Stakeholder privacy policy
1
Privacy policy
1.1
We treat all personal data securely and confidentially. Momentum Energy Group has internal procedures for e.g. erasure, data minimization, storage, collection, updating and disclosure of personal data. This is to ensure the integrity, confidentiality and security of personal data.
1.2
Momentum Energy Group’s processing of your personal data is only for explicitly stated and legitimate purposes. We do not process your personal data in a way that is incompatible with these purposes.
1.3
We conduct and update risk assessments in connection with Momentum Energy Group’s processing of personal data, including personal data about employees. Momentum Energy Group’s data protection and General Data Protection Regulation (GDPR) compliance initiatives are based on these risk assessments. In cases where necessary, we also perform DPIAs (Data Protection Impact Assessments) on individual processing activities.
1.4
We have adopted this privacy policy (hereinafter referred to as “Privacy Policy”), which, among other things, tells you how we process your personal data when you use our website.
1.5
The Privacy Policy has been prepared with reference to the rules of the General Data Protection Regulation (Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (EU) 2016/679 (also known as “GDPR”)) and the Danish Data Protection Act (Act no. 502 of 23/05/2018 with later amendments) (the “Data Protection Act”).
1.6
You will receive this privacy policy as a link in an email the first time we write to you as a customer. The privacy policy can also be found on Momentum Energy Group’s website www.momentumgreenevergy.com
2
Data controllers
2.1
We are the company responsible for the processing of your personal data in accordance with this privacy policy, which means that we are the data controller.
2.2
Our contact information Momentum Energy Group A/S
Roskilde department (head office)
VAT no. / CVR no. DK28888430
Københavnsvej 81
DK-4000 Roskilde
Denmark
+45 46 33 70 10
compliance@momentumgreenenergy.com
2.3
In connection with a specific investment, the relevant project company or operating company will be the data controller for the processing of personal data relating to company information about the company or investment.
2.4
All project or operating companies in the Momentum Group or managed by a Momentum Group company are subject to and follow this Privacy Policy and the reference to “Momentum Energy Group”, “we”, “us”, etc. in this Privacy Policy is also a reference to the relevant project company or operating company.
2.5
When we refer to our “website”, we refer to www.momentumgreenenergy.com. When we refer to “you”, we mean you as a user of our website, customer of ours, board member or stakeholder.
3
When does the policy apply?
3.1
This privacy policy relates to the information we collect and process about you when you visit and/or register for our services via our website or when you are in contact with us.
4
Categories of data we process and their respective purposes:
We process your personal data to provide services to you. This includes:
4.1
Entering into an agreement with us or registering and identifying you as a customer/user.
4.1.1
Purpose
- Entering into an agreement regarding our services.
- Delivery of our services.
- Creating your account (investor login).
- Log and store the actions you take when using our website,
- Provide services to you that you have requested.
- Handling payment transactions.
- Answer your questions and provide customer service and support, including sending service-related messages to you.
4.1.2
General personal data:
- Your contact details, e.g. name, title, email, phone number.
- Your purchase history, areas of interest and use of our services.
- User requests, e.g. registration and use of our product.
- Login details and verification.
- Customer service, account and product setup, user interviews, UX surveys, customer feedback, etc.
- Payment information, including billing address, credit or debit card details and payment and purchase history.
- Information required to comply with requirements from public or governmental authorities.
- Information about interest in specific projects (if you have registered as interested).
- Information about which financial institution/bank you are affiliated with (when completing the agreement).
- Information about Danish citizenship or not (when filling out a purchase agreement order).
- Information about residence in Denmark or not (when filling out a purchase agreement order).
4.1.3
Confidential personal data / special categories of personal data:
- We do not process confidential personal data / special categories of personal data for this purpose.
4.2
Companies under administration
4.2.1
Purpose
We process your personal data for the following purposes:
- Providing services to you that you have requested.
- Administration of company/board meetings and general meetings.
- Registration with the Danish Business Authority.
4.2.2
General personal data:
- Your contact details, such as name, title, email, phone number and address.
- Payment information, including billing address, credit or debit card details and payment and purchase history.
4.2.3
Confidential personal data / special categories of personal data:
- Social security number (for use when registering as a board member).
4.3
Marketing:
4.3.1
Purpose
We process your personal data for marketing-related purposes if you have given your consent, including
- to send you newsletters and email marketing,
- give you quotes, send you guides,
- tailor our communication to you to meet your areas of interest and focus,
- send you relevant campaigns,
- if you register for an event etc. we will process your personal data in this context.
