GDPR

At CompleteGreet, we take your privacy seriously and fully comply with the EU's General Data Protection Regulation (GDPR) from 2016.

This page explains how we collect, use, and protect personal data when you visit completegreet.com or use our video bubble service on your own website.

Roles and Responsibilities

Data Controller for personal data collected on completegreet.com, such as from cookies and contact forms.

Data Processor when we host and process your end-users' data via our video bubble software, always according to your instructions.

Data Processing Agreement (DPA)

Under GDPR Article 28, we provide a standard Data Processing Agreement (DPA) for all customers, which can be downloaded and signed. It outlines the scope, duration, and security measures for data processing.

The agreement includes requirements for confidentiality, sub-processors, and data subject rights to ensure full compliance.

Sub-processors

  • ScalaHosting/SPanel – EU-based VPS hosting with data centers in the EU and contractual guarantees for international data transfers.
  • Google Workspace – Email and document storage under the EU's Standard Contractual Clauses (SCCs) for transfers outside the EU.
  • CookieYes (website only) – Consent management that blocks non-essential cookies until consent is given.

Security Measures

  • Daily backups of all customer data with a 30-day retention period for rapid recovery if needed.
  • TLS version 1.3 to encrypt data in transit, preventing interception and manipulation.
  • Two-Factor Authentication (2FA) on all employee logins, following NIST guidelines for digital identity.
  • IP Logging for Billing and Security: We store IP addresses for 30 days as an integral part of our billing system to validate transactions, comply with tax regulations (VAT), and protect the service from abuse.
  • Incident Response Plan with a requirement to notify supervisory authorities of personal data breaches within 72 hours.

Privacy & Cookie Policy

Our Privacy Policy explains what personal data we collect, why, and for how long we store it, as well as your rights under GDPR Articles 13 and 14.

Our Cookie Policy lists all cookies, their purpose, and lifespan, and explains how to withdraw or change your consent in accordance with the ePrivacy Directive Article 5(3).

Data Subject Rights

You have the right to access, rectify, erase, or port your data, and to object to or restrict processing under GDPR.

To exercise your rights, please contact us at [email protected], and we will respond within two business days.

Additional Sub-processors

  • Cloudflare – Global CDN and web firewall that protects traffic to and from our servers. Cloudflare offers a DPA based on SCCs and publicly lists its own sub-processors.
  • Stripe – Payment gateway for subscriptions; Stripe is PCI-DSS certified and provides a comprehensive GDPR DPA.
  • UptimeRobot – Monitors the availability of completegreet.com; only processes domain metadata, no end-user data.
  • Google Analytics 4* – Web analytics on the marketing site; IP-anonymized, runs only after consent.
  • Microsoft Clarity* – Heatmaps/session replays on the marketing site; activated only upon consent.

*These tools are active only on completegreet.com and are not part of the video bubble itself, which runs on customer sites.

Additional Security Measures

  • Encryption at Rest – Databases and backups are AES-encrypted at the server level.
  • Need-to-Know Principle – Only trusted employees with a work-related need are granted access to personal data.

Download the Data Processing Agreement

Our standard agreement (based on the Danish Data Protection Agency's template) can be downloaded here: Data Processing Agreement (DOCX)

Cookie Consent & Logging

CompleteGreet uses CookieYes to obtain and store documentation of consent for 12 months. Before consent is given, all non-essential cookies, including Google Analytics and Microsoft Clarity, are blocked.

Last updated: June 16, 2025

Last Updated

June 16, 2025

Menu
Create Account