Information on the processing
of personal data
Last updated: May 2022
Your data security is important to us, and we therefore make it a high priority that your data is handled in a responsible manner. Below, you can read how the companies in the EG group process your personal data when we act as a data controller. You can also read about your rights in relation to our processing of your data.
1. EG's role as the data controller
EG is one of Scandinavia's largest suppliers of technology solutions for the private and public sectors. Through constant focus on our customers, their industries and on delivering industry-leading solutions, EG enables our customers to become leaders in their field.
In connection with our company's operation, we process an amount of personal data. We do so in order for us to service you in the best possible way. We collect and process mostly general (non-sensitive) data.
EG consist of many entities across the world and therefore there may be different data controllers depending on which entity you're in contact with.
For a full list of the EG group please see a list here
2. What personal data we collect and for what purpose
We process personal data about you in a variety of situations. Read more below about our data processing in different situations.
2.1 Visitors to EG's websites
When you visit one of EG's websites (e.g. www.eg.dk), EG can process information about your IP address as well as information about your computer, device and browser.
We also process data that you provide to us in connection with your use of the website, e.g. when you complete a form, participate in an online event or register online, including your name, company name, company address, work phone number/mobile number, e-mail address, title, product interest and other information that you provide to us.
We use your information to enable us to make relevant services and products available to you and to improve your experience of our websites and online services as well as of the services and products we offer. We also use data to show you content on our and others' web pages based on your activities and preferences and to limit the number of times you see the same content.
Our basis for processing is our legitimate interests article 6(1),litra(f) of the General Data Protection Regulation (GDPR)) or your consent (article 6(1), litra(a) of GDPR. EG will also in some cases be legally obliged by other applicable national legislation.
2.2 EG's customers and potential customers
When you are a customer/potential customer of EG or a contact person with one of EG's customers/potential customers, EG processes personal data about you such as your name, company name, company address, work phone number/mobile number, e-mail address, title, your purchases, payment information and information from publicly available sources as well as other information that you provide to us.
We process personal data for the purpose of complying with the agreement we have with our customers, for the purpose of providing services, invoicing, courses and webinars, statistics and quality management, as well as for maintaining our customer records and providing overall service, marketing and sales to our customers and potential customers.
Our basis for processing is the agreement we have with you in accordance with article 6(1), litra(b) of GDPR or our legitimate interest article 6(1), litra (f) of GDPR.
2.3 Visitors to EG's offices
When you visit one of EG's offices, we process information about your name, company name and title, the name of your EG host and other information that you choose to provide to us.
We process this information for security reasons. Our basis for processing is our legitimate interests (article 6(1), litra (f) of GDPR).
Our registration of guests is stored at the reception for a short period of time. Our visitor register is stored securely and reviewed only if there is a specific need for it, e.g. in connection with a security breach. The register is reviewed only by persons who have a work-related need for it.
We indicate the places where we use CCTV in accordance with section 3(1) of the Danish Act on Video Surveillance. All recordings are stored safely and are played only if necessary, e.g. in case of a security breach. Recordings are played exclusively for people who have a work-related need for it. The recordings are typically overwritten automatically after a short period of time unless a problem is identified that requires scrutiny, such as theft.
2.4 Participants in EG's events
When you sign up for and participate in events held by EG, we process information about your name, company name, company address, work phone number/mobile number, e-mail address and the event you are attending.
We process this information for the purpose of managing the event and for security reasons as well as to send you relevant material. Our basis for processing is our legitimate interests (article 6(1), litra (f) of GDPR) or your consent (article 6(1), litra (a) of GDPR). EG will also in some cases be legally obliged by other applicable national legislation.
2.5 Marketing recipients and contestants
When you receive marketing materials from EG or participate in competitions, we process information about your name, company name, company address, work phone number/mobile number, e-mail address, title and product interest. We also process information about your marketing or communications preferences as well as your use of the marketing we send to you (including whether you have opened an e-mail from us, whether the e-mail is read and what links you have opened) and information that you provide to us.
