Privacy Policy Customers and Stakeholders

LinkedIn
Email
Facebook
Anden Auktionsrunde i Tyskland analyse

1

Privacy Policy

1.1

We process all personal data securely and confidentially. Momentum Energy Group has internal procedures for e.g., deletion, data minimization, storage, collection, updating and disclosure of personal data to ensure the integrity, confidentiality, and security of the personal data.

1.2

Momentum Energy Group’ processing of your personal data only takes place for explicitly stated and legitimate purposes. We do not process your personal data in a way that is incompatible with these purposes.

1.3

We carry out and update risk assessments in relation to Momentum Energy Group’ processing of personal data, including personal data about employees. Momentum Energy Group’ initiatives in data protection and compliance with the General Data Protection Regulation (GDPR) are based on these risk assessments. In cases where it is necessary, we also carry out consequence analyses (DPIA) on individual treatment activities.

1.4

We have adopted this privacy policy (hereinafter “Privacy Policy”), which i.a. tells you how we process your personal data when you use our website.

1.5

The Privacy Policy has been drawn up with reference to the rules in The personal data protection regulation (Regulation on the protection of natural persons in connection with the processing of personal data and on the free exchange of such information and on the repeal of Directive 95/46/EC (general regulation on data protection) (EU) 2016/679 (also known as “GDPR”)) and the Danish Data Protection Act (Act No. 502 of 23/05/2018 with any subsequent amendments) (“Data Protection Act”).

1.6

You will receive this Privacy Policy as a link in an email the first time we write to you as our customer. The Privacy Policy can also be found on Momentum Energy Group’ website www.momentum-gruppen.com.

2

Data controllers

2.1

We are the company responsible for the processing of your personal data in accordance with this Privacy Policy which means, that we are the data controller.

2.2

Our contact information:

Momentum Energy Group A/S
Roskilde Office (HQ)
VAT no. / CVR-no. DK28888430
Københavnsvej 81
DK-4000 Roskilde
Denmark
+45 46 33 70 10
compliance@momentum-gruppen.com

2.3

In connection with a concrete investment, the relevant project company or operating company will be the data controller for the processing of personal data that relates to company information of such company or the investment. You will always be made aware of which specific company is data controller in relation to you.

2.4

All project companies or operating companies in the Momentum Group or administrated by a company in the Momentum Group are covered by and follow this Privacy Policy and a reference to “Momentum Energy Group”, “we”, “us”, etc. in this Privacy Policy is also a reference to the relevant project company or operating company.

2.5

When we talk about our “website”, we mean www.momentum-gruppen.com. When we refer to “you” we mean you as a user of our website or customer of us, board member or stakeholder.

3

When does the policy apply?

3.1

This Privacy Policy is related to the information we collect and process about you when you visit and/or sign up to our services via our website or when you are in contact with us.

4

The categories of data we process/purpose:

We process your personal data to deliver services to you. This includes:

4.1

Entering into an agreement with us or registering and identifying you as a customer/user

4.1.1

Purpose
  • Entering into an agreement regarding our services,
  • Providing our services,
  • Creating your account (investor login),
  • Logging and saving the actions you take when you use our website,
  • Delivering services to you that you have requested,
  • Handling payment transactions,
  • Responding to your questions and providing you with customer service and support, including sending service-related messages to you.

4.1.2

Ordinary personal data:

  • Your contact details, e.g., name, title, email, telephone number,
  • Your purchase history, interest areas and use of our services,
  • User requests, e.g., sign-up and use of our product,
  • Login details and verification,
  • Customer support, account and product setup, user interviews, UX research, customer feedback etc.,
  • Payment information, incl. billing address, credit or debit card details, and payment and purchase history,
  • Information required to comply with requirements of public or governmental authorities,
  • Information about interest in certain projects (if you have registered as interested),
  • Information about which financial institution / bank you are associated with (when completing the purchase agreement order),
  • Information about Danish citizenship or not (when completing purchase agreement orders),
  • Information about residence in Denmark or not (when filling out the purchase agreement order).

