Legal Information andCompliance Resources
Applicant Privacy Notice
The protection of your personal data is a matter of utmost importance to us. Accordingly, we process your personal data (also referred to as “data”) strictly in accordance with applicable legal requirements. This policy is intended to inform you about how your data is processed within our organization and to outline the data protection rights to which you are entitled under the General Data Protection Regulation (EU) 2016/679 (GDPR). Read full document.
Business Partner Code of Conduct
At Admin By Request, we are committed to conducting business with integrity, transparency, and respect for human rights, social responsibility, and the environment. Our Code of Conduct therefore sets out, more specifically, the areas we focus on in our daily operations, as well as the practices that are not tolerated in the workplace. It reflects our values and shows how we act in certain situations. We expect our suppliers, our suppliers’ suppliers and partners to adopt the same approach. This is not only important to us as a company – ensuring we collaborate only with parties we can endorse – but also necessary because, given our global market position and customer base, we are contractually and legally obligated to ensure that our suppliers and partners comply with the principles set out in our Code of Conduct. Read full document.
Code of Conduct
At Admin By Request, we are committed to conducting business with integrity, transparency, and respect for human rights, social responsibility, and the environment. Our Code of Conduct therefore sets out, more specifically, the areas we focus on in our daily operations, as well as the practices that are not tolerated in the workplace. It reflects our values and shows how we act in certain situations. Read full document.
Cookie Policy
At Admin By Request, we use cookies and similar technologies such as pixels, scripts and tags (referred to collectively as “cookies”) on our website and within our services to provide you with the best possible experience. Cookies help us simplify and customize our services, improve functionality and tailor our communication and marketing.
This Cookie Policy explains what cookies are, why we use them and your options for managing them. You can find more details about the individual cookies in your “Consent Preferences” which is accessible from the small box at the bottom left of our website, or in the Cookie Declaration provided at the end of this Policy.
Some cookies may involve the collection of personal data, such as your IP address, device information and browsing activity. For more information about how we process your personal data, please see our Privacy Policy.
What are cookies?
Cookies are small text files that are downloaded to and stored on your computer, mobile or tablet. Some are essential for the website to function, while others enhance your experience, help us analyze usage or deliver more personalized content and marketing.
We also use tracking pixels (tiny image files or code snippets) to monitor actions such as page visits, ad conversions or registrations.
- First-party cookies are placed directly by Admin By Request or on our behalf.
- Third-party cookies are set by external partners (e.g. analytics or advertising providers).
How we use cookies
We use cookies to make our website and services easier to use, analyze performance and provide you with relevant and personalized experiences.
Cookies may remain on your device for different lengths of time depending on their purpose:
- Session cookies expire when you close your browser.
- Persistent cookies remain until deleted or until their set expiration.
Our categories of cookies
Necessary cookies
These cookies are essential for enabling the basic features of our website, ensuring it works securely and properly. Without them, our website cannot function as intended. These necessary cookies do not store any personal data.
Functional cookies
Functional cookies support features that make the site more usable and interactive, such as sharing content on social media platforms, collecting feedback and enabling third party tools.
For example, when videos are embedded, a cookie may remember playback preferences like volume, quality or autoplay, or detect whether features such as casting to another device are available. A cookie may also be set to manage consent choices or route data through the most suitable server, ensuring external features operate reliably.
Analytics cookies
Analytics cookies help us understand how visitors interact with the website. They provide insights such as the number of visitors, pages visited, time spent on site, bounce rate, and traffic sources.
For example, a cookie may track which pages are viewed in a session or recognize a returning visitor across multiple visits. This information is aggregated and anonymous, and it enables us to measure performance and improve the site for our audience.
Performance cookies
Performance cookies measure and analyze key indicators of site stability and responsiveness. They capture information like page load times, display errors or responsiveness, helping us keep the site running smoothly.
For example, a cookie may log how quickly pages load or whether certain features display correctly, allowing us to identify and resolve performance issues more effectively.
