Privacy policy

The relevant personal data rules that apply to the processing of personal data are laid down in the General Data Protection Regulation (Regulation (EU) no. 2016/679 of 27 April 2016) and the Danish Data Protection Act (Act No. 502 of 23 May 2018). 
The Export and Investment Fund of Denmark ('EIFO') utilises personal data in our business, including when working with business partners. This privacy policy contains information on how EIFO collects, processes and protects personal data, as well as your rights concerning the information we collect on you. 
EIFO is required to collect personal information about customers and business partners in order to carry out our work. We strive to only collect the necessary information, and we ensure it is treated confidentially and safely. 
In addition, EIFO collects data about your use of our website and our other digital channels and services. We use the data to enrich your experience of EIFO's digital services and to offer you more relevant content and marketing.

Sections of the privacy policy

Collection of personal data

EIFO collects, processes and stores the information below about you for the following purposes: 
  • Client contact and to provide services. General personal data (name, title, e-mail address, postal address, phone number, position), information about guarantors, co-owners and other key people, including financial conditions and, in some cases, data concerning the health of the management in specific projects, information about project participants (including land owners), as well as information about any people who have made claims, served a summons or similar against the project. In connection with legal due diligence for companies to which we provide financing, EIFO may, in certain situations, be required to process information other than the above. This concerns information about business relationships, contractual terms of employment, including social security number if listed on a directorship, board member or employment contract, as well as information about loan and ownership relationships between you and the financed company.

  • Co-financing. General personal data (name, address, CPR/CVR number), information about criminal offences, especially where the financed company may be impaired, sensitive information (e.g. health conditions), as well as CV and in certain cases personality, skills and logic tests in connection with due diligence.

    If the information you have provided is not sufficient for EIFO to make a decision on the financing, you will be informed of this and given the opportunity to provide additional information. If the financing is implemented, the agreement may be contingent on you presenting and making available relevant information to EIFO. Failure to comply with such obligations may result in EIFO terminating the agreement and demanding repayment of any loans disbursed.

  • For financing with support from the European Investment Fund (EIF) If EIFO provides financing with support from EIF, including the COSME programme, InnovFin, InvestEU, and so on, EIFO may also collect general personal data as described in this section about you on behalf of EIF, the European Investment Bank or the European Commission.

    At the request of EIF, the European Investment Bank and the European Commission, EIFO is entitled to disclose and obtain additional information about the Borrower to EIF, the European Investment Bank and the European Commission. Information about the Borrower that is disclosed to EIF, the European Investment Bank or the European Commission is stored for at least seven years after the financing ends. If the borrower wishes to verify, correct, access, delete or otherwise change information that has been disclosed to EIF, the European Investment Bank or the European Commission, this must be done by contacting the following organisations:

    European Investment Fund
    Attn.: EIF Data Protection Officer
    E-mail: dpo@eif.org 

  • Procurement and tendering. General personal data (name, title, e-mail address, telephone number), CVs of relevant employees, including educational information, details of former assignments and other references.

  • Assessment of management candidates for EIFO's portfolio companies. General personal data and identification information, including name, address, date of birth, contact information, relevant education, candidate portals, etc.

  • Compliance with the Danish Act on Money Laundering. Name, address, copies of passport and/or driving licence as well as a copy of a health insurance card (sundhedskort) or other address documentation. Information recorded on the EU sanctions list and the OFAC list via ORBIS; data from Compliance Catalyst/ComplyAdvantage, information about any political exposure; family relations in connection with this: whether you or your family or close relatives have had public duties of significant importance; information about political affiliations, criminal records and civil register number.

  • Investigation of reputation. Name, age, family relations, business history, educational details; whether the person in question is politically exposed; whether you or your family and close relatives have had public duties of significant importance is important to EIFO's reputational assessments. In connection with our investigations, we may obtain information about criminal matters.

  • Marketing, events, arrangements and receptions, etc. General personal data (name, e-mail address, telephone number, company/organisation and job title), used, among other things, for participant lists for various subsequent networking arrangements, events, receptions, and so on. EIFO may also obtain CVs of external keynote speakers, as well as any information about allergens and other health conditions relevant to planning.

    Atmosphere pictures may be taken during EIFO events for use on social media or similar.

    When paying to attend an event, the address, account number, card type, country of issue and a censored version of the card number, i.e. the last 4 digits of the card number, are also stored. For more information about newsletters, see the section on 'Cookies and newsletters'.

  • Social and environmental impact assessment. First name, last name, address of any person who may or could be impacted by a possible or current case. In some cases we also collect special categories of data, such as race, ethnicity and fingerprints.

  • Handling of work-related injuries and deaths in connection with projects in which EIFO is involved. Name, age, family relationships, information about the work-related injury and how it was handled, consequences of the incident, and information about surviving relatives.

