Stakeholder privacy policy

1

Privacy policy

1.1

We treat all personal data securely and confidentially. Momentum Energy Group has internal procedures for e.g. erasure, data minimization, storage, collection, updating and disclosure of personal data. This is to ensure the integrity, confidentiality and security of personal data.

1.2

Momentum Energy Group’s processing of your personal data is only for explicitly stated and legitimate purposes. We do not process your personal data in a way that is incompatible with these purposes.

1.3

We conduct and update risk assessments in connection with Momentum Energy Group’s processing of personal data, including personal data about employees. Momentum Energy Group’s data protection and General Data Protection Regulation (GDPR) compliance initiatives are based on these risk assessments. In cases where necessary, we also perform DPIAs (Data Protection Impact Assessments) on individual processing activities.

1.4

We have adopted this privacy policy (hereinafter referred to as “Privacy Policy”), which, among other things, tells you how we process your personal data when you use our website.

1.5

The Privacy Policy has been prepared with reference to the rules of the General Data Protection Regulation (Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (EU) 2016/679 (also known as “GDPR”)) and the Danish Data Protection Act (Act no. 502 of 23/05/2018 with later amendments) (the “Data Protection Act”).

1.6

You will receive this privacy policy as a link in an email the first time we write to you as a customer. The privacy policy can also be found on Momentum Energy Group’s website www.momentumgreenevergy.com

2

Data controllers

2.1

We are the company responsible for the processing of your personal data in accordance with this privacy policy, which means that we are the data controller.

2.2

Our contact information Momentum Energy Group A/S
Roskilde department (head office)
VAT no. / CVR no. DK28888430
Københavnsvej 81
DK-4000 Roskilde
Denmark
+45 46 33 70 10
compliance@momentumgreenenergy.com

2.3

In connection with a specific investment, the relevant project company or operating company will be the data controller for the processing of personal data relating to company information about the company or investment.

2.4

All project or operating companies in the Momentum Group or managed by a Momentum Group company are subject to and follow this Privacy Policy and the reference to “Momentum Energy Group”, “we”, “us”, etc. in this Privacy Policy is also a reference to the relevant project company or operating company.

2.5

When we refer to our “website”, we refer to www.momentumgreenenergy.com. When we refer to “you”, we mean you as a user of our website, customer of ours, board member or stakeholder.

3

When does the policy apply?

3.1

This privacy policy relates to the information we collect and process about you when you visit and/or register for our services via our website or when you are in contact with us.

4

Categories of data we process and their respective purposes:

We process your personal data to provide services to you. This includes:

4.1

Entering into an agreement with us or registering and identifying you as a customer/user.

4.1.1

Purpose

4.1.2

General personal data:

4.1.3

Confidential personal data / special categories of personal data:

4.2

Companies under administration

4.2.1

Purpose

We process your personal data for the following purposes:

4.2.2

General personal data:

4.2.3

Confidential personal data / special categories of personal data:

4.3

Marketing:

4.3.1

Purpose

We process your personal data for marketing-related purposes if you have given your consent, including

4.3.2

General personal data:

4.3.3

Confidential personal data / special categories of personal data:

4.4

Suppliers:

4.4.1

We process personal data for the following purposes:

4.4.2

General personal data:

4.4.3

Confidential personal data / special categories of personal data:

4.4.4

We collect your personal data directly from you. We will retain such information for the duration of the current activity and for the period thereafter as set out in this policy.

4.5

Business and product development:

4.5.1

Purpose

We process your personal data for the purposes of data analysis, audits, developing new products and services, identifying usage trends, determining the effectiveness of our campaigns and operating and expanding our business activities.

4.5.2

General personal data:

4.5.3

Confidential personal data / special categories of personal data:

4.5.4

We collect your personal data directly from you and we will retain such data for as long as the relevant activity is ongoing and for the period thereafter as described in our data retention policy.

4.6

Statistics:

4.6.1

Purpose:

We process your personal data to compile statistics and analytics on the use of our website and to monitor and analyze usage and trends. The personal data we process about you in this regard is:

4.6.2

General personal data:

4.6.3

Confidential personal data / special categories of personal data:

4.6.4

Please read our cookie policy for more information about the data processors we use, the duration of the different cookies and the purposes of processing your personal data for statistical purposes. You can find our cookie policy on our website.

4.7

Improve, optimize or modify the user experience on our website and online services:

4.7.1

Purpose

We process your personal data collected when you use our website and online services and products. This is to improve the user experience on our website and the services we offer. We use your personal data to optimize our website, improve the security, reliability and performance of our website and services. We also use your personal data to improve the content we show you, including determining which content is most relevant and how we can make the experience when you visit our website better.

You can read about the cookies we use on our website.

