time to demonstrate compliance with laws. If you have not opened our emails or engaged with our marketing communications for a long time, we may remove your contact from our active marketing list, but we would still keep a record of your request not to be contacted if you made one.
  ‍
• Correspondence and Support: If you contacted us for support or inquiries, we may keep those communications and our responses for a period of time after we have resolved your issue, in case you have follow-up questions and for training and quality assurance purposes. Typically, routine customer service emails are retained for approximately 1-2 years, unless a longer period is needed (e.g., if your issue resulted in a legal claim or ongoing service requirement).
  ‍
• Website Logs and Analytics: Our web server logs and analytics records are generally retained for a short period (often 14 to 30 days for raw logs, and aggregated analytics data up to 26 months) unless we need to investigate security incidents or to audit web traffic in which case specific logs may be kept longer. We typically anonymize or aggregate analytics data wherever feasible after the initial period needed for analysis.
  ‍

Once the applicable retention period for your personal data expires, or if we no longer have a legitimate business reason to process your information, we will either delete it or anonymize it so that it can no longer be associated with you. If deletion or anonymization is not immediately possible (for example, because the data is stored in backup archives), we will securely store the data and isolate it from further use until deletion is practicable.

Keep in mind that even after we delete your personal data, it may persist on backup or archival media for a short period until those backups are cycled out, but we will not actively process it after deletion.

Your Rights and Choices

Depending on the laws that apply to your personal data, you may have some or all of the following rights regarding the personal information we hold about you. For residents of the European Economic Area (EEA), United Kingdom, and other jurisdictions with similar data protection laws, these rights are provided under the GDPR or equivalent regulations. We extend similar controls, as a courtesy, to all our users where feasible. These rights include:
‍

• Right of Access (Right to Know): You have the right to request confirmation of whether we are processing your personal information, and if so, to request a copy of the information we hold about you. This allows you to know and verify the lawfulness of how we use your data. Upon request, we will also provide supplementary information about the processing (such as the purposes, categories of data, categories of recipients, and retention periods applicable).
  ‍
• Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal information we hold about you. We encourage you to keep your account information up to date, and you may update certain information directly through your account settings. For any details you cannot change yourself, you can contact us to make the correction.
  ‍
• Right to Erasure (Right to Delete): You have the right to request deletion of your personal information in certain circumstances‍. This right, also known as the “right to be forgotten,” allows you to ask us to delete your data if, for example, it is no longer needed for the purposes it was collected, or if you have withdrawn consent and we have no other legal basis to continue processing. Please note that this right is not absolute – we may need to retain certain information where required by law or where we have overriding legitimate grounds to keep it (for instance, we cannot delete data that is necessary to comply with a legal obligation or defend legal claims).
  ‍
• Right to Restrict Processing: You have the right to request that we restrict or suspend the processing of your personal information under certain conditions. For example, if you contest the accuracy of your data, you can request a restriction on processing while we verify the accuracy; or if you object to our processing based on legitimate interests, you can request restriction pending our verification of overriding grounds. When processing is restricted, we will store your information but not use it further until the restriction is lifted (unless for storage or legal compliance purposes).
  ‍
• Right to Data Portability: In some cases, you have the right to obtain a copy of personal data you provided to us in a structured, commonly used, machine-readable format, and to have that information transmitted to another service provider (where technically feasible). This right applies when the processing is based on your consent or a contract and is carried out by automated means. It allows you to reuse your data across different services.
  ‍
• Right to Object: You have the right to object to our processing of your personal information in certain situations. You can object at any time to processing of your data for direct marketing purposes, and we will honor that request by ceasing such processing for marketing. Additionally, if we are processing your data based on our legitimate interests (or those of a third party), you have the right to object to that processing on grounds relating to your particular situation. We will then reconsider the balance between our interests and your rights, and we will stop processing the information unless we have a compelling legitimate ground that overrides your interests or if we need to continue processing for legal claims.
  ‍
• Right to Withdraw Consent: If we rely on your consent to process personal information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing done before your withdrawal, but it will mean we stop the activities that were based on consent. For example, you can withdraw your consent to receive marketing emails by clicking the “unsubscribe” link in any of our marketing communications or by contacting us. Withdrawing consent for cookies can be done via our cookie management tool or your browser settings (see Cookies section above).
  ‍
• Right of Appeal: If we decline to take action on a rights request you have made (for example, if we determine we cannot delete certain data), you have the right to appeal our decision. You may do so by replying to our response or contacting us through another method, providing details of why you believe our decision was incorrect. We will have a fresh look at your request in light of your appeal and respond within the timeframe required by law.
  ‍
• Managing Communication Preferences: You have control over your communication preferences. If you no longer wish to receive our newsletter or promotional emails, you can opt out at any time by clicking the “unsubscribe” link in those emails or by adjusting your settings in your account (if applicable). Even if you opt out of marketing messages, we may still send you transactional or service messages when necessary (for example, emails about your orders, account notifications, or responses to your inquiries), as those are not promotional in nature.
  ‍

