Privacy policy

Table of Contents:

• Collection of personal data
• Background for processing personal data
• Where do we get the information from?
• Disclosing personal data
• Transfer of personal data to non-EU countries
• Security
• Storage and deletion of personal data
• Specifically concerning cookies and newsletters
• Your rights
• Who can you contact? Avenues of complaint

 

Personal data policy for ​Export and Investment Fund of Denmark​ 

The relevant personal data rules that apply to the processing of personal data are laid down in the General Data Protection Regulation (Regulation (EU) no. 2016/679 of 27 April 2016) (GDPR) and the Danish Data Protection Act (Act No. 502 of 23 May 2018). 

The Export and Investment Fund of Denmark ('EIFO') utilises personal data in our business, including when working with business partners. This Privacy Policy contains information on how EIFO collects, processes and protects personal data, as well as your rights concerning the information we collect on you. 

EIFO is required to collect personal information about customers and business partners in order to carry out our work. We collect the necessary information, and we ensure that it is processed and stored confidentially and securely. 

In addition, EIFO collects data about your use of our website and our other digital channels and services. We use the data to enrich your experience of EIFO's digital services and to offer you more relevant content and marketing.  

 

Collection of personal data 

EIFO collects, processes and stores the information below about you for the following purposes: 

• Client contact and to provide services.
  • General personal data (name, title, e-mail address, address, telephone number, position),
  • Information about guarantors, co-owners and other key persons, including financial matters
  • In some cases, health information on management in specific projects
  • Information about project participants, including landowners, as well as information about people who have made claims, submitted summons or the like against the project.
  • In connection with legal due diligence of companies to which we provide financing, EIFO may in certain cases be required to process other information than the above. This concerns information about business relationships, contractual terms of employment, including social security number if listed on a directorship, board member or employment contract, as well as information about loan and ownership relationships between you and the financed company.

• Co-financing and investment
  • General personal data (name, postal address, e-mail address, phone number, CVR/business registration number) CV (e.g. education and work experience) and in certain cases personality, skill and logic tests in connection with due diligence or assessment of management candidates for portfolio companies in which EIFO is a co-owner.
  • In addition, we process confidential information, such as CPR (National ID Number), information about criminal offences – especially where the financed company may be impaired, sensitive information (e.g. health data).
  • If the information you have provided is not sufficient for EIFO to take a decision on the financing, you will be informed of this and given the opportunity to provide additional information.
  • If the financing is implemented, the agreement may be contingent on you presenting and making available relevant information to EIFO. Failure to comply with such obligations may result in EIFO terminating the agreement and demanding repayment of any loans disbursed.

• Specifically for financing with the support of the European Investment Fund ("EIF")
  • If EIFO provides financing with support from EIF, including the COSME programme, InnovFin, InvestEU etc., EIFO may also collect general personal data, as described in this section, on you on behalf of EIF, the European Investment Bank or the European Commission.
  • At the request of EIF, the European Investment Bank and the European Commission, EIFO is entitled to obtain additional information about the borrower for disclosure to EIF, the European Investment Bank and the European Commission. This may, for example, occur at the request of OLAF in connection with anti-fraud investigations.
  • Information about the borrower that is disclosed to EIF, the European Investment Bank or the European Commission is stored for at least seven years after the financing ends. If the borrower wishes to verify, correct, access, delete or otherwise change information that has been disclosed to EIF, the European Investment Bank or the European Commission, this must be done by contacting the following organisations:

              European Investment Fund:
              Attn.: EIF Data Protection Officer
              E-mail: dpo@eif.org  

• Procurement and tendering.
  • General personal data (name, title, e-mail address, telephone number), CV of relevant employees, including educational information, details of previous assignments and other references. 

• Assessment of Business Angels (BA) for EIFO's BA programme.
  • General personal data and identification information, including name, address, contact information, relevant education and financial circumstances.
  • Confidential information such as copy of health card and/or driver's license

• Compliance with the Danish Act on Money Laundering.
  • Name, address, copies of passport and/or driving licence as well as a copy of a health insurance card (sundhedskort) or other address documentation.
  • Information recorded on the EU sanctions list and the OFAC list via ORBIS;
  • data from Compliance Catalyst/ComplyAdvantage; (KYC) information about any political exposure; family relations in connection with this: whether you or your family or close relatives have held public office of significant importance; legal advisors; business relationships; personal information from your CV; adverse media relations; information about public-domain legal proceedings and judgments served on the company in question, in which reference may also be made to staff and
  • Information about political affiliation, criminal records and CPR number.

