Privacy policy

1. Introduction

When we receive personal data about you, we aim to ensure that you trust we will process your personal data in a transparent and secure manner. Thus, it is important to us that you take the time to read this privacy policy, which will inform you of how we handle your personal data.

This privacy policy applies to www.orsted.com. The purpose of this privacy policy is to describe how Ørsted collects and processes your personal data when you visit our website. 

In addition to this privacy policy, our cookie policy also applies. Click the link to read more about cookies and the use of these data.

At Ørsted, we receive data about our customers, visitors, suppliers, shareholders and jobseekers, among others. Thus, we have different privacy policies on our websites (www.orsted.dk and www.orsted.com).


1.1. If you are an Ørsted customer
We refer you to the privacy policy on www.orsted.dk or our terms of delivery if you, for example, are an Ørsted customer.


1.2 If you are acting on behalf of a company

We will process personal data about you if you are acting in a business situation on behalf of a company that uses you as a their contact person for Ørsted. You can read more about how Ørsted processes personal data in the separate privacy policy. 


2. Data controller

The legal entity responsible for collecting and processing your personal data is stated under the individual processing purposes in section 3.

The data controllers’ contact details are listed below:

Ørsted Services A/S Ørsted A/S
Company reg. (CVR) no.: 27446458
Kraftværksvej 53
DK-7000 Fredericia

Tel. +45 99 55 11 11
info@orsted.com
 
Company reg. (CVR) no.: 36213728
Kraftværksvej 53
DK-7000 Fredericia

Tel. +45 99 55 11 11
info@orsted.com
 

 

3. We use personal data for the following purposes and in accordance with the stated lawfulness of processing

At Ørsted, we only collect necessary data about you. In the table below, we describe how we process your personal data. We recommend that you do not send or inform us of any sensitive information when you use our website and its features. We also encourage you not to state your civil registration (CPR) number.

Purpose
Categories of personal data Legal basis for processing
Erasure

Using our digital services:

Data controller: Ørsted A/S

We process your personal data when you use our digital services (website or apps). 

This is done for the following purposes:

  • Delivery of service: We collect the data to enable us to deliver a digital service requested by you.
  • Optimisation and development: We use the data to optimise and develop the user experience of www.orsted.com and the services we provide. For further details, see our cookie policy.
  • Statistics: We use the data to prepare user statistics of our website and to improve it.

We collect the data from the following sources:

  • Directly from you

We process the following data about you:

General personal data:

  • Information about your behaviour on our digital services (e.g. number of visits, information about how you access our digital services, including IP address, use of browsers and operating system, cookies, your domains of origin as well as what content you read).
  • Information about clicks on our advertisements, including if you are doing this from the website of another organisation or company.

We process your personal data as described and on the following legal basis:

  • GDPR, Article 6(1)(f) (legitimate interests).
  • Our legitimate interest is to provide a service which you have requested, to improve customer experience and to develop and improve our digital services (in terms of both functionality and system).

We store your personal data as long as it is necessary for the purposes mentioned:

  • We store your general personal data for up to two years from the date on which we registered your visit to our website.

Customer communication:

Data controller: Ørsted A/S or Ørsted Services A/S

Ørsted processes your personal data in order to communicate with you and to respond to your requests (e.g. providing service to you as an investor and giving you the best possible service).

We collect the data from the following sources:

  • Directly from you

We process the following data about you:

General personal data:

  • Name, telephone number, email address and company.
 

We process your personal data as described and on the following legal basis:

  • GDPR, Article 6(1)(f) (legitimate interests). Our legitimate interest is to be able to respond to your request and to communicate with you.
 

We store your personal data as long as it is necessary for the purposes mentioned:

  • We store your general personal data for up to two years from the date on which you registered. 
 

Marketing, newsletters, company announcements and information about Ørsted:
 
Data controller: Ørsted A/S or Ørsted Services A/S
 
We process your personal data in order to send you marketing material, newsletters, company announcements and other information from Ørsted which you have consented to receive and so that you receive marketing material and information about us via social media (for example Facebook and Instagram), and personal data are also used to identify other persons who may be interested in Ørsted. 
 
We collect the data from the following sources:
 
  • Directly from you

We process the following data about you:

General personal data:

  • Email address
  • Name 
  • Address 
 

We process your personal data as described and on the following legal basis:

  • GDPR, Article 6(1)(a) (consent)
  • GDPR, Article 6(1)(f) (legitimate interests). Our legitimate interest is to be able to provide a service that you have requested, including sending you marketing material, newsletters, company announcements and information from Ørsted.
  • Section 13(2) of the Danish Data Protection Act (Databeskyttelsesloven). Our legitimate interest is to be able to contact you with direct marketing via social media (for example Facebook and Instagram).
 

We store your personal data as long as it is necessary for the purposes mentioned:

  •  We store your personal data as long as you have consented to receive marketing material from us, including our newsletter and company announcements. We erase your data within one month from the date on which you unsubscribe receipt of marketing material, newsletters, company announcements and other information about Ørsted.
 