Advertisement cookies
Advertisement cookies deliver ads that are more relevant to your interests. They may remember which pages you’ve visited to tailor ads accordingly, and they help measure the effectiveness of campaigns.
For example, a cookie may prevent the same advert from being shown too often or track when an ad leads to an action such as visiting a page or completing a form.
Uncategorized cookies
Uncategorized cookies are those that have not yet been placed into a defined category within our use of cookies or this Cookie Policy. They may relate to session details, login status, time zone settings or tokens used for testing new features.
Consent management
You are in control of your cookie settings. You can:
- Access and manage your Consent Preferences at any time through the small box located at the bottom left of our website.
- Adjust your browser or device settings to block or delete cookies.
- Visit third party opt-out pages to manage ad personalization.
- Use www.youronlinechoices.eu to manage interest-based advertising settings across networks.
Please note: If you block or delete certain cookies, some website features may not function properly.
Updates to this Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in technology, regulations or our business practices. If changes require renewed consent, we will ask for it upon your next visit.
Contact
If you have any questions about our use of cookies, this Policy, or your rights under applicable data protection laws, please contact us at legal@adminbyrequest.com or our Data Protection Officer at dpo@adminbyrequest.com.
Coordinated Vulnerability Disclosure Policy
At Admin By Request, we recognize the critical importance of safeguarding the security and integrity of our products and services. This policy seeks to promote responsible reporting of potential vulnerabilities, ensure proper patching and minimizing the risk of security incidents for our users.
It is crucial to acknowledge that premature disclosure of vulnerabilities can be counterproductive to its purpose as it may lead to security incidents, as users may not have the opportunity to implement timely patches and thereby exposing them to the vulnerability. This policy aims to strike a balance between transparency and security by establishing a coordinated and responsible disclosure process.
We understand that vulnerabilities are an inherent part of technology, and our focus is on addressing them promptly to ensure a secure environment for our users. We value the contributions of the security community in helping us maintain the highest standards of security.
Background
At Admin By Request, we recognize the critical importance of safeguarding the security and integrity of our products and services. This policy seeks to promote responsible reporting of potential vulnerabilities, ensure proper patching and minimizing the risk of security incidents for our users.
It is crucial to acknowledge that premature disclosure of vulnerabilities can be counterproductive to its purpose as it may lead to security incidents, as users may not have the opportunity to implement timely patches and thereby exposing them to the vulnerability. This policy aims to strike a balance between transparency and security by establishing a coordinated and responsible disclosure process.
We understand that vulnerabilities are an inherent part of technology, and our focus is on addressing them promptly to ensure a secure environment for our users. We value the contributions of the security community in helping us maintain the highest standards of security.
This policy encompasses all services and products provided in the Admin By Request platform. We encourage security researchers, users, and other stakeholders to report any potential vulnerabilities they discover within the scope of our offerings.
Out of scope
The following are considered out of scope for this policy:
- Vulnerabilities that necessitate unrealistic prerequisites
- Issues resulting from user misconfiguration or misuse of the product/service, such as inadvertently exposing sensitive information due to improper settings or permissions.
- Bugs in the software that do not pose a security risk, such as minor display errors, cosmetic issues, or non-critical functionality failures.
Reporting
To report any vulnerabilities within the scope of this policy, please email security@adminbyrequest.com. We appreciate your cooperation and adherence to responsible disclosure practices. Upon receipt of your report, our security team will promptly assess and address the reported vulnerability. We encourage you to provide detailed information to facilitate a quicker resolution.
Assessment and Validation
Our security team will evaluate and validate reported vulnerabilities within a reasonable timeframe, typically no more than 30 days.
We prioritize the assessment based on the severity, impact, and potential exploitation of the vulnerability.
Remediation and Disclosure
Once a vulnerability is confirmed, Admin By Request will work diligently to develop a fix or mitigation strategy.
We aim to release patches or updates for significant vulnerabilities within 90 days of report validation.
Details of the vulnerability and its resolution will be disclosed responsibly, in coordination with the reporter, and in a manner that minimizes risk to our customers.