• Investigation of reputation.
  • Name, age, family relationships, work history, educational information,
  • Whether the person in question is politically exposed; whether you or your family or close relatives have held public office of significant importance is important to EIFO's reputational assessments.
  • In connection with our investigations, we may obtain information about criminal matters.
  • Information about listing on various lists, such as PEP, terror and sanctions lists. Der er mange forskellige lister, men hvis der er behov, kan jeg få en liste over listerne

• Marketing, events, functions and receptions, etc.
  • General personal data (name, e-mail address, phone number, company/organisation and job title), used, among other things, for participant lists following various networking events, functions, receptions, etc.
  • EIFO can also obtain CVs for external presenters, as well as any information about allergens and other health conditions relevant to the planning.
  • During hosting of EIFO events, general ambience photos may be taken, which EIFO may use on social media or the like.
  • When paying for participation in an event, the address, as well as the account number, card type, country of issue and a censored version of the card number, i.e. the last 4 digits of the card number are also stored.
  • For more information about newsletters, see the section 'Specifically concerning cookies and newsletters'.

• Social and environmental impact assessment.
  • First name, last name, address of any person who may or could be impacted by a possible or current case.
  • In some cases we also collect special information such as race, ethnicity, this information is received e.g. in connection with ESG export credits and fingerprints, for instance from countries where fingerprints are the only method of signing.

• Handling of work-related injuries and deaths in connection with projects in which EIFO is involved.
  • Name, age, family relationships, information about the occupational injury incident and its handling, consequences of the incident, and information about survivors.

• Further contact with customers, business partners and other stakeholders.
  • Name, telephone number, email address and the content of the message you send to us.

• Compliance with the Whistleblower Protection Act
  • We process personal data for use in the handling and investigation of reports covered by EIFO's whistleblower scheme.
  • General personal data (name, phone number, e-mail address) and the content of the report you submit to us (e.g. sensitive personal data and/or information about legal offences).

• Processing of complaints submitted to EIFO
  • We process personal data for use in the handling and investigation of complaints submitted to EIFO, including for use in contacting the complainant.
  • Customary personal information (name, e-mail address) and the content of the complaint you submit to us.

 

Background for processing personal data 

We must have a legal basis (lawful reason) to process your personal data. The legal basis will be one of the following:

• Compliance with a legal obligation; cf. Article 6(1)(c) of the GDPR:
  • Money Laundering Act,
  • The Civil Registration System Act.
  • State aid rules
  • Whistleblower Protection Act
  • The EIFO Act
  • Market Abuse Regulation (MAR)
  • The OECD Arrangement
    
    
• We process general personal data (all personal data except CPR number/national ID) in accordance with Article 6(1)(a) (consent), (b) (performance of a contract ), (c) (legal obligation) or (c) (legitimate interest) of the GDPR.
  
  
• The legitimate interest consists, among other things, in our need to process contact information and inquiries received under EIFO's right of appeal, investigate and assess creditworthiness in connection with our services, investigate and identify any causes that may lead to negative publicity, fulfilment of our CSR obligations (corporate social responsibility), as well as to prevent and avoid occupational injuries and fatalities in connection with our projects. 
  
  
• Our legitimate interest may also consist of hosting networking events, functions, receptions and similar occasions, where sharing of participant lists during or after such events may occur.
  
  
• If you hold or are being considered for a position in a portfolio company co-owned by EIFO, and EIFO is asked to assist in the evaluation of your suitability as a candidate, EIFO will process your personal data in accordance with Article 6(1)(f) of the GDPR; in other words, we have determined that both you and we have an interest in the processing.
  
  
• Personal data concerning the health of the management of a company or specific projects, information regarding allergies in connection with events and receptions are processed in accordance with Article 9(2)(a) (consent) of the GDPR.
  
  
• Civil registration numbers are processed in accordance with Article 87 of the General Data Protection Act and Section 11 of the Danish Data Protection Act, and information about criminal matters is processed in accordance with Section 8 of the Danish Data Protection Act.
  
  
• We process personal information about race, ethnicity and fingerprints on the basis of Article 9(2)(c) of the GDPR as they are necessary to protect the vital interests of the data subject. 
  
  
• We process personal data about political affiliation on the basis of Article 9(2)(e) of the GDPR, as this data has been manifestly made public by the data subject or as authorised by the Danish Anti-Money Laundering Act.

