MUCODI
Sign inBook a demo →
HomeProductCase StudiesPricingInsightsDocsAbout
Sign inBook a demo →
MuCoDi · Legal

Privacy policy

LAST UPDATED · 16 JUNE 2026

This policy explains how MuCoDi handles personal data in connection with our website at mucodi.co. A separate section at the end addresses the MuCoDi application — the platform our museum customers use. We are committed to the EU General Data Protection Regulation (GDPR) and to keeping data minimal, secure, and inside the EU.

● No cookie banner

This website runs without tracking, analytics, or marketing cookies. The only cookie we set is a single strictly-necessary functional cookie used to keep an editor signed in while editing content. Strictly-necessary cookies are exempt from consent under the ePrivacy Directive and GDPR, so we do not show a cookie banner.

1. Who we are

The data controller for this website is MuCoDi, Hammerensgade 1, 2., 1267 Copenhagen K, Denmark. For any privacy question or to exercise your rights, contact info@mucodi.co or +45 70 70 12 15.

2. What we collect, and why

We only collect personal data you actively give us. We do not buy data, and we do not track you across the web.

Forms you submit

  • Request a demo / Join as a partner: your name, work email, phone (optional), museum or agency, country, and anything you write in the message field.
  • Newsletter: your email address.

The functional cookie

A single session cookie that signs a content editor in. It contains no marketing or behavioural data and is not shared with third parties.

Server logs

Our EU host keeps short-lived technical logs (e.g. IP address, request time) to operate and secure the site. These are deleted on a rolling basis and are not used to profile you.

3. Legal basis (GDPR Art. 6)

  • Demo / partnership requests — our legitimate interest in responding to you and steps taken at your request prior to a possible agreement (Art. 6(1)(b)/(f)).
  • Newsletter — your consent (Art. 6(1)(a)), withdrawable at any time via the unsubscribe link or by emailing us.
  • Functional cookie & security logs — our legitimate interest in operating a secure, working website (Art. 6(1)(f)).

4. How we use your data

To reply to your enquiry, arrange a demo, send the newsletter you asked for, and keep the site secure and functioning. We never sell your personal data or use it for automated decision-making or profiling.

5. Where your data is stored

All website data is processed and stored within the European Union. Where a service provider (sub-processor) is involved, we use EU-based providers or, exceptionally, providers covered by an adequate GDPR transfer mechanism. We do not transfer your data outside the EU/EEA without such safeguards.

6. Who we share it with

Only the limited service providers needed to run the site — for example our EU hosting provider, our email provider, and, if you book a call, a scheduling tool. Each acts as a processor under a data-processing agreement and only on our instructions. We also disclose data where legally required.

7. How long we keep it

  • Enquiry / demo data — for as long as needed to handle your request and any resulting relationship, then deleted or anonymised.
  • Newsletter — until you unsubscribe.
  • Logs — short rolling retention for security and diagnostics.

8. Your rights

Under the GDPR you have the right to:

  • access the data we hold about you;
  • have inaccurate data corrected;
  • have your data erased;
  • restrict or object to processing;
  • data portability;
  • withdraw consent at any time (without affecting prior processing).

To exercise any of these, email info@mucodi.co. You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) or your local supervisory authority.

9. The MuCoDi application

This section concerns the MuCoDi platform used by museums to manage and publish their collections — distinct from this marketing website.

  • GDPR-compliant by design. The application is built and operated in accordance with the GDPR.
  • Data stays in the EU. All customer and collection data in the application is hosted and processed within the European Union.
  • Roles. For data a museum puts into the platform, the museum is the data controller and MuCoDi acts as the data processor, processing only on the museum’s documented instructions under a Data Processing Agreement (DPA).
  • Security. Access is role-based and authenticated; data is encrypted in transit; we apply least-privilege access and keep audit trails.
  • Sub-processors & DPA. A current list of sub-processors and our DPA are available to customers on request at info@mucodi.co.

Museum end-users with questions about their own personal data should contact their institution (the controller); we will support the institution in responding.

10. Changes to this policy

We may update this policy as our practices or the law evolve. The “last updated” date above reflects the current version; material changes will be highlighted on this page.

Questions about this policy? Write to info@mucodi.co. This document is a general policy and should be reviewed by your legal adviser before publication.