Politik om beskyttelse af persondata

Last updated: January 12, 2026

Entity: Chapters Institute Effective Date: January 12, 2026 Governing Law: General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Danish Data Protection Act (Databeskyttelsesloven).

 

 

1. IDENTITY AND CONTACT DETAILS

This Privacy Policy explains how Chapters Institute collects, processes, and protects your personal data.

1.1. Data Controller The legal entity responsible for the processing of your data is:

  • Company Name: Sunkissed Invest ApS

  • CVR Number: 46151380

  • Registered Address: Bustrupgade 8, 4. th.

  • Contact Email: contact@chaptersinstitute.com

1.2. Data Protection Officer (DPO) Given the scale and nature of our processing, we have not appointed a mandatory Data Protection Officer. However, we have a dedicated Privacy Team responsible for overseeing compliance. You may contact them directly at the email above.

 

 

2. THE DATA WE COLLECT

We adhere to the principle of "Data Minimization." We only collect data that is strictly necessary for our services.

A. Information You Provide to Us

  • Identity Data: First name, surname, date of birth, gender, nationality.

  • Document Data: Passport details (Number, Issue Date, Expiry Date, Issuing Country) and Visas. Required for accommodation registration and mandatory local police reporting in many international jurisdictions.

  • Contact Data: Billing address, email address, mobile telephone number, and emergency contact details (next of kin).

  • Financial Data: Bank account details (IBAN/SWIFT) for refunds, and masked credit card information (processed via secure payment gateways).

  • Health & Special Category Data: Information regarding allergies, dietary restrictions, mobility issues, or medical conditions that you voluntarily provide to ensure your safety.

  • Travel Preferences: Room configuration preferences, flight arrival/departure times (to coordinate check-in).

B. Information Collected Automatically

  • Technical Data: IP address, browser type and version, time zone setting, browser plug-in types, operating system, and platform.

  • Usage Data: URL clickstreams (the path you take through our site), page response times, download errors, and length of visits to certain pages.

 

 

3. PURPOSE, LEGAL BASIS, AND RETENTION PERIODS

To provide maximum transparency, we have categorized our data processing activities below.

Purpose of Processing

Data Categories

Legal Basis (GDPR)

Retention Period

1. Booking & Contract Performance


To process your reservation, issue invoices, and secure your accommodation.

Identity, Contact, Financial, Document Data

Art. 6(1)(b) - Contract: Necessary to fulfill the agreement between you and Chapters Institute.

5 Years from end of financial year (Danish Bookkeeping Act).

2. Service Delivery (Destination)


To check you in, coordinate with local hosts, and manage your stay.

Identity, Contact, Document Data

Art. 6(1)(b) - Contract: We cannot provide the accommodation without sharing this data with the venue.

3 Years after travel (Limitation period for general claims).

3. Health & Safety


To manage allergies, dietary needs, or accessibility requests.

Special Category (Health)

Art. 9(2)(a) - Explicit Consent: You provide this voluntarily. You may withdraw consent, but it may impact our ability to serve you.

Deleted 3 months after trip completion, unless an incident occurred.

4. Customer Support


Handling inquiries via email, WhatsApp, or phone before, during, or after the trip.

Identity, Contact, Communication History

Art. 6(1)(f) - Legitimate Interest: Our interest in providing quality support and resolving disputes.

3 Years from closure of the specific inquiry.

5. Marketing (Existing Customers)


Sending offers for similar travel experiences ("Soft Spam").

Contact, Identity

Art. 6(1)(f) - Legitimate Interest: Aligned with Danish Marketing Practices Act § 10(2). You can opt-out at any time.

Retained until Opt-Out or after 36 months of inactivity.

6. Marketing (New Prospects)


Sending newsletters to non-customers.

Contact, Identity

Art. 6(1)(a) - Consent: Only if you have actively ticked "Sign Up".

Retained until Consent Withdrawn.

7. Community Groups (WhatsApp)


Adding you to a group chat with other guests for your specific week.

Contact, Identity, Photo

Art. 6(1)(f) - Legitimate Interest: Facilitating group cohesion and logistics.

Deleted/Archived 1 month after trip ends.

8. Legal Compliance


Reporting to authorities (e.g., Guest Registration Laws).

Identity, Document Data

Art. 6(1)(c) - Legal Obligation: Mandatory reporting to local police/immigration at the destination.

As required by local local law (typically 1-5 years).

9. Media & Content


Using photos/videos from the trip for social media/website.

Image/Video

Art. 6(1)(f) - Legitimate Interest (for general atmosphere shots) OR Art. 6(1)(a) Consent (for close-up portraits/testimonials).

