18196 - 32

PRIVACY POLICY

This Privacy Statement describes how Green Hydrogen Systems A/S (hereinafter “GHS”) processes the personal data of the natural persons who use its services in their own activities.

Privacy Policy  

This Privacy Statement applies to all of GHS’s business processes and websites, areas of operation, mobile solutions, cloud services, and other services offered by GHS. Unless otherwise separately stated, this Privacy Statement also applies to the processing of personal data carried out by other companies belonging to GHS.

GHS’s websites and other services may furthermore, from time to time, include links to the social networks of third parties. Such social networks of third parties, and any processing of personal data occurring through them, are subject to the privacy statements of the third parties in question.

This Privacy Statement pertains to the processing of personal data carried out by GHS when GHS – or a company belonging to the GHS – is the controller. We always process your personal data only to the extent necessary for the delivery of our services, and always in accordance with the applicable legislation.

By providing us with your personal data, you indicate that you have read and are aware of the processing methods and terms applicable to the processing of personal data pursuant to this Privacy Statement. If you do not accept the processing principles described in this Privacy Statement, please do not provide us with your personal data.

1. Controller

Unless otherwise separately stated, the controller with regard to the personal data processed pursuant to this Privacy Statement is:

Green Hydrogen Systems
Nordager 21
DK-6000 Kolding
Denmark
Tel: +45 7550 3500

2. And/or (on a case-by-case basis):

The company belonging to GHS to which you have disclosed your personal data or from which you have received marketing communications. If you are unsure who the controller is in terms of your personal data, you can contact GHS by using the contact details provided in this Privacy Statement. Purpose of and legal basis for personal data processing. GHS processes personal data for the following purposes:

3. Customer relationship management

GHS processes the personal data it collects primarily for the purpose of delivering and producing those GHS services which the person has subscribed to or ordered, or which the person has registered for as a user. The personal data is processed for the management and analysis of the relationship with the customer – or some other appropriate connection – along with the production of services, business development and planning, as well as opinion and market research and customer communication, which may also be implemented digitally and in a targeted manner.

GHS may also process the personal data it collects for marketing purposes, provided that the person in question has given their consent to this or, in certain cases, has not separately forbidden it. The person has, at any time, the right to withdraw their consent for the use of their data in marketing purposes either by using the contact details provided in this Privacy Statement or by exercising the opt-out possibility given in the marketing communications (such as a ‘Unsubscribe’ link).

GHS does not sell or disclose the personal data it processes to third parties for the marketing purposes of these parties, unless the person in question has given their separate consent to this. GHS’s marketing measures carried out on behalf of other controllers in its capacity as a processor for these controllers are described below.

4. Legal basis for processing

GHS processes your personal data on varying legal bases, depending on whether GHS is the controller or processor with regard to your personal data. When GHS itself is the controller, the processing of your personal data is based on either a) the implementation of the agreement on the GHS services which the data subject has ordered from GHS, b) the implementation of GHS’s legitimate interests related to the data subject’s customer relationship, or c) the consent provided by the data subject. When GHS serves as a processor to its corporate customer which is the controller, GHS’s processing of your personal data is based on the agreement between GHS and the controller on the order of services.

The provision of personal data to GHS is not primarily a condition for the agreement or the delivery of services. If this is nevertheless the case and GHS cannot, for instance, implement the services you have ordered without your personal data, the provision of this data is separately indicated as being required. A failure to provide such data, indicated as required, may prevent GHS from delivering the services you have ordered or limit their delivery to a considerable degree.

5. Personal data subject to processing

GHS may process the following personal data, among others, for the purposes of customer relationship management and marketing:
  • first and last name
  • contact details (postal address, telephone number, email address)
  • the start and end date of the customer relationship and/or appropriate connection as well as the method by which it started and ended
  • direct marketing opt-ins and opt-outs
  • business ID (businesses)
  • information pertaining to the use of digital services and contents (e.g. subscriptions to newsletters)
  • information related to marketing and sales promotion, such as marketing measures targeted at the data subject and participation in them

In addition, GHS may process, in connection to the management of customer relationships, the following data on persons who have bought a product and/or service:

  • customer number
  • business ID
  • invoicing details
  • contact people (name, phone number, email)
  • information related to the management of the customer relationship or other appropriate connection and communication as well as categorisation (e.g. information on the products and services bought or canceled, delivery information, feedback, complaints and the recording of customer service events such as phone calls, emails and support messages)

6. Regular information sources

The personal data of data subjects is collected primarily directly from the data subjects themselves when, for instance, data subjects themselves disclose their personal data in connection to subscribing to a newsletter, through various GHS services used by the data subjects, and in connection to different marketing measures, such as marketing prize draws or competitions and events.

