Privacy policy

Home

Privacy policy

1. Introduction

This privacy policy describes how Ørsted processes your personal data.

We also refer to our other privacy policies on our websites (orsted.dk and orsted.com). These privacy policies apply to our business customers, suppliers, shareholders and job applicants.

2. Data controller

The legal entity responsible for collecting and processing your personal data is stated under the individual processing activities in section 3.

The data controllers’ contact information is listed below:

Ørsted Services A/S	Ørsted A/S
Company reg. no.: 27446458 Kraftværksvej 53 DK-7000 Fredericia Tel. +45 99 55 11 11 info@orsted.com	Company reg. no.: 36213728 Kraftværksvej 53 DK-7000 Fredericia Tel. +45 99 55 11 11 Info@orsted.com

3. Processing activities

In the table below, we describe how we process your personal data. We recommend that you do not send or inform us of your national identification number or any sensitive information when you use our website and its features.

Purpose	Categories of personal data	Legal basis	Retention
Using our digital services: Data controller: Ørsted Services A/S We process your personal data by using cookies and similar technologies when you use our digital services (website or apps). We use the data for the following purposes: Delivery of the digital service you have requested. Optimisation and development of the user experience of our website and the services we provide. Statistics for how our website is used and to improve the website. Read more about this in our cookie policy. We also use various third-party cookies and social media plugins to make it easier for you to share content from our website on Facebook, LinkedIn, etc. For these types of processing, Ørsted will in some instances be a joint data controller with the supplier of the third-party cookies in question. You can read more about this and find a link to the privacy policies of the relevant third parties on the cookie list, which is found in our cookie policy. We collect data from the following sources: Directly from you whenever you use our digital services.	We process the following data about you: General personal data: Information about your behaviour on our digital services (e.g. number of visits. Information about how you access our digital services, including IP address, use of browsers and operating system, cookies, your domains of origin as well as what content you read). Information about clicks on our advertisements, including if you are doing this from the website of another organisation or company.	We process your personal data as described on the following legal basis: GDPR, Article 6(1)(a) (consent). GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in providing the service you have requested, improving customer experience, developing and improving our digital services (in terms of both functionality and the system itself) and making it possible to share content on social media.)	We store your personal data as long as it is necessary for the purposes mentioned: Personal data collected via cookies will be deleted in accordance with the expiry periods listed in our cookie policy.
Customer communication: Data controller: Ørsted Services A/S Ørsted processes your personal data in order to communicate with you and to respond to your requests (e.g. providing service to you as an investor and giving you the best possible service). We collect data from the following sources: Directly from you	We process the following data about you: General personal data: Name, telephone number, email address and company.	We process your personal data as described on the following legal basis: GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in being able to respond to your enquiry and communicate with you.	We store your personal data as long as it is necessary for the purposes mentioned: We store your personal data for up to two years from the date on which you contact us.
Marketing, newsletters, company announcements and information about Ørsted: Data controller: Ørsted Services A/S and Ørsted A/S We process your personal data for marketing purposes, in order that we can: target our communication with you based on your areas of interest and focus, send you relevant marketing in the form of newsletters, etc. Further, we use your personal data to send company announcements and other information and to identify anyone else who might be interested in Ørsted. We also use first and third-party cookies to collect information about your behavior when you receive our newsletters, company announcements and marketing information, to improve our communication with you. We collect data from the following sources: Directly from you	We process the following data about you: General personal data: Name, email address, street address, IP address, country, and role. Newsletter subscription date. Areas of interest. Data you have submitted in response to marketing activities. Information about whether you choose to open newsletters, company announcements and marketing information you receive from us and when you open them (time and date). Information about clicks on links in our newsletters, company announcements and marketing information (e.g. which links you choose to click on, what content you read, the number of links you click on and use of email client).	