 

Guest registrations:

Data controller: Ørsted Services A/S

We process personal data about guests who visit Ørsted’s physical locations.

This is done for the following purposes:

  • Registration in reception: Our reception records your personal data when you arrive at one of Ørsted’s locations.
  • Access cards and parking: Furthermore, we process your personal data for the purpose of supplying you with an access card in order to give you access to our offices. In some cases, we process your personal data in order to give you access to our parking facilities.
  • WiFi access: We process your personal data for the purpose of giving you access to our free WiFi.
  • Registration in the canteen: In connection with meetings in Ørsted, we record your personal data in our canteen, if lunch is taken in the canteen or if catering is supplied in connection with a meeting.
  • CCTV monitoring: For security and crime prevention purposes, we process your personal data when you visit an Ørsted location, as there may be surveillance cameras.

We collect the data from the following sources:

  • Directly from you
  • Your employer
  • Your Ørsted contact person
 

We process the following data about you:

 General personal data:

  • Name, company, position, email, telephone number, number plate and Ørsted contact person.
  • CCTV footage. 
 

We process your personal data as described and on the following legal basis:

  • GDPR, Article 6(1)(f) (legitimate interests).
  • Our legitimate interest is to record and manage your visit to one of Ørsted’s physical locations, including to ensure that no unauthorised persons have access. 
  • It is in our interest to have a visitors log in the event of security issues arising at a later time. 
  • During your visit, it is also in our interest to give you access to our free WiFi, parking facilities and to supply you with an access card so that you can gain access to our locations. 
  • For security measures and to prevent crime, it is in our interest to have CCTV at our physical locations.
  • Furthermore, it is in our interest to process your personal data in order to provide service from our canteen in connection with your visit to Ørsted. 
 

We store your personal data as long as it is necessary for the purposes mentioned:

  • We store your personal data in connection with guest registration for up to one month after your visit. 
  • We erase the data that we use to provide you with an access card when the card is returned. 
  • Records in connection with the cafeteria visits and catering from the cafeteria are stored for one year from the time of registration due to internal accounting rules.
  • We erase video footage seven days after it was recorded, unless we have a lawful reason to store the footage for a longer period (e.g. to process a specific case).
 

Access to Ørsted logo and design files:

Data controller: Ørsted Services A/S

We process your personal data when you request access to Ørsted’s design and brand centre and when you need to gain access to the Ørsted logo and design files. 

We collect the data from the following sources:

  • Directly from you
 

We process the following data about you:

General personal data:

  • User name, email and password.
 

We process your personal data as described and on the following legal basis:

  • GDPR, Article 6(1)(f) (legitimate interests). 
  • It is in our interest to be able to give our business partners (agencies, photographers, design companies, sponsors, journalists etc.) access to our logo and design files. 
 

We store your personal data as long as it is necessary for the purposes mentioned:

  • We store your personal data for the duration of our business relationship with you, and as long as you need access to our logo and design files.
 

Recordings and use of photo and video: 

Data controller: Ørsted Services A/S or group enterprises in Ørsted (a list of Ørsted’s legal entities is available in our annual report, which you can find here).

  • We take photos and make videos and recordings (‘recordings’) on various occasions, e.g. Ørsted Day, design and innovation workshops, receptions, meetings, professional photo sessions, events and other arrangements. 

    The recordings may be transmitted live.

    If you are identifiable in the recording, your personal data are processed by us. 

    We use the recordings for both commercial and non-commercial purposes, for publication internally on our intranet, on websites, at conferences and in connection with similar marketing, education, training, branding and commercial purposes. 

    We may also process your personal data in connection with payment of remuneration if you have entered into a licence agreement with us.

We collect personal data about you from the following sources:

  • Directly from you when you provide us with your personal data and information about your fees.
  • From group units or subsidiaries when we share recordings and personal data about you. 
  • From third parties, comprising:
  • Professional photographers hired to make recordings
  • Professional modelling agencies


We process the following data about you:

General personal data: 

  • Photos, videos and sound recordings

Personal data and contact details*:

  • Name, email, contact details
  • If you are employed with us, we may also process data to identify you as an employee.

Information about remuneration*:

  • Bank account or other payment information and fee amounts.            
 

 

We process your personal data as described and on the following legal basis:

  • GDPR, Article 6(1)(a) (consent) This applies if you have signed the consent form. 
  • GDPR, Article 6(1)(b) (necessary for performance of the contract between us):
    This applies if you have signed the licence agreement.
  • GDPR, Article 6(1)(c), (necessary for us to comply with a legal obligation). We process certain personal data and information about fees in order to comply with accounting and tax legislation. 
  • GDPR, Article 6(1)(f), (necessary for us to pursue a legitimate interest). 

    This applies if the recordings do not portray you, but simply show a situation or event with several people in which you are identifiable without being the primary object of the recordings.
       
    The legitimate interests pursued by us are: Use of the recordings for education, training, marketing, branding and other commercial and non-commercial purposes (as long as they do not violate your rights).