Furthermore, personal data may be collected and updated from the registries of our partners and from companies providing services pertaining to personal data, to whom a data subject has given their consent for the disclosure of their personal data. Third parties of this kind, from whom GHS may collect data related to the data subjects, can include various companies providing credit references and address data.

7. Regular disclosure of data

GHS discloses personal data only in cases and to the extent to which is necessary for the proper delivery of services. GHS always complies with appropriate protective measures to ensure the protection of personal data in connection to disclosures.

GHS may occasionally have to disclose the personal data it processes to competent authorities or other equivalent parties in the manner required by said competent authorities or other parties pursuant to valid legislation.

In the event that we dispose of, merge or otherwise reorganise our business operations, or acquire new ones, the personal data of users may be disclosed to the buyer or potential buyers and their advisers.

Data can be disclosed to partners selected by GHS and to service providers who process the data on behalf of the controller on the basis of a cooperation agreement between the parties. In such cases, GHS always ensures that the partners and service providers participating in the processing of personal data are contractually bound to comply with confidentiality and data protection and that the personal data is processed solely for GHS’s purposes described in this Privacy Statement.

Transfer of data outside the EU or the EEA

We do not, as a rule, transfer data outside the EU or the EEA. In some situations (such as where our service provider or servers are located outside the EEA) we may nevertheless also have to transfer the personal data we have collected to non-EEA countries, in which the level of data protection has not necessarily been found to be adequate by the European Commission (such as the United States).

If we transfer data outside the EU or the EEA to countries with an inadequate level of data protection, we ensure the personal data’s adequate level of data protection by, among other things, agreeing on matters related to the confidentiality and processing of personal data as required by legislation, such as by using standard contractual clauses adopted by the European Commission or by means of other equivalent protective mechanisms. The European Commission’s standard contractual clauses are available on the European Commission’s website, and you can request a copy of the other transfer bases by contacting GHS.

8. Protection of personal data

We use any necessary and appropriate technological and organisational information security measures to protect personal data against unauthorised access, disclosure, destruction or other unauthorised use. Such measures include the use of firewalls and secure hardware facilities, appropriate physical access control, the managed granting of access rights and the monitoring of their use, the employment of encryption technologies, training the personnel participating in the processing of personal data, and the careful selection of subcontractors.

9. Storage period of personal data

GHS stores your personal data only for as long as they are needed for the aforementioned purposes of use or the fulfilment of statutory obligations. When the personal data we have collected is no longer needed, we destroy or erase it in a secure manner.

10. Data subject’s rights and exercising them

Data protection legislation guarantees data subjects several rights with regard to their personal data, which GHS has also undertaken to implement. Among other things, the user of GHS’s services has the right to check the personal data stored on them and to request a copy of the personal data collected on them. When the processing of the personal data of an GHS user is based on the user’s consent, the user has the right to withdraw the consent they have given at any time.

At the request of a user, we will rectify, erase or complete any personal data erroneous, unnecessary, incomplete or outdated in terms of the processing purpose.  Users also have the right to request the erasure of their personal data (what is referred to as the right to be forgotten) if the processing has been based on the user’s consent and the user withdrawn their consent; the user’s personal data has been processed illegally; or if the user objects to the processing of their personal data and there are no legitimate grounds for the processing.

In some cases, the user also has the right to request the restriction of processing, object to the processing, and to request the data’s transmission from one system to another, or to another controller. Users may have this right in a situation where there is no longer a legal basis for the processing, but in which, in lieu of the data’s erasure, the user merely wants to restrict the processing, or when the processing has been based on consent and has been automatic.

Users have the right to file a complaint with a competent supervisory authority concerning the processing of a user’s personal data carried out by GHS, should the user perceive GHS not to have processed the user’s data as required by the applicable data protection legislation, or if the user’s requests related to their rights guaranteed by law have not been implemented appropriately. You can find the contact details of all competent data protection authorities in EEA countries here.

If you wish to exercise one of the aforementioned rights guaranteed to you by law, you can do so by contacting GHS (or, depending on the case, the company belonging to GHS serving as the controller) through the contact details provided in this Privacy Statement. In some cases, GHS may have to request further information from you to ensure that you are the person you claim to be. In the event that GHS serves merely as the processor of another controller in respect of your personal data, GHS will instruct you to contact the controller in question in relation to your requests. In terms of some services, GHS also offers you the possibility to check, modify, and erase your own data by signing in to GHS’s user portal.  If you are provided with such an opportunity, GHS recommends that you primarily update your data through the user portal in question.

11. Automated data collection

GHS employs widely used digital marketing methods and tools to gather data on your movements on our websites. This data is collected to improve the usability and content of our website, target advertising, and marketing as well as to investigate the interests of visitors. For the most part, such data is gathered with the help of cookies (see below) and does not allow for attribution to a person.