4.7.2

General personal data:

4.7.3

Confidential personal data / special categories of personal data:

4.7.4

We keep your data for as long as described in our cookie policy.

4.7.5

We collect your personal data from you and through your use of cookies, our website and products.

5

Legal basis

5.1

We process your personal data in accordance with the following provisions:

5.2

If you would like more information about our legal basis for processing your personal data, please contact us.

5.3

Please note that special circumstances or legal requirements may mean that such periods may be shorter or longer, depending on the purpose of complying with legal requirements for deletion or retention of data

6

General principles of data processing

6.1

We want to protect your personal data and we process it in a responsible, transparent and secure manner.

6.2

We adhere to the following principles when processing personal data:

7

Legal use of direct marketing and cookies:

7.1

We will only send you promotional material or place cookies in your browser in accordance with applicable data protection and other relevant legislation.

8

Risk analysis

8.1

During our processing of cases, we must implement the technical and organizational measures necessary to ensure a level of security appropriate to the risks specifically associated with our processing of personal data.

8.2

We have conducted a risk analysis, which forms the basis of this privacy policy.

9

Data Protection Impact Assessments (DPIA)

9.1

Article 35 of the GDPR requires that where processing, in particular by using new technologies and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of individuals, the controller shall, prior to processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.

9.2

The obligation to conduct an impact assessment only applies in exceptional cases where there is a high risk to the rights and freedoms of natural persons.

9.3

It is our assessment that we will rarely perform treatments that meet any of the above criteria. It must therefore be assumed that the impact assessment rules will have a relatively limited scope of application in relation to our processing of your personal data.

9.4

If an impact assessment is nevertheless carried out, the results of the assessment will be taken into account when determining appropriate measures.

10

Data Protection Officer (DPO)

10.1

It is our assessment that Momentum Energy Group does not process personal data to the extent mentioned above. We have therefore decided not to appoint a data protection officer.

11

Data Controller

11.1

When it comes to your personal data, we will operate independently. This includes independently assessing whether there is a valid reason for collecting/processing your personal data, identifying relevant and necessary data and determining the retention period. In this context, Momentum Energy Group will act as data controller.

12

Data processors

12.1

In some cases, we use external companies to handle the technical operation of Momentum Energy Group’s IT systems, etc. In some cases, these companies act as data processors for Momentum Energy Group.

12.2

The data processor acts solely on our instructions and the data processor has taken the necessary technical and organizational security measures against accidental or unlawful destruction, loss or deterioration of personal data and against disclosure to unauthorized persons, misrepresentation or other processing in violation of the GDPR.

12.3

In certain cases, our data processors use other data processors to process personal data for which Momentum Energy Group is the data controller. Other data processors may be established inside and outside the EU/EEA.

13

Data processing agreements

13.1

An agreement for the processing of personal data must be concluded between us (the controller) and the other party (the processor) and must comply with the applicable requirements for data processing agreements as referred to in Article 28(3) of the GDPR. This involves drawing up a contract or other legal document that is binding on the data processor. It is also a requirement that the data processing agreement is in writing, including electronically.

13.2

In addition, the GDPR sets a number of specific requirements for the content of the data processing agreement. The data processing agreement must contain information about the status and duration of the processing, the nature and purpose of the processing, the type of personal data, the categorization of the data subjects and our obligations and rights as data controller as well as the data processor’s obligations in relation to performing the task. The requirements are specifically described in Article 28(3)(a-h).

14

Transfer of personal data to third countries

14.1

Momentum Energy Group’s processing of personal data will mainly take place within the EU.

14.2

If your personal data is transferred to countries outside the European Economic Area (EEA), we make sure that the necessary safeguards are in place, including

14.3

Please see the following link: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/rules-international-data-transfers_en for further information on how the transfer of personal data outside the EEA is regulated.

14.4

If you would like further information on how we have provided the necessary guarantees, please contact us.

15

Other disclosure of personal data

15.1

Personal data may also be disclosed to:

16

Profiling

16.1

We do not use your personal data for profiling.

17

Security measures

17.1

We have taken the necessary technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss or alteration, as well as against unauthorized disclosure, misuse or other conduct in violation of applicable laws.

17.2

Access to personal data is limited to people who need access. Employees who process personal data are instructed and trained on what to do with personal data and how to protect it.

17.3

When documents (papers, archival data, etc.) containing personal data are discarded, shredding or other measures are used to prevent unauthorized persons from accessing the personal data.

17.4

Passwords are used to access PCs and other electronic devices that contain personal data. Only the people who need access will have a code and only to the systems they need to use. People with passwords must not give the code to others or leave it where others can see it. Assigned codes will be checked at least once every six months.

