Privacy policy

1. Introduction

When we receive personal data about you, we aim to ensure that you trust we will process your personal data in a transparent and secure manner. Thus, it is important to us that you take the time to read this privacy policy, which will inform you of how we handle your personal data.

This privacy policy applies to helenawind.com. The purpose of this privacy policy is to describe how Ørsted collects and processes your personal data when you visit our website. 

At Ørsted, we receive data about our visitors, suppliers, shareholders and jobseekers, among others.  

1.1 If you are acting on behalf of a company

We will process personal data about you if you are acting in a business situation on behalf of a company that uses you as a their contact person for Ørsted. You can read more about how Ørsted processes personal data in the separate privacy policy. 


2. Data controller

The legal entity responsible for collecting and processing your personal data is stated under the individual processing purposes in section 3.

The data controllers’ contact details are listed below:

Ørsted Services A/S Ørsted A/S
Company reg. (CVR) no.: 27446458
Kraftværksvej 53
DK-7000 Fredericia

Tel. +45 99 55 11 11
info@orsted.com
 
Company reg. (CVR) no.: 36213728
Kraftværksvej 53
DK-7000 Fredericia

Tel. +45 99 55 11 11
info@orsted.com
 

 

3. We use personal data for the following purposes and in accordance with the stated lawfulness of processing

At Ørsted, we only collect necessary data about you. In the table below, we describe how we process your personal data. We recommend that you do not send or inform us of any sensitive information when you use our website and its features. We also encourage you not to state your civil registration (CPR) number.

Purpose
Categories of personal data Legal basis for processing
Erasure

Using our digital services:

Data controller: Ørsted A/S

We process your personal data by using cookies and similar technologies when you use our digital services (website or apps). 

This is done for the following purposes:

  • Delivery of the digital service you have requested. 
  • Optimisation and development of the user experience of our website and the services we provide.
  • Statistics for how our website is used and to improve the website.

Read more about this in our cookie policy.

We also use various third-party cookies and social media plugins to make it easier for you to share content from our website on Facebook, LinkedIn, etc. For these types of processing, Ørsted will in some instances be a joint data controller with the supplier of the third-party cookies in question. You can read more about this and find a link to the privacy policies of the relevant third parties on the cookie list, which is found in our cookie policy.

We collect the data from the following sources:

  • Directly from you whenever you use our digital services

We process the following data about you:

General personal data:

  • Information about your behaviour on our digital services (e.g. number of visits, information about how you access our digital services, including IP address, use of browsers and operating system, cookies, your domains of origin as well as what content you read).
  • Information about clicks on our advertisements, including if you are doing this from the website of another organisation or company.

We process your personal data as described on the following legal basis:

  • GDPR, Article 6(1)(a) (consent).
  • GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in providing the service you have requested, improving customer experience, developing and improving our digital services (in terms of both functionality and the system itself) and making it possible to share content on social media.)

We store your personal data as long as it is necessary for the purposes mentioned:

  • We store your personal data for up to two years from the date on which we registered your visit on our website. The specific storage period depends on the individual cookie. 
Read more about this in our cookie policy.

Customer communication:

Data controller: Ørsted A/S or Ørsted Services A/S

Ørsted processes your personal data in order to communicate with you and to respond to your requests (e.g. providing service to you as an investor and giving you the best possible service).

We collect the data from the following sources:

  • Directly from you

We process the following data about you:

General personal data:

  • Name, telephone number, email address and company.
 

We process your personal data as described on the following legal basis:

  • GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in being able to respond to your enquiry and communicate with you).
 

We store your personal data as long as it is necessary for the purposes mentioned:

  • We store your personal data for up to two years from the date on which you contact us. 
 

Marketing, newsletters, company announcements and information about Ørsted:
 
Data controller: Ørsted A/S or Ørsted Services A/S
 

We process your personal data for marketing purposes, in order that we can:

  • target our communication with you based on your areas of interest and focus,
  • send you relevant marketing in the form of newsletters, etc.

Further, we use your personal data to send company announcements and other information and to identify anyone else who might be interested in Ørsted.

We collect the data from the following sources:
 
  • Directly from you 

We process the following data about you:

General personal data:

  • Name, email address, street address, IP address

  • Newsletter subscription date

  • Areas of interest

  • Data you have submitted in response to marketing activities
     
     
 

We process your personal data as described on the following legal basis:

  • GDPR, Article 6(1)(a) (consent)
  • GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in being able to send marketing material, newsletters, company announcements and information from Ørsted).
 

We store your personal data as long as it is necessary for the purposes mentioned:

  •  We store your personal data as long as you wish to receive material from us and for two years after that.
 

 

When you visit Ørsted’s physical locations:

Data controller: Ørsted Services A/S

We process personal data about guests who visit Ørsted’s physical locations.

