Skip to content
Legal

Privacy Policy

Data controller

Accel Comply (CVR: DK37260312), operated by Behzad Motaghi, is the data controller for personal data collected through this website.

Accel Comply is a sole-trader practice. Throughout this privacy policy, "I," "me," and "my" refer to Behzad Motaghi personally. Where the policy uses "we" or "our," this refers to the same sole trader; there are no other data controllers or co-owners involved in this website.

Contact: bm@accelcomply.com

What we collect

When you use the contact form, we collect the information you provide: name, email, company, and message content. This data is processed by HubSpot (our CRM provider) and stored in the EU (eu1 region).

If you accept analytics cookies, we collect anonymised usage data through Google Analytics to understand how visitors use the site.

If you accept marketing cookies, LinkedIn and Google advertising tags may collect data for conversion tracking and remarketing purposes.

Legal basis

Contact form submissions are processed on the basis of my legitimate interest in responding to business enquiries (GDPR Art. 6(1)(f)). If you contact me through the form, I have a legitimate interest in reading and replying. You can object to this processing at any time by emailing bm@accelcomply.com; if you object, I will stop processing your data and delete it unless I have another lawful basis to retain it.

Analytics and marketing cookies require your explicit consent via the cookie banner. You can withdraw consent at any time by adjusting your cookie settings.

Cookies

This site uses three categories of cookies:

  • Necessary: Required for site security and remembering your cookie preferences.
  • Analytics: Google Analytics for site usage measurement. Requires consent.
  • Marketing: Google and LinkedIn tags for advertising and conversion tracking. Requires consent.

You can manage your cookie preferences at any time using the cookie settings link in the footer.

Data retention

Contact form data is retained in HubSpot for the duration of our business relationship plus 2 years. Analytics data is retained for 14 months. You can request deletion at any time.

Your rights

Under GDPR, you have the right to access, correct, delete, restrict processing of, and receive a portable copy of your personal data. You can also withdraw consent at any time. Contact bm@accelcomply.com to exercise these rights.

You have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet).

Engagement data subjects

The services I provide to business clients (NIS2 readiness, ISO 27001 readiness, security assessments) involve reviewing client systems, documents, and processes. These reviews may involve personal data belonging to the client's employees, IT staff, vendors, and other individuals (collectively, "engagement data subjects").

If you are an engagement data subject, meaning your personal data has been reviewed as part of a security assessment carried out for your employer or another organisation, the following applies to you under GDPR Art. 14:

Who controls your data: The organisation that engaged Accel Comply (your employer or the commissioning organisation) is the data controller for your personal data in the engagement context. They determine what is reviewed and why. I process that data as a data processor on their behalf.

What data is involved: Typically your name, work email, job title, system access rights, usernames in log files, and similar professional information visible in the systems under review. No health, financial, or sensitive personal data is processed unless the engagement scope explicitly includes it.

Why it is processed: To assess the organisation's cybersecurity posture and compliance with applicable requirements. The legal basis is the controller's legitimate interest (Art. 6(1)(f)) or, for public-sector engagements, performance of a task in the public interest.

How to exercise your rights: Your rights of access, rectification, erasure, and objection are exercisable against the controller (the organisation that engaged me). Contact that organisation's data protection contact. I will assist the controller in responding to your request if you contact me directly: bm@accelcomply.com.

How long your data is retained: Engagement data is deleted or returned to the controller within 30 days of the engagement ending, per the DPA between Accel Comply and the controller. I do not retain engagement data beyond that period except where required by law.

Third-party processors

  • HubSpot (CRM, forms): EU region. Sub-processor under DPA Annex 2. Transfer mechanism: EU-US DPF + SCCs.
  • Vercel (hosting): EU region primary, US edge. Processes contact form payloads and visitor request data in transit. Transfer mechanism: EU-US DPF + SCCs (Vercel DPA at vercel.com/legal/dpa).
  • Google Analytics (analytics): consent-dependent. US-based; transfer mechanism EU-US DPF + SCCs.
  • Google Ads (marketing): consent-dependent. US-based; transfer mechanism EU-US DPF + SCCs.
  • LinkedIn (marketing): consent-dependent. US-based; transfer mechanism EU-US DPF + SCCs.

Changes to this policy

We may update this privacy policy to reflect changes in our practices or legal requirements. The date at the bottom of the page indicates when it was last revised. Material changes will be communicated via the website.

Last updated: April 2026