To exercise any of these rights, please contact us using the information in the Contact section below. For security, we will need to verify your identity before fulfilling certain requests (such as access or deletion requests) to ensure that we do not disclose or alter information to the wrong person. Verification measures may include asking you to confirm certain information we already have on file (e.g. details of a recent order or your email address) or other identification steps. In some cases, we may ask for additional documentation if necessary to confirm identity.
‍

We will respond to valid requests within the time frame required by law (generally within one month for GDPR-related requests, with the possibility to extend by an additional two months if the request is complex – in which case we will inform you of the extension). There is no fee for exercising your rights, except that we may charge a reasonable fee or refuse to act on requests that are excessive, repetitive, or manifestly unfounded.
‍

Authorized Agents: In certain jurisdictions, you may designate an authorized agent to make a request on your behalf. If you do so, we will take steps to verify that the person purporting to act on your behalf truly has your authorization, which may include requiring written authorization from you and identity verification for both you and the agent.

We will not discriminate against you for exercising any of these rights. If you exercise your rights, our Service will continue to treat you fairly and provide equal service and pricing, as required by law.

Interest-Based Advertising

We participate in interest-based advertising to deliver content and advertisements that are tailored to your interests. As described in the Cookies section, we and our third-party partners may use cookies and tracking technologies to collect information about your online activities and infer your preferences. This information is used to show you ads that are more relevant to you, either on our own Site or on other websites and platforms (such as search engines and social media).

It’s important to understand that interest-based advertising does not mean you will see more ads, but rather that the ads you see may be more relevant to you. We do not share information that directly identifies you (such as your name or email) with third-party advertisers without your consent. However, these advertisers may link the tracking information collected from our Site with data from other websites to build a profile of your interests, which helps in selecting appropriate advertisements.
‍

Opting out of targeted ads: If you prefer not to receive interest-based ads, you have several options:
‍

• Cookie Preferences: Use our cookie consent tool (if available on our Site) to reject advertising cookies. If you have previously accepted, you can change your preference by clearing your cookies and revisiting the site to access the consent banner again.
  ‍
• Industry Opt-Out Websites: You can opt out of many targeted advertising programs by visiting industry-wide opt-out sites. For example, the Digital Advertising Alliance (DAA) offers an opt-out portal at YourAdChoices (aboutads.info) for opting out of many ad networks. European users can visit the European Interactive Digital Advertising Alliance’s opt-out page at Your Online Choices (youronlinechoices.eu). These tools will set opt-out cookies in your browser to signal your preference not to be tracked or targeted by participating companies.
  ‍
• Device Settings: On mobile devices, you can usually limit ad tracking via your device’s privacy settings (for example, selecting “Limit Ad Tracking” on iOS or opting out of ads personalization on Android).
  ‍
• Platform Settings: Specific advertising platforms (like Google, Facebook, or Bing) provide their own opt-out options. For instance, you can adjust your Google ad settings to control personalized ads (see Google’s Ads Settings page), or use Facebook’s ad preferences tool to hide certain ads or categories.
  ‍

Please note that opting out of interest-based advertising through these methods does not mean you will no longer see any ads. It only means that the ads you do see will not be targeted based on your inferred interests from browser behavior. You may continue to see generic or contextually targeted ads (for example, an ad on a news site that is shown to all visitors of that site, not based on your profile).
‍

Also, the opt-out mechanisms generally work via cookies, so if you clear your cookies or use a different browser/device, you may have to opt out again. For a more comprehensive understanding of online advertising and tips on how to exercise control, you can visit the Network Advertising Initiative’s educational page on [Understanding Online Advertising].

Complaints and Dispute Resolution

We hope to resolve any concerns you have about your privacy to your satisfaction. If you have a complaint about how we handle your personal information, please contact us first using the information in the Contact section below, and we will do our best to address your issue as soon as possible. We take all privacy complaints seriously and will investigate your complaint and respond within a reasonable timeframe.
‍

If you are not satisfied with our response to a privacy complaint or you believe our processing of your personal data is not in accordance with the law, you may have the right to lodge a complaint with the data protection authority (DPA) in your country. For example, if you reside in Denmark, you can contact the Danish Data Protection Agency (Datatilsynet). If you reside in another EU/EEA member state, you can contact your local supervisory authority. In the UK, you can contact the Information Commissioner’s Office (ICO). We can assist in providing the contact details for the appropriate authority.