We process your personal data as described on the following legal basis: GDPR, Article 6(1)(a) – consent (when signing up for newsletter, company announcements and marketing information and cookies in newsletters, company announcements and marketing information) GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in being able to send marketing material, newsletters, company announcements and information from Ørsted).	We store your personal data as long as it is necessary for the purposes mentioned: We store your personal data for as long as you wish to receive material from us and for two years after that. Personal data collected via cookies will be deleted in accordance with the expiry periods listed in our cookie policy.
Ørsted's job alert Data controller: Ørsted Services A/S We process personal data about individuals who sign up for Ørsted’s job alert. We collect data from the following sources: Directly from you when you sign up for Ørsted’s job alert	We process the following data about you: Ordinary personal data: Name, Email, Areas of work, Employment types, Countries that are checked by you, Locations that are checked by you.	We process your personal data as described on the following legal basis: GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in being able to manage that you have signed up for our job alert and in being able to notify you about relevant vacant positions).	We store your personal data as long as it is necessary for the purposes mentioned: We store your personal data for 2 years.
When you visit Ørsted’s physical locations: Data controller: Ørsted Services A/S We process personal data about guests who visit Ørsted’s physical locations. This is done for the following purposes: Visitor registration: We process your personal data to identify you and for parking and registration in our cafeteria. Wi-Fi access: We process your personal data when you want to access our free Wi-Fi. CCTV surveillance and access control: We process your personal data to issue an access card for you to use when you are on our premises. You may also be recorded on our CCTV system for reasons of security and crime prevention. We collect data from the following sources: Directly from you, including when you visit our locations. Your Ørsted contact person.	We process the following data about you: General personal data: Name, company, position, email, telephone number, licence plate and Ørsted contact person. IP and Mac addresses (when you use our Wi-Fi). Video footage from CCTV surveillance. .	We process your personal data as described on the following legal basis: GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interests in controlling access, preventing crime and taking legal action, and our legitimate interest in enabling you to access our parking facilities and Wi-Fi, and being able to provide cafeteria services.) Section 8(3) of the Danish Data Protection Act (necessary to pursuit our legitimate interest in preventing crime and taking legal action).	We store your personal data as long as it is necessary for the purposes mentioned: We store your personal data in connection with guest registration for up to one month after your visit. We erase the data that we use to provide you with an access card when the card is returned. Records in connection with the cafeteria visits and catering from the cafeteria are stored for one year from the time of registration due to internal accounting rules. Video footage from CCTV surveillance is erased seven days after being recorded, unless we have a lawful reason to store the footage for a longer period (e.g. to process a specific case).
Access to Ørsted logo and design files: Data controller: Ørsted Services A/S We process your personal data when you request access to Ørsted’s design and brand centre and when you need to gain access to the Ørsted logo and design files. We collect the data from the following sources: Directly from you	We process the following data about you: General personal data: User name, email and password.	We process your personal data as described on the following legal basis: GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in being able to give our business partners (agencies, photographers, design companies, sponsors, journalists, etc.) access to our logo and design files.	We store your personal data as long as it is necessary for the purposes mentioned: We store your personal data for the duration of our business relationship with you, and as long as you need access to our logo and design files.
