Privacy Notification

Svitzer Global Data Privacy Notification

This Privacy Notification is effective as of 10 February 2025.

This Privacy Notification explains how Svitzer Group A/S and its affiliated companies (“Svitzer”, “we”, “us”, “our”) use personal data about you on our websites, Svitzer’s pages on social media, mobile applications, or other sites that display this Privacy Notification. You can see Svitzer affiliates in our latest Annual Report here. This Privacy Notification will also apply to information gathered from your visits to our facilities.

Specific provisions

In specific situations, other provisions apply or supplement this Privacy Notification:

• when applying for a job with Svitzer only the Privacy Notification for Recruitment applies.
• when using our websites, including mobile applications and third party social media where Svitzer is present, the Cookie Policy supplements the Privacy Notification.

Protecting your personal data

With offices and operations throughout the world, personal data may be transferred or be accessible internationally throughout Svitzer’s global business. Any such transfers throughout Svitzer’s global business takes place in accordance with the applicable local data privacy laws and regulations and for the European Union in accordance with GDPR.

Types of personal data that we use, purpose and the legal basis

Svitzer customers

If you are a customer to Svitzer, we use personal data about you to fulfil the agreement between the parties, e.g., the administration of the agreement, payment, delivery of goods and services etc., where we use:

1. Business contact information (e.g., name, address, email, and phone number)
2. Job title
3. Third-party compliance screening

Svitzer is also legally required to document the personal data in financial transactions when fulfilling our agreement, e.g., when paying or receiving payment for delivery of goods and services etc.

Suppliers, Vendors, or other Third Parties to Svitzer

If you are a supplier, vendor, or another third party engaging with Svitzer, we use personal data about you to fulfil the agreement between the parties, e.g., the administration of the agreement, payment, delivery of goods and services etc., where we use:

1. Business contact information (e.g., name, address, email, and phone number)
2. Job title
3. Banking Information
4. Third-party compliance screening

Svitzer is also, as per relevant laws, required to document the personal data in financial transactions when fulfilling our agreement, e.g., when paying or receiving payment for delivery of goods and services etc.

Consultants to Svitzer

If you are a consultant to Svitzer, we use personal data about you to fulfil the agreement between the parties, e.g., the administration of the agreement, payment and services etc., where we use:

1. Business contact information (e.g., name, address, email, and phone number)
2. Professional CV and job title
3. Date of birth and other personal data as relevant
4. Banking Information
5. Information relating to the consultancy tasks, including certificates where relevant.
6. Depending on the work location, additional personal data may be required for access to or performing work in building, IT-system and fleet.

Svitzer is also, as per relevant laws, required to document the personal data in financial transactions when fulfilling our agreement, e.g., when paying for delivery of consultancy services etc.

Guests at our facilities

If you visit our facilities and sites, we use personal data about you to identify you and to inform you about applicable visitor rules, where either:

• our legitimate interest in correctly identifying you, safeguarding facilities and providing you with visitor instructions overrides your interest in the information not being used, or
• your freely given consent when you choose to disclose your personal data to us, or
• the personal data is being collected for performance of any contractual obligations,

are the legal bases for our use, where we use:

1. Contact information (e.g., name, address, email, and phone number)
2. Work related information (e.g., title, workplace)
3. Personal data (e.g., license plate, if you have used one of our parking lots)

Video surveillance (CCTV) of facilities may be in operation if so signposted.

Business administration

If you contact us, we use personal data about you to document quality and compliance (for instance in relation to statutes of limitations, security, litigation, or regulatory investigations) where either:

• our legitimate interest in improving our legal position overrides your interest in the information not being used, or
• your freely given consent when you choose to disclose your personal data to us,
• or the personal data is being collected for performance of any contractual obligations,

are the legal bases for our use, where we use:

1. Contact information (e.g., name, address, email, and phone number)
2. Other applicable information

When you are marketed to or interact with us on social media

Investor relations notification e-mails

When you sign up to our investor relations notification e-mails:

If you sign up for our investor relations notifications, you consent (opt-in) to us sending you e-mails including company announcements and investor news where we use:

1. Contact information (email address)
2. Your preferences in relation to content of the notifications.

You may withdraw your consent (opt-out) at any time via links in the -emails or at investor.svitzer.com/unsubscribe.

If you interact with us on social media, we may process

1. Contact information (e.g., name, address, email, and phone number)
2. Content and the information you provide via contact forms, comments etc.
3. Information from your social media profiles

Either:

• In our legitimate interest to reply to you in the context of the social media
• your freely given consent when you choose to disclose your personal data to us, or via the legal basis on which our use of the social media platform allows us to process the personal data pertaining to you.
• personal data collected for the establishment, defence of or exercise of a legal claim.

We do not use automated decisions that have a legal effect or similarly significantly affect you.

