For that reason, Danfoss has implemented a set of Binding Corporate Rules (BCRs), introducing a global standard of data protection requirements to be complied with by all Danfoss entities. The BCRs have been approved by the European data protection agencies and establish the foundation for Danfoss’ processing of personal data.
1. General principles for processing of personal data
In order to ensure that your personal data is processed correctly and with a suitable level of data protection, Danfoss has adopted the following processing principles:
- Personal data is processed lawfully, fairly and in a transparent manner.
- Personal data is collected only for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Personal Data shall be accurate and, where necessary kept up to date and inaccurate or incomplete personal data will be rectified or erased or further processing suspended.
- Personal data shall not be kept in a form which permits identification of the Data Subjects for longer time than necessary for the purposes for which the data was collected or for which it is further processed.
- Personal data shall be processed in a manner that ensures appropriate security of the personal data.
Danfoss will always inform you of the collection and processing of your personal data unless we have a legitimate reason not to do so.
2. Types of personal data
We will collect and process your personal data in a number of ways when you engage with us via the various existing channels.
Some of the personal data is necessary to process in order for us to provide you with the services you have requested and some personal data you can choose to provide voluntarily. We will always let you know which personal data is necessary (e.g. via the use of an asterisk (*)) and the consequences of not providing such data to us, for instance that we will not be able to (fully) satisfy your request.
The personal data that we collect and process can generally be divided into the following categories:
- Contact information such as name, address, phone number, email address, title, place of work, etc.
- Information that you provide when contacting us via online contact forms, emails or phone.
- Profile information in case you create a profile or account with us, including username and password.
- User information such as technical data regarding usage and viewing, including IP addresses when you visit our websites or applications, including on third party sites.
- Transaction information, including credit card information when you purchase goods or services from us.
- Information from smart metering, metering the consumption of heating, cooling, water and other utilities.
- Application information, including your CV, in case you apply for a job with Danfoss. You will receive separate information regarding the processing of personal data in such respect when you submit your application.
- Information received via our Ethics Hotline.
As a general rule we will not process any special categories of personal data (special personal data) about you unless you have provided your explicit consent thereto or we are required to do in order to comply with applicable regulation.
3. Our purposes for processing your personal data
We only process your personal in order to pursue a legitimate purpose and generally we will only process your personal data if:
- You have provided your consent to such processing; or
- The processing is necessary for the performance of a contract; or
- The processing is necessary for compliance with a legal obligation that we are subject to; or
- The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party and such processing is not considered to be harmful towards you.
We process your personal data for the following purposes:
- To provide you with products, services and information that you request from us; or
- To send you newsletters or other marketing material, including surveys; or
- To administer our business relations and negotiate and execute agreements; or
- To provide general customer service and support; or
- To gain customer insights and knowledge of how our various services, including websites and applications, and products are used as well as evaluation and improvement hereof; or
- To communicate with you regarding various matters; or
- To complete investigations of reports filed by you via our whistle blower system, the “Ethics Hotline”; or
- comply with any applicable law.
- To operate, improve and optimize the performance and user experience of the website and its services.
- Perform customer and user analysis and segmentation in order to improve our understanding of our users, and provide better and tailored services to users, including you.
- Statistical purposes.
5. Use of your personal data throughout the Danfoss group
Danfoss is a global organisation with entities across the world. As a general rule, the data controller with respect to the personal data processed about you will be the local Danfoss entity in which you are a customer, with whom you engage in contact or enter into an agreement with. However, in order to pursue the purposes listed above in section 3, we may share your personal data with other Danfoss group entities either to carry out a task as instructed by the data controller (recipient acting as data processor) or to pursue a legitimate purpose of its own (recipient acting as individual data controller) provided that such making available or disclosure of your personal data is not restricted by law.
With respect to Danfoss entities established in countries outside the EEA not considered a safe third country (i.e. not ensuring an adequate level of data protection), the Danfoss BCRs serve as the legitimate basis for the transfer of your personal data.
You will be able to get an overall view of the countries with a Danfoss presence here.
6. Disclosure, transfer and making available personal data to recipients
Our disclosure and transfer of your personal data to recipients (natural or legal persons, public authorities, agencies or another body, to which the personal data is disclosed) is kept to a minimum and is subject to the existence of an adequate level of data protection.
We may disclose or make personal data available to recipients under the following circumstances:
- Recipients who carry out services on our behalf, such as e.g. hosting, cloud computing, IT-support, marketing services, administrative services, training services or other data processing. Such recipients are only allowed to process the personal data in accordance with our instructions and the relationship will be governed by a written data processor agreement; or
- To establish, exercise or defend our legal rights; or
- If you have provided your prior consent to the disclosure of personal data to a recipient or
- In the event of any merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Danfoss’ assets or stock (including without limitation in connection with any bankruptcy or similar proceedings) or
- As set out in our cookie-policy, cf. section 4 above.