  • Further contact with customers, business partners and other stakeholders. Name, phone number, e-mail address and the contents of the message you are sending us.

Cookies and newsletters

Cookie data.  
When you visit our website, we collect data about you and your use of our content. Initially, we do not connect this data to you as a person, but only to your computer, mobile phone or tablet (device). 
This is done by placing what are known as cookies on your device.
What is a cookie? 
A cookie is a small data file saved on your computer, tablet or smartphone. A cookie is not a program that can contain harmful malware or viruses. 


Use of cookies on this website 
Some cookies perform essential functions for our website. Essential cookies, such as those to remember your choice of cookies, cannot be rejected. You can opt out of all other cookie categories in our cookie pop-up if you wish. Functional cookies, statistical cookies and marketing cookies can be selected or deselected independently of one another. 

Cookies help us to get an overview of your visit to our website, which allows us to continuously optimise and tailor our website to your needs and interests. For example, cookies remember what you might have added to your shopping basket, whether you have visited the page before, whether you are logged in and the language you prefer on the website. Sometimes we also use cookies to target our advertising specifically to you. In general, we use cookies as part of our service to display content that is as relevant as possible to you, both on eifo.dk and as advertisements on the internet and social media. 

You can find a complete list of the cookies we use in the cookie declaration at the bottom of the cookie policy as well as under 'Show details' in our cookie pop up. 


Statistical cookies on the website
: Our website makes use of uMarketingSuite, which allows us, through the use of a cookie, to analyse the behaviour of our visitors on the website. In order to do this, we process, among other things, your anonymised IP address, cookie ID, website and clicking behaviour, how you approached our website and from which browser. Data is processed in the EU. EIFO has sole access to this data, meaning that uMarketingSolutions has no access to this data.  


Specifically about marketing cookies on the website
: Our website, eifo.dk, makes use of LinkedIn-cookies (LinkedIn Insight Tag) to measure and optimise our LinkedIn-campaigns with links to eifo.dk; this will allow us to forward targeted adds on LinkedIn to the people who have visited eifo.dk. Insight Tag tracks your IP-address, registers the unit and browser that you are using as well as tracing the URL you visit, registers where you come from, the buttons you have clicked and the time of your visit. EIFO does not know your identity, but LinkedIn will be able to connect the information to your LinkedIn-profile. You can reject LinkedIn-cookies in the cookie banner together with the rest of the of the marketing cookies. Third parties place their marketing cookies on our website upon mutual agreement. And based on the interest you have shown our website, we will be able to show you the campaigns shown on the third-party websites. The cookies found here are marketing cookies. When we/you make use of these services from LinkedIn, their cookie rules will apply. You can read more about LinkedIn's cookie rules here: LinkedIn Privacy Policy
How long are cookies kept? 
The length of time a cookie is stored on your devices varies. It will appear from the cookie declaration for each individual cookie when a cookie expires. The time is calculated from the last time you visited eifo.dk. Cookies will automatically be deleted when they expire.

Session cookies: The lifetime of session cookies starts when you open your browser and runs until you close it again. These cookies are automatically deleted when you close your browser. 

Persistent cookies: Persistent cookies have a predefined lifetime and are stored in your browser until expiry or until you delete them. These cookies show whether the device has visited the website previously. 
How to reject or delete cookies 
You can reject cookies on your computer, tablet or smartphone at any time by changing your browser settings. The location of these settings depends on the browser you use. However, you should be aware that if you do so, there may be functions and services that you will be unable to use on the website, as they depend on cookies to help remember the choices you make. 
Instructions for deleting cookies can be found in the links below:

Remember: If you use more than one browser, you must delete cookies in all of them. For more about cookies, see our cookie policy.
Recording and processing your information  
When you sign up for one or more of EIFO's newsletters, you agree that your name and your e-mail address can be recorded and that we can send you newsletters. 
We will process the information that you have provided to us for the following purposes: To send you news, invitations to events and other marketing material that we think may be of interest to you within your chosen areas of interest and events, via e-mail. We also use your name and e-mail address for the purpose of subsequent documentation.  
Our newsletters contain pixels that register how many people open the newsletters, which people open the newsletters, when the newsletters are opened (date and time), which links are clicked on, whether this is done from a mobile device or desktop, and the operating system used. 
We use this information to analyse which news the recipients open and which articles the recipients click on. We arrange future newsletters on this basis – for example, the order in which the stories are presented in the newsletter.    
Receipt of newsletters and our processing of pixel data is based on your consent, cf. letter a of Article 6(1) of the General Data Protection Regulation and, where applicable, the Danish Marketing Practices Act. 
We process your name and e-mail address on the basis of our legitimate interest for documentation purposes, cf. letter f of Article 6(1) of the General Data Protection Regulation.  
Your name, your e-mail address and information about opening newsletters, clicks on links, device and operating system will not be used for purposes other than those described and will not be disclosed to others.  
Withdrawal of consent  
You may withdraw your consent at any time by clicking on the unsubscribe link at the bottom of the latest newsletter or by e-mailing nyhedsbrev@eifo.dk, indicating that you wish to unsubscribe from the newsletter.

