Privacy policy: data, cookies, and deletion
Here we explain what information we process on dasma.dk, how uploaded images and public treasure hunts are handled, and how you can report misuse or exercise your rights.
1) Data controller and contact
The data controller for processing on dasma.dk is the business/person operating Skattejagten on dasma.dk.
Use the reporting page, the feedback flow, or email if you want to exercise your rights, report misuse, or ask questions.
2) What data do we collect?
Depending on how you use the service, we may process:
- account and contact information such as email, name, login details, account ID, and accepted-terms status,
- content you create or upload, including treasure hunts, steps, answers, feedback, images, links, and video URLs,
- technical data such as IP address, time, browser, device, session data, and security logs, and
- consents and preferences, such as cookie choices and any waitlist or update consents.
An image of an identifiable person may be personal data. If such images are uploaded, they are therefore also processed under data-protection rules.
3) Purpose and legal basis
We use the information to:
- create and operate accounts, treasure hunts, sharing, gameplay, and display of your content,
- run authentication, support, communication, deletion, recovery, and other necessary user administration,
- prevent abuse, enforce terms, handle reports, protect rights, and document or defend legal claims.
The legal basis depends on the purpose and will typically be contract (GDPR art. 6(1)(b)), consent (GDPR art. 6(1)(a)), legitimate interests (GDPR art. 6(1)(f)), and in some cases legal obligations. The most common bases are:
- contract (GDPR art. 6(1)(b)) to provide accounts, treasure hunts, sharing, and related functionality,
- consent for optional cookies/analytics and legitimate interests (GDPR art. 6(1)(f)) for security, logging, moderation, abuse prevention, and complaint handling.
4) Visibility, sharing, and publication
How your content is shown depends on your choices and sharing settings:
- Private treasure hunts and related content are generally only available to you and people you explicitly share with, subject to technical access controls.
- If you make a treasure hunt public, the title, description, images, and other published content may become visible to others and in some cases indexed, cached, or reshared by third parties.
- We may share necessary information with providers for hosting, storage, database, email, analytics, security, and support when needed to operate the service.
5) Retention and deletion
Account and content data are normally retained while your account is active or until you delete the content or request deletion, unless longer retention is necessary for legal requirements, security, or documenting legal claims.
You can request deletion, restriction, or help through the reporting page or by contacting us directly. We may ask for reasonable identification so that we do not act for the wrong person.
Backups and security copies are overwritten according to normal rotation cycles, and some information may be retained longer where necessary to handle abuse, disputes, or lawful requests.
6) Your rights
You generally have the right to:
- access your information,
- have inaccurate information corrected,
- have information deleted or processing restricted,
- object to processing where the rules allow it,
- receive your information in a structured format (data portability), when relevant.
7) Sharing and processors
We do not sell your data.
We only share information with providers and partners that help with operations, hosting, storage, database, authentication, email, analytics, security, support, or legally required handling.
For specific and sufficiently substantiated reports or lawful authority requests, we may also need to disclose relevant information to the extent the law requires or permits.
We use processors with appropriate safeguards and enter into data processing agreements where required.
8) Transfers to third countries
We aim for EU/EEA providers. If a provider processes data outside the EU/EEA, we use a valid transfer mechanism, such as EU Standard Contractual Clauses, and supplementary measures where needed.
We only share the information necessary for the specific operational, security, or support purpose.
9) Security, misuse, and image protection
We apply appropriate technical and organizational security measures, such as access controls, logging, rate limiting, updates, and data minimization, to protect information and user content.
No solution is 100% secure. If you publish or broadly share images, we cannot guarantee that others will not take screenshots, copy, or misuse them. That use is not allowed, and we assess concrete reports as quickly as possible.
10) Cookies and analytics
Necessary cookies may be used for operation, login, security, and basic preferences.
Analytics (for example Google Analytics) is only used if you consent through cookie settings. No advertising or profiling without a separate legal basis.
You can adjust or withdraw consent in Cookie settings at any time.
11) Changes to this policy
If we materially change the privacy policy, we update this page and may notify affected users in or outside the service where relevant.
12) Reports, rights, and complaints
You can report copyright issues, privacy violations, image misuse, or other problems through the reporting page. If the issue concerns personal data, you may also complain to Datatilsynet (the Danish Data Protection Agency).
Please contact us first through the reporting page, the feedback flow, or email, and we will try to resolve it quickly and properly.
13) Anonymized chatbot failure logging
If you enable the setting in the support chat, only anonymized error reports are stored locally in your browser to improve responses and KB content.
We do not store identifiers such as IP, cookies, user ID, or session ID in these reports.
You can turn the feature off in chat settings or clear all reports from the admin view.