4.1.3

Confidential personal data / special categories of personal data:

  • We do not process confidential personal data / special categories of personal data for this purpose.

4.2

Companies under administration

4.2.1

Purpose
We process your personal data for the following purposes:
  • Delivering services to you that you have requested,
  • Administration of companies / board meetings and general meetings,
  • Registration with the Commerce Agency (Erhvervsstyrelsen).

4.2.2

Ordinary personal data:

  • Your contact details, e.g., name, title, email, telephone number, address
  • Payment information, incl. billing address, credit or debit card details, and payment and purchase history

4.2.3

Confidential personal data / special categories of personal data:
  • Social security number (to be used for registration as board member).

4.3

Marketing:

4.3.1

Purpose

We process your personal data for marketing-related purposes if you have consented, including:

  • sending you newsletters and email marketing,
  • providing you with offers, sending you guides,
  • tailoring our communication with you to accommodate your areas of interests and focus,
  • sending you relevant promotions,
  • If you sign up for an event etc., we will process your personal data in that

    regard.

4.3.2

Ordinary personal data:
  • Your contact details, e.g., name, title, email, telephone number,
  • Purchase history, interest areas and use of our services,
  • User requests, e.g., sign-up and use of our product,
  • What newsletters you signed up for, when you asked to receive email marketing and guides,
  • Events or other arrangements you signed for,
  • Information about your use of the website, or
  • Interests, including which services you have shown interest in.

4.3.3

Confidential personal data / special categories of personal data:
  • We do not process any Confidential personal data / special categories of personal data.

4.4

Suppliers:

4.4.1

We process personal data for the following purposes:
  • When your company or the company you are employed by enters into an agreement with Momentum Energy Group, including the purchase of products or services offered by Momentum Energy Group.
  • When you have shown interest in Momentum Energy Group’ services, e.g., by giving Momentum Energy Group your business card.
  • When you agree to receive Momentum Energy Group’ newsletter.
  • When you collaborate or communicate with Momentum Energy Group.
  • When you have a lease agreement with Momentum Energy Group as a Landowner.

4.4.2

Ordinary personal data:
  • Names, email addresses, telephone numbers and similar identifying information,
  • Individual information, e.g., preferred language,
  • Organizational information such as company name, business address, po-
    sition, business area, primary place of work and country,
  • Contractual information such as purchase orders, invoices, contracts, and similar agreements between your company (or employer) and Momentum
    Energy Group, which may include your contact information,
  • Financial information such as payment terms, bank account details and
    creditworthiness,
  • Such information may be provided directly by you (primarily through emails
    and other correspondence) or by third parties such as your employer.

4.4.3

Confidential personal data / special categories of personal data:
  • We do not process confidential personal data / special categories of personal data in this regard.

4.4.4

We collect your personal data directly from you and we will keep such data for as long as the relevant activity is ongoing and for the period after that as stated in this policy.

4.5

Business and product development:

4.5.1

Purpose

We process your personal data for the purpose of data analysis, audits, developing new products and services, identifying usage trends, determining the effectiveness of our campaigns, and operating and expanding our business activities.

4.5.2

Ordinary personal data:
  • Your contact details, incl. your name, email, address, and country,
  • How you are using our products and services,
  • Purchase history, interest areas and use of our digital services,
  • Customer support, account and product setup, user interviews, UX research, customer feedback etc.

4.5.3

Confidential personal data / special categories of personal data:
  • We do not process confidential personal data / special categories of personal data in this regard.

4.5.4

We collect your personal data directly from you and we will keep such data for as long as the relevant activity is ongoing and for the period after that as outlined in our data retention policy.