Storage and deletion of data  
Once you have withdrawn your consent, we will store your information for as long as is necessary in regard to the purposes for which we collected and processed your information. 
E-mail addresses that are not subscribed to any mailing lists (newsletter) and for which no activity has been recorded for two years are deleted automatically. 
Statistics on opening of newsletters and clicks on links are anonymised continuously after seven days. After this, the information is only included in general statistics and cannot be traced to individuals. 

Background for processing personal data 

General personal data (all personal data except civil register numbers) is processed in accordance with article 6(1), letter a (consent), letter b (entering into a contract), letter c (legal obligation) or letter f (legitimate interest) of the General Data Protection Regulation. The legitimate interest consists, among other things, of our need to process contact details, investigate and assess creditworthiness associated with our services; investigate and identify possible causes that may cause negative publicity; comply with our CSR (corporate social responsibility) obligations; and to prevent and avoid work-related injuries and deaths in connection with our projects.  
Legitimate interest may also consist of holding networking arrangements, events, receptions and similar events, where sharing of  participant lists during or after these arrangements and events might occur. 
If you hold or are being considered for a position in one of EIFO's portfolio companies, and EIFO is asked to assist in the evaluation of your suitability as a candidate, EIFO will process your personal data in accordance with letter f of Article 6(1) of the General Data Protection Regulation; in other words, we have determined that both you and we have an interest in the processing. 
If you have submitted your criminal record certificate in connection with the application, EIFO processes the information from the criminal record certificate based on Article 10 of the General Data Protection Regulation in conjunction with Section 8 of the Danish Data Protection Act. Similarly, information about criminal offences may be obtained after a specific assessment, if this is relevant in connection with the loan becoming impaired.
As a rule, EIFO does not process information about criminal convictions and offences in connection with the evaluation of candidates for positions at EIFO's portfolio companies.
Civil registration numbers are processed in accordance with Article 87 of the General Data Protection Act and Section 11 of the Danish Data Protection Act, and information about criminal matters is processed in accordance with Section 8 of the Danish Data Protection Act.
Personal data concerning the health of the management of a company and information regarding allergies in connection with events and receptions are processed in accordance with letter a (consent) of Article 9(2) of the General Data Protection Regulation.  
We process personal information about race, ethnicity and fingerprints on the basis of letter c of Article 9(2) of the General Data Protection Regulation as they are necessary to protect the vital interests of the data subject.
We process personal data about political affiliation on the basis of letter e of Article 9(2) of the General Data Protection Regulation, as this data has been manifestly made public by the data subject.

Where do we get the information from? 

We collect personal data from the following sources: 
  • Directly from you or your place of work.
  • From business partners.
  • From banks and other financial businesses.
  • From third parties such as suppliers, lawyers and consultants assisting us with a project or business transaction.
  • From references.
  • From public authorities.
  • From publicly available sources, including social media, NN market data, the EU sanctions list, the OFAC list via ORBIS, data from Compliance Catalyst, search engines and news media.

Disclosing personal data

We may share your personal data with:
  • Third parties with whom we cooperate, or who may be assisting us. Among these are credit rating agencies, consultants and other service suppliers.
  • It may also be necessary to disclose personal data to the other lenders and organisations that have entered into an agreement with EIFO on loss cover relating to loan relationships. 
  • Public authorities to whom we have a duty of disclosure.
  • Other transaction or project participants.
  • We may publish the identity and CV of keynote speakers in whole or in part, for example in connection with the announcement of events. 
  • The reinsurance company.
  • Portfolio companies. 
  • We entrust personal data to data processors who process your personal data on behalf of and according to our instructions. 
The above does not apply to cookie data. EIFO does not sell or disclose cookie data to third parties. 
In addition to the disclosures described above, if EIFO grants a loan under COSME, InnovFin, the CCS programme or the InvestEU programme, data may also be disclosed to the European Investment Fund, the European Investment Bank, the European Commission or other of the European Union's institutions or bodies authorised according to applicable law to carry out audits or checks.

Transfer of personal data to non-EU countries 

The EU's GDPR for personal data applies to the nations in the European Union. When working on concrete projects, EIFO may need to transfer personal data to business partners outside the EU where the project is being undertaken. 
We work with two difference scenarios: 
  • Countries or companies which, according to the assessment of the European Commission, protect personal data adequately – either by means of legislation or other measures.

