Nyholm Learning

Privacy Policy

Last updated: May 2026

1. Who we are

Nyholm Learning is operated by Sissel Nyholm, based in Denmark. We are the data controller for the personal information you provide when using our website and services.

Business name: Nyholm Learning
CVR number: [CVR NUMBER]
Country: Denmark
Contact: help@nyholmlearning.com
Website: nyholmlearning.com

2. What data we collect

We collect personal data only where necessary for delivering our services. This includes:

  • Name and email address — provided when you contact us, take our placement test, or create an account
  • Payment information — processed securely by Stripe; we never see or store your card details
  • Placement test results — your answers and CEFR level result when you complete the free test
  • Course progress — which lessons you have watched, quiz scores, and certificate status
  • Purchase history — which courses you have purchased and when
  • Account credentials — email and hashed password, stored securely in Supabase
  • Marketing consent — whether you opted in to receive news and updates

3. Why we collect it and our legal basis

We process your personal data on the following legal bases under GDPR:

  • Contract performance (Article 6(1)(b)) — We need your name, email, and payment details to create and manage your account, process your purchase, and deliver access to your course content.
  • Legitimate interest (Article 6(1)(f)) — We send transactional emails such as your placement test result, purchase confirmation, and important account updates. These are necessary for the services you requested.
  • Consent (Article 6(1)(a)) — We only send marketing emails (news, course updates, special offers) if you have explicitly opted in. You can withdraw this consent at any time by unsubscribing or contacting us.

4. How we use your data

  • To create and maintain your account on nyholmlearning.com
  • To process payments and grant access to purchased courses
  • To send your placement test result by email
  • To track your progress through course content
  • To issue certificates upon passing assessments
  • To respond to enquiries submitted via the contact form
  • To send marketing communications, where you have given consent
  • To comply with legal obligations (e.g. accounting records)

5. Third-party processors

We use a small number of trusted third-party services to operate our platform. All processors handle your data in accordance with GDPR:

SupabaseDatabase and authentication

EU-hosted infrastructure. Data stored in the European Union.

StripePayment processing

Data Processing Agreement (DPA) in place. PCI-DSS compliant. We never store card details.

ResendTransactional email delivery

Used to send placement test results, purchase confirmations, and account emails.

VimeoVideo hosting

Course video content is hosted on Vimeo. Vimeo may set cookies when videos are played.

HetznerServer infrastructure

Servers located in Germany / the European Union.

6. Data retention

  • Account data — retained for as long as your account is active. You may request deletion at any time.
  • Purchase records — retained for 5 years in accordance with Danish accounting law (Bogføringsloven).
  • Placement test results — retained until you request deletion.
  • Marketing consent — you can withdraw consent at any time; we will stop sending marketing emails promptly.

7. Your rights under GDPR

You have the following rights regarding your personal data:

  • Right of access — request a copy of all personal data we hold about you
  • Right to erasure — request deletion of your personal data (subject to legal retention obligations)
  • Right to portability — receive your data in a structured, machine-readable format
  • Right to rectification — correct inaccurate or incomplete data
  • Right to withdraw consent — withdraw marketing consent at any time without affecting prior processing
  • Right to lodge a complaint — you may complain to Datatilsynet (the Danish Data Protection Agency) at datatilsynet.dk

To exercise any of these rights, contact us at help@nyholmlearning.com. We will respond within 30 days.

8. Cookies

We use only essential cookies necessary to operate the website. We do not use advertising, analytics, or tracking cookies.

CookiePurpose
sb-* (Supabase)Authentication session — keeps you signed in
Stripe sessionSecure payment processing

9. Refund policy

Because our courses are digital products delivered immediately upon purchase, the following policy applies:

  • You are entitled to a full refund within 14 days of purchase, provided you have not accessed any course content.
  • Once you access any lesson, video, or downloadable material, you explicitly waive your 14-day right of withdrawal in accordance with EU consumer law (Directive 2011/83/EU, Article 16(m)).
  • At the point of purchase, you are asked to confirm that you understand and accept this waiver.
  • To request a refund, contact us at help@nyholmlearning.com within 14 days of purchase.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify registered users by email. Continued use of our services after changes are posted constitutes your acceptance of the updated policy.

11. Contact us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Email: help@nyholmlearning.com
Address: Nyholm Learning, Denmark