Personal data policy
As Nordic Solar Energy A/S (NSE) processes personal data, the following policy has been adopted.
NSE collects and stores the following types of personal data for the following specific purposes:
- Personal data of clients: providing clients with information regarding investments; execution and management of investments
NSE additionally collects and processes personal data to the extent that this is required by law, including money laundering regulations.
NSE will only collect and store personal data to the extent that this is strictly required for the purpose defined above.
Any person whose data has been collected and stored by NSE will upon request (using the above contact information) be informed on which data has been stored, how such data has been collected and to what purpose it is being used, as well as to whom such data has been transmitted (if applicable).
Upon request (to the above contact information) for the correction or deletion of personal data, NSE will investigate if the conditions for such a request are met and, in the given case, correct or delete the personal data as quickly as possible.
Personal data is verified in connection with its collection and thereafter continued to ensure that information will not be incorrect or misleading. Personal data is continuously updated. Incorrect personal data is corrected.
Personal data is deleted as soon as their storage is no longer required in relation to the purposes, which have justified its collection. The following rules for data deletion have been established:
- Personal data of clients: data to be deleted 5 years after the end of the client’s investment managed by NSE
Personal data is not transmitted to third parties except in cases, where NSE is obliged by law to report such data to public authorities or on the basis of data processor agreements, which are in accordance with the legal requirements to such agreements, ensuring the rights of the persons concerned.
Personal data is appropriately protected against loss and unauthorized access or publication. Access to the stored data is limited to selected employees to the extent that their access is necessary for fulfilling the defined purposes. Additionally, such employees only have access by means of personal passwords.
In case of a suspected violation of the information security for personal data (such as loss of data, possibility for unauthorized access, etc), the employee becoming aware of the such suspected violation shall immediately inform the director of NSE as the responsible manager. The director will gather and document all available information regarding the suspected violation. Insofar as the existence of a violation is confirmed, the director, together with the relevant employees and/or contracted data processors being in charge of the personal data concerned, will make a written assessment of the consequences of the violation, taking into account the gravity of the violation, as well as the type of personal information concerned. The written assessment will be shared with NSE’s board of directors and, insofar as this is necessary due to the gravity of the incident, with the Danish data protection authority (Datatilsynet) and the persons whose data has been concerned by the violation.