Privacy Policy
Last updated December 2022
A/S Global Risk Management Ltd. Fondsmæglerselskab Privacy Policy
Companies obligated by this document
| Company |
| A/S Global Risk Management Ltd. Fondsmæglerselskab |
Related policies
| Policy |
| Cookie policy |
Related procedures
| Procedure |
| Personal data security breach procedure |
Document review and sign-off
| Responsible for Review | Review date | Document approver | Approval date |
| Head of Legal | 7 December 2022 | Chief Financial Officer | 12 December 2022 |
Revision history
| Version | Revision description |
| 1.0 | Minor adjustments, including link to updated cookie policy |
1. Introduction and purpose
This document describes the policy for confidentiality and data protection. At A/S Global Risk Management Ltd. Fondsmæglerselskab (”GRM”, ”we”, ”us” or ”our”) confidentiality and data protection is a high priority.
2. Document scope
This privacy policy applies for our processing of personal data and provides you with the information you have the right to receive according to applicable data protection law. We use your personal data to provide and improve our services. By using our services, you agree to the collection and use of information in accordance with this Privacy Policy. You should read the privacy policy before submitting your personal data to GRM.
3. Legal basis
According to the General Data Protection Regulation (“GDPR”), all companies and organisations within the European Union (“EU”) and the European Economic Area (“EEA”), must have policies in place to ensure that the processing of personal data complies with the data protection obligations as set out in the regulation.
4. Data controller and contact information
The data controller for your personal data is:
A/S Global Risk Management Ltd. Fondsmæglerselskab
Address: Strandvejen 7, 5500 Middelfart, Denmark
Company registration no.: 39065606
Email: hedging@global-riskmanagement.com
Telephone: +45 8838 0000
5. Users of website
This section sets out the policy of GRM’s processing of personal data collected from users of GRM’s websites: www.global-riskmanagement.com. Collection of personal data GRM may collect, process and store personal data about you in the following instances:
– When you visit and browse our websites
– When you communicate with GRM
– When you subscribe to newsletters or other services – see the part for News Services below
Categories of personal data
GRM may collect, process, and store the following personal data about you:
• Identification data (such as name, e-mail address, telephone number and similar)
• Communications with you
• Interests in energy products and hedging
• Digital footprints (such as Information about your usage of our websites, IP address, MAC-address, the type of browser you are using, operating system and version, connection to Wi-Fi SSID, device name, location data and time zone)
Purposes of the processing
Your personal data may be processed for the following purposes:
• Promotional marketing in general
• Completion of requests received from you
• General communication
• Support
• Product and service development
• Statistics and analysis
Legal basis
GRM will mainly process your personal data based on one or more of the following legal bases:
• Legitimate interests: In most cases, the processing of your personal data will be based on our legitimate interest in, for instance, being able to reply to your inquiries, conducting statistics, analysis, marketing activities (where consent is not required), providing support as well as improving and developing our products and services (Article 6 (1) (f) of the General Data Protection Regulation).
• Consent: In exceptional cases and only when no other legal basis can be applied, GRM may ask separately for your consent to process your personal data (Article 6 (1) (a) of the General Data Protection Regulation). GRM will, for instance, only use your personal data to send you product information, newsletters, and other marketing material via e-mail if you have provided your prior and explicit consent hereto, unless applicable legislation allows us to contact you without such consent.
Retention period
Your personal data will be retained for up to 2 years from the date on which we registered your visit to our website. The specific retention period depends on the individual cookie. For further details, see our cookie policy.
Cookies
We use cookies on our websites. You can read more about the use of cookies in our Cookie Policy, which you can find at the
following link: www.global-riskmanagement.com/cookies
Links to other websites
Our websites may contain links to other websites. We are not responsible for the content of other companies’ websites or their practices in collecting personal data. When you visit other websites, you are advised to read the owner’s policy for protection of personal data and other relevant policies.
6. Persons at business partners
This section sets out the policy of GRM’s processing of personal data collected from persons at customers, suppliers and other business partners who collaborate with GRM.
Collection of personal data
GRM may collect, process and store personal data about you in the following instances:
• When your company or the company you are employed with enters into an agreement with GRM
• When you have shown an interest in GRM’s products or services, e.g., by providing your business card to GRM
• When you collaborate and communicate with GRM
Categories of personal data
GRM may collect, process, and store the following personal data:
• Identification data (such as name, e-mail address, telephone number and similar)
• Organizational data, such as company name, company address, job position, business area, primary work location and country
• Contractual data, such as purchase orders, invoices, contracts, and other agreements between your company (or your employer) and GRM, that may include e.g., your contact information and communications with you
• Legitimation papers such as passport or drivers’ license if we are obliged to carry out ‘know your customer’ procedures
• Financial data, such as payment terms, bank account details and credit ratings
Such information may be provided directly by you (primarily via e-mails and other correspondence) or by a third party such as your employer.