Data Processing Agreement
Our Data Processing Agreement (DPA) governs the processing of personal data on behalf of our customers. It aligns with the requirements of the GDPR and is built on the European Commission’s Standard Contractual Clauses (SCCs). The DPA also provides an up-to-date list of our authorized sub-processors.
ESG Report
We are committed to responsible and sustainable business practices across our operations. Please review our ESG Report for more information, available here.
Financial Heath Statement
We maintain strong financial stability to support the security, reliability and continuity of our services.
Insurance
We maintain insurance coverage relevant to our operations.
Privacy Statement
We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Data Processing Agreement, accessible from www.adminbyrequest.com. Read full document.
Support Services
Coming soon
Terms and Conditions
Our Terms and Conditions govern the use of our services and define the rights and obligations of both our organization and our customers.
U.S. State Privacy Rights Notice
Established in the European Union, Admin By Request is generally not directly subject to U.S. privacy laws. However, our privacy practices, contractual commitments and technical and organizational safeguards align with comparable principles and requirements found in various U.S. state privacy laws. Where applicable, this statement outlines how we support our U.S. customers in meeting their legal obligations under their respective privacy laws and how we respect the privacy rights of U.S. residents.
We do not sell or share personal information. We only disclose personal data to our authorized sub-processors who process it on our behalf, solely for the purpose of providing and supporting our services in accordance with our Terms and Conditions and Data Processing Agreement. While we acknowledge U.S. privacy laws such as the California Consumer Privacy Act (CCPA) and similar state laws, we do not engage in activities that constitute “selling” or “sharing” personal information as defined under those laws. Because we do not use personal information for cross-context behavioural or targeted advertising, browser-based opt-out signals (such as the Global Privacy Control) will not apply.
Our U.S. Privacy Compliance
While the CCPA/CPRA has influenced the development of many subsequent U.S. state privacy laws, California is not the only jurisdiction to have enacted such regulations. Our privacy and security program is founded on the EU General Data Protection Regulation (GDPR) and internationally recognized security and privacy standards that reflect similar fundamental principles, including accountability, transparency, security, privacy and respect for individual rights.
By adhering to this framework, we maintain a level of protection consistent with the key requirements shared across U.S. state privacy laws and are positioned to help our customers meet their own compliance obligations. We provide:
- Audit and verification rights (via the DPA) – enabling customers to confirm our compliance with applicable contractual and regulatory obligations.
- Contractual commitments & role clarity (via the DPA) – defining our role as a processor/service provider, consistent with CCPA/CPRA and similar state laws, and setting out instructions, confidentiality, security measures, sub-processor flow-downs and assistance duties.
- Transparency around sub-processors and safeguards – maintaining a public list of authorized sub-processors (via our DPA) and requiring contractual safeguards.
- Public-facing privacy disclosures (via the Privacy Policy) – describing the categories of personal data processed, the business purposes for which it is used, the parties it may be disclosed to and the mechanisms available for consumer rights requests.
- Remedies & cooperation obligations (via the DPA) – committing to work with our customers to address, remediate and mitigate any identified non-compliance.
- Incident response & breach notification – providing notices, incident details and cooperation on required notifications. Timed to support state deadlines where required.
- Support for individual rights requests – assisting customers, where applicable, in responding to access, correction, deletion, portability and other rights requests made by their end-users under CCPA/CPRA and comparable state laws.
- Data minimization – processing only what is necessary to deliver the service, consistent with documented purposes and customer instructions.
- Security, retention & deletion – implementing appropriate technical and organizational measures and manage the retention and deletion of personal data in accordance with the GDPR, our agreements and the customer’s instructions.
- Non-discrimination – ensuring individuals are not disadvantaged for exercising applicable privacy rights.
Privacy Across U.S. States
Privacy regulation in the U.S. continues to evolve with an increasing number of states adopting comprehensive laws governing the collection, use and disclosure of personal information. We monitor these developments closely and evaluate their requirements to ensure our practices remain aligned with recognized privacy principles in the U.S.