4.6

Statistics:

4.6.1

Purpose:
We process your personal data to compile statistics and analytics for the use of our website and to monitor and analyse usage and trends. The personal data we process about you in that regard is:

4.6.2

Ordinary personal data:
  • When you visit one of our websites, that are hosted on servers on which we are data controllers, we may automatically log the standard data provided by your web browser. It includes your computer’s Internet Protocol (IP) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
  • Cookie information: We use cookies and similar technologies to collect additional website usage data and to operate our services.
  • We receive information when you interact with our website, e.g., when you visit our website, log into your account, and receive emails from us. This includes information such as your IP address, browser type, browser language, operating system, the referring web page, pages visited, location, device information etc.

4.6.3

Confidential personal data / special categories of personal data:
  • We do not process confidential personal data / special categories of personal data in this regard.

4.6.4

Please read our cookie policy for more information about data processors we use, the duration of the different cookies and the purposes of the processing of your personal data related to statistics. You can find our cookie policy on our website.

4.7

Improve, optimize, or modify the experience on our website and online services:

4.7.1

Purpose:

We process your personal data collected by your use of our website and online services and products to improve the user experience on our website and the services we offer. We use your personal data to operate our website, enhance the security of our website and services and its reliability and performance. We will also use your personal data to improve the content we show you, incl. determining what content is most helpful and how we can make the experience when visiting our website better.

You can read about the cookies we use on our website.

4.7.2

Ordinary personal data:
  • When you visit our website, our servers may automatically log the standard data provided by your web browser. It includes your computer’s Internet Protocol (IP) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
  • Cookie information: We use cookies and similar technologies to collect additional website usage data and to operate our services.
  • We receive information when you interact with our services, e.g., when you visit our websites, when you sign into your account, or when you interact with email subscriptions. This includes information such as your IP address, browser type, browser language, operating system, the referring web page, pages visited, location, device information etc.

4.7.3

Confidential personal data / special categories of personal data:
  • We do not process Confidential personal data / special categories of personal data in this regard.

4.7.4

We keep this data for as long as described in our cookie policy.

4.7.5

We collect your personal data from you and your use of cookies, our website, and products.

5

Legal basis

5.1

We process your personal data according to the following authority:
  • Processing is necessary for the fulfilment of a contract to which you are a party, or for the implementation of measures taken at your request prior to entering a contract, cf. GDPR, Article 6 (1)(b).
  • Processing is necessary so that legal claims can be established, enforced, or defended, cf. GDPR, Article 9 (2)(f).
  • Processing is necessary to comply with a legal obligation incumbent on Momentum Energy Group, cf. GDPR, Article 6 (1)(c) and GDPR, Article 9 (2)(b), cf. Section 7 of the Data Protection Act.
  • Processing is necessary for us or a third party to pursue a legitimate interest, unless your interests or fundamental rights and freedoms precede this, cf. GDPR, Article 6 (1)(f).
    In these situations, the legitimate interests will often be Momentum Energy Group’ interest in being able to take care of general administration of the relationship and document the history of the relationship.
  • You have given your consent to the processing of your personal data for one or more specific purposes, cf. GDPR, Article 6 (1)(a), Article 9 (2)(a), Section 8 (3) of Data Protection Act and Section 11(2)(2) of the Data Protection Act.

5.2

If you would like more information about our legal basis for processing your personal data, please feel free to contact us.

5.3

Please note that special circumstances or legal requirements may mean that such periods may be shorter or longer, depending on the purpose of complying with legal requirements for the erasure or keeping of information.

6

General data processing principles

6.1

We want to protect your personal data, and we process it in a reasonable, transparent, and secure manner.