    We assess whether our legitimate interests are overridden by your interests or fundamental rights and freedoms. 
 

We store personal data as long as necessary to meet these purposes. As a general rule, personal data will be erased:

  • five years after you have signed the consent form
  • five years after the recording of the event/situation in question (in situations where you have not given your consent or signed a licence agreement)
  • 20 years after the photo was taken if you have signed the licence agreement, unless there are special reasons for a longer storage period.
  • If you are a professional model employed by an agency: After the expiry of the period stated in the contract.  
 

Facebook page: 

Data controller: Ørsted Services A/S 

Ørsted is joint data controller, together with Facebook, for collection of personal data about you when you visit our Facebook page. 

You can read the agreement on joint data controlling here.

The purpose of the processing of these personal data is to enable us to receive anonymous information from Facebook about the visitors to our Facebook page. 

Another purpose is to enable us, for example, to reply to inquiries from you to us on Facebook. 

We collect the data from the following sources:

  • Directly from you when you visit our Facebook page, when you use our website or if you send us questions via our Facebook page. 

We process the following data about you: 

You can read in Facebook’s privacy policy what data Facebook collects when you visit Ørsted’s Facebook page, and how Facebook processes the data. Read more here.

In addition, Ørsted processes the data about you that you send to Ørsted, for example in connection with a direct inquiry from you to us on Facebook. This will typically be your name and your question to us.

 

We process your personal data as described and on the following legal basis:

  • GDPR, Article 6(1)(f) (Necessary for the pursuit of Ørsted’s legitimate interests), i.e. to obtain knowledge about users of Ørsted’s Facebook page as well as communication with users of Ørsted’s Facebook page
 

We store personal data as long as necessary to meet these purposes.

Ørsted does not store, and does not have access to, information about your online behaviour collected by Facebook. Such information is stored by Facebook as described in Facebook’s privacy policy.

The personal data which Ørsted receives are processed as described under ‘Communication with you’.

 

4. Recipients of your personal data 

Depending on the circumstances, Ørsted may share your data with:

  • Suppliers, including IT suppliers, support, suppliers of goods and financial institutions cooperating with us in order to assist Ørsted
  • Group enterprises – see list of Ørsted enterprises in our annual report 
  • Public authorities 
  • Business partners
  • Players in the energy sector (distribution companies, Energinet.dk, public authorities and energy suppliers)


5. Personal data about other parties 

If you provide personal data about other people (e.g. contact information for colleagues in the company in which you are employed), you must make sure that they agree to this, and that you have permission to provide us with such data. In addition, you must refer them to this privacy policy when you provide us with their data. 

6. Transfer to third countries 

In certain situations, we will transfer your personal data to countries outside the EU/EEA. Please contact us if you want a list of relevant countries outside the EU/EEA. 

Such transfers to third countries will be made on the following legal basis:

  • These countries have not been determined by the European Commission to be countries offering an adequate level of data protection. We will therefore ensure that there are appropriate safeguards using the standard contractual clauses for the transfer of personal data to third countries, as published by the European Commission. You can obtain a copy of this contract by contacting us on info@orsted.com.

 

7. Mandatory information 

The data marked with an * are mandatory. If you do not provide these data, we cannot:

  • Identify pictures, videos and recordings of you and erase them in accordance with our erasure rules; and 
  • pay the fee in accordance with the licence agreement  


8. Your rights

When we process your data, you have the following rights:

  • You have the right of access to, rectification or erasure of your personal data.
  • You also have the right to object to the processing of your personal data and to have the processing of your personal data restricted.
  • In particular, you have an unconditional right to object to the processing of your personal data for use for direct marketing purposes.
  • If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal of consent will not affect the lawfulness of the processing performed before withdrawal of your consent.
  • You have the right to receive the personal data that you have provided yourself in a structured, commonly used and machine-readable format (data portability).
  • You have the right to lodge a complaint with a supervisory authority, for example the Danish Data Protection Agency.

You can exercise your rights by contacting us, see section 9. If you have requested to receive information from Ørsted, such as newsletters, and you no longer wish to receive these, you can unsubscribe at any time via the email that you receive or by calling us.

These rights may be subject to conditions or restrictions. For example, you may not have the right to data portability in the case in question. It depends on the specific circumstances in connection with the processing activities. 

9. Contact Ørsted regarding the processing of personal data

If you wish to contact Ørsted regarding our processing of your personal data, please write to info@orsted.com or call us on +45 99 55 11 11. 

If you are unhappy with our response, you can lodge a complaint with your local data protection authority. 

In Denmark, the regulator is the Danish Data Protection Agency.

10. Changes in our privacy policy

This privacy policy replaces all previous versions. It will be necessary to update and amend this policy on an ongoing basis, and we thus reserve the right to update and amend it. In the event of an important amendment, we will notify you at orsted.com or send an email if we deem this necessary.
 
This privacy policy was last updated in January 2019