 

Where do we get the information from? 

We collect personal data from the following sources: 

• Directly from you or your place of work.
• From business partners.
• From banks and other financial businesses.
• From third parties such as suppliers, lawyers and consultants assisting us with a project or business transaction.
• From references.
• From public authorities.
• From publicly available sources, including social media, NN market data, the EU's sanctions list, the OFAC list via ORBIS, information from Compliance Catalyst (KYC system), search engines and news media. 
• From reports received via EIFO's whistleblower scheme and/or complaints submitted to EIFO directly

 

Disclosing personal data 

We may share your personal data with: 

• Third parties with whom we cooperate, or who may be assisting us. Among these are credit rating agencies, consultants and other service suppliers.
• It may also be necessary to disclose personal data to the other lenders and organisations that have entered into an agreement with EIFO on loss cover relating to loan relationships. 
• Public authorities to whom we have a duty of disclosure.
• Other transaction or project participants.
• We may publish the identity and CV of keynote speakers in whole or in part, for example in connection with the announcement of events. 
• The reinsurance company.
• Guarantors, private persons with power of attorney, lawyers, accountants or others with whom you have authorized us to share the information.
• Pipeline and portfolio companies (of which EIFO holds or is considering joint ownership), their boards (typically chairperson) and/or co-investors.
• For the purpose of social and economic analysis or for statistical purposes where this is in the interest of society.
• We entrust personal data to data processors who process your personal data on behalf of and according to our instructions.

The above does not apply to cookie data. EIFO does not sell or disclose cookie data to third parties. 

In addition to the disclosures described above, if EIFO grants a loan under COSME, InnovFin, the CCS programme or the InvestEU programme, data may also be disclosed to the European Investment Fund, the European Investment Bank, the European Commission or other European Union institutions or bodies authorised according to applicable law to carry out audits or checks. 

 

Transfer of personal data to non-EU countries 

The EU's GDPR for personal data applies to the EU Member States. When working on concrete projects, EIFO may need to transfer personal data to business partners outside the EU where the project is being undertaken. 

We operate with two scenarios: 

• Countries or companies which, according to the assessment of the European Commission, protect personal data adequately – either by means of legislation or other measures.
• Countries or companies which, according to the assessment of the European Commission, do not protect personal data adequately.

In cases where the European Commission's assessment is that the countries or companies do not adequately protect personal data, EIFO will take the necessary precautions by using the European Commission's standard contracts. Agreements entered into with the relevant supplier must also be approved by EIFO's management. 

EIFO may also use codes of conduct approved pursuant to Article 40 and an approved certification mechanism pursuant to Article 42 of the GDPR. 

For more information about non-EU transfers and the basis for such transfers, please contact us at kontakt@eifo.dk

 

Security 

As the data controller, EIFO has taken the necessary physical, technical and organisational security measures to protect your personal data from being destroyed, lost or degraded, and to prevent the data from unauthorised access, misuse or any other processing in contravention of applicable data protection legislation.  

 

Storage and deletion of personal data  

EIFO only stores personal data that is necessary for the specific purpose, unless EIFO has a legal or administrative need for said data. For instance, EIFO may be required to store information for a longer period of time in accordance with the Danish Anti-Money Laundering Act or the Danish Archives Act. 

EIFO stores contact information for as long as we continue to need the information. For example, if we consider that it may be relevant to start a future collaboration. Your contact information is reviewed annually to ensure that its storage remains relevant.  

Personal data in connection with specific projects and contracts entered into are stored for five years after the project has been completed.

Personal information in connection with companies in which EIFO has ownership is stored for 5 years in accordance with the Danish Bookkeeping Act. However, the obligation to delete data only comes into effect 5 years after the expiry of EIFO's internal fund structure, through which the investment was made. If EIFO has also granted loans to the company, data must be stored so that deadlines for deletion for companies with both loans and equity are observed.

Personal information in connection with investment in fund structures is stored for 5 years in accordance with the Danish Bookkeeping Act. However, the obligation to delete data only comes into effect 5 years after the actual expiry of the fund structure and termination of cooperation with the management team in question, i.e. personal data are stored as long as EIFO cooperates with the fund and/or the management team (e.g. when investing in later funds with the same management team).

We store personal data in connection with projects that do not come to fruition for three months after it is clear that the business will not come to fruition. However, EIFO stores the information for five years if it is performed under KYC.  

