Log inSign up
⚠️ Draft for review. These documents are a working draft and must be reviewed and approved by a qualified Danish lawyer before the service goes live. They are not yet legal advice or a binding agreement.

Privacy Policy

Last updated: 14 July 2026 · Complies with the EU GDPR and Danish data-protection law

1. Data controller

Samrute (placeholder: [Company name, CVR, address]) is the data controller for personal data processed through the service. Data-protection contact: privacy@samrute.dk (placeholder).

2. What we collect

  • Account data — name, email, phone, sign-in method (email, Google, Apple, Facebook).
  • Identity verification — the result of MitID verification (a verified status and a stable identifier). We do not use your CPR number as an account key.
  • Driver & vehicle data — licence verification status, vehicle details, and (for DAC7) tax information.
  • Journeys & bookings — routes, approximate pick-up/drop-off areas, times, seats, cost contributions, booking history.
  • Payments — platform-fee orders, status and receipts (card data is handled by our payment provider, not stored by us).
  • Communications — in-app messages between members, ratings and reports.
  • Technical data — device/usage information and essential cookies (see our Cookie Policy).

3. Why we process it, and our legal basis

Provide the service (accounts, matching, bookings, messaging)Performance of a contract
Identity verification & safety (MitID, ratings, moderation, fraud prevention)Legitimate interests; consent for MitID verification
Payments & receiptsContract; legal obligation (bookkeeping)
Tax reporting (DAC7)Legal obligation
Optional analyticsConsent

4. Who we share data with

We share only what is necessary, with:

  • Other members — the details needed to arrange a shared ride (e.g. your name, approximate route, rating; exact pick-up is shared only when needed).
  • Processors acting on our instructions — MitID broker, payment provider, hosting, email and mapping providers.
  • Authorities — the Danish tax authority (DAC7) and others where legally required.

5. Where your data is stored

We host data within the EU/EEA. Where a provider processes data outside the EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

6. How long we keep it

We keep personal data only as long as needed for the purpose it was collected, then delete or anonymise it. Financial and tax records are kept for the statutory period; messages and notifications follow shorter operational retention. Final retention periods are set with our DPO before launch.

7. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict or object to processing, to data portability, and to withdraw consent at any time. You can export or delete your data from your profile. Some data may be retained where we have a legal obligation or a legal hold. You may complain to the Danish Data Protection Agency (Datatilsynet).

8. Security

We use encryption in transit, access controls, audit logging and least-privilege access to protect your data, and separate handling for sensitive identity and financial data.

9. Children

The service is for adults (18+). We do not knowingly process data of children.

10. Changes & contact

We will post updates here with a revised date. Questions: privacy@samrute.dk (placeholder).