This is done for the following purposes:

  • Visitor registration: We process your personal data to identify you and for parking and registration in our cafeteria. 

  • Wi-Fi access: We process your personal data whenever you want to access our free Wi-Fi. 

  • CCTV surveillance and access control: We process your personal data to issue an access card for you to use when you are on our premises. You may also be recorded on our CCTV system for reasons of security and crime prevention.
     
     

We collect the data from the following sources:

  •  Directly from you, including when you visit our locations.

  • Your Ørsted contact person

We process the following data about you:

General personal data:

  • Name, company, position, email, telephone number, licence plate and Ørsted contact person. 

  • IP and Mac addresses (when you use our Wi-Fi) 

  • Video footage from CCTV surveillance.
     
    .

We process your personal data as described on the following legal basis:

  • GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interests in controlling access, preventing crime and taking legal action, and our legitimate interest in enabling you to access our parking facilities and Wi-Fi, and being able to provide cafeteria services).
  • Section 8(3) of the Danish Data Protection Act (necessary to pursuit our legitimate interest in preventing crime and taking legal action) 

 

We store your personal data as long as it is necessary for the purposes mentioned:

  • We store your personal data in connection with guest registration for up to one month after your visit.
  • We erase the data that we use to provide you with an access card when the card is returned.
  • Records in connection with the cafeteria visits and catering from the cafeteria are stored for one year from the time of registration due to internal accounting rules. 
  • Video footage from CCTV surveillance is erased seven days after being recorded, unless we have a lawful reason to store the footage for a longer period (e.g. to process a specific case).

Access to Ørsted logo and design files:

Data controller: Ørsted Services A/S

We process your personal data when you request access to Ørsted’s design and brand centre and when you need to gain access to the Ørsted logo and design files. 

We collect the data from the following sources:

  • Directly from you

We process the following data about you:

General personal data:

  • User name, email and password.

We process your personal data as described on the following legal basis:

  • GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in being able to give our business partners (agencies, photographers, design companies, sponsors, journalists, etc.) access to our logo and design files). 

We store your personal data as long as it is necessary for the purposes mentioned:

  • We store your personal data for the duration of our business relationship with you, and as long as you need access to our logo and design files.

Recordings and use of photo and video: 

Data controller: Ørsted Services A/S or group entities in Ørsted (a list of Ørsted’s legal entities is available here).

We process information in the form of images and recordings (‘recordings’). Recordings can be made on various occasions, e.g. Ørsted Day, design and innovation workshops, receptions, meetings, professional photo sessions, events and other arrangements. 

The recordings may be transmitted live.

We process the recordings for both commercial and non-commercial purposes, for publication internally on our intranet, on websites, at conferences and in connection with similar marketing, education, training, branding, and commercial purposes. 

We may also process your personal data in connection with payment of remuneration if you have entered into a licence agreement with us.

We collect personal data about you from the following sources:

  • Directly from you when you provide us with your personal data and remuneration information.
  • From group entities or subsidiaries when we share recordings and personal data about you. 
  • From third parties, comprising:
  • Professional photographers hired to shoot the recordings
  • Professional model agencies


We process the following data about you:

Ordinary personal data: 

  • Photos, video and audio recordings, and information relating to the recording (where it was recorded, what is going on, etc.)

  • Name, email, contact information*

  • Bank account or other payment information and fee amounts*.
 
 
 

We process your personal data as described on the following legal basis:

  • GDPR, Article 6(1)(a) (consent); if you have signed a consent form. 
  • GDPR, Article 6(1)(b) (necessary for the performance of a contract between you and us); when we have entered into a licence agreement with you).
  • GDPR, Article 6(1)(c), (necessary for us to comply with a legal obligation; the Bookkeeping Act and tax legislation in cases where we pay you remuneration).  
  • GDPR, Article 6(1)(f), (necessary to pursuit our legitimate interest in marketing and using images from events for education, training, branding, and other commercial and non-commercial purposes). 


We store personal data as long as necessary to meet these purposes. As a general rule, personal data will be erased:

  • After 5 years from signing the consent form.
  • After 5 years from the event/situation in question (when the legal basis is our legitimate interest).
  • After 20 years from the recording was made if we have entered into a licence agreement with you, unless there are special reasons for a longer storage period.
  • If you are a professional model employed by an agency: After the expiry of the period stated in the contract.  
 

Social media: 

Data controller:
Ørsted A/S or Ørsted Services A/S

We collect your personal data when you visit our pages on social media, when you tag, recommend or mention us, our brand, etc., on the Internet, including social media, and otherwise whenever you communicate with us in these contexts.  

We have profiles on Facebook, Instagram, Twitter, LinkedIn, YouTube and other platforms. 

