Privacy policy for applicants


Privacy policy


In this privacy policy you can read more about how we process your personal data when you apply for a position at Momentum Energy Group A/S or Momentum Energy Wind Services ApS.


The Privacy Policy has been prepared with reference to the rules of the General Data Protection Regulation (Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (EU) 2016/679 (also known as “GDPR”)) and the Danish Data Protection Act (Act no. 502 of 23/05/2018 with later amendments) (the “Data Protection Act”).


You will receive this privacy policy as a link in an email when you apply for employment at Momentum. The privacy policy can also be found on Momentum’s website


Who we are (We are the data controllers)


We are the Company responsible for processing your personal data in accordance with this Privacy Policy. This means that we are the data controller.
The privacy policy applies to the two companies listed below and the responsibility for handling your personal data lies with the company you apply to.


Our contact information: Momentum Energy Group A/S
Roskilde department (head office)
CVR number 28888430
Københavnsvej 81
DK-4000 Roskilde
+45 46 33 70 10


Momentum Energy Wind Services ApS
CVR number 28324022
Københavnsvej 81
DK-4000 Roskilde
+45 46 33 70 10


To make the policy more user-friendly, we use the terms “we”, “us”, “our” or similar. to describe our business. When we refer to “you”, we mean you as an applicant for a position with us.


We process the following categories of data:


General personal information:


Confidential or sensitive personal information


We process personal data about the following categories of persons:


Where your personal data originates from


We only process personal data about you that we receive directly from you, your former employers or from public authorities.




The purpose of processing your data:


Legal basis


We process your personal data in accordance with the following legal basis for processing.


If you would like more information about our legal basis for processing your data, please contact us.


General principles of data processing


We want to protect your personal data and we process it in a responsible, transparent and secure manner.


We adhere to the following principles when processing personal data:


Risk analysis


We implement technical and organizational measures to maintain a level of security appropriate to the risks specifically associated with our processing of personal data.


We have performed a risk analysis, which forms the basis of this privacy policy.


Data Protection Impact Assessments (DPIA)


Article 35 of the GDPR requires that where the processing of personal data, in particular when using new technologies and taking into account the nature, scope, context and purposes of the processing, is likely to result in a significant risk of breaching the rights and freedoms of natural persons, the controller must carry out an assessment of the impact of the envisaged processing activities on the protection of personal data before the start of the processing.


The obligation to conduct an impact assessment only applies in exceptional cases where there is a high risk to the rights and freedoms of individuals.


It is our assessment that we will rarely perform a treatment that meets any of the above criteria. It must therefore be assumed that the impact assessment rules will have a relatively limited scope of application in relation to our processing of your personal data.


If an impact assessment is carried out anyway, the results of the assessment will be taken into account when taking appropriate measures.


Data Protection Officer (DPO)


It is our assessment that Momentum Energy Group does not process personal data to the extent mentioned. We have therefore chosen not to appoint a data protection officer.


Data Controller


When it comes to your personal data, we will operate independently. This includes independently assessing whether there is a valid reason for collecting/processing your personal data, identifying relevant and necessary data and determining the retention period. In this context, Momentum Energy Group will act as data controller.


Data processors


In some cases, we use external companies to handle the technical operation of Momentum Energy Group’s IT systems, etc. In such cases, these companies may act as data processors for Momentum Energy Group.


The data processor acts solely on our instructions and the data processor has taken the necessary technical and organizational security measures against accidental or unlawful destruction, loss or deterioration of personal data and against disclosure to unauthorized persons, misrepresentation or other processing in violation of the GDPR.


In certain cases, our data processors use other data processors to process personal data where Momentum Energy Group is the data controller. Other processors may be established inside and outside the EU/EEA.


A data processing agreement must be concluded between us (the controller) and the other party (the processor) and must comply with the applicable requirements for data processing agreements as mentioned in GDPR Article 28(3). This involves drawing up a contract or other legal document that is binding on the processor. It is also a requirement that the data processing agreement is in writing, including electronically.


