1. Background and purpose
“Personal Data” shall have the meaning set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) and “Group” shall mean the parent company Stiesdal A/S, Nyropsgade 37, first floor, 1602 Copenhagen V and its subsidiaries Stiesdal Offshore A/S, Stiesdal Storage A/S, Stiesdal SkyClean A/S and Stiesdal Hydrogen A/S together with any future subsidiary, each located at Vejlevej 270, DK-7323 Give.
2. Individuals about whom personal data is collected and processed
The Group collects and process personal data about individuals such as representatives of our business partners, advisors, collaborating partners, service providers, shareholders and applicants (solicited and non-solicited) that come in contact with the Group by different means of communication.
3. Types of personal data collected and processed
The Group collects and process general personal data such as name, contact data (telephone number, e-mail and private address or of the business), job position and information contained in the corresponding e-mail correspondence.
4. Ways of collecting personal data
The Group mainly collects personal directly from the individuals that come in contact with the Group pursuant to different business relationships between the Group and the relevant individual.
5. Purpose of collecting personal data
The Group process personal data with the purpose of retaining, developing and servicing a business relation as well as to comply with a contract entered into between the Group and the particular business partner.
6. Legal basis of processing personal data
The legal basis for the processing of personal data can constitute one of the following grounds
- When it is necessary for the drawing up or performance of a contract between the Group and the respective individual (GDPR, Article 6 (1), litra b)
- If the Group has consent from the respective individual (GDPR Article 6 (1), litra a)
- If it is necessary for the legitimate interests of the Group or a third party (and if the interests, fundamental rights and freedoms of the respective individual do not prevail over those interests) (GDPR Article 6 (1), litra f)
- To comply with a legal obligation (i.e. rules laid down by courts, statute or regulation (GDPR Article 6 (1), litra c)
7. Storage and deletion of personal data
The Group stores personal data for as long as the Group is in contact with the individual for a relevant purpose, such as a business relationship or shareholding, unless the Group is instructed to delete such personal data by the respective individual, which the Group will accommodate subject to retaining data necessary for business purposes, e.g. bookkeeping and legal requirements.
The Group deletes personal data when it is no longer needed for one or more of the purposes set out above in section 5 or for regulatory reasons.
8. Disclosure of personal data to other data controllers
The Group may disclose personal data in its possession to certain third-party recipients, such as accountants and legal advisors, who will be considered “data controllers” in respect of this data. Furthermore, with reference to legislation, it might be necessary to transfer personal data to public authorities or the police, who also will be considered “data controllers” in respect of this data.
9. Disclosure of personal data to data processors
The Group may also disclose personal data in its possession to certain third-party recipients, such as intra-group companies or service providers. Such parties will only process this personal data on behalf of the Group and in accordance with the instructions given by the Group. Thus, these third-party recipients are not permitted to process personal data for their own purposes.
10. Transfer of personal data to a third country (outside of EU/EEA)
In certain cases, it may be necessary to transfer personal data to outside of EU/EEA. The Group ensures that such transfer will be carried out in accordance with the applicable data protection laws. This entails that any party outside of EU/EEA that will receive personal data will ensure an adequate level of protection, for example, by following the European Data Protection Boards recommendations for how to transfer data outside of the EU or entering into the EU standard contractual clauses with the relevant entity of the Group.
11. The rights of a data subject
As a data subject you have the right to access the personal data the Group processes about you. Furthermore, depending on the circumstances you also have the right to rectification of your personal data, erasure, restriction of the processing of your personal data, data portability and the right to object against the processing of your personal data.
12. Withdrawal of consent
If processing of your personal data is based on your consent, you may withdraw your consent at any time. Please note that this does not affect the Group’s processing of your personal data prior to the withdrawal of your consent. If you wish to exercise any of the above-mentioned rights, you are welcome to contact Attorney Mette Trandbohus at email@example.com.
13. Amendment of data etc.
DK-5100 Odense C.
14. Filing a complaint
If you wish to file a complaint regarding the Group’s processing of your personal data, please contact us by email, telephone or letter as set out in Section 13. Otherwise, you can choose to file a complaint to the Danish Data Protection Agency (in Danish Datatilsynet), Carl Jacobsens Vej 35, DK-2500 Valby.