Privacy

Privacy policy.

How Agroprojekt Ilua collects, stores and uses personal data — written in plain language and aligned with the EU General Data Protection Regulation (GDPR).

Last updated: 20 May 2026 · Version 1.2

1. Who is responsible

The data controller for this website and for the project’s correspondence is:

Ilua ApS (parent company)
CVR 45239876
Denmark
— together with its subsidiary Agroprojekt Ilua ApS (under registration, seat in Narsarsuaq, Greenland).

Contact for any privacy question, request for access, correction or deletion:
info@ilua.gl · (+299) 29 00 35

2. What data we collect

2.1 When you visit this website

The site runs on WordPress on a standard web host. The host’s server logs record technical data needed to deliver pages and protect against abuse: IP address, request time, user agent (browser/OS) and the URL requested. These logs are kept for a maximum of 30 days and are not used for analytics or profiling.

We do not use Google Analytics, Meta Pixel, advertising networks or behavioural advertising. Jetpack Stats has been disabled. Some WordPress, security, performance and embedded-service components may set technical cookies or load third-party assets needed for the site to function.

Cookie consent is handled through Complianz. Non-essential categories are presented through the cookie banner where applicable. You can withdraw or change consent through the consent controls on the site.

2.2 When you write to us

If you email info@ilua.gl or call the project, we receive whatever you choose to share — typically your name, email address, phone number and the contents of your message. We use this only to reply, to coordinate work, or to handle a partnership, application or press enquiry.

2.3 When you support the project

Public contributions are processed through Stripe Payments Europe, Ltd. using Stripe Payment Links. Stripe acts as an independent data controller for payment processing; we receive only the limited data needed to issue receipts and report on contributions (typically: name, email, amount, country, transaction reference and subscription status if you choose monthly support). Card numbers never reach our servers. See Stripe’s privacy policy.

2.4 When you subscribe to the field journal

If you subscribe to the field journal, we collect your email address and the technical consent record needed to prove and manage your subscription, including confirmation status, time of sign-up and unsubscribe status. The list is operated in WordPress through MailPoet and uses double opt-in: you must confirm the subscription by email before receiving updates.

The field journal is for occasional notes from Narsarsuaq about prototype progress, design decisions, field observations and open documentation. We do not sell or share the list. You can unsubscribe from any email or write to journal@ilua.gl.

3. Why we are allowed to process your data

We rely on the following legal bases under GDPR Article 6:

  • Article 6(1)(b) — performance of a contract or pre-contractual steps (e.g. partnership and supplier correspondence).
  • Article 6(1)(c) — legal obligations (bookkeeping, tax, anti­money­laundering checks where applicable).
  • Article 6(1)(f) — our legitimate interest in answering enquiries, maintaining a secure website, and documenting project work in the public record.
  • Article 6(1)(a) — your consent, where you have explicitly opted in (newsletter sign-up and non-essential cookies, where applicable).

We do not process special-category data (race, health, political opinions etc.) and we do not run any automated decision-making or profiling.

4. How long we keep it

  • Server logs: max. 30 days — deleted automatically; not accessible to project staff.
  • General correspondence: kept while the project relationship is active, then deleted within a reasonable time.
  • Newsletter subscription records: kept until you unsubscribe or ask us to delete the record, except where a minimal suppression record is needed to avoid re-subscribing you by mistake.
  • Accounting records (invoices, receipts, contracts): retained for 5 years after the end of the relevant financial year, as required by Danish bookkeeping law.

5. Who we share data with

We do not sell or rent personal data. We share data only with carefully chosen processors and only as needed to operate:

  • Web hosting — the company hosting ilua.gl, under a written data-processing agreement.
  • Email — the email provider used for info@ilua.gl.
  • Newsletter — MailPoet, used to manage field-journal subscriptions, double opt-in, unsubscribe and consent records.
  • Payments — Stripe Payments Europe, Ltd.
  • Public authorities — only when required by law (e.g. tax authorities, Greenlandic Self-Government in the context of grant reporting).

Data is processed within the EU/EEA wherever possible. Where a processor relies on transfers outside the EEA, those transfers are covered by the European Commission’s Standard Contractual Clauses or an equivalent safeguard under GDPR Chapter V.

6. Your rights

Under GDPR you can ask us to:

  • confirm what personal data we hold about you and receive a copy of it (right of access);
  • correct inaccurate or incomplete data (rectification);
  • delete data we no longer have a lawful reason to keep (erasure / “right to be forgotten”);
  • restrict or object to certain processing;
  • receive your data in a portable, machine-readable form (data portability);
  • withdraw any consent you have given, at any time, without affecting prior lawful processing.

To use any of these rights, write to info@ilua.gl. We respond within 30 days.

If you believe we are mishandling your data, you have the right to complain to the Danish Data Protection Agency (Datatilsynet, datatilsynet.dk) or, for matters concerning the Greenlandic activities, the relevant Greenlandic supervisory authority.

7. Security

The website is served exclusively over HTTPS. Administrative access is limited to named people, protected by strong passwords and application passwords for automated tooling. Backups are kept by the hosting provider. We act on any suspected data breach without delay and notify Datatilsynet within 72 hours where required by GDPR Article 33.

8. Cookies and consent

Cookies are small files stored in your browser. We use them only where needed to run the website securely, remember consent choices, process newsletter sign-ups and support embedded services such as Stripe Payment Links. We do not use advertising cookies or behavioural profiling.

Complianz provides the cookie consent layer. If non-essential cookies or third-party scripts are introduced later, they must be added to the consent setup before launch. You can change your consent choice through the cookie controls shown on the site.

9. Changes to this policy

We will update this page when our processing changes. The current version and date are shown at the top. Material changes will be flagged in the project journal at /en/journal/.