17.5

If personal data is stored on a USB stick, the personal data must be protected, e.g. with a password and encryption. Otherwise, store the USB connector in a locked drawer or cabinet. The same applies when storing personal data on other portable data media.

17.6

PCs connected to the internet have an up-to-date firewall and virus check installed.

17.7

If sensitive personal data or social security numbers are sent by email over the internet, such emails must be encrypted. If you send personal data to us via email, please note that this is not secure if your emails are not encrypted. We advise you not to send us confidential or sensitive personal data via email unless specifically agreed in advance so that we can ensure the necessary level of security.

17.8

In connection with the repair and service of data equipment containing personal data and when data media are to be sold or discarded, we take the necessary measures to ensure that the personal data does not come to the attention of unauthorized persons. For example, through the use of non-disclosure agreements.

17.9

When we use an external data processor to process personal data, a written agreement is entered into between us and the data processor. This applies, for example, if cloud systems are used to process personal data – including communication with you. Similarly, a written agreement is always made between us and you if we act as a data processor. The data processing agreements are also available electronically.

18

Backing up your data

18.1

Momentum Energy Group makes backups of all production data. The backups are stored on a remote server.

18.2

All backed up data is stored for a maximum period of ten (10) years.

19

Retention periods and deletion

19.1

Deletion – When

19.1.1

Collected personal data is generally stored for a period of 3 years from your last activity with us.

19.1.2

Personal data included in accounting material is stored for 5 years from the end of the financial year, after which the data is deleted.

19.1.3

Documentation of your marketing authorization is kept for 2 years from the time you have withdrawn your consent to receive direct marketing material.

19.1.4

However, we may retain personal data for a longer period than stated if required by law or if necessary for the establishment, exercise or defense of legal claims. The data may also be processed and stored for a longer period of time in anonymized form.

19.2

Deletion – How to

19.2.1

Personal data must be deleted from the production system. When personal data is deleted from the production system, it will be deleted from the backup system if technically possible.

19.2.2

Alternatively, personal data can be completely anonymized so that it can no longer be attributed to an individual. Complete anonymization can be an alternative to deletion. However, it is important to point out that anonymization – as an alternative to erasure – requires the deletion of all traces that can lead to the person to whom the data relates. It’s usually a very difficult practice.

19.2.3

After deletion/anonymization, we will perform appropriate cross-checks in the form of searches on name, email address, the specific case, etc. to ensure that nothing turns up.

20

Cookies

20.1

Cookies: A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We use cookies on this website. Cookies are typically categorized as “session” cookies or “persistent” cookies. Session cookies help you navigate the website efficiently and keep track of your movement from page to page, so you are not asked for information you have already provided during the current visit. Session cookies are stored temporarily and deleted when the web browser is closed. Persistent cookies, on the other hand, save the user’s preferred settings for the current and subsequent visits. They are stored on your device’s hard drive and are still valid when you restart your browser.

20.2

We use session ID cookies; these cookies are temporary and expire when you close your browser (or when your session ends). We use preference cookies when you are a registered user and log in. These cookies allow a website to remember the choices you have previously made, such as your preferred language or currency, or your username and password so that you can automatically log in.

20.3

If you reject cookies, you can still use our website, but your ability to use some areas of our website, such as competitions or surveys, will be limited. Some of our business partners may use cookies on their websites. We have no access to or control over these cookies. This Privacy Policy only covers Momentum Energy Group’s use of cookies; it does not cover the use of cookies by advertisers. You can change your choice at any time by changing your browser settings. If you disable cookies that we use, it may affect your user experience.

21

Links to other sites

21.1

Our website may contain links to other sites that are not owned or controlled by Momentum Energy Group. Please be aware that Momentum Energy Group is not responsible for the privacy practices of such websites. We encourage you to be aware when you leave our website and to read the privacy statements of each and every website that collects personal data. This privacy policy applies only to personal data collected by our website.

22

Changes to the privacy policy

22.1

Momentum Energy Group may change this Privacy Policy at any time and without notice and with future effect. In the event of such changes, our users are informed on our website. Our new privacy policy will hereafter apply when you use Momentum Energy Group’s website and in relation to Momentum Energy Group’s services in general.

23

Contact information

23.1

If you have any questions about the Privacy Policy, our processing of personal data, rectifying your relationship with us in any other way, you can contact us at the following email address: compliance@momentumgreenenergy.com or via our website.

24

Your rights

24.1

To enable you to make informed decisions about how you want us to use your personal data, we want to ensure as much transparency as possible.

Data Protection Authority
Carl Jacobsens Vej 35
DK-2500 Valby
Tel: 33193200
E-mail: dt@datatilsynet.dk
www.datatilsynet.dk