4.3.2
General personal data:
- Your contact details, e.g. name, title, email, phone number.
- Purchase history, areas of interest and use of our services.
- User requests, e.g. registration and use of our product.
- Which newsletters you have signed up for when you have asked to receive email marketing and guides.
- Events or other events you have signed up for.
- Information about your use of our website, or
- interests, including which services you have shown interest in.
4.3.3
Confidential personal data / special categories of personal data:
- We do not process any confidential/special categories of personal data.
4.4
Suppliers:
4.4.1
We process personal data for the following purposes:
- When your company or the company you are employed by enters into an agreement with Momentum Energy Group, including the purchase of products or services offered by Momentum Energy Group.
- When you have shown interest in Momentum Energy Group’s services, e.g. by giving Momentum Energy Group your business card.
- When you agree to receive Momentum Energy Group’s newsletter.
- When you interact or communicate with Momentum Energy Group.
- When you as a landowner have a lease agreement with Momentum Energy Group.
4.4.2
General personal data:
- Names, email addresses, phone numbers and similar identifying information.
- Individual information, such as preferred language.
- Organizational information such as company name, business address, position, line of business, primary work location and country.
- Contractual information such as purchase orders, invoices, contracts and similar agreements between your company (or employer) and Momentum Energy Group that may contain your contact information,
- Financial information such as payment terms, bank account details and creditworthiness.
- Such information may be provided directly by you (primarily via emails and other correspondence) or by third parties such as your employer.
4.4.3
Confidential personal data / special categories of personal data:
- We do not process confidential personal data / special categories of personal data in this context.
4.4.4
We collect your personal data directly from you. We will retain such information for the duration of the current activity and for the period thereafter as set out in this policy.
4.5
Business and product development:
4.5.1
Purpose
We process your personal data for the purposes of data analysis, audits, developing new products and services, identifying usage trends, determining the effectiveness of our campaigns and operating and expanding our business activities.
4.5.2
General personal data:
- Your contact details, including your name, email, address and country.
- How you use our products and services.
- Purchase history, areas of interest and use of our digital services.
- Customer support, account and product setup, user interviews, UX surveys, customer feedback, etc.
4.5.3
Confidential personal data / special categories of personal data:
- We do not process confidential personal data / special categories of personal data in this context.
4.5.4
We collect your personal data directly from you and we will retain such data for as long as the relevant activity is ongoing and for the period thereafter as described in our data retention policy.
4.6
Statistics:
4.6.1
Purpose:
We process your personal data to compile statistics and analytics on the use of our website and to monitor and analyze usage and trends. The personal data we process about you in this regard is:
4.6.2
General personal data:
- When you visit one of our websites stored on servers where we are the data controller, we may automatically record the standard data provided by your web browser. This includes your computer’s IP (Internet Protocol) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time you spend on each page and other details.
- Cookie information: We use cookies and similar technologies to collect additional data about website usage and to operate our services.
- We receive information when you use our website, for example, when you visit our website, log in to your account and receive emails from us. This includes information such as your IP address, browser type, browser language, operating system, referring website, pages visited, location, device information, etc.
4.6.3
Confidential personal data / special categories of personal data:
- We do not process Confidential personal data / special categories of personal data in this context.
4.6.4
Please read our cookie policy for more information about the data processors we use, the duration of the different cookies and the purposes of processing your personal data for statistical purposes. You can find our cookie policy on our website.
4.7
Improve, optimize or modify the user experience on our website and online services:
4.7.1
Purpose
We process your personal data collected when you use our website and online services and products. This is to improve the user experience on our website and the services we offer. We use your personal data to optimize our website, improve the security, reliability and performance of our website and services. We also use your personal data to improve the content we show you, including determining which content is most relevant and how we can make the experience when you visit our website better.
You can read about the cookies we use on our website.
4.7.2
General personal data:
- When you visit our website, our servers may automatically collect the standard data provided by your web browser. This includes your computer’s IP (Internet Protocol) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time you spend on each page and other details.
- Cookie information: We use cookies and similar technologies to collect additional data about website usage and to operate our services.
- We receive information when you interact with our services, for example when you visit our websites, when you log in to your account or when you subscribe to emails. This includes information such as your IP address, browser type, browser language, operating system, referring website, pages visited, location, device information, etc.