We store personal information pertaining to rejected offers and consultants for 6 months, unless KYC is performed in which case information may, for various reasons, be stored for longer to comply with legal requirements, e.g. under the Danish Anti-Money Laundering Act.

We store personal data in connection with loans for five years after the loan has been repaid in full. If the loan was provided with support from EIF, EIFO stores the information for seven years, after the loan of the instalment. If a customer has a loan elsewhere in EIFO, the case is retained until the other case is closed. In certain cases there will be shorter or longer retention periods, including for compliance with legal requirements for deletion or storage. For example, if EIFO has granted a BA loan in connection with a non-time-limited bonus agreement. 

EIFO stores personal data associated with state-subsidised loans for ten years after provision of the subsidy, and can send this to the European Commission on the latter's request.  

Personal data pertaining to a position at one of EIFO's portfolio companies, where EIFO is requested to assist with the evaluation of your aptitude as a candidate, is generally stored for 180 days, which corresponds to 6 months after a rejection.

EIFO stores personal data associated with participation in events and functions for one month after the event/function ended. When payment information is collected, this is stored for five years from the end of the financial year to which the material relates.  

The length of time for which we store cookie data varies. We store some cookies only for the duration of your visit to our website. We keep others, such as marketing cookies, for several years. For a full overview of cookies and how long they last, see our Cookie Policy.

Reports received under EIFO's whistleblower scheme are kept for as long as is necessary and proportionately to our compliance with legislative requirements. If a report is made to the police or another authority, the report ends immediately after the case has been closed with the relevant authorities. As a general rule, reports are deleted in the whistleblower scheme no later than 45 days after processing of the reports has ended, unless there is a legitimate reason for continued storage. The information is also stored in accordance with internal guidelines for deletion.

Reports submitted to EIFO directly are deleted in accordance with the general internally set deletion deadlines for the specific area of concern addressed by a given report.   

 

Specifically concerning cookies and newsletters 

Cookie data

When you visit our website, we collect data about you and your use of our content. Initially, we do not link this data to you as a person, but only to your computer, mobile phone or tablet (device). 

This is done by placing what are known as cookies on your device.  

What is a cookie? 
A cookie is a small data file saved on your computer, tablet or smartphone. A cookie is not a program that can contain harmful malware or viruses. 

Use of cookies on our website 
Some cookies perform essential functions for our website. Essential cookies, such as those to remember your cookie choices, cannot be rejected. You can opt out of all other cookie categories in our cookie pop-up if you wish. Functional cookies, statistical cookies and marketing cookies can be selected or deselected independently of one another. 

Cookies help us to get an overview of your visit to our website, which allows us to continuously optimise and tailor our website to your needs and interests. For example, cookies remember what you might have added to your shopping basket, whether you have visited the page before, whether you are logged in and the language you prefer on the website. Sometimes we also use cookies to target our advertising specifically to you. In general, we use cookies as part of our service to display content that is as relevant as possible to you, both on eifo.dk and as advertisements on the internet and social media. 

You can find a complete list of the cookies we use in the cookie declaration at the bottom of the cookie policy as well as under 'Show details' in our cookie pop up. 

Statistical cookies on the website uMarketingSuite 
Our website makes use of uMarketingSuite, which allows us, through the use of a cookie, to analyse the behaviour of our visitors on the website. In order to do this, we process, among other things, your anonymised IP address, cookie ID, website and clicking behaviour, how you accessed our website and from which browser. Data is processed in the EU. EIFO has sole access to this data, meaning that uMarketingSolutions has no access to this data.   

How long are cookies kept? 
The length of time a cookie is stored on your devices varies. It will appear from the cookie declaration for each individual cookie when a cookie expires. The time is calculated from the last time you visited eifo.dk. Cookies will automatically be deleted when they expire. 

Session cookies: The lifetime of session cookies starts when you open your browser and runs until you close it again. These cookies are automatically deleted when you close your browser. 

Persistent cookies: Persistent cookies have a predefined lifetime and are stored in your browser until they expire or until you delete them. These cookies show whether your device has visited the website previously. 

How to reject or delete cookies 
You can reject cookies on your computer, tablet or smartphone at any time by changing your browser settings. The location of these settings depends on the browser you use. However, you should be aware that if you do so, there may be functions and services that you will be unable to use on the website, as they depend on cookies to help remember the choices you make. 