If the recipient of the personal data is located in a country outside the EU/EEA not ensuring an adequate level of data protection, we will only transfer your personal data to such recipient following execution of a written transfer agreement based on the EU Commissions Standard Contractual Clauses.
7. Automated individual decisions
We may use automated decision making based on your personal data. Automated decision making will only take place if the decision is:
- necessary for entering into, or performance of a contract between you and Danfoss;
- authorized by Union or Member State law to which Danfoss is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- based on your consent.
In case we use automated decision making, we will ensure that suitable security measures are implemented.
Special personal data will in no event be subject to automated decision making unless you have provided your explicit consent or the processing is necessary for reasons of substantial public interest, on the basis of applicable law.
8. Your consent
As stated above some of our processing activities will be based on your consent. In such case, you will have the right to withdraw your consent at any time.
If you withdraw your consent, we will cease to process your personal data, unless and to the extent the continued processing or storage is permitted or required according to the applicable personal data legislation or other applicable laws and regulations.
Please note that the withdrawal of your consent will not affect the lawfulness of processing conducted prior to the withdrawal. Further, as a consequence of your withdrawal of your consent, we may not be able to satisfy your requests or provide you with our services.
9. Data Security
In order to safeguard your personal data, Danfoss has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected, having regard to the state of art and the costs of their implementation.
Following the evaluation of the risk, Danfoss has taken measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of personal data over a network, and against all other unlawful forms of processing.
In order to ensure that we always comply with applicable data protection legislation and the requirements laid down in the Danfoss BCRs and to ensure that our employees are familiar with such regulation, we have established an internal privacy training and education program that our employees across the world with permanent or regular access to personal data are obligated to complete.
11. Internal audits
Danfoss carries out regular audits of the ongoing processing of personal data to ensure that all Danfoss entities abide to the Danfoss BCRs and process personal data accordingly.
The audits cover all aspects of the BCRs including all IT systems, databases, security policies/standards, training programmes, privacy policies and manuals in place within Danfoss in respect of the BCRs.
12. Your rights
You have the right to access to the data processed about you, subject to certain statutory exceptions. Furthermore, you can object to the collection and further processing of your personal data. In addition, you have the right to correct your personal data, if necessary. You may also choose to request us to restrict the processing.
We will delete or correct any information, which is inaccurate or out of date by reason of the time elapsed since it was collected or by reason of any other information in our possession.
If you provide us with a written request, we will also delete your personal data without undue delay, unless we have a legal basis to continue the processing, e.g. if the processing is necessary to establish, exercise or defeat a legal claim or necessary to the performance of a contract with you.
In order to make use of any of the rights mentioned above, please contact us via the points of contacts listed in section 16.
With regard to such requests, kindly provide us with relevant information to take care of your request, including your full name and email address so that we can identify you. We will respond to your request as soon as possible and within one month.
If you disagree with our processing of your personal data please be informed that you can lodge a complaint with your local data protection agency.
If you have any complaints about the processing of personal data carried out by Danfoss, please feel free to contact us at any time.
Danfoss has established a privacy complaint system – the Danfoss Ethics Hotline – where you will be able to submit your complaint online. The Danfoss Ethics Hotline is available here
You may also submit a complaint directly with your local Danfoss entity or with the parent company Danfoss A/S:
Att. Global Data Protection Office
We will review and assess your complaint and if necessary we may contact you in order to obtain further information.
We strive at processing any complaint or objection within one month. If it is not possible to make a decision within one month, we will inform you grounds for the delay and of the time (not exceeding 6 months from receipt) at which the decision can be expected to be provided.
At any time before, during or after the complaint process described above, you may also raise a complaint/file a case with your local data protection agency, or other authorities within the jurisdiction of the relevant local Danfoss entity or Danfoss A/S.
14. Links to other websites, etc.
Our websites may contain links to other websites or to integrated sites. We are not responsible for the contents of the websites of other companies (third-party websites) or for the practices of such companies regarding the collection of personal data. When you visit third-party websites, you should read the owners’ policies on the protection of personal data and other relevant policies.
16. Contact information
Att. Global Data Protection Office
In some Danfoss companies you may also contact your Local Data Protection Officer, the contact details of which you can find here:
Local Protection Officers:
Danfoss Power Solutions GmbH & Co. OHG
Sondex Deutschland GmbH
21423 Winsen / Luhe
Danfoss Silicon Power GmbH
Husumer Str. 251
Version 1.2, May 08, 2018