We process your information for marketing our company and the company's products, for creating and administering you as a marketing subscriber and for managing competitions, drawing winners, etc. We use your preferences and usage data to understand the way our customers receive our marketing and to prepare marketing for you and our other customers in the future.
We also use data about you to show you content on our and others' web pages based on your activities and preferences and to limit the number of times you see the same content as well as to measure the effectiveness of our content and marketing.
We only send marketing material to you by e-mail or other electronic channels when we have obtained your consent in accordance with applicable national legislation.
In relation to our newsletter, we have established special terms: When you sign up to receive EG’s newsletter, you give EG your consent to process your personal data and solely to the purpose to receive newsletters and marketing materials. You may withdraw your consent unconditionally and at any time. This can be done by clicking the unsubscribe link in the newsletter. Your personal data will be deleted unless we have another legal basis to continue processing the personal data.
Our basis for processing is our legitimate interests (article 6(1), litra (f) of GDPR) and/or your consent (article 6(1), litra (a) of GDPR). EG will also in some cases be legally obliged by other applicable national legislation.
2.6 EG partners and/or suppliers
When you are an EG partner or supplier or a contact person with a partner/supplier, we process information about your name, company name, company address, work phone number, e-mail address and title as well as publicly available information and other information that you provide to us.
We process the data for use in contract management as well as to receive goods and services from our suppliers and partners and, where relevant, to honor agreements with our customers.
Our basis for processing is the agreement we have with you (article 6(1), litra (b) of GDPR) or our legitimate interests (article 6(1), litra (f) of GDPR).
2.7 Other general purposes of data processing
We may enrich the information described above with information from other sources. This may be publicly available information – including information that we obtain through generally available sources.
Information that we have obtained for the purposes described above may also be processed by EG for compliance with the laws and regulations to which EG is subject in connection with the operation of our company or to fulfil various reporting or disclosure obligations under applicable laws and regulations (article 6(1), litra (c) of GDPR).
If EG sells all or part of our business or sells or transfers our assets or otherwise is involved in a merger or transfer of all or a substantial part of our business, EG may transfer your information to the party or parties involved in the transfer as part of this transaction where permitted under Danish law (article 6(1), litra (f) of GDPR).
Finally, EG may process your personal data in order to enforce or defend our or any third party's legal or legitimate interests where necessary, legal and proportional (article 6(1), litra (c) of GDPR).
3. Sharing your data with others
EG may disclose your personal data internally within the EG group and to other suppliers and/or service providers in connection with the general operation of our business.
3.1. Public authority
EG may disclose your personal data to a public authority in situations where we are specifically bound to disclose your personal data in accordance with the laws and notification obligations to which we are subject.
3.2. Consolidated entities, suppliers and business partners
In order to execute our business, we depend on partners that can assist in the development, delivery and operation of our IT systems and in connection with our marketing. Therefore, EG may disclose your personal data internally within the EG group and to other suppliers and/or service providers solely in connection with the general operation of our business for our purposes and on our instructions. We have entered into written data processing agreements with all our subcontractors and all entities in the EG group have also entered into an intercompany data processing agreement ensuring that everyone follows the same procedures when processing personal data which guarantees the same level of security is maintained throughout.
We try to limit the disclosure of personal data in personally identifiable form and thus the disclosure of information that can be attributed to you personally.
In general, we use the balancing of interests rule in Article 6 (1)(f) of GDPR as the processing basis.
4. Transfer of personal data to countries outside the EU/EEA
In connection with our processing of your personal data, we may transfer the information to countries outside the EU/EEA. This includes service providers of various IT tools, including IT tols for cooperation which may be based outside the EU/EAA. In some countries the European Commission has determined that the data protection level is in line with the level of protection in the EU/EEA.