Alternatively, you may seek to resolve concerns by contacting the lead authority for Mikkeller if one is designated, or through other dispute resolution mechanisms if applicable.
‍

We would appreciate the chance to deal with your concerns before you approach a regulator or file a legal claim, so please consider reaching out to us first.

International Data Transfers

Mikkeller is based in Denmark, but we operate internationally and use service providers located in various countries. This means your personal information may be transferred to, stored in, or accessed from jurisdictions outside of your home country. In particular, information collected within the European Union/European Economic Area (EU/EEA) or the United Kingdom may be transferred to countries which have different data protection standards, including the United States.

Whenever we transfer personal data out of the EU/EEA or UK, we take steps to ensure that appropriate safeguards are in place to protect your information in accordance with GDPR and applicable laws. These safeguards include:
‍

• Adequacy Decisions: When available, we may rely on the European Commission’s adequacy decisions, which deem certain countries as providing an adequate level of data protection. If we transfer your data to a country that has been formally recognized as adequate (for example, if such status is granted in the future or exists for specific territories), your data will be protected essentially equivalent to EU law.
  ‍
• Standard Contractual Clauses: In the absence of an adequacy decision, we will use the European Commission’s approved Standard Contractual Clauses (SCCs) as a legal mechanism for transfers. These are contractual commitments between the parties transferring the data (for example, between us and a service provider) that bind the recipient to protect the personal data to EU privacy standards. Where UK data is involved, we may use the UK’s International Data Transfer Agreement or Addendum, as applicable, which are equivalent safeguards recognized under UK law.
  ‍
• Additional Safeguards: We also assess on a case-by-case basis whether additional technical and organizational measures are needed to ensure transferred data enjoys a level of protection essentially equivalent to that in the EU. This could include encryption in transit and at rest, pseudonymization of data, and careful review of any government access laws in the destination country.
  ‍

You can request a copy of the relevant data transfer safeguards by contacting us (see Contact below)‍. For example, if we have entered into SCCs with a third-party data importer, we can provide you with a copy of those clauses (or a summary, if appropriate, considering confidentiality). Please note that we may need to redact certain commercial terms from such documents for confidentiality reasons.
‍

By using our Services or submitting your information to us, where permissible by law, you acknowledge that your personal information may be transferred to and processed in countries outside of your own. However, this does not affect our commitment to safeguard your personal data. We remain responsible for the processing of personal data we receive under each privacy framework and subsequent transfers to any third party acting as an agent on our behalf. We will only transfer data internationally in compliance with applicable data protection laws and this Privacy Policy.

Contact Us

If you have any questions or comments about this Privacy Policy or our privacy practices, or if you would like to exercise any of your rights regarding your personal data, please do not hesitate to contact us:
‍

Email: You can reach us by email at info@mikkeller.dk. Please include “Privacy Inquiry” in the subject line so we can route your request to our privacy team.
‍

Postal Mail: You may also contact us by writing to the following address:
‍

Mikkeller ApS
Skelbækgade 2, 3. th.
DK-1717 Copenhagen V
Denmark
CVR/VAT: DK 3460 2824
‍

We will endeavor to respond to your inquiries as quickly as possible, and at least within any timeframes required by law. If you are making a request to exercise your data subject rights, please provide sufficient information for us to verify your identity (as described above in Your Rights and Choices) and to process your request.
‍

Legal Bases Reference: For transparency, here is an explanation of the main legal bases under GDPR that we rely on for processing personal data‍:
‍

• Consent: You have given clear consent for us to process your personal data for a specific purpose. For example, we rely on consent to send promotional emails or to place certain cookies on your device. (You have the right to withdraw consent at any time.)
  ‍
• Contract Performance: The processing is necessary to perform a contract with you or to take steps at your request before entering into a contract. For instance, we need to process your payment and address to fulfill your purchase, or use your contact details to send you order confirmations.
  ‍
• Legal Obligation: The processing is necessary for us to comply with a legal obligation. This includes obligations imposed by laws, such as retaining records for tax audits, or providing information to law enforcement if required by a valid legal request.
  ‍
• Legitimate Interests: The processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We have a legitimate interest in, for example, improving our services, securing our platform, and marketing our products to consenting adults. When we rely on this basis, we carefully consider and balance any potential impact on you and your rights. We will not process personal data on this basis if we determine that our interests are overridden by the impact on individuals.
  ‍

Thank you for reading our Privacy Policy. We are committed to protecting your personal data and respecting your privacy.