4.7.3
Confidential personal data / special categories of personal data:
- Confidential personal data / special categories of personal data:
4.7.4
We keep your data for as long as described in our cookie policy.
4.7.5
We collect your personal data from you and through your use of cookies, our website and products.
5
Legal basis
5.1
We process your personal data in accordance with the following provisions:
- The processing is necessary for the performance of a contract to which you are party or for the implementation of pre-contractual measures taken at your request, cf. Article 6(1)(b) of the GDPR.
- The processing is necessary for the establishment, exercise or defense of legal claims, cf. Article 9(2)(f) of the GDPR.
- Processing is necessary to comply with a legal obligation incumbent on Momentum Energy Group, cf. Article 6(1)(c) and Article 9(2)(b) of the General Data Protection Regulation, cf. Section 7 of the Danish Data Protection Act.
- The processing is necessary for us or a third party to pursue a legitimate interest, unless your interests or fundamental rights and freedoms prevail, cf. Article 6(1)(f) of the GDPR.
- In these situations, the legitimate interests will often be Momentum Energy Group’s interest in being able to handle the general administration of the relationship and document the history of the relationship.
- You have given your consent to the processing of your personal data for one or more specific purposes, cf. Article 6(1)(a) of the General Data Protection Regulation, Article 9(2)(a), Section 8(3) of the Danish Data Protection Act and Section 11(2)(2)(2) of the Danish Data Protection Act.
5.2
If you would like more information about our legal basis for processing your personal data, please contact us.
5.3
Please note that special circumstances or legal requirements may mean that such periods may be shorter or longer, depending on the purpose of complying with legal requirements for deletion or retention of data
6
General principles of data processing
6.1
We want to protect your personal data and we process it in a responsible, transparent and secure manner.
6.2
We adhere to the following principles when processing personal data:
- Lawfulness: We always process your personal data lawfully, fairly and in a transparent manner with respect to you as a data subject.
- Data minimization: We limit the processing of your personal data to what is necessary and relevant for the purposes for which it is processed.
- Purpose limitation: We only collect your personal data for specific, explicit and legitimate purposes and we do not further process it in a way that is incompatible with those purposes.
- Accuracy: We make sure that your personal data is correct and – if necessary – updated.
- Integrity and confidentiality: We use technical and organizational measures to ensure appropriate data protection, including taking into account the nature of the personal data concerned. Such measures protect against unauthorized disclosure and access, accidental or unlawful destruction, accidental loss or alteration and against other forms of unlawful processing.
- Access and rectification: We respect your rights in relation to the processing of your personal data.
- Limitation of storage: We store your personal data in accordance with applicable laws and regulations and no longer than necessary for the purposes for which the personal data is processed.
- Protection of international transfers: We ensure adequate protection of your personal data for transfers outside the EEA.
- Protection in relation to third parties: We ensure that third parties only access (and are only allowed to transfer) personal data in accordance with applicable data protection laws and with adequate contractual protections.
7
Legal use of direct marketing and cookies:
7.1
We will only send you promotional material or place cookies in your browser in accordance with applicable data protection and other relevant legislation.
8
Risk analysis
8.1
During our processing of cases, we must implement the technical and organizational measures necessary to ensure a level of security appropriate to the risks specifically associated with our processing of personal data.
8.2
We have conducted a risk analysis, which forms the basis of this privacy policy.
9
Data Protection Impact Assessments (DPIA)
9.1
Article 35 of the GDPR requires that where processing, in particular by using new technologies and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of individuals, the controller shall, prior to processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.
9.2
The obligation to conduct an impact assessment only applies in exceptional cases where there is a high risk to the rights and freedoms of natural persons.
9.3
It is our assessment that we will rarely perform treatments that meet any of the above criteria. It must therefore be assumed that the impact assessment rules will have a relatively limited scope of application in relation to our processing of your personal data.
9.4
If an impact assessment is nevertheless carried out, the results of the assessment will be taken into account when determining appropriate measures.
10
Data Protection Officer (DPO)
10.1
It is our assessment that Momentum Energy Group does not process personal data to the extent mentioned above. We have therefore decided not to appoint a data protection officer.
11
Data Controller
11.1
When it comes to your personal data, we will operate independently. This includes independently assessing whether there is a valid reason for collecting/processing your personal data, identifying relevant and necessary data and determining the retention period. In this context, Momentum Energy Group will act as data controller.
