Back to Home

Privacy Policy

Last updated: 2026-02-25

Data Controller

The identity of the data controller depends on the type of data being processed:

  • For account holder data (your name, email, and account details), the individual operating Hjertely (hjertely.dk) is the data controller.
  • For guest data entered by event hosts, the host is the data controller under GDPR. Hjertely acts as a data processor on behalf of the host, processing guest data solely to deliver the invitation service.
  • The relationship between Hjertely as processor and hosts as controllers is governed by a Data Processing Agreement (DPA) in accordance with GDPR Article 28.

Information We Collect and How We Use It

We collect and use information you provide directly to us when you create an account, create wedding invitations, or contact us for support:

  • Account information (name, email, password)
  • Wedding event details (date, venue, hosts)
  • Guest information (names, email addresses, RSVP responses)
  • RSVP responses and dietary preferences
  • Photos and media uploaded to invitations
  • Provide and operate our wedding invitation service
  • Create and deliver personalized invitations to your guests
  • Send you updates, respond to inquiries, and provide customer support
  • Analyze usage patterns to improve our platform and user experience

Legal Basis for Processing

We process personal data based on the following legal grounds under GDPR Article 6:

  • Contract performance — Processing your account data and event data is necessary to provide the wedding invitation service you have signed up for (Article 6(1)(b)).
  • Legitimate interest — We process certain data (such as technical logs) to ensure platform security and prevent abuse (Article 6(1)(f)).
  • Consent — We rely on your consent for analytics cookies and optional marketing communications (Article 6(1)(a)). You can withdraw your consent at any time by adjusting your cookie preferences or contacting us, without affecting the lawfulness of processing carried out before withdrawal.

Information for Guests

If you received a wedding invitation through Hjertely, your personal data was entered by the person (the host) who invited you. Hjertely did not collect your data independently.

  • Your name, email address, and any other details were provided to us by the host of the event. The host decided to use Hjertely to create and send their wedding invitations.
  • Your data is processed solely to deliver the wedding invitation, collect your RSVP response, and communicate event details to you on behalf of the host.
  • We may store your name, email address, RSVP response, dietary preferences or allergies, plus-one details, and any message you choose to submit.
  • You have the same rights as any data subject under GDPR, including the right to access, correct, or request deletion of your data. To exercise these rights, you may contact the host who invited you or reach out to us directly at privacy@hjertely.dk.
  • A link to this Privacy Policy is displayed on all invitation pages so that guests can review how their data is handled.

Sub-Processors

We use the following third-party service providers (sub-processors) to operate our service. Each sub-processor processes data only as necessary to provide its specific function:

  • Vercel Inc. (USA) — Hosting and content delivery network (CDN). Data transfers to the USA are protected by EU Standard Contractual Clauses (SCCs).
  • Resend Inc. (USA) — Transactional email delivery (invitation emails, verification emails). Data transfers to the USA are protected by EU Standard Contractual Clauses (SCCs).
  • Uploadthing (USA) — File storage for photos and media uploaded to invitations. Data transfers to the USA are protected by EU Standard Contractual Clauses (SCCs).
  • Google LLC (USA) — Analytics to understand usage patterns and improve the service. Only activated with your consent. Data transfers to the USA are protected by EU Standard Contractual Clauses (SCCs).

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), specifically the United States, through our sub-processors listed above.

  • All international transfers are protected by EU Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your data receives an adequate level of protection regardless of where it is processed.
  • You may request a copy of the relevant safeguards by contacting us at privacy@hjertely.dk.

Sub-Processors

We use the following third-party service providers (sub-processors) to operate our service. Each sub-processor processes data only as necessary to provide its specific function:

  • Vercel Inc. (USA) — Hosting and content delivery network (CDN). Data transfers to the USA are protected by EU Standard Contractual Clauses (SCCs).
  • Resend Inc. (USA) — Transactional email delivery (invitation emails, verification emails). Data transfers to the USA are protected by EU Standard Contractual Clauses (SCCs).
  • Uploadthing (USA) — File storage for photos and media uploaded to invitations. Data transfers to the USA are protected by EU Standard Contractual Clauses (SCCs).
  • Google LLC (USA) — Analytics to understand usage patterns and improve the service. Only activated with your consent. Data transfers to the USA are protected by EU Standard Contractual Clauses (SCCs).

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), specifically the United States, through our sub-processors listed above.

  • All international transfers are protected by EU Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your data receives an adequate level of protection regardless of where it is processed.
  • You may request a copy of the relevant safeguards by contacting us at privacy@hjertely.dk.

Cookies and Tracking

We use cookies and similar technologies to enhance your experience:

  • Essential cookies for authentication and security
  • Analytics cookies to understand how you use our service
  • Preference cookies to remember your settings and choices

Your Rights

Under GDPR and other privacy laws, you have the following rights:

  • Access your personal data and understand how it's processed
  • Correct inaccurate or incomplete personal data
  • Request deletion of your personal data
  • Receive your data in a portable format
  • Restrict the processing of your personal data
  • Object to the processing of your personal data

Data Retention

We retain personal data only as long as necessary for the purposes described in this policy. Specific retention periods are as follows:

  • Account data — Retained while your account is active. After you delete your account, your data is permanently removed within 30 days.
  • Event data — Retained until 6 months after the event date, then automatically deleted.
  • Guest data — Retained on the same schedule as event data (6 months after the event date), then automatically deleted.
  • Photos and media — Deleted together with the associated event data.
  • Financial records — Retained for 5 years after the transaction date, as required by the Danish Bookkeeping Act (Bogforingsloven).
  • Analytics data — Anonymized after 26 months. Anonymized data is no longer personal data and may be retained indefinitely for statistical purposes.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

  • Email: privacy@hjertely.dk
  • You have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) if you believe your data has been processed unlawfully. You can reach Datatilsynet at datatilsynet.dk.
Hjertely