6.2

We observe the following principles in connection with the processing of personal data:

  • Lawfulness: We always process your personal data lawfully, fairly and in a transparent manner in relation to you as a data subject.
  • Data minimisation: We limit the processing of your personal data to what is necessary and relevant in relation to the purposes for which it is processed.
  • Limitation of purpose: We collect your personal data only for specific, explicit, and legitimate purposes, and we do not further process it in a manner that is incompatible with these purposes.
  • Accuracy: We make sure that your personal data is accurate and – if necessary – updated.
  • Integrity and confidentiality: We use technical and organizational measures to ensure appropriate data protection, taking into account, among other things, the nature of the personal data concerned. Such measures protect against unauthorised disclosure and access, accidental or unlawful destruction, accidental loss, or alteration and against other forms of unlawful processing.
  • Access and rectification: We respect your rights in connection with the processing of your personal data.
  • Storage limitation: We store your personal data in accordance with applicable law and regulations and no longer than is necessary for the purposes for which the personal data is processed.
  • Protection of international transfers: We ensure adequate protection of your personal data in connection with transfers outside the EEA.
  • Protection in relation to third parties: We ensure that third parties are only allowed access to (and are only allowed to transfer) personal data in accordance with applicable data protection law and with adequate contractual protection

7

Lawful use of direct marketing and cookies:

7.1

We only send advertising material to you or place cookies on your browser in accordance with applicable data protection law and other relevant legislation.

8

Risk analysis

8.1

During our case process, we must carry out the technical and organisational measures to ensure a level of security that fits the risks specifically associated with our processing of personal data.

8.2

We have carried out a risk analysis which underlies this Privacy Policy.

9

Data protection impact assessments (DPIA)

9.1

Article 35 of the GDPR requires that if processing, particularly by using new technologies and considering the nature, scope, context, and purposes of the processing, is likely to result in a high risk to the rights and freedoms of individuals, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.

9.2

The obligation to carry out an impact assessment applies only in exceptional cases where there is a high risk involved regarding the rights and freedoms of individuals.

9.3

It is our assessment that we will rarely carry out processing that meet one of the above criteria. It must therefore be assumed that the rules on impact assessment will have a relatively limited scope in relation to our processing of your personal data.

9.4

If an impact assessment is carried out anyway, the results of the assessment will be considered when taking appropriate measures.

10

Data Protection Officer (DPO)

10.1

It is our assessment that Momentum Energy Group does not process personal data to the above extent. We have therefore decided not to appoint a data protection officer.

11

Data Controller

11.1

Regarding personal data about you, we will work independently, including independently assess whether there are grounds for collecting/processing personal data, what personal data is relevant and necessary, and how long personal data should be stored. In this situation, Momentum Energy Group will therefore act as a data controller.

12

Data processors

12.1

In some cases, we use external companies to carry out the technical operation of Momentum Energy Group’ IT systems etc. In some cases, these companies act as data processor for Momentum Energy Group.

12.2

The data processor acts solely on our instructions and data processor has taken the necessary technical and organizational security measures against the accidental or unlawful destruction, loss, or deterioration of personal data and against the disclosure of unauthorized persons, misrepresentations or otherwise being processed in breach of the GDPR.

12.3

In certain cases, our data processors use other data processors to process personal data for which Momentum Energy Group is the data controller. Other data processors may be established inside and outside the EU/EEA.

13

Data Processing Agreements

13.1

A personal data processing agreement shall be entered between us (the controller) and the other party (the data processor) and shall comply with the applicable requirements for data process agreements as referred to in Article 28 (3) of the GDPR. This implies drawing up a contract or other legal document binding on the data processor. It is also a requirement that the data processing agreement be in writing, including electronically.

13.2

In addition, the GDPR sets several specific requirements for the content of the data processing agreement. The data processing agreement must include information on the status and duration of the processing, the nature and objectives of the processing, the type of personal data, categorization of data subjects and our obligations and rights as controller, as well as the duties of the data processor in relation to performing the task. The requirements are specifically described in Article 28 (3), (a)-(h) of the GDPR.

14

Transfer of personal data to third countries

14.1

Momentum Energy Group’ processing of personal data will predominantly take place within the EU.