Recordings and use of photo and video: Data controller: Ørsted Services A/S We process information in the form of images and recordings (‘recordings’). Recordings can be made on various occasions, e.g. Ørsted Day, design and innovation workshops, receptions, meetings, professional photo sessions, events and other arrangements. The recordings may be transmitted live. We process the recordings for both commercial and non-commercial purposes, for publication internally on our intranet, on websites, at conferences and in connection with similar marketing, education, training, branding, and commercial purposes. We may also process your personal data in connection with payment of remuneration if you have entered into a licence agreement with us. We collect personal data about you from the following sources: Directly from you when you provide us with your personal data and remuneration information. From group entities or subsidiaries when we share recordings and personal data about you. From third parties, comprising: Professional photographers hired to shoot the recordings Professional model agencies	We process the following data about you: Ordinary personal data: Photos, video and audio recordings, and information relating to the recording (where it was recorded, what is going on, etc.). Name, email, contact information. Bank account or other payment information and fee amounts.	We process your personal data as described on the following legal basis: GDPR, Article 6(1)(a) (consent); if you have signed a consent form. GDPR, Article 6(1)(b) (necessary for the performance of a contract between you and us); when we have entered into a licence agreement with you. GDPR, Article 6(1)(c) (necessary for us to comply with a legal obligation; the Bookkeeping Act and tax legislation in cases where we pay you remuneration). GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in marketing and using images from events for education, training, branding, and other commercial and non-commercial purposes).	We store personal data as long as necessary to meet these purposes. As a general rule, personal data will be erased: After 5 years from your signing of the consent form. After 5 years from the event/situation in question was recorded (when the legal basis is our legitimate interest). After 20 years from the recording was made if we have entered into a licence agreement with you, unless there are special reasons for a longer storage period. If you are a professional model employed by an agency: After the expiry of the period stated in the contract.
Social media: Data controller: Ørsted Services A/S We collect your personal data when you visit our pages on social media, when you tag, recommend or mention us, our brand, etc., on the Internet, including social media, and otherwise whenever you communicate with us in these contexts. We have profiles on Facebook, Instagram, Twitter, LinkedIn, YouTube and other platforms. Together with Facebook and LinkedIn (‘social media’), Ørsted Services A/S is the joint data controller for the collection of personal data about you whenever you visit our company’s social media sites. You can read more in the agreement on joint data responsibility with Facebook here, and LinkedIn here. You can read more about the specific data that social media process about you when you visit our company site on social media in the privacy policies of the relevant third parties, which we have a link to in the cookie list found in our cookie policy. We also use media monitoring providers to monitor coverage of our company on the Internet, including on social media. We collect data from the following sources: Directly from you when you visit our digital services and our company’s social media sites or if you send enquiries to us via social media. Social media	We process the following data about you: General personal data: Name, profile photo, username, IP address. The data you have made available via social media settings, as well as your responses to our social media posts and your sharing of these. In addition, Ørsted processes the data about you that you send to Ørsted, for example in connection with a direct enquiry from you to us on social media. This will typically be your name and the question you are asking us. The personal data which Ørsted receives when you communicate with us on social media are processed as described under the purpose: ‘Communication with you’.	We process your personal data as described on the following legal basis: GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in marketing and to obtain knowledge about users of Ørsted’s social media sites, as well as to communicate with users of Ørsted’s social media sites.	We store personal data for as long as necessary to meet these purposes: Erasure of the personal data we receive when you communicate with us on social media will depend on the content of the communication, pursuant to the other storage periods specified in this privacy policy. We erase enquiries received in our social media inbox no later than after one year, unless Ørsted has a legitimate interest in storing the enquiry for a longer period. Examples of this are pending cases or if the processing of a response has not been finalised. Comments and similar public reactions to our profiles and posts are usually not deleted, unless you decide to delete these yourself, or in the event the tone is derogatory or abusive. Data on social media, such as Facebook and Instagram, is stored by the social media companies according to the specifications in their own privacy policy.