While our compliance framework incorporates the core elements common to U.S. state privacy laws, including transparency, accountability and audit rights, we also recognize the specific obligations our customers may have toward state residents and their individual privacy rights. We are positioned to support our customers in meeting their compliance responsibilities across U.S. jurisdictions.
The California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA), have been particularly influential in shaping the modern U.S. privacy landscape, and are addressed first, followed by an overview of comparable resident rights under other state privacy frameworks to the extent they relate to our services and our customers’ compliance responsibilities.
California Consumer Privacy Act (CCPA/CPRA)
California was the first U.S. state to enact a comprehensive consumer privacy law, and the CCPA, as amended by the CPRA, remains the most established framework of its kind. As it has influenced the structure and substance of many subsequent state privacy laws, it provides a useful reference point for understanding how our practices support customers in meeting their obligations under comparable regimes.
Although we are not directly bound by CCPA/CPRA, some of our customers may qualify as “businesses” under those laws. In such cases, we act as a Service Provider, which means:
- We process personal information only on behalf of customers and for purposes defined in our agreements.
- We do not use, retain or disclose personal information for our independent purposes.
- We follow our customers’ instructions, the terms of our DPA and applicable laws in all processing.
Under the CCPA/CPRA, California residents have the right to:
- Access information – request details about the personal information collected, its source, purposes, disclosures and the specific data records held.
- Deletion – ask that personal information is deleted, subject to legal or operational exceptions.
- Correction – request updates to inaccurate personal data.
- Portability – obtain a copy of personal information in a portable, readily usable format (where applicable).
- Opt out – stop the sale or sharing of personal information.
- Sensitive data restrictions – limit use or disclosure of sensitive personal information, as permitted by law.
- Fair treatment – exercise rights without being discriminated against or disadvantaged.
- Appeals – challenge a refusal to act on a rights request (where applicable).
Colorado Privacy Act (CPA)
Residents of Colorado have the following rights regarding their personal data:
- Right of access – to confirm whether a controller is processing their personal data and to access that personal data.
- Right to correction – to correct inaccuracies in their personal data, considering the nature of the data and the purposes of processing.
- Right to deletion – to request the deletion of personal data concerning them.
- Right to data portability – to obtain their personal data in a portable and, where technically feasible, readily usable format that allows transfer to another entity without hindrance.
- Right to opt out – to opt out of the processing of personal data for:
- targeted advertising,
- the sale of personal data, or
- profiling in furtherance of decisions that produce legal or similarly significant effects.
Connecticut Data Privacy Act (CTDPA)
Residents of Connecticut have the following rights regarding their personal data:
- Right to know/confirm – to confirm whether a controller is processing their personal data.
- Right of access – to access their personal data being processed.
- Right to correction – to correct inaccuracies in their personal data.
- Right to deletion – to request the deletion of their personal data.
- Right to data portability – to obtain their personal data in a portable and, where technically feasible, readily usable format.
- Right to opt out of certain processing – to opt out of processing for profiling or targeted advertising.
- Right to opt out of sales – to opt out of the sale of personal data.
- Right to opt in for sensitive data processing – to provide consent before their sensitive personal data may be processed.
Utah Consumer Privacy Act (UCPA)
Residents of Utah have the following rights regarding their personal data:
- Right of access – to confirm whether a controller is processing their personal data and to access that personal data.
- Right to deletion – to request the deletion of personal data they have provided directly to the controller.
- Right to data portability – to obtain a copy of their personal data in a format that is:
- portable to a technically reasonable extent,
- readily usable to a practical extent, and
- enables the consumer to transmit the data to another controller reasonably easily, where the processing is carried out by automated means.
- Right to opt out – to opt out of the processing of personal data for:
- targeted advertising, or
- the sale of personal data.
Delaware Personal Data Privacy Act (DPDPA)
Residents of Delaware have the following rights regarding their personal data:
- Right of access – to access their personal data.
- Right to correction – to correct inaccuracies in their personal data.
- Right to deletion – to request the deletion of their personal data.
- Right to data portability – to obtain their personal data in a portable format.