14.2

If your personal data is transferred to countries outside the European Economic Area (“EEA”), we make sure that the required guarantees are provided, including:
  • That the transfer is within the scope of a decision on required guarantees made by the EU Commission in accordance with Article 45 of the GDPR.
  • That standard contract regulations for data protection, as approved by the EU Commission or a data protection authority in accordance with Article 46 (2)(c) or (d) of the GDPR, are met.
  • That the requirements for binding corporate rules as approved by a data protection authority in accordance with Article 46 (2)(b) of the GDPR, are met, if the transfer of personal data is based on corporate binding rules.

14.3

Please see the following link: https://commission.europa.eu/law/law- topic/data-protection/international-dimension-data-protection/rules-international-data-transfers_en for further information on how the transfer of personal data outside the EEA is regulated.

14.4

For further information on how we have provided the necessary guarantees, you may contact us.

15

Other disclosure of personal data

15.1

Personal data may also be disclosed to:
  • Insurance companies.
  • Bank payment services.
  • Banks.
  • Credit institutions.
  • Accountants.
  • External law firms.
  • Influencers/ambassadors.
  • Other suppliers.

16

Profiling

16.1

We do not use your personal data for profiling.

17

Security measures

17.1

We have taken the necessary technical and organizational security measures to protect your personal data from accidental or unlawful destruction, loss or change as well as from unauthorized public disclosure, misuse, or other conduct in violation of applicable law.

17.2

Access to personal data is limited to persons who have a need for access. Employees who process personal data are instructed and trained to know what to do with the personal data and how to protect it.

17.3

When documents (papers, filing data, etc.) containing personal data are thrown out, shredding or other measures are used to prevent unauthorized persons from accessing the personal data.

17.4

Passwords are used to access PCs and other electronic devices containing personal data. Only the persons who need access will have a code and then only for the systems that he or she needs to use. Persons with access codes must not leave the code to others or leave it for others to see. Check-ups on assigned codes will be carried out at least once every six months.

17.5

If personal data is stored on a USB-stick, the personal data must be protected, for example by a password and encryption. Otherwise, the USB-stick must be stored in a locked drawer or cabinet. The same applies when storing personal data on other portable data media.

17.6

PCs connected to the Internet have an updated firewall and virus control installed.

17.7

If sensitive personal data or Social Security number is sent by email over the Internet, such emails must be encrypted. If you send personal data to us by email, please be aware that this is not secure if your emails are not encrypted. We advise you to not send us confidential or sensitive personal data by email unless this is specifically agreed in advance so that we can ensure the necessary level of security.

17.8

In connection with the repair and service of data equipment containing personal data and when data media is to be sold or discarded, we take the necessary measures to ensure that the personal data cannot come to the attention of unauthorised persons. For example, by using declarations of confidence.

17.9

When using an external data processer to process personal data, a written agreement is signed between us and the data processor. This applies, for example, if cloud systems are used in the processing of personal data – including communication with you. Similarly, a written agreement is always made between us, and you if we act as data processors. The data processing agreements are also available electronically.

18

Backup

18.1

Momentum Energy Group takes backup of all production data. Backup is stored on an external server.

18.2

All backup data are kept for a maximum period of ten (10) years.

19

Retention periods and deletion

19.1

Deletion – When

19.1.1

Personal data collected is generally stored for a period of 3 years from your last activity with us.

19.1.2

Personal data included in accounting material is stored for 5 years from the end of the financial year, after which the information is deleted.

19.1.3

Documentation of your marketing authorization is kept for 2 years from the time you have withdrawn your consent to receive direct marketing material.

19.1.4

However, we may store the personal data for a longer period if required by law, or if it is necessary for a legal claim to be settled, asserted, or defended. The information can also be processed and stored longer in anonymized form.

19.2

Deletion – How

19.2.1

Personal data must be deleted from the production system. When personal data is deleted from the production system, it will be deleted from the backup system if it is technically possible.

19.2.2

Alternatively, personal data can be completely anonymized with the effect that it can no longer be assigned to a person. Complete anonymization may be an alternative to deletion. However, it is important to bear in mind that anonymization – as an alternative to deletion – presupposes the deletion of all traces that may lead to the person to which the information relates. It is usually a very difficult practice.

