Background information

This policy describes how Momentum handles personal data to ensure compliance with GDPR and Danish data protection legislation. We are committed to treating all personal data securely and confidentially and ensuring the integrity, confidentiality and security of personal data.

Momentum: Momentum is defined as Momentum Energy Group A/S and its Danish subsidiaries.

Scope of application

This policy applies to anyone who has agreements with Momentum, is a customer, is seeking employment, is an employee, former employee, supplier, stakeholder in business or product development, or otherwise submits personal data to Momentum.

Responsibility

Momentum is responsible for the handling of your personal data in accordance with this Privacy Policy. As data controller, we ensure that your data is processed in accordance with applicable data protection laws. If you have any questions about how we process your personal data, please contact us:

Momentum Energy Group A/S
Roskilde office (HQ)
CVR no.: 28888430
Københavnsvej 81
4000 Roskilde
Denmark
+45 46 33 70 10
compliance@momentumgreenenergy.com

Momentum does not process personal data to an extent that requires the appointment of a Data Protection Officer (DPO) and therefore no DPO has been appointed.

The data-registered

Momentum processes personal data about you if you are:

– Job applicant
– Employee or former employee
– Customer
– Supplier
– Stakeholder in business or product development

Collection of personal data

We collect personal data either directly from individuals or through their interaction with our services. This information may include general personal data, confidential information and special categories of personal data. For a comprehensive overview of the types of personal data collected based on your interactions with Momentum, please refer to the Privacy Policy Overview. The link also contains information about the purpose of use of the data, the legal basis for the processing, retention periods, deletion policies and categories of recipients.

Data principles

Momentum as data controller complies with the following principles in connection with the processing of personal data:

– Lawfulness, fairness and transparency: Process data lawfully, fairly and transparently. Ensure individuals know how their data is used.

– Purpose Limitation: Collect data only for specific lawful purposes. Do not use data beyond these purposes unless authorized for research or public interest.

– Data minimization: Limit data collection to what is necessary.

– Accuracy: Keep data accurate and up-to-date. Correct or delete inaccurate data quickly.

– Retention limitation: Keep data only as long as necessary. Set time limits for deleting or reviewing data.

– Integrity and confidentiality: Protect data with appropriate security measures to prevent unauthorized access or loss.

– Accountability: Be responsible for and demonstrate compliance with all data protection principles.

Rights of the data subjects

Under the GDPR, you have several rights with regard to our processing of your data. If you wish to exercise your rights, please contact us using the details provided above.
Your rights include the following:

– Access: You can contact us at any time to find out what personal data we hold about you and where it comes from.

– Rectification: If you discover that your personal data is incorrect or incomplete, you can request that we correct it.

– Erasure: You can ask us to erase your personal data (except in certain cases, e.g. to document a transaction or to comply with legal requirements).

– Restriction: You can request to restrict the processing of your data while its accuracy is verified.

– Objection: You can object to our use of your personal data, including for direct marketing purposes such as newsletters.

– Data portability: You have the right to have your data transferred to another service provider.

Withdrawal of consent: You can withdraw your consent at any time if your data is processed on the basis of your consent. Withdrawal does not affect the lawfulness of data processing based on previous consent.

No payment is required to exercise your rights. If you submit a request, we will respond to you within one month.

Security measures

We implement technical and organizational measures such as encryption, access control, firewalls, backups, secure servers, risk assessments, employee training and data protection policies and procedures to protect personal data.

Storage of data

Personal data is retained for as long as necessary for the stated purposes and in accordance with legal requirements. Retention periods vary depending on the type of data and legal requirements.

Profiling

We do not use your personal data for profiling.

Data processors

Momentum uses data processors who handle personal data under Momentum’s instructions, and data processing agreements are in place. Data may be shared with service providers (e.g. payment providers and IT services), business partners (for joint marketing) and legal and regulatory authorities (to comply with legal requirements).

International transfers

Momentum’s processing of personal data will primarily take place within the EU/EEA. If your personal data is transferred outside the EU/EEA, it is protected by appropriate safeguards such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules.

Risk assessment and DPIA

We conduct regular risk assessments. The obligation to carry out an impact assessment only arises in exceptional cases of high risk to individual rights and freedoms, which we rarely encounter. Therefore, the rules on impact assessments will generally have limited applicability to our processing of your personal data. If an impact assessment is conducted, the results will be taken into account when implementing appropriate measures.

Complainant

You have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we handle your personal data. You can find the contact details for the Danish Data Protection Agency at www.datatilsynet.dk.

Updated: December 1, 2024