- Right to disclosure of third-party recipients – to obtain a list of third parties with whom their personal data has been shared.
- Right to opt out – to opt out of the processing of personal data for:
- targeted advertising,
- the sale of personal data, or
- profiling in furtherance of automated decisions.
Texas Data Privacy and Security Act (TDPSA)
Residents of Texas have the following rights regarding their personal data:
- Right to know/access – to confirm whether a controller is processing their personal data and to obtain that data in a readable format.
- Right to correction – to correct inaccuracies in their personal data, considering the nature of the data and the purposes of processing.
- Right to deletion – to request the deletion of personal data provided by or obtained about them.
- Right to opt out – to opt out of the processing of personal data for:
- targeted advertising,
- the sale of personal data, or
- profiling in furtherance of decisions that produce legal or similarly significant effects, including decisions related to:
- financial and lending services,
- housing, insurance, or health care services,
- education enrolment,
- employment opportunities,
- criminal justice, or
- access to basic necessities, such as food and water.
- Right to non-discrimination – to not be retaliated or discriminated against for exercising their rights.
Nebraska Data Privacy Act (NDPA)
Residents of Nebraska have the following rights regarding their personal data:
- Right of access – to access their personal data.
- Right to correction – to correct inaccuracies in their personal data.
- Right to deletion – to request the deletion of their personal data.
- Right to data portability – to obtain a copy of their personal data in a portable format.
- Right to opt out – to opt out of the processing of personal data for:
- targeted advertising,
- the sale of personal data, or
- profiling in furtherance of decisions that produce legal or similarly significant effects.
New Hampshire Data Privacy Act (NHDPA)
Residents of New Hampshire have the following rights regarding their personal data:
- Right to know/confirm – to confirm whether a business is processing their personal data.
- Right of access – to access their personal data being processed.
- Right to correction – to correct inaccuracies in their personal data.
- Right to deletion – to request the deletion of personal data provided by or obtained about them.
- Right to data portability – to obtain a copy of their personal data in a portable format.
- Right to opt out – to opt out of the processing of personal data for:
- targeted advertising,
- the sale of personal data, or
- certain types of automated profiling.
- Right to non-discrimination – to not be denied services, charged different rates, or otherwise discriminated against for exercising their rights.
Additional protections include:
- The right to exercise these rights free of charge at least once every 12 months.
- Businesses must respond to requests within 45 days, with a possible 45-day extension (with notice and explanation).
- Consent is required before:
- using data outside the disclosed purposes of collection,
- processing sensitive personal data, or
- selling/using data for targeted advertising of consumers aged 13-15.
New Jersey Data Privacy Act (NJDPA)
Residents of New Jersey have the following rights regarding their personal data:
- Right to know/confirm – to confirm whether a controller is processing their personal data and to access that data.
- Right to correction – to correct inaccuracies in their personal data.
- Right to deletion – to request the deletion of their personal data.
- Right to data portability – to obtain a copy of their personal data in a portable, readily usable, and transferable format.
- Right to opt out – to opt out of the processing of personal data for:
- targeted advertising, or
Maryland Online Data Privacy Act (MODPA)
Residents of Maryland have the following rights regarding their personal data:
- Right of access – to request a copy of their personal data held by businesses.
- Right to correction – to correct inaccuracies or incomplete personal data.
- Right to deletion – to request the deletion of their personal data, subject to certain exceptions.
- Right to opt out – to opt out of the processing of personal data for:
- targeted advertising,
- the sale of personal data, or
Nevada Online Privacy (NRS 603A)
Residents of Nevada have the following rights regarding their personal data:
- Right to opt out – to opt out of the sale of their personal data to data brokers.
Note: Nevada law does not extend additional rights similar to those found under the CCPA/CPRA or other state privacy laws.
U.S. Privacy Inquiries
Questions regarding our U.S. privacy compliance or how we support our customers in addressing applicable state privacy rights may be directed to our Data Protection Officer.
E-mail: dpo@adminbyrequest.com
Address: Admin By Request, Ved Stranden 10, 9000 Aalborg, Denmark