Purpose

Categories of personal data

Legal basis

Retention

Using our digital services:

Data controller: Ørsted Services A/S

We process your personal data by using cookies and similar technologies when you use our digital services (website or apps).

We use the data for the following purposes:

Delivery of the digital service you have requested.

Optimisation and development of the user experience of our website and the services we provide.

Statistics for how our website is used and to improve the website.

Read more about this in our cookie policy.

We also use various third-party cookies and social media plugins to make it easier for you to share content from our website on Facebook, LinkedIn, etc. For these types of processing, Ørsted will in some instances be a joint data controller with the supplier of the third-party cookies in question. You can read more about this and find a link to the privacy policies of the relevant third parties on the cookie list, which is found in our cookie policy.

We collect data from the following sources:

Directly from you whenever you use our digital services.

We process the following data about you:

General personal data:

Information about your behaviour on our digital services (e.g. number of visits. Information about how you access our digital services, including IP address, use of browsers and operating system, cookies, your domains of origin as well as what content you read).

Information about clicks on our advertisements, including if you are doing this from the website of another organisation or company.

We process your personal data as described on the following legal basis:

GDPR, Article 6(1)(a) (consent).

GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in providing the service you have requested, improving customer experience, developing and improving our digital services (in terms of both functionality and the system itself) and making it possible to share content on social media.)

We store your personal data as long as it is necessary for the purposes mentioned:

Personal data collected via cookies will be deleted in accordance with the expiry periods listed in our cookie policy.

Customer communication:

Data controller: Ørsted Services A/S

Ørsted processes your personal data in order to communicate with you and to respond to your requests (e.g. providing service to you as an investor and giving you the best possible service).

We collect data from the following sources:

Directly from you

We process the following data about you:

General personal data:

Name, telephone number, email address and company.

We process your personal data as described on the following legal basis:

GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in being able to respond to your enquiry and communicate with you.

We store your personal data as long as it is necessary for the purposes mentioned:

We store your personal data for up to two years from the date on which you contact us.

Marketing, newsletters, company announcements and information about Ørsted:

Data controller: Ørsted Services A/S and Ørsted A/S

We process your personal data for marketing purposes, in order that we can:

target our communication with you based on your areas of interest and focus,

send you relevant marketing in the form of newsletters, etc.

Further, we use your personal data to send company announcements and other information and to identify anyone else who might be interested in Ørsted.

We also use first and third-party cookies to collect information about your behavior when you receive our newsletters, company announcements and marketing information, to improve our communication with you.

We collect data from the following sources:

Directly from you

We process the following data about you:

General personal data:

Name, email address, street address, IP address, country, and role.
Newsletter subscription date.
Areas of interest.
Data you have submitted in response to marketing activities.

Information about whether you choose to open newsletters, company announcements and marketing information you receive from us and when you open them (time and date).

Information about clicks on links in our newsletters, company announcements and marketing information (e.g. which links you choose to click on, what content you read, the number of links you click on and use of email client).

We process your personal data as described on the following legal basis:

GDPR, Article 6(1)(a) – consent (when signing up for newsletter, company announcements and marketing information and cookies in newsletters, company announcements and marketing information)

GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in being able to send marketing material, newsletters, company announcements and information from Ørsted).

We store your personal data as long as it is necessary for the purposes mentioned:

We store your personal data for as long as you wish to receive material from us and for two years after that.

Personal data collected via cookies will be deleted in accordance with the expiry periods listed in our cookie policy.

Ørsted's job alert

Data controller: Ørsted Services A/S

We process personal data about individuals who sign up for Ørsted’s job alert.

We collect data from the following sources:

Directly from you when you sign up for Ørsted’s job alert

We process the following data about you:

Ordinary personal data:

Name,
Email,
Areas of work,
Employment types,
Countries that are checked by you,
Locations that are checked by you.

We process your personal data as described on the following legal basis:

GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in being able to manage that you have signed up for our job alert and in being able to notify you about relevant vacant positions).

We store your personal data as long as it is necessary for the purposes mentioned:

We store your personal data for 2 years.

When you visit Ørsted’s physical locations:

Data controller: Ørsted Services A/S

We process personal data about guests who visit Ørsted’s physical locations.

This is done for the following purposes:

Visitor registration: We process your personal data to identify you and for parking and registration in our cafeteria.
Wi-Fi access: We process your personal data when you want to access our free Wi-Fi.
CCTV surveillance and access control: We process your personal data to issue an access card for you to use when you are on our premises. You may also be recorded on our CCTV system for reasons of security and crime prevention.

We collect data from the following sources:

Directly from you, including when you visit our locations.
Your Ørsted contact person.

We process the following data about you:

General personal data:

Name, company, position, email, telephone number, licence plate and Ørsted contact person.
IP and Mac addresses (when you use our Wi-Fi).
Video footage from CCTV surveillance.

.

We process your personal data as described on the following legal basis:

GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interests in controlling access, preventing crime and taking legal action, and our legitimate interest in enabling you to access our parking facilities and Wi-Fi, and being able to provide cafeteria services.)

Section 8(3) of the Danish Data Protection Act (necessary to pursuit our legitimate interest in preventing crime and taking legal action).