Instructions for deleting cookies can be found in the links below: 

• Internet Explorer
• Microsoft Edge
• Mozilla Firefox
• Google Chrome
• Opera
• Safari
• Flash cookies
• Apple
• Android
• Windows 7

Remember: If you use more than one browser, you must delete cookies in all of them.  For more information about cookies, see our Cookie Policy, which is available here.

Newsletters

Recording and processing your information  
When you sign up for one or more of EIFO's newsletters, you agree that your name and your e-mail address can be recorded and that we can send you newsletters.   

We will process the information that you have provided to us for the following purposes: To send you news, invitations to events and other marketing material that we think may be of interest to you within your chosen areas of interest and events , via e-mail. We also use your name and e-mail address for the purpose of subsequent documentation.    

Our newsletters contain pixels that record how many and who open the newsletters, when the newsletters are opened (date and time), which links are clicked on, whether it is done from a mobile device or desktop and which operating system is used. 

We use this information to analyse which news the recipients open and which articles the recipients click on. We adapt future newsletters on this basis – for example, the order in which the stories are presented in the newsletter.  

Receipt of newsletters and our processing of pixel data is based on your consent; cf. Article 6(1)(a) of the GDPR and, where applicable, the Danish Marketing Practices Act. 

We process your name and e-mail address on the basis of our legitimate interest for documentation purposes, including documentation of your consent; cf. Article 6(1)(f) of the GDPR.  

Your name, your e-mail address and information about whether you open newsletters, click on links, and about your device and operating system will not be used for purposes other than those described and will not be disclosed to third parties.  

Withdrawal of consent  
You may withdraw your consent at any time by clicking on the unsubscribe link at the bottom of the latest newsletter or by e-mailing nyhedsbrev@eifo.dk, indicating that you wish to unsubscribe from the newsletter.   

Storage and deletion of data  
When you have withdrawn your consent, we will store your information as long as it is necessary in relation to the purposes for which we collected and processed it, including documentation purposes. 

E-mail addresses that are not subscribed to any mailing lists (newsletter) and for which no activity has been recorded for two years are deleted automatically. 

Statistics on opening of newsletters and clicks on links are anonymised continuously after seven days. After this, the information is only included in general statistics and cannot be traced to individuals. 

 

Your rights 

You have a number of rights in relation to the information that EIFO collects, processes and stores about you. 

• You are entitled to know what information EIFO processes about you. You can request a copy of the data we hold about you and have it sent as a csv file/Excel file. This is done by sending an e-mail to contact@eifo.dk. We will acknowledge receipt and process your request as quickly as possible.
  
  
• You may request that incorrect information be corrected or have data deleted sooner than we generally delete personal data. You can also request that we limit or correct the processing of personal data about you.
  
  
• You may refuse or limit our processing of your personal data. However, this could mean that we cannot enter into agreements or otherwise cooperate with you, as it may have consequences for our delivery of services.
  
  
• You are entitled to unconditionally refuse to let us use your personal data for direct marketing purposes.
  
  
• In some cases we may ask your permission (obtain your consent) to use some of your personal data. You can withdraw your consent at any time; however, this will only apply from the moment you withdraw it.
  
  
• You can ask to be provided with the personal data that you yourself have given us.
  
  
• You have the right, if we use information based on your consent or an agreement, and if processing of your information is automated, to obtain a copy of the information that you have provided to us in a digital, machine-readable format. You have the right to have this personal data transferred to a third party without hindrance from EIFO, if this is technically possible. We will inform you if automatic decisions are made.
  
  
• You may submit a complaint to the Danish Data Protection Agency.

Please note that there may be conditions or limitations concerning your rights. 

 

Who should you contact? 

Avenues of complaint 
Should you wish to complain about EIFO's collection and use of personal data, please contact the Danish Data Protection Agency. 

The Danish Data Protection Agency
Carl Jacobsens Vej 35
DK-2500 Valby
E-mail: dt@datatilsynet.dk
Phone: +45 33 19 32 00 

If you have any questions about how we handle your personal data and customer data, please contact our Data Protection Officer:  

E-mail: dpo@eifo.dk 
Phone: +45 35 46 26 00 

The legal entity responsible for personal data is: 

Danmarks Eksport- og Investeringsfond 
Business reg. no.: 43478206 
Haifagade 3 
DK-2150 Nordhavn 
Denmark 

E-mail: reception@eifo.dk 
Phone: +45 35 46 26 00 

This Privacy Policy was last updated October 2024.