19.2.3

After deletion/anonymization, we will carry out appropriate cross-checks in the form of searches by name, email address, and the specific case, etc., to ensure that nothing appears.

20

Cookies

20.1

Cookies: A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We use cookies on this site. Cookies are typically categorised as “session” cookies or “persistent” cookies. Session cookies help you navigate through the website efficiently, keeping track of your progression from page to page so that you are not asked for information you have already provided during the current visit. Session cookies are stored in temporary memory and erased when the web browser is closed. Persistent cookies, on the other hand, store user preferences for current and successive visits. They are written on your device’s hard disk and are still valid when you restart your browser.

20.2

We use session ID cookies; these cookies are temporary and expire once you close your browser (or once your session ends). We use preferences cookies when you are a registered user and login, these cookies allow a website to remember choices you have made in the past, like what language or currency you prefer, or your username and password so you can automatically log in.

20.3

If you reject cookies, you may still use our site, but your ability to use some areas of our site, such as contests or surveys, will be limited. Some of our business partners may use cookies on their sites. We have no access to or control over these cookies. This Privacy Policy covers the use of cookies by Momentum Energy Group only; it does not cover the use of cookies by any advertisers. You can change your choice by amending your browser settings at any time. If you disable cookies that we use, this may impact your user experience.

21

Links to Other Sites

21.1

Our website may contain links to other sites that are not owned or controlled by Momentum Energy Group. Please be aware that Momentum Energy Group is not responsible for the privacy practices of such sites. We encourage you to be aware when you leave our site and to read the privacy statements of each website that collects personal data. This Privacy Policy applies only to personal data collected by our website.

22

Changes to this Privacy Policy

22.1

Momentum Energy Group may change this Privacy Policy at any time and without notice and with future effect. In the event of such changes, our users are informed on our website. Our new Privacy Policy will apply hereafter when using Momentum Energy Group’ website and with respect to Momentum Energy Group’ services in general.

23

Contact information

23.1

If you have any questions about this Privacy Policy, our processing of personal data, rectification of your relationship with us in any other way, you may contact us at the following email address: compliance@momentum-gruppen.com and via our website.

24

Your rights

24.1

To allow you to make informed choices about how you want us to use your personal data, we would like to ensure the greatest possible transparency.

  • Your personal data: You may contact us at any time to ascertain what personal data we have about you and where we obtained it. In some cases, you are entitled to receive the personal data we have collected about you, in a commonly used, structured and machine-readable format and disclose your personal data to a third party of your own choice.
  • Right to correction of errors: If you notice that your personal data is erroneous or incomplete, you may request that we correct it.
  • Right to limitation of processing: You have the right to request that the processing of your personal data be limited while the correctness of your personal data is being checked.
  • Right to objection: You also have the right to object to your personal data being used for direct marketing purposes (or, if you prefer, you may inform us how often you want to hear from us) or being disclosed to third parties for the same purpose.
  • Consent: You may withdraw your consent to the processing of personal data at any time by contacting us.
  • Deletion: You may ask us to delete your personal data (except in certain cases, e.g. for documentation of a transaction or to comply with legal requirements).
  • Complain: You can complain to the Danish Data Protection Agency (in Danish: “Datatilsynet”) regarding Momentum Energy Group’ processing of your personal data
Datatilsynet
Carl Jacobsens Vej 35
DK-2500 Valby
Tel: 33193200
E-mail: dt@datatilsynet.dk
www.datatilsynet.dk

Disclaimer

All information on Momentum’s website and any related subsites is provided on an “as is” basis, in good faith and for information purposes only. Momentum makes no representations or warranties (express or implied) and assumes no responsibility or liability in relation to completeness, accuracy, adequacy, reliability of any information on any of Momentum’s websites. Momentum takes no responsibility for external links and content from third parties.