We store your personal data as long as it is necessary for the purposes mentioned:

We store your personal data in connection with guest registration for up to one month after your visit.

We erase the data that we use to provide you with an access card when the card is returned.

Records in connection with the cafeteria visits and catering from the cafeteria are stored for one year from the time of registration due to internal accounting rules.

Video footage from CCTV surveillance is erased seven days after being recorded, unless we have a lawful reason to store the footage for a longer period (e.g. to process a specific case).

Access to Ørsted logo and design files:

Data controller: Ørsted Services A/S

We process your personal data when you request access to Ørsted’s design and brand centre and when you need to gain access to the Ørsted logo and design files.

We collect the data from the following sources:

Directly from you

We process the following data about you:

General personal data:

User name, email and password.

We process your personal data as described on the following legal basis:

GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in being able to give our business partners (agencies, photographers, design companies, sponsors, journalists, etc.) access to our logo and design files.

We store your personal data as long as it is necessary for the purposes mentioned:

We store your personal data for the duration of our business relationship with you, and as long as you need access to our logo and design files.

Recordings and use of photo and video:

Data controller: Ørsted Services A/S

We process information in the form of images and recordings (‘recordings’). Recordings can be made on various occasions, e.g. Ørsted Day, design and innovation workshops, receptions, meetings, professional photo sessions, events and other arrangements.

The recordings may be transmitted live.

We process the recordings for both commercial and non-commercial purposes, for publication internally on our intranet, on websites, at conferences and in connection with similar marketing, education, training, branding, and commercial purposes.

We may also process your personal data in connection with payment of remuneration if you have entered into a licence agreement with us.

We collect personal data about you from the following sources:

Directly from you when you provide us with your personal data and remuneration information.

From group entities or subsidiaries when we share recordings and personal data about you.

From third parties, comprising:

Professional photographers hired to shoot the recordings

Professional model agencies

We process the following data about you:

Ordinary personal data:

Photos, video and audio recordings, and information relating to the recording (where it was recorded, what is going on, etc.).
Name, email, contact information*.
Bank account or other payment information and fee amounts*.

We process your personal data as described on the following legal basis:

GDPR, Article 6(1)(a) (consent); if you have signed a consent form.

GDPR, Article 6(1)(b) (necessary for the performance of a contract between you and us); when we have entered into a licence agreement with you.

GDPR, Article 6(1)(c) (necessary for us to comply with a legal obligation; the Bookkeeping Act and tax legislation in cases where we pay you remuneration).

GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in marketing and using images from events for education, training, branding, and other commercial and non-commercial purposes).

We store personal data as long as necessary to meet these purposes. As a general rule, personal data will be erased:

After 5 years from your signing of the consent form.

After 5 years from the event/situation in question was recorded (when the legal basis is our legitimate interest).

After 20 years from the recording was made if we have entered into a licence agreement with you, unless there are special reasons for a longer storage period.

If you are a professional model employed by an agency: After the expiry of the period stated in the contract.

Social media:

Data controller: Ørsted Services A/S

We collect your personal data when you visit our pages on social media, when you tag, recommend or mention us, our brand, etc., on the Internet, including social media, and otherwise whenever you communicate with us in these contexts.

We have profiles on Facebook, Instagram, Twitter, LinkedIn, YouTube and other platforms.

Together with Facebook and LinkedIn (‘social media’), Ørsted Services A/S is the joint data controller for the collection of personal data about you whenever you visit our company’s social media sites. You can read more in the agreement on joint data responsibility with Facebook here, and LinkedIn here.

You can read more about the specific data that social media process about you when you visit our company site on social media in the privacy policies of the relevant third parties, which we have a link to in the cookie list found in our cookie policy.

We also use media monitoring providers to monitor coverage of our company on the Internet, including on social media.

We collect data from the following sources:

Directly from you when you visit our digital services and our company’s social media sites or if you send enquiries to us via social media.
Social media

We process the following data about you:

General personal data:

Name, profile photo, username, IP address.
The data you have made available via social media settings, as well as your responses to our social media posts and your sharing of these.
In addition, Ørsted processes the data about you that you send to Ørsted, for example in connection with a direct enquiry from you to us on social media. This will typically be your name and the question you are asking us.