Purposes of the processing
Your personal data may be processed for the following purposes:
• Generally, to plan, perform and manage the business relationship, including any contracts
• Administration, such as processing payments, evaluation of credit ratings, performing accounting, auditing, billing, as well as providing support services
• Newsletters and other promotional communication
• Completion of requests received from you
• General communication
• Product and service development
• Statistics and analytics
• Compliance and regulatory purposes, such as fulfilling our legal and compliance-related obligations to prevent illegal activity or our obligation to carry out ‘know your customer’ procedures
• Dispute handling
Legal basis
GRM will mainly process your personal data based on the following legal bases:
• Contractual obligation: The processing of your personal data will in some cases be necessary for the performance of a contract (Article 6 (1) (b) of the General Data Protection Regulation).
• Legitimate interests: We may process your personal data pursuant to our legitimate interest in, for instance, to manage daily operations according to lawful and fair business practices, including planning, performing, and managing the business relationship or our legitimate interest in e.g., conducting credit ratings, statistics, analysis, marketing activities (where consent is not required), providing support as well as improving and developing our products and services. The processing may also be necessary for our legitimate interests in preventing fraud or establish, exercise, or defend legal claims (Article 6 (1) (f) of the General Data Protection Regulation).
• Legal obligation: The processing of your personal data will in some cases be necessary to comply with legal obligations, such as our obligations to prevent illegal activity (Article 6 (1) (c) of the General Data Protection Regulation).
• Consent: In exceptional cases and only when no other legal basis can be applied, GRM may ask separately for your consent to process your personal data (Article 6 (1) (a) of the General Data Protection Regulation). GRM will, for instance, only use your personal data to send you product information, newsletters, and other marketing material via e-mail if you have provided your prior and explicit consent hereto, unless applicable legislation allows us to contact you without such consent.
Retention period
Your personal data will be retained for the duration of your cooperation with GRM. We will retain and use Your personal data to the extent necessary for an additional 5 years, to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
7. Participants in competitions
This section sets out the policy for GRM’s procession of personal data in relation to competitions facilitated by GRM.
Collection of personal data
GRM may collect, process and store personal data about you when:
• You sign up for our competitions.
Categories of personal data:
• Identification data (such as name, e-mail address, telephone number and similar)
Purposes of the processing:
• Your personal data may be processed for the purpose of contacting you regarding marketing material about our products and services,
• Your personal data may be processed for the purpose of contacting you regarding potential future cooperation.
Legal basis:
• The terms which you have entered into by participating in our competitions.
• We may process your personal data based on our legitimate interests in facilitating your opportunity for participating in our competitions and similar (Article 6(1)(f) of the General Data Protection Regulation).
Retention period:
• Your personal data will be retained for a period of 6 months after the duration of your participation.
8. Information for job applicants
This section sets out the policy of GRM’s processing of personal data in relation to recruitment.
Collection of personal data
GRM may collect, process and store personal data about you as a part of the handling of your application and in relation to the recruitment process.
Categories of personal data
GRM may collect, process, and store the following personal data:
• Personal data which you have disclosed in your job application and CV as well as any attachments
• Personal data you disclose during any job interviews
• Information about you, including information regarding your previous jobs, activities, competencies, performance, as well as your general appearance, which is publicly available on the internet, including on social media.
• Results of personality tests etc.
• Criminal records
• References from your previous and/or current employers
• Credit information and rating if the position you have applied for involves financial responsibilities (e.g., bookkeeping or accounting)
Purposes of the processing
Your personal data will be processed for the purpose of assessing whether we can offer you a position.
Legal basis
GRM will mainly process your personal data based on the following legal bases:
• Request to enter into an employment contract with us: We may process your personal data based on your request to enter into an employment contract with GRM (Article 6(1)(b) of the General Data Protection Regulation).
• Legitimate interests: We may process your personal data based on our legitimate interests in carrying out further assessments of whether we want to hire you, including based on personality tests, publicly available information on the internet and – if the position entails a financial responsibility – credit information and rating (Article 6(1)(f) of the General Data Protection Regulation).