In addition, the GDPR has several specific requirements for the content of the data processing agreement. The agreement must contain information about the status and duration of the processing, the nature and purpose of the processing, the type of personal data, the categorization of the data subjects and our obligations and rights as data controller and the data processor’s obligations in relation to performing the task. The requirements are specifically described in GDPR Article 28(3)(a-h).


Transfer of personal data to third countries


Momentum Energy Group’s processing of personal data will predominantly take place within the EU.


If your personal data is transferred to countries outside the European Economic Area (EEA), we make sure that the necessary safeguards are in place, including


13.3 Please see the following link: for further information on how the transfer of personal data outside the EEA is regulated.


Other disclosure of personal data

Personal data may also be disclosed to:




We do not use your personal data for profiling.


Security measures


We have taken the necessary technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss or alteration, as well as against unauthorized disclosure, misuse or other conduct in violation of applicable laws.


Access to personal data is limited to people who need access. Employees who process personal data are instructed and trained to know what to do with personal data and how to protect it.


When documents (papers, archival data, etc.) containing personal data are discarded, shredding or other measures are used to prevent unauthorized persons from accessing the personal data.


Passwords are used to access PCs and other electronic devices that contain personal data. Only the people who need access will have a code and only to the systems they need to use. People with passwords must not give the code to others or leave it where others can see it. Review of assigned codes will be performed at least once every six months.


If personal data is stored on a USB stick, the personal data must be protected, e.g. with a password and encryption. Otherwise, store the USB connector in a locked drawer or cabinet. The same applies when storing personal data on other portable data media.


PCs connected to the internet have an up-to-date firewall and virus check installed.


If sensitive personal data or personal identification numbers are sent to us via email over the internet, such emails must be encrypted. If you send personal data to us via email, please note that this is not secure if your emails are not encrypted. We advise you not to send us confidential or sensitive personal data via email unless specifically agreed in advance so that we can ensure the necessary level of security.


When repairing and servicing data equipment containing personal data and when data media are to be sold or discarded, we take the necessary precautions to ensure that personal data is not disclosed to unauthorized persons. For example, through the use of non-disclosure agreements.


When using an external data processor to process personal data, a written agreement is entered into between us and the data processor. This applies, for example, when using an external document or if cloud systems are used in the processing of personal data – including communication with you. Similarly, a written agreement is always made between us and you if we act as data processors. The data processing agreements are also available electronically.


Backing up your data


Momentum backs up all production data. Backups are stored on an external server.


All backed up data is stored for a maximum period of ten (10) years.


Retention periods and deletion


When do we delete your data?


For job applications, we delete personal data 6 months after the final rejection of the specific job application, unless you have consented to longer retention.


Please note that special circumstances or legal requirements may mean that this period may be shorter or longer, depending on the purpose of complying with legal requirements for deletion or retention of data.


How do we delete your data?


Personal data must be deleted from the production system. When personal data is deleted from the production system, it will be deleted from the backup system if technically possible.


Alternatively, personal data can be completely anonymized so that it can no longer be attributed to an individual. In this case, the GDPR does not apply at all and complete anonymization is therefore an alternative to deletion. However, it is important to keep in mind that anonymization – as an alternative to erasure – requires the deletion of all traces that can lead to the person to whom the data relates. It’s usually a very difficult practice.


After deletion/anonymization, we will perform appropriate cross-checks in the form of searches on name, email address, the specific case, etc. to ensure that nothing on the person appears.




Momentum Energy Group may use anonymized data from you for statistical and research purposes, as well as to improve systems, processes and products. This means that the results cannot be used to identify specific individuals. Thus, irrevocable anonymization is performed so that the data subject can no longer be identified.


Changes to privacy policy


Momentum Energy Group may change this privacy policy at any time and without notice and with future effect. In the event of such changes, our users will be informed via our website.


Contact information


If you have any questions about our privacy policy, our processing of personal data, rectification or your relationship with us in any other way, you can contact us at the following email address: and via our website.


Your rights


We want to ensure the greatest possible transparency to allow you to make informed choices about how you want us to process your personal data.

Data Protection Authority
Carl Jacobsens Vej 35
DK-2500 Valby
Tel: 33193200