The personal data which Ørsted receives when you communicate with us on social media are processed as described under the purpose: ‘Communication with you’.

We process your personal data as described on the following legal basis:

GDPR, Article 6(1)(f) (necessary to pursuit our legitimate interest in marketing and to obtain knowledge about users of Ørsted’s social media sites, as well as to communicate with users of Ørsted’s social media sites.

We store personal data for as long as necessary to meet these purposes:

Erasure of the personal data we receive when you communicate with us on social media will depend on the content of the communication, pursuant to the other storage periods specified in this privacy policy.
We erase enquiries received in our social media inbox no later than after one year, unless Ørsted has a legitimate interest in storing the enquiry for a longer period. Examples of this are pending cases or if the processing of a response has not been finalised.
Comments and similar public reactions to our profiles and posts are usually not deleted, unless you decide to delete these yourself, or in the event the tone is derogatory or abusive.
Data on social media, such as Facebook and Instagram, is stored by the social media companies according to the specifications in their own privacy policy.

4. Mandatory information

The information marked with asterisk (*) are mandatory. If you do not provide these data, we cannot:

Properly identify the pictures, videos and recordings of you and delete them in accordance with our retention policy; and
pay the remuneration in accordance with the licence agreement.

5. Recipients of your personal data

Depending on the circumstances, Ørsted may share your data with:

Suppliers, including IT suppliers, support, suppliers of goods and financial institutions that we work with in order to assist Ørsted
Ørsted group entities – see a list here
Public authorities
Business partners
Players in the energy sector (distribution companies, Energinet.dk, public authorities and energy suppliers)

6. Transfer to third countries

In certain situations, Ørsted will transfer personal data to countries outside EU/EEA. Such transfers to third countries will be made on the following legal basis

The countries have been deemed by the Commission of the European Union to have an adequate level of protection of personal data (so called safe third countries).
If the countries have not been deemed by the Commission of the European Union to have an adequate level of protection of personal data: Ørsted will provide appropriate safeguards for the transfer through standard contractual clauses, as published by the Commission of the European Union, for the transfer of personal data to third countries.
You can obtain a copy of this contract by contacting us on info@orsted.com.

7. Your rights

When we process your data, you have the following rights:

You have the right of access to, rectification or erasure of your personal data.
You also have the right to object to the processing of your personal data and to have the processing of your personal data restricted.
In particular, you have an unconditional right to object to the processing of your personal data for use for direct marketing purposes.
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal of consent will not affect the lawfulness of the processing performed before withdrawal of your consent.
You have the right to receive the personal data that you have provided yourself in a structured, commonly used and machine-readable format (data portability).
You have the right to lodge a complaint with a supervisory authority (in Denmark: the Danish Data Protection Agency).

You can exercise your rights by contacting us, see section 8. These rights may be subject to conditions or restrictions. For example, you may not have the right to data portability in the case in question. This will depend on the specific circumstances in connection with the processing activities.

If you have requested to receive information from Ørsted, such as newsletters, and you no longer wish to receive these, you can unsubscribe at any time via the email that you receive or by calling us.

8. Contact Ørsted regarding the processing of personal data

If you wish to contact Ørsted regarding our processing of your personal data, please write to info@orsted.com or call us on +45 99 55 11 11.

If you are not satisfied with our response, you can always lodge a complaint with your local data protection authority.

In Denmark, the regulator is the Danish Data Protection Agency.

Tel.: +45 33 19 32 00
Email address: dt@datatilsynet.dk
Website: datatilsynet.dk

9. Changes in our privacy policy

This privacy policy replaces all previous versions. It will be necessary to update and amend this policy on an ongoing basis, and we thus reserve the right to update and amend it. In the event of an important amendment, we will notify you at orsted.com or send an email if we deem this necessary.

This privacy policy was last updated: January 2024.