GET IN TOUCH

PRIVACY POLICY

 

1. Introduction and Purpose of This Privacy Policy

KJAER GROUP A/S and its subsidiaries are committed to protecting the personal data we process in the course of our business.
This Privacy Policy explains how we collect, use, disclose, store, and protect personal data relating to customers, suppliers, partners, website visitors, and other individuals who interact with us.
We process personal data in accordance with the EU General Data Protection Regulation (GDPR), the Danish Data Protection Act, and other applicable legislation.
This version was updated in November 2025.

2. Who We Are

The data controller responsible for your personal data is:
KJAER GROUP A/S
Groennemosevej 6
DK-5700 Svendborg
CVR: 81317216
KJAER GROUP A/S acts as the data controller for the personal data we process in connection with our business activities, including customer relationships, supplier interactions, marketing, HR administration, and website use.
Some affiliated companies or business partners may act as independent controllers for specific purposes (for example, banks, insurance companies, fuel card providers, or logistics partners).

3. What Personal Data We Process

We only process personal data that is necessary for our business operations and lawful. The types of data depend on your relationship with us.

3.1 Customers and Prospects

We typically process:

  • Contact information: name, address, email, phone number
  • Customer and contract details: customer number, agreements, consent status
  • Transaction and financial data: purchase history, invoices, payment records
  • Vehicle-related information: VIN, service or product details
  • Communication records: emails, calls, and inquiries

3.2 Suppliers and Business Partners

We typically process:

  • Contact information: name, email, phone number, job title
  • Contract and business details: agreements, pricing, terms
  • Financial and invoice data: payment details, transaction records
  • Service and delivery information: orders, logistics, performance data
  • Communication records: emails, calls, and inquiries

3.3 Job Applicants and Employees

We may process:

  • Personal and contact information: name, address, email, phone number, date of birth.
  • Recruitment information: CV, applications, interview notes, assessment results, references.
  • Employment-related information: job role, contract details, salary, tax and payroll information, bank account, benefits data, work permits or residency documentation (where required)
  • HR administration data: performance and development information, leave and absence records, emergency contact details
  • System and security data: login credentials, access logs, building entry records (where applicable)
  • Information you provide voluntarily during your employment or recruitment process.

3.4 Visitors to Our Website

When you visit our website, we collect only what is necessary for security and to handle inquiries:

  • Basic technical data (e.g., IP address, browser type, device information) for site functionality and security
  • Information you submit voluntarily, such as through our whistleblowing form
  • No marketing cookies or tracking tools are used
  • Whistleblowing submissions are handled confidentially in line with applicable whistleblower protection rules

4. Why We Process Personal Data (Purposes)

We process personal data for several purposes, including:

Providing Products and Services

We use personal data to deliver services, manage orders and contracts, administer accounts, handle payments, and provide customer support.

Managing Customer, Supplier, and Partner Relationships

We maintain communication, fulfil agreements, manage warranties and claims, and keep records necessary for business relationships.

Legal and Regulatory Compliance

We process certain data to comply with accounting rules, tax law, labor legislation, and other legal obligations.

Legitimate Business Interests

We process data to maintain IT security, prevent fraud, improve our services, manage internal reporting, and ensure efficient operations.

Marketing (with Consent)

We send newsletters or marketing communications only if you consent. You can withdraw your consent at any time.

5. Legal Bases for Processing

We process personal data based on:

  • Contract (GDPR Art. 6(1)(b)): To fulfil agreements with customers, suppliers, and employees
  • Legal obligation (Art. 6(1)(c)): Danish Bookkeeping Act, employment law, tax rules, etc.
  • Legitimate interests (Art. 6(1)(f)): Security, fraud prevention, daily operations
  • Consent (Art. 6(1)(a)): Marketing, newsletters, specific HR processing
  • Where sensitive personal data is processed, we rely only on the exceptions permitted under GDPR Art. 9.

6. How Long We Keep Personal Data

We retain personal data only for as long as necessary for the purpose it was collected or as required by law.
In general:

  • Customer and supplier data is retained for five years to comply with Danish bookkeeping rules.
  • HR-related data is kept for three to five years after employment ends, depending on legal requirements.
  • Recruitment data is deleted after six months, unless you consent to longer retention.
  • Communication and correspondence (emails, documents) are kept only as long as necessary for business or legal purposes.
  • We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Retention periods vary depending on the category of data, typically between 6 months and 5 years.

7. How We Store and Protect Your Data

We use appropriate technical and organizational measures to safeguard personal data, including:

  • secure IT infrastructure in Microsoft Azure and Microsoft 365
  • access controls and role-based permissions
  • multi-factor authentication (MFA)
  • encryption and secure transmission measures
  • monitoring security threats
  • strict procedures for access, sharing, and deletion

Only authorized personnel can access personal data, and only when necessary for their role.

8. Sharing Your Personal Data

We may share personal data when necessary for business operations, legal obligations, or to fulfil agreements. This may include sharing with:

Service Providers (Processors)

These include IT hosting providers, cloud and software vendors (e.g., Microsoft), payroll and HR providers, CRM/ERP system suppliers, security and monitoring services, and analytics or communication platforms.
All processors act only on our instructions, and we enter into Data Processing Agreements (DPAs) with each to ensure your data remains protected.

Business Partners (Independent Controllers)

Some partners receive personal data as independent data controllers. This may include banks, insurance and pension providers, fuel card companies, logistics and transportation partners, auditors, legal advisors, and other professional service providers.
These parties are responsible for their own GDPR compliance and maintain their own privacy notices.

Public Authorities and Legal Requirements

We share personal data when required by law, regulation, or public authority — for example with tax authorities, courts, law enforcement, or regulatory bodies.
We may also disclose data when necessary to establish, exercise, or defend legal claims.

Corporate Transactions

In the event of a merger, acquisition, restructuring, or sale of business assets, personal data may be shared with advisors and potential transaction partners, always in compliance with GDPR.

Customer-Imposed Security Requirements

In some cases, customers may request evidence that our employees meet required security or compliance standards. Only the minimum necessary personal data is shared for this purpose.
We never sell personal data.

9. International Transfers

Some of our service providers (such as cloud, IT, or communication providers) may process personal data outside the EU/EEA.
When this occurs, we ensure that appropriate safeguards are in place, such as:

  • the EU Commission’s Standard Contractual Clauses (SCCs)
  • adequacy decisions, or
  • other legally required transfer mechanisms

We only use reputable suppliers who can demonstrate compliance with GDPR requirements.
If data is transferred outside the EU/EEA, it is always protected by the same level of security and data protection as within the EU.

10. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to correct inaccurate or incomplete information.
  • Right to erasure: to request deletion of your data when it is no longer needed, you withdraw consent, or we have no legal basis to keep it.
  • Right to restrict processing: to ask us to limit how your data is used while accuracy, objections, or legal claims are being assessed.
  • Right to object: to processing based on our legitimate interests.
  • Right to data portability: to receive your data in a commonly used format or have it transferred to another provider.
  • Right to withdraw consent: where processing is based on consent.

If you disagree with how we process your personal data, you may lodge a complaint with the Danish Data Protection Agency (Datatilsynet).

11. Updates to This Policy

We may update this policy from time to time. The latest version will always be available on our website.

12. Contact

You can opt out of marketing communications at any time by using the unsubscribe link in our emails or by contacting us directly.
If you have questions or wish to exercise your rights, please contact us at:
info@kjaergroup.com
KJAER GROUP A/S
Groennemosevej 6
DK-5700 Svendborg
Denmark
+45 62 22 11 11