GENERAL PRIVACY NOTICE
1. Introduction
This Privacy Notice explains how Saltfoss Energy ApS (also known as Saltfoss ApS), a Danish company with registered address at Titangade 11, DK-2200 Copenhagen, Denmark and CVR (company registration number) 37859087 and its affiliated companies (“Saltfoss”, “we” or “us”) use your personal data.
In certain situations other provisions apply or supplement this Privacy Notice, e.g. we also have a Privacy Notice for Business Partners relating to our customers, partners and suppliers; a Privacy Notice for Recruitment that our job applicants are provided with as part of the recruitment process; and when you use our website, our Cookie Policy supplements this Privacy Notice.
2. Data controller
The controller of the personal data about you that we collect and process is Saltfoss ApS and for the purposes of this privacy notice its contact details are:
Email: dataprivacy@saltfoss.com
3. What personal data we use, for what purpose, and on what legal basis
Users of our website
We process your personal data by using cookies and similar technologies when you use our website. We do this in order to optimize and develop the user experience of our website and to obtain statistics on how our website is used. Read more about this in our Cookie Policy. The table below sets out what personal data we use and on what legal basis:
What personal data we use
Information about your behaviour on our digital services (e.g. number of visits, information about how you access our digital services, including use of browsers and operating system, cookies, your domains of origin as well as which pages of our website you view).
Legal basis
Article 6(1)(a) of the GDPR (consent):
To the extent you have consented to our processing of your personal data by making the corresponding selection on our cookie banner.
Article 6(1)(f) of the GDPR (legitimate interests):
We have a legitimate interest in improving customer experience and developing and improving our digital services (in terms of both functionality and the system itself).
Guests at our offices or laboratories
If you visit our offices or laboratories, we use personal data about you in order to identify you, give you access to our premises, and inform you about applicable visitor rules; to administer your use of our parking and cafeteria facilities; to provide you access to our free Wi-Fi if you wish to do so; and (through the use of CCTV surveillance) for reasons of security and crime prevention. The table below sets out what personal data we use and on what legal basis:
What personal data we use
(a) Contact information (e.g. name, address, e-mail and phone number);
(b) work-related information (e.g. title, workplace);
(c) personal information (e.g. licence plate if you use one of our car parks);
(d) IP / Mac address (if you use our Wi-Fi); and
(e) video footage of you from CCTV surveillance
Legal basis
Article 6(1)(f) of the GDPR (legitimate interests):
We have a legitimate interest in controlling access to our premises, preventing crime and taking legal action. We also have a legitimate interest in enabling you to access our parking facilities and Wi-Fi, and being able to provide cafeteria services.
Attendance at events
If you attend events we have organised (e.g. receptions, seminars or training), we may process information in the form of images and recordings (“recordings”). The recordings may be transmitted live. We process the recordings for both commercial and non-commercial purposes, for publication internally on our intranet, on websites, at conferences and in connection with similar marketing, education, training, branding, and commercial purposes. (See also “Guests at our offices and laboratories” above if you attend an event at our premises.) The table below sets out what personal data we use and on what legal basis:
What personal data we use
(a) Contact information (e.g. name, address, e-mail and phone number); and
(b) photos, video and audio recordings, and information relating to the recording (e.g. where it was recorded and on what occasion)
Legal basis
Article 6(1)(a) of the GDPR (consent):
If you have signed a consent form or otherwise given your consent.
Article 6(1)(f) of the GDPR (legitimate interests):
We have a legitimate interest in marketing and using images from events for education, training, branding, and other commercial and non-commercial purposes.
Social media
We collect your personal data when you visit our pages on social media, when you tag, recommend or mention us, our brand, etc., on the internet, including social media, and otherwise whenever you communicate with us in these contexts. We have profiles on Facebook, LinkedIn and Twitter. Together with Facebook and LinkedIn (“social media”), Saltfoss ApS is the joint data controller for the collection of personal data about you whenever you visit our social media sites. You can read more in the agreement on joint data responsibility with Facebook here , and LinkedIn here . You can read more about the specific data that social media process about you when you visit our company site on social media in the privacy policies of the relevant third parties. We also use media monitoring providers to monitor coverage of our company on the Internet, including on social media. The table below sets out what personal data we use and on what legal basis:
What personal data we use
(a) Name, profile photo, username, IP address;
(b) the data you have made available via social media settings, as well as your responses to our social media posts and your sharing of these; and
(c) the data about you that you send to Saltfoss, e.g. in connection with a direct enquiry from you to us on social media (this will typically be your name and the question you are asking us).
Legal basis
Article 6(1)(f) of the GDPR (legitimate interests):
We have a legitimate interest in marketing and to obtain knowledge about users of Saltfoss’ social media sites, as well as to communicate with users of Saltfoss’ social media sites.
4. Recipients of your personal data
Depending on the circumstances, we may share your data with:
suppliers, including IT suppliers, suppliers of goods and services, and financial institutions that we work with in order to assist us;
our affiliated companies;
public authorities; and
business partners.
5. Transfer to third countries
In certain situations, we will transfer personal data to countries outside the EU/EEA. Such transfers to third countries will be made on the following legal basis:
The countries have been deemed by the Commission of the European Union to have an adequate level of protection of personal data (so called safe third countries).
If the countries have not been deemed by the Commission of the European Union to have an adequate level of protection of personal data: Saltfoss will provide appropriate safeguards for the transfer through standard contractual clauses, as published by the Commission of the European Union, for the transfer of personal data to third countries. You can obtain a copy of this contract by contacting us at dataprivacy@saltfoss.com
6. Storage of your personal data
We will store your personal data as long as it is necessary for the purpose described in Section 3 above and/or as required under applicable law, and we will then delete or anonymise your personal data appropriately.
The criteria we will use to determine the storage period of your personal data will therefore depend on the purpose for which the personal data have been collected as well as the rules on storage which is required by specific national legislation.
7. Your rights
When we process your data, you have the following rights:
You have the right of access to, rectification or erasure of your personal data.
You also have the right to object to the processing of your personal data and to have the processing of your personal data restricted.
In particular, you have an unconditional right to object to the processing of your personal data for use for direct marketing purposes.
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal of consent will not affect the lawfulness of the processing performed before withdrawal of your consent.
You have the right to receive the personal data that you have provided yourself in a structured, commonly used and machine-readable format (data portability).
You have the right to lodge a complaint with a supervisory authority (in Denmark: the Danish Data Protection Agency.
You can exercise your rights by contacting us, see section 8. These rights may be subject to conditions or restrictions. For example, you may not have the right to data portability in the case in question. This will depend on the specific circumstances in connection with the processing activities.
If you have requested to receive information from Saltfoss, such as newsletters, and you no longer wish to receive these, you can unsubscribe at any time via the email that you receive or by calling us.
8. Contact Saltfoss regarding the processing of personal data
If you wish to contact Saltfoss regarding our processing of your personal data, please write to dataprivacy@saltfoss.com
If you are not satisfied with our response, you can always lodge a complaint with your local data protection authority.
In Denmark, the regulator is the Danish Data Protection Agency.
Tel.: +45 33 19 32 00
Email address: dt@datatilsynet.dk
9. Changes in this privacy notice
This privacy notice replaces all previous versions. It will be necessary to update and amend this notice on an ongoing basis, so we reserve the right to update and amend it.
This privacy notice was last updated in May 2025.