  • Countries or companies which, according to the assessment of the European Commission, do not protect personal data adequately. 
In cases where the European Commission's assessment is that the countries or companies do not adequately protect personal data, EIFO will take the necessary precautions by using the European Commission's standard contracts. Agreements entered into with the relevant supplier must also be approved by EIFO's management. 
EIFO may also use codes of conduct approved pursuant to Article 40 and an approved certification mechanism pursuant to Article 42 of the General Data Protection Regulation.


As the data controller, EIFO has taken the necessary technical and organisational security measures to protect your personal data from being destroyed, lost or degraded, and to prevent the data from unauthorised access, misuse or any other processing in contravention of applicable data protection legislation.

Storage and deletion of personal data 

EIFO only stores personal data that is necessary for the specific purpose, unless EIFO has a legal or administrative need for said data. For instance, EIFO may be required to store information for a longer period of time in accordance with the Danish Anti-Money Laundering Act or the Danish Archives Act. 
EIFO stores contact information for as long as we continue to need the information. For example, if we consider that it may be relevant to initiate cooperation in the future. Your contact information is reviewed annually to ensure that its storage remains relevant.  
Personal data in connection with specific projects and contracts entered into are stored for five years after the project has been completed. Some information is stored as part of EIFO's historical documentation of projects. 
We store personal data in connection with projects that do not come to fruition for three months after it is clear that the business will not come to fruition. However, EIFO stores the information for five years if it is performed under KYC.  
Personal data in connection with rejected offers and consultants are stored for six months, unless KYC is performed or we determine we still need the information. 
We store personal data in connection with loans for five years after the loan has been repaid in full. If the loan was provided with support from EIF, EIFO stores the information for seven years, after the loan of the instalment. If a customer has a loan elsewhere in EIFO, the case is retained until the other case is closed. In certain cases there will be shorter or longer retention periods, including compliance with legal requirements for deletion or storage.  
EIFO stores personal data associated with state-subsidised loans for ten years after provision of the subsidy, and can send this to the European Commission on the latter's request.  
As a general rule, EIFO stores personal data associated with job vacancies for 180 days, corresponding to six months after rejections have been sent out. Candidates tick off (consent to) EIFO's confidentiality and privacy policy regardless of whether their application is unsolicited, sourced or submitted via job boards. This states that their data is stored for 180 days. 
EIFO stores personal data associated with participation in events and arrangements for one month after the arrangement/event has ended. When payment information is collected, this is stored for five years from the end of the financial year to which the material relates.  
The length of time for which we store cookie data varies. We store some cookies only for as long as your visit to the website lasts. We keep others, such as marketing cookies, for several years. For a full overview of cookies and how long they last, see our Cookie Policy.

Your rights 

You have a number of rights in relation to the information that EIFO collects, processes and stores about you. 
  • You are entitled to know what information EIFO processes about you. You can request a copy of the data we hold about you and have it sent as a csv file/Excel file. You do this by e-mailing dpo@eifo.dk. We will acknowledge receipt and process your inquiry as quickly as possible.

  • You may request that incorrect information be corrected or have data deleted sooner than we generally delete personal data. You can also ask us to limit the processing of your personal data.

  • You may refuse or limit our processing of your personal data. However, this could mean that we cannot enter into agreements or otherwise cooperate with you, as it may have consequences for our delivery of services.

  • You are entitled to unconditionally refuse to let us use your personal data for direct marketing purposes.

  • In some cases we may ask your permission (obtain your consent) to use some of your personal data. You can withdraw your consent at any time; however, this will only apply from the moment you withdraw it.

  • You may ask us to supply the personal data you have provided us with.

  • You are entitled to, if the processing is based on a consent or a contract and the processing is carried out by automated means, the right to receive the personal data concerning you in a structured, in digital and machine-readable format. You have the right to transmit this personal data to a third party without hindrance from EIFO, if technically possible.

  • You may submit a complaint to Danish Data Protection Agency. 
Please note that there may be conditions or limitations concerning your rights. 

Who should you contact? 

Avenues of complaint 
Should you wish to complain about EIFO's collection and use of personal data, please contact the Danish Data Protection Agency. 
The Danish Data Protection Agency
Carl Jacobsens Vej 35
DK-2500 Valby

E-mail: dt@datatilsynet.dk 
Telephone: +45 33 19 32 00 
If you have any questions about how we handle your personal data and customer data, please contact our Data Protection Officer:
E-mail: dpo@eifo.dk 
Telephone: +45 35 46 26 00 
The legal entity responsible for personal data is: 
Danmarks Eksport- og Investeringsfond 
Business reg. no.: 43478206 
Haifagade 3 
DK-2150 Nordhavn 
E-mail: reception@eifo.dk 
Telephone: +45 35 46 26 00 
This privacy policy was last updated in November 2023.