• Consent: In exceptional cases and only when no other legal basis can be applied, GRM may ask separately for your consent to process your personal data (Article 6 (1)(a) of the General Data Protection Regulation). GRM will, for instance, only take references from your previous and/or current employers or collect your criminal records if you have consented to this.
Retention period
If you are offered a position with GRM your application and additional relevant personal data obtained during the recruitment procedure will be stored in your employee file.
If you are not offered a position, we will store your application and any additional personal data obtained during the recruitment procedure for a period of 6 months following our rejection, unless you have provided your consent to the storage hereof for a longer period.
If we have collected your criminal records, we will delete them immediately after we have received and reviewed them.
9. News services
This section sets out the policy of GRM’s processing of personal data in relation to management of newsletters.
Collection of personal data
GRM may collect, process and store personal data about you when:
• You sign up for our newsletters or other services
• You interact with newsletters we have sent to you
Categories of personal data
• Identification data (such as name, e-mail address, telephone number and similar)
• Interests
• Click behaviour
• Information concerning your consent to receive newsletters
Purposes of the processing
Your personal data may be processed for the purpose of sending you newsletters and other marketing material regarding our products and services.
Legal basis
GRM will mainly process your personal data based on the following legal bases:
• Consent: GRM uses your personal data to send you product information, newsletters, and other marketing material via email or other medias based on your prior and explicit consent hereto (Article 6 (1)(a) of the General Data Protection Regulation), unless applicable legislation allows us to contact you without such consent.
• Legitimate interests: We may process your personal data based on our legitimate interests in adjusting our marketing material to you based on your click behaviour (Article 6 (1)(f) of the General Data Protection Regulation).
Retention period When you receive Newsletters or other services from us, we store your personal data for as long as you wish to
receive material. If you have withdrawn your consent, we store your data for up to two years thereafter.
10. Disclosure to other data controllers and transfer to data processors
To fulfil the above purposes, we may provide access to your personal data for third parties who, based on a contractual relationship with GRM provide relevant services, e.g., IT-providers, customer service centres, invoicing providers, email providers, marketing providers and affiliated companies Such service providers will only process personal data in accordance with our instructions pursuant to agreed data processing agreements.
In connection with GRM’s development, the company structure may change, e.g., through a full or partial sale of GRM. In case of a partial hand over of assets containing personal data, the legal basis for the related disclosure of personal data is, primarily, Article 6(1)(f) of the GDPR, as GRM has a legitimate interest in handing over part of its assets as well as making commercial changes.
Aside from above, it is a general rule that your personal data is not disclosed to a third party without your permission. However, under certain circumstances and in accordance with applicable law, we may need to disclose your personal data to
• Police
• Advisors such as lawyers and auditors
• Courts
• Public authorities
• Prospective buyers
• Affiliated companies – only upon consent
If your personal data is transferred to data processors or data controllers established in countries outside the EU/EEA which does not have an adequate level of protection, such transfer will in general be based on the EU Commission’s standard contracts.
11. Your rights
• You have the right to access the personal data we process about you
• You have the right to object to our collection and further processing of your personal data
• You have the right to have your personal data rectified and deleted, with certain statutory exceptions, including applicable bookkeeping and anti-money laundering legislation
• You have the right to request us to restrict the processing of your personal data
• Under certain circumstances you may also request to receive a copy of your personal data as well as the transmission of your personal data which you have provided us with to another data controller (data portability)
• You may, always, withdraw any consent you may have given. We will then delete your personal data unless we can continue the processing on another basis. Our newsletter can be unsubscribed by clicking the link at the bottom of the newsletter. Please be aware that withdrawal of your consent does not affect the legality of the processing based on your consent prior to the withdrawal.
12. Questions or complaints
If you have any questions in relation to this privacy policy or if you wish to make a complaint in connection to our processing of your personal data, please contact us:
A/S Global Risk Management Ltd. Fondsmæglerselskab
Address: Strandvejen 7, 5500 Middelfart, Denmark
Tel.: +45 8838 0000
Email: gdpr@global-riskmanagement.com
If your complaint is not resolved by us and you wish to proceed with the case, you can send your compliant to the supervisory authority in your country.
13. Changes to the privacy policy
We reserve the right to make changes to this privacy policy from time to time. When updated, the date of the privacy policy will be updated accordingly.
A/S GLOBAL RISK MANAGEMENT LTD. FONDSMÆGLERSELSKAB
Strandvejen 7 · 5500 Middelfart · Denmark · T +45 8838 0000 · hedging@global-riskmanagement.com · VAT 39065606
GLOBAL-RISKMANAGEMENT.COM