If we transfer personal data to countries where this is not the case, the transfer of your personal data to these countries outside of the EU/EEA will be based on the Standard Transfer Contracts (SCC) drawn up by the European Commission or another similar transfer basis specifically designed to ensure an adequate level of protection.
You can read more about the transfer of personal data to countries outside the EU/EEA on the European Commission's website.
You may at any time request information about or a copy of what appropriate safeguards form the basis for the transfer of personal data to recipients outside the EU/EEA by writing to us. See contact information below.
5. Storage period, data integrity and security
Your personal data is stored no longer than is necessary to meet the purposes for which it has been collected. When your data is no longer necessary, we will ensure that it is deleted in a safe manner.
It is our policy to protect personal data by taking adequate technical and organisational security measures.
Information security is EG's highest priority in terms of business risk. We work seriously and professionally with information security based on internationally recognised security standards – including ISO 27001/2. We have implemented security measures that will ensure data protection for all the personal data we process. We regularly conduct internal follow-ups in relation to the adequacy of and compliance with policies and measures.
6. Your rights
As a data subject, you have a number of rights under GDPR. Please contact us if you want to exercise your rights.
You may withdraw any consent unconditionally and at any time. This can be done by sending an e-mail to us (see the e-mail address below). Withdrawal of your consent will not have any negative impact. However, it may mean that we cannot honor specific requests from you in the future.
Withdrawal of your consent will not affect the lawfulness of processing on the basis of your consent before it is withdrawn. Furthermore, it will not affect any processing performed on another legal basis.
In addition, you may – unreservedly and at any time – raise objections to our processing when it is based on our legitimate interest.
Your rights also include the following:
Right to access: You have the right to gain access to the personal data we process about you.
Right to rectification: You have the right to have incorrect personal data about yourself corrected and incomplete personal data completed.
Right to erasure (right to be forgotten): Under certain circumstances, you have the right to have your personal data erased prior to the time when we normally delete it.
Right to restriction of processing: Under certain circumstances, you have the right to have the processing of your personal data restricted. If you are entitled to restricted processing, we will from that time on only process the data – with the exception of storage – with your consent or for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person or for reasons of important public interest.
Right to objection: You have the right to object to our processing of your personal data under certain circumstances – and always if the processing is for direct marketing purposes.
Right to data portability: Under certain circumstances, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit this personal data from one data controller to another.
Right to lodge a complaint: You can lodge a complaint with the relevant national Data Protection Agency at any time regarding our processing of personal data. For more information, see below on relevant data protection agency's website where you can also find further information about your rights as a data subject.
There may be conditions or limitations on these rights which depends on the specific circumstances of the processing activity.
7. Your right to lodge a complaint
If you have any questions or complaints about our processing of your personal data, please contact EG's Data Protection Office here:
Data Protection Office
2750 Ballerup, Denmark
Phone: +45 7013 2211
You may also lodge a complaint or contact the data protection supervisory authority in the EU/EEA member state of your habitual residence, place of work or where the alleged infringement has taken place.
Please find the contact details for your national data protection authorities here:
The Danish Data Protection Agency – www.datatilsynet.dk
The Norwegian Data Protection Authority – www.datatilsynet.no
The Swedish Data Protection Authority - www.datainspektionen.se
The Polish Data Protection Authority - www.uodo.gov.pl
The Finnish Office of the Data Protection Ombudsman – www.tietosuoja.fi
We are continuously evaluating and updating this data notification. It is therefore a good idea to keep yourself regularly updated. You can see above when the notification was last updated. The latest version will always be available on our websites.
To make EG's websites work properly, we will sometimes place small data files called cookies on your device.
A cookie is a small text file that is stored in the web browser on your computer, smartphone, iPad or whatever else you use to browse when you visit websites. Cookies make it possible to recognise your computer etc., to collect information about your online behavior, including what web pages and functions are visited with your web browser, and to ensure that it works from a purely technical standpoint.