12
Data processors
12.1
In some cases, we use external companies to handle the technical operation of Momentum Energy Group’s IT systems, etc. In some cases, these companies act as data processors for Momentum Energy Group.
12.2
The data processor acts solely on our instructions and the data processor has taken the necessary technical and organizational security measures against accidental or unlawful destruction, loss or deterioration of personal data and against disclosure to unauthorized persons, misrepresentation or other processing in violation of the GDPR.
12.3
In certain cases, our data processors use other data processors to process personal data for which Momentum Energy Group is the data controller. Other data processors may be established inside and outside the EU/EEA.
13
Data processing agreements
13.1
An agreement for the processing of personal data must be concluded between us (the controller) and the other party (the processor) and must comply with the applicable requirements for data processing agreements as referred to in Article 28(3) of the GDPR. This involves drawing up a contract or other legal document that is binding on the data processor. It is also a requirement that the data processing agreement is in writing, including electronically.
13.2
In addition, the GDPR sets a number of specific requirements for the content of the data processing agreement. The data processing agreement must contain information about the status and duration of the processing, the nature and purpose of the processing, the type of personal data, the categorization of the data subjects and our obligations and rights as data controller as well as the data processor’s obligations in relation to performing the task. The requirements are specifically described in Article 28(3)(a-h).
14
Transfer of personal data to third countries
14.1
Momentum Energy Group’s processing of personal data will mainly take place within the EU.
14.2
If your personal data is transferred to countries outside the European Economic Area (EEA), we make sure that the necessary safeguards are in place, including
- That the transfer is subject to a decision on required safeguards by the European Commission in accordance with Article 45 of the GDPR.
- That standard contractual clauses for data protection, as approved by the European Commission or a data protection authority in accordance with Article 46(2)(b) or (d) GDPR, are fulfilled.
- That the requirements for binding corporate rules as approved by a data protection authority in accordance with GDPR Article 46(2)(b) are met if the transfer of personal data is based on binding corporate rules.
14.3
Please see the following link: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/rules-international-data-transfers_en for further information on how the transfer of personal data outside the EEA is regulated.
14.4
If you would like further information on how we have provided the necessary guarantees, please contact us.
15
Other disclosure of personal data
15.1
Personal data may also be disclosed to:
- Insurance companies.
- Banks’ payment services.
- Banker.
- Credit institutions.
- Auditors.
- External law firms.
- Influencers/ambassadors.
- Other suppliers.
16
Profiling
16.1
We do not use your personal data for profiling.
17
Security measures
17.1
We have taken the necessary technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss or alteration, as well as against unauthorized disclosure, misuse or other conduct in violation of applicable laws.
17.2
Access to personal data is limited to people who need access. Employees who process personal data are instructed and trained on what to do with personal data and how to protect it.
17.3
When documents (papers, archival data, etc.) containing personal data are discarded, shredding or other measures are used to prevent unauthorized persons from accessing the personal data.
17.4
Passwords are used to access PCs and other electronic devices that contain personal data. Only the people who need access will have a code and only to the systems they need to use. People with passwords must not give the code to others or leave it where others can see it. Assigned codes will be checked at least once every six months.
17.5
If personal data is stored on a USB stick, the personal data must be protected, e.g. with a password and encryption. Otherwise, store the USB connector in a locked drawer or cabinet. The same applies when storing personal data on other portable data media.
17.6
PCs connected to the internet have an up-to-date firewall and virus check installed.
17.7
If sensitive personal data or social security numbers are sent by email over the internet, such emails must be encrypted. If you send personal data to us via email, please note that this is not secure if your emails are not encrypted. We advise you not to send us confidential or sensitive personal data via email unless specifically agreed in advance so that we can ensure the necessary level of security.
17.8
In connection with the repair and service of data equipment containing personal data and when data media are to be sold or discarded, we take the necessary measures to ensure that the personal data does not come to the attention of unauthorized persons. For example, through the use of non-disclosure agreements.
17.9
When we use an external data processor to process personal data, a written agreement is entered into between us and the data processor. This applies, for example, if cloud systems are used to process personal data – including communication with you. Similarly, a written agreement is always made between us and you if we act as a data processor. The data processing agreements are also available electronically.
18
Backing up your data
18.1
Momentum Energy Group makes backups of all production data. The backups are stored on a remote server.
18.2
All backed up data is stored for a maximum period of ten (10) years.