Understanding our customers, consumers, and suppliers

We also make analyses to optimize our products, marketing, website, sales and to know more about our customers’ preferences in relation to Svitzer’s products and maintaining a CRM database. We do this by making analyses of our databases with information about e.g., website use, customer preferences, purchase history, sales and by sending questionnaires where either:

• our legitimate interest in using the personal data overrides your interest in the data not being used, or
• your freely given consent when you choose to disclose your personal data to us, or
• personal data collected for performance of any contractual obligations.,

We collect:

1. Information from our customer databases
2. Cookies as laid out in our Cookie Policy
3. User behaviour and logs from our websites and databases
4. The answers you provide regarding suggestions and preferences in the questionnaire

Compliance and security operations for all data subjects

We monitor user behaviour and have implemented security solutions on our website as well as in our solutions and on our premises, where either:

• our legitimate interest in anti-corruption, anti-fraud, anti-bribery, technical and physical security overrides your interest in the information not being used or
• your freely given consent when you choose to disclose your personal data to us, or
• personal data collected for performance of a contractual obligations.  

We collect:

1. Contact information (e.g., name, address, email, and phone number)
2. Cookies as laid out in our Cookie Policy
3. User behaviour and logs
4. Images captured by video surveillance in marked areas at Svitzer premises

Sharing of Personal Data

In addition to us sharing your Personal Data with Svitzer Group Entities, we may in some situations also share your Personal Data with third parties such as business partners, suppliers, vendors, consultants, agencies, customers, consumers, governmental bodies, courts, and IT hosting, supply and service providers that we use for our group’s IT environment (Third Parties). We only share Personal Data where it is relevant and necessary for us to perform the activities described in this Privacy Notification, for example, the fulfilment of your order, the processing of your payment details, or the provision of support services.

Transfer and protection of your personal data

As a global organization with offices and operations throughout the world, we will transfer Personal Data collected by us on an aggregated or individual level to various divisions, subsidiaries, joint ventures, and affiliated companies of Svitzer around the world for the purposes stated above and in accordance with applicable laws and regulations, as well as to contractors and sub-contractors to Svitzer (data processors and sub-processors) for storage and service purposes. Your Personal Data will not be disclosed to anyone outside Svitzer unless permitted or required under applicable legislations and regulations and where necessary subject to appropriate written assurances from third parties who have access to your personal data, in which they must guarantee that they will protect the data with security measures designed to provide an adequate level of protection.

Unless you are otherwise notified, any transfers of your Personal Data will be based on applicable local data privacy laws, which among other includes appropriate international data transfer mechanisms and safeguards such as an adequacy decision, Standard Contractual Clauses.

You can always request a copy of the transfer mechanisms, which includes the transfer of personal data, by contacting us.

Security measures

We choose to use suppliers that implement security in accordance with industry practices for good IT security, and we only use encrypted data communications when transferring sensitive and confidential personal data. We also maintain organizational, physical, and technical security arrangements for all the personal data we hold. We have protocols, controls and relevant policies, procedures, and guidance to maintain these arrangements considering the risks associated with the categories of personal data and the using we undertake. We store personal data on servers with limited access located in secured facilities, and our security measures are evaluated on an ongoing basis. The servers are protected by anti-virus software and firewalls, among other measures.

Personal Data retention

Svitzer stores your personal data for as long as it is necessary to fulfil the purpose of the use, unless Svitzer is obliged under applicable laws and regulations or is entitled to store the personal data for a longer period, more specifically:

• We retain your personal data if we have an ongoing relationship with you (in particular, if you have an account with us or have not withdrawn your marketing consent).
• We will only keep the personal data while your account is active or for as long as needed to provide services to you.
• We retain your personal data for as long as needed to comply with our global legal and contractual obligations.

We will also retain your Personal Data where this is advisable to safeguard or improve our legal position (for instance in relation to statutes of limitations, security, litigation, or regulatory investigations).

Data Subjects rights

You are entitled, in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law, to:

• Request access to the personal data we use about you: You have the right to ask us for information about or access to your personal data. There are some exemptions, which means you may not always receive all the data we use. 
• Request rectification of your personal data: this right entitles you to have your personal data be corrected if it is inaccurate or incomplete.
• Object to the use of your personal data: this right entitles you to request that we no longer use your Personal Data. However, it only applies in certain circumstances, and we may not need to stop the use if we can give legitimate reasons to continue using your personal data.
• Request the erasure of your personal data: this right entitles you to request the erasure of your personal data in certain circumstances.
• Request the restriction of the use of your personal data: this right entitles you to request that we only use your personal data in limited circumstances, including with your consent.
• Request portability of your personal data: this right entitles you to receive a copy (in a structured, commonly used, and machine-readable format) of personal data that you have provided to us or request us to transmit such personal data to another data controller.
• Withdraw your consent: You can withdraw your consent at any time by opting out in the email or by contacting us. However, this will not affect our right to use personal data obtained prior to the withdrawal of your consent, or our right to continue parts of the use based on other legal bases than your consent.
• File a complaint: You can always lodge a complaint with a data protection authority, for example the Danish Data Protection Agency.

Please note that certain personal data may be exempt from the above-mentioned rights pursuant to applicable data privacy laws, or other laws and regulations.

Contact information

Please contact our Global Compliance Officer at [email protected], or send a letter to Svitzer Group A/S, Sundkrogsgade 17, DK-2100 Copenhagen, Denmark, Att.: Global Compliance Officer if you have a general question about how Svitzer uses and/or protects your personal data, if you wish to exercise your rights, or if you wish to make a complaint about how Svitzer uses your personal data.