Together with Facebook and LinkedIn (‘social media’), Ørsted Services A/S is the joint data controller for the collection of personal data about you whenever you visit our company’s social media sites. You can read more in the agreement on joint data responsibility with Facebook here, and LinkedIn here

You can read more about the specific data that social media process about you when you visit our company site on social media in the privacy policies of the relevant third parties, which we have a link to in the cookie list found in our cookie policy.

We also use media monitoring providers to monitor coverage of our company on the Internet, including on social media.

 


We collect data from the following sources:

  • Directly from you when you visit our digital services and our company’s social media sites or if you send enquiries to us via social media.

  • Social media 

We process the following data about you: 

General personal data: 

  • Name, profile photo, username, IP address.

  • The data you have made available via social media settings, as well as your responses to our social media posts and your sharing of these. 

  • In addition, Ørsted processes the data about you that you send to Ørsted, for example in connection with a direct enquiry from you to us on social media. This will typically be your name and the question you are asking us.

The personal data which Ørsted receives when you commuicate with us on social media.             
 

We process your personal data as described on the following legal basis:

  • GDPR, Article 6(1)(f) (necessary  to pursuit our 
    legitimate interest in marketing and to obtain knowledge about users of Ørsted’s social media sites, as well as to communicate with users of Ørsted’s social media sites. 

We store personal data for as long as necessary to meet these purposes:

  • Erasure of the personal data we receive when you communicate with us on social media will depend on the content of the communication, pursuant to the other storage periods specified in this privacy policy.

  • We erase enquiries received in our social media inbox no later than after one year, unless Ørsted has a legitimate interest in storing the enquiry for a longer period. Examples of this are pending cases or if the processing of a response has not been finalised. 

  • Comments and similar public reactions to our profiles and posts are usually not deleted, unless you decide to delete these yourself, or in the event the tone is derogatory or abusive.

  • Data on social media, such as Facebook and Instagram, is stored by the social media companies according to the specifications in their own privacy policy.

4. Recipients of your personal data 

Depending on the circumstances, Ørsted may share your data with:

  • Suppliers, including IT suppliers, support, suppliers of goods and financial institutions cooperating with us in order to assist Ørsted
  • Group enterprises – see list of Ørsted enterprises in our annual report 
  • Public authorities 
  • Business partners
  • Players in the energy sector (distribution companies, Energinet.dk, public authorities and energy suppliers)


5. Personal data about other parties 

If you provide personal data about other people (e.g. contact information for colleagues in the company in which you are employed), you must make sure that they agree to this, and that you have permission to provide us with such data. In addition, you must refer them to this privacy policy when you provide us with their data. 

6. Transfer to third countries 

In certain situations, we will transfer your personal data to countries outside the EU/EEA. Please contact us if you want a list of relevant countries outside the EU/EEA. 

Such transfers to third countries will be made on the following legal basis:

  • These countries have not been determined by the European Commission to be countries offering an adequate level of data protection. We will therefore ensure that there are appropriate safeguards using the standard contractual clauses for the transfer of personal data to third countries, as published by the European Commission. You can obtain a copy of this contract by contacting us on info@orsted.com.

 

7. Mandatory information 

The data marked with an * are mandatory. If you do not provide these data, we cannot:

  • Identify pictures, videos and recordings of you and erase them in accordance with our erasure rules; and 
  • pay the fee in accordance with the license agreement  


8. Your rights

When we process your data, you have the following rights:

  • You have the right of access to, rectification or erasure of your personal data.
  • You also have the right to object to the processing of your personal data and to have the processing of your personal data restricted.
  • In particular, you have an unconditional right to object to the processing of your personal data for use for direct marketing purposes.
  • If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal of consent will not affect the lawfulness of the processing performed before withdrawal of your consent.
  • You have the right to receive the personal data that you have provided yourself in a structured, commonly used and machine-readable format (data portability).
  • You have the right to lodge a complaint with a supervisory authority, for example the Danish Data Protection Agency.

You can exercise your rights by contacting us, see section 9. If you have requested to receive information from Ørsted, such as newsletters, and you no longer wish to receive these, you can unsubscribe at any time via the email that you receive or by calling us.

These rights may be subject to conditions or restrictions. For example, you may not have the right to data portability in the case in question. It depends on the specific circumstances in connection with the processing activities. 

9. Contact Ørsted regarding the processing of personal data

If you wish to contact Ørsted regarding our processing of your personal data, please write to info@orsted.com or call us on +45 99 55 11 11. 

If you are unhappy with our response, you can lodge a complaint with your local data protection authority. 

In Denmark, the regulator is the Danish Data Protection Agency.

10. Changes in our privacy policy

This privacy policy replaces all previous versions. It will be necessary to update and amend this policy on an ongoing basis, and we thus reserve the right to update and amend it. In the event of an important amendment, we will notify you at orsted.com or send an email if we deem this necessary.
 
This privacy policy was last updated in April 2020.