19
Retention periods and deletion
19.1
Deletion – When
19.1.1
Collected personal data is generally stored for a period of 3 years from your last activity with us.
19.1.2
Personal data included in accounting material is stored for 5 years from the end of the financial year, after which the data is deleted.
19.1.3
Documentation of your marketing authorization is kept for 2 years from the time you have withdrawn your consent to receive direct marketing material.
19.1.4
However, we may retain personal data for a longer period than stated if required by law or if necessary for the establishment, exercise or defense of legal claims. The data may also be processed and stored for a longer period of time in anonymized form.
19.2
Deletion – How to
19.2.1
Personal data must be deleted from the production system. When personal data is deleted from the production system, it will be deleted from the backup system if technically possible.
19.2.2
Alternatively, personal data can be completely anonymized so that it can no longer be attributed to an individual. Complete anonymization can be an alternative to deletion. However, it is important to point out that anonymization – as an alternative to erasure – requires the deletion of all traces that can lead to the person to whom the data relates. It’s usually a very difficult practice.
19.2.3
After deletion/anonymization, we will perform appropriate cross-checks in the form of searches on name, email address, the specific case, etc. to ensure that nothing turns up.
20
Cookies
20.1
Cookies: A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We use cookies on this website. Cookies are typically categorized as “session” cookies or “persistent” cookies. Session cookies help you navigate the website efficiently and keep track of your movement from page to page, so you are not asked for information you have already provided during the current visit. Session cookies are stored temporarily and deleted when the web browser is closed. Persistent cookies, on the other hand, save the user’s preferred settings for the current and subsequent visits. They are stored on your device’s hard drive and are still valid when you restart your browser.
20.2
We use session ID cookies; these cookies are temporary and expire when you close your browser (or when your session ends). We use preference cookies when you are a registered user and log in. These cookies allow a website to remember the choices you have previously made, such as your preferred language or currency, or your username and password so that you can automatically log in.
20.3
If you reject cookies, you can still use our website, but your ability to use some areas of our website, such as competitions or surveys, will be limited. Some of our business partners may use cookies on their websites. We have no access to or control over these cookies. This Privacy Policy only covers Momentum Energy Group’s use of cookies; it does not cover the use of cookies by advertisers. You can change your choice at any time by changing your browser settings. If you disable cookies that we use, it may affect your user experience.
21
Links to other sites
21.1
Our website may contain links to other sites that are not owned or controlled by Momentum Energy Group. Please be aware that Momentum Energy Group is not responsible for the privacy practices of such websites. We encourage you to be aware when you leave our website and to read the privacy statements of each and every website that collects personal data. This privacy policy applies only to personal data collected by our website.
22
Changes to the privacy policy
22.1
Momentum Energy Group may change this Privacy Policy at any time and without notice and with future effect. In the event of such changes, our users are informed on our website. Our new privacy policy will hereafter apply when you use Momentum Energy Group’s website and in relation to Momentum Energy Group’s services in general.
23
Contact information
23.1
If you have any questions about the Privacy Policy, our processing of personal data, rectifying your relationship with us in any other way, you can contact us at the following email address: compliance@momentumgreenenergy.com or via our website.
24
Your rights
24.1
To enable you to make informed decisions about how you want us to use your personal data, we want to ensure as much transparency as possible.
- Your personal data: You can contact us at any time to find out what personal data we have about you and where we got it from. In some cases, you have the right to receive the personal data we have collected about you in a commonly used, structured and machine-readable format and to disclose your personal data to a third party of your choice.
- Right to correction of errors: If you discover that your personal data is incorrect or incomplete, you can request that we correct it.
- Right to restriction of processing: You have the right to request that the processing of your personal data is restricted while the accuracy of your personal data is verified.
- Right to object: You also have the right to object to your personal data being used for direct marketing purposes (or if you prefer, you can inform us how often you want to hear from us) or being disclosed to third parties for the same purpose.
- Consent: You can withdraw your consent to the processing of personal data at any time by contacting us.
- Erasure: You can ask us to delete your personal data (except in certain cases, e.g. to document a transaction or to comply with legal requirements).
- Complaint: You can complain to the Danish Data Protection Agency about Momentum Energy Group’s processing of your personal data:
Data Protection Authority
Carl Jacobsens Vej 35
DK-2500 Valby
Tel: 33193200
E-mail: dt@datatilsynet.dk
www.datatilsynet.dk