5 Years from publication, or until objection.

Export to Sheets

 

 

4. DATA RECIPIENTS (WHO SEES YOUR DATA)

We do not sell your data. We strictly limit access to the following categories of recipients:

4.1. Internal Staff Authorized employees of Chapters Institute who manage bookings, customer service, and marketing. All staff are subject to binding confidentiality agreements.

4.2. External Service Providers (Data Processors) We use trusted third-party vendors to operate our business. We have Data Processing Agreements (DPAs) in place with all of them to ensure security.

  • IT & Hosting: Cloud storage providers (e.g., AWS, Google Cloud), Booking Systems.

  • Payment Processors: (e.g., Stripe, PayPal). We do not see your full card number; we only receive a token transaction ID.

  • Communication Tools: Email providers, CRM systems, and WhatsApp.

4.3. Accommodation Partners (Independent Controllers) To secure your stay, we must transfer your Identity and Document Data to the specific hotel, villa owner, or property manager at your destination. They process this data independently to comply with local hospitality laws.

4.4. Public Authorities We may disclose data to Danish or foreign law enforcement, tax authorities, or immigration officials if compelled by a valid legal order or statutory obligation.

 

 

5. INTERNATIONAL DATA TRANSFERS (NON-EU/EEA)

Chapters Institute operates globally. This means your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) ("Third Countries").

5.1. Transfers to Non-Adequate Jurisdictions Please be aware that many popular travel destinations (including but not limited to countries in Southeast Asia, Africa, and the Americas) are not currently recognized by the European Commission as providing an "adequate" level of data protection equivalent to EU standards.

5.2. Legal Basis for Transfer When we transfer your data to a hotel, venue, or local partner in a Third Country, we rely on the following mechanisms:

  1. Performance of a Contract (Art. 49(1)(b) GDPR): The transfer is strictly necessary for the performance of the contract between you and Chapters Institute. Simply put, we cannot book your accommodation or secure your spot at the destination without sending your name and details to the local provider.

  2. Standard Contractual Clauses (SCCs): Where we engage with larger international vendors (e.g., technology platforms), we implement EU-approved SCCs to safeguard your data.

By booking a stay in a destination outside the EEA, you explicitly acknowledge and accept that your data must be transferred to that jurisdiction to provide the service.

 

 

6. YOUR RIGHTS

Under the GDPR, you have the following rights regarding your data:

  1. Right to Access: You may request a copy of the personal data we hold about you.

  2. Right to Rectification: You may ask us to correct inaccurate or incomplete data.

  3. Right to Erasure ("Right to be Forgotten"): You may ask us to delete your data where there is no legal reason for us to keep it (e.g., after the 5-year Bookkeeping Act period has expired).

  4. Right to Restrict Processing: You may ask us to pause processing while a dispute is resolved.

  5. Right to Portability: You may request your data in a structured, machine-readable format to transfer to another provider.

  6. Right to Object: You may object to processing based on "Legitimate Interest" (e.g., marketing). We must stop unless we demonstrate compelling grounds to continue.

  7. Right to Withdraw Consent: If we process data based on consent (e.g., health data or newsletter), you may withdraw it at any time.

How to Exercise: Email us at privacy@chaptersinstitute.com. We will respond within one month.

 

 

7. SECURITY MEASURES

We implement robust technical and organizational measures to protect your data, including:

  • Encryption of data in transit (SSL/TLS).

  • Access controls (MFA) for internal staff systems.

  • Regular security reviews of our software vendors.

  • Data minimization (we do not collect what we do not need).

Despite these measures, no transmission over the internet is 100% secure. You acknowledge this risk when using our services.

 

 

8. COOKIES

We use cookies to analyze website traffic and improve user experience.

  • Essential Cookies: Required for the site to function (e.g., keeping items in your cart).

  • Analytics Cookies: (e.g., Google Analytics) to see how users navigate our site.

  • Marketing Cookies: To show you relevant ads on other platforms.

You can manage your cookie preferences via the "Cookie Settings" banner on our website footer.

 

 

9. CHANGES TO THIS POLICY

We may update this policy to reflect changes in our business or the law. The latest version will always be posted here.

  • Last Updated: January 12, 2026

 

 

10. COMPLAINTS

If you believe we have mishandled your data, we invite you to contact us first so we can resolve the issue. You also have the right to lodge a complaint with the Danish Data Protection Agency:

  • Datatilsynet

  • Carl Jacobsens Vej 35, 2500 Valby

  • Tel: +45 33 19 32 00

  • Email: dt@datatilsynet.dk