Back to home

Information Letter

Processing of information for credit assessment (credit information)

Last updated: 11. juli 2026

This information letter explains how companydata.dk processes information for assessing the financial standing and creditworthiness of Danish companies (credit information). It fulfils our duty to inform under Articles 13 and 14 of the GDPR, which in this area applies both to personal data and to information about companies, cf. section 20(4) of the Danish Data Protection Act.

Uneven Bits ApS has applied to the Danish Data Protection Agency (Datatilsynet) for authorisation to operate as a credit information agency under section 19 of the Danish Data Protection Act. Credit information — score, credit recommendation and credit reports — will only be disclosed once the authorisation has been granted.

1. Data Controller

The data controller for the processing of credit information is:

Uneven Bits ApS

CVR: 30487842

Dybbølsgade 39, 2. th

1721 København V

Email: [email protected]

We have not appointed a data protection officer. All data protection enquiries should be directed to the contact details above.

2. Purpose and Legal Basis

We process the information to provide an advisory assessment of companies' financial standing and creditworthiness to our customers, who use the assessment in their own credit decisions, risk management and trading decisions.

The legal basis is Article 6(1)(f) of the GDPR (legitimate interest: commercial credit information services), within the framework of sections 19-21 of the Danish Data Protection Act and the terms set by the Danish Data Protection Agency for credit information agencies.

3. What Information We Process

We only process information that is relevant to the assessment of financial standing and creditworthiness:

  • Master data: the company's name, CVR number, address, industry, legal form and status
  • Roles and relations: management, owners and liable participants as registered in the CVR register — including persons' names and roles
  • Financial information from published annual reports, e.g. equity, profit/loss and audit opinion
  • Legal notices, e.g. bankruptcy decrees, compulsory dissolutions and restructurings
  • Computed information: CompanyData Score (CDS), rating class, confidence level and credit recommendation

We do not process CPR numbers, special categories of data (Article 9 of the GDPR) or data relating to criminal convictions (Article 10). We process no information about debts, debt relationships or payment remarks.

4. Where the Information Comes From

All information originates from public, authoritative registers:

  • The Central Business Register (CVR) at the Danish Business Authority
  • The Danish Business Authority's register of financial statements (published annual reports)
  • Statstidende (the Danish Official Gazette — legal notices)

We receive no reports or submissions from our customers, creditors or other private sources.

5. Who the Information Is Disclosed To

Credit information is only disclosed to registered, paying business customers — subscribers and buyers of individual credit reports. Disclosure always takes place in writing/electronically as a lookup of a specific company.

We publish no lists or publications of companies or persons with negative information.

We record who has received which credit information, so we can notify recipients if information turns out to be incorrect (retraction). Credit information is not transferred to countries outside the EU/EEA.

6. Retention and Deletion

Information about matters that count against creditworthiness and that is more than 5 years old is not processed. The limit is enforced automatically in our systems and applied without exceptions.

Objective register data (e.g. master data and financial figures) is continuously synchronised against the source registers, and corrections in the registers automatically take effect with us.

The disclosure log is retained for 12 months.

7. How the Assessment Is Calculated (Profiling)

The CompanyData Score is a number from 0 to 100 calculated from five areas: the company's financial position, earnings, filing conduct (e.g. timely filing of annual reports), stability, and the track record of its management and owners in other companies — for the track record, only the last 5 years. The score translates into a rating class and an advisory credit recommendation (maximum credit and payment terms).

Together with the score we show a confidence level indicating how much data the assessment rests on — newly founded companies and sole proprietorships, for example, rarely have published financial statements.

The assessment is advisory. We make no automated decisions about you or your company — the decision always rests with the customer receiving the assessment.

Read more about the methodology behind the CompanyData Score

8. Your Rights

Under data protection law you have the right to:

  • Access: to know what information we process about you or your company, where it comes from, and who it has been disclosed to
  • Rectification: to have incorrect information corrected
  • Erasure: to have information deleted when the conditions for this are met
  • Restriction: to have processing restricted, e.g. while an objection is being assessed
  • Objection: to object to the processing

Contact us at [email protected]. There are no formal requirements, and you do not need to provide documentation to have information corrected or deleted. We respond as soon as possible and no later than within 1 month. If you dispute the accuracy of information, it is for us to demonstrate that the processing is justified.

If information originates from a public register, we will tell you where in the register it appears. Errors in the CVR register or the register of financial statements are corrected with the Danish Business Authority at virk.dk — the correction then automatically takes effect with us.

If disclosed information turns out to be incorrect or misleading, we correct it and notify those who received it (retraction).

9. Complaints to the Danish Data Protection Agency

You can complain about our processing of information to the Danish Data Protection Agency (Datatilsynet):

Datatilsynet

Borgergade 28, 5.

1300 København K

datatilsynet.dk