This Privacy Policy describes the collection, use and disclosure of personal data by the Vestas Group with Vestas Wind System A/S as the main data controller. “Vestas”, “we or “us” means the parent company, Vestas Wind Systems A/S, or any of its subsidiaries, joint ventures and affiliated companies in the Vestas group (together the “Vestas Group”), details of which can be found on the Vestas website (www.vestas.com).

You can use this website without disclosing your identity. When you access our website, we may automatically (i.e., not by registration) collect non-personal data (e.g. type of Internet browser and operating system used, domain name of the website from which you came, number of visits, average time spent on the site, pages viewed). 

This Privacy Policy concerns personal data we may collect during your use of the website such as an IP address. If you register for any of our services or contact us via forms, there will be detailed information about what data we collect and how your data is processed in connection to your registration. It may be information about name, postal address, email address, other contact information, etc. 

If you follow a link to another website (including a website operated by Vestas), different privacy policies may apply. You should read these policies before you submit any personal data to these websites and agree that use of your personal data by those websites will be subject to those privacy policies.

By "processing" is meant that Vestas collects, uses, discloses, stores and deletes your personal data.

Vestas is responsible for ensuring that we use that personal data in compliance with data protection laws.

Vestas only collects and processes your personal information if we have a legal basis for the processing under applicable laws, for example:

• We have collected your consent,
• It is necessary to fulfil an agreement with you,
• We legally are obliged to do so, or
• We have a legitimate interest.

How we use your personal data

Vestas registers and processes personal data about you to deliver the requested services when you:

• Are contacting Vestas,
• Sign up for newsletters, or
• Give any kind of personal data to us via our website or applications.

We base the processing on our legitimate interest in running our daily business and being able to provide you with our services.

Vestas will be guided by the following principles when processing personal data:

1. We will only collect personal data for specific purposes;
2. We will not collect personal data beyond what is necessary to accomplish those purposes;
3. We will not use personal data for purposes other than that for which the data was collected, except as stated herein, or with prior consent;
4. We will not transfer personal data to third parties or across borders, except as stated herein, or with prior consent;
5. We will apply high technical standards to make our processing of personal data secure;
6. Except when stated herein, we will not store personal data in identifiable form longer than is necessary to accomplish its purpose, or as is required by law.

Disclosure and transfer of your personal data

Vestas is a global business. Our customers and our operations are spread around the world. As a result we collect and transfer personal data on a global basis. That means that we may transfer your personal data to locations outside of your country. Where we transfer your personal data to another country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. We have internal policies in place to ensure an adequate level of protection irrespective of where in the Vestas Group your data is located. 

We may also share your personal data outside of the Vestas Group as further described below:

• with third party service providers for the purposes of providing services to us that enable or support our fulfilment of the purposes described in this Privacy Policy (for example, Vestas’ IT and communications providers). These third parties will be subject to appropriate data protection obligations;
• to the extent required by law, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation, or to establish, exercise or defend our legal rights.

Security

Vestas takes all appropriate organisational and technical security measures to protect your personal data and has implemented necessary security measures in order to safeguard your data. Any personal data submitted will be treated as strictly confidential and will only be processed for the purposes for which they are collected.

Cookies

We automatically track how the content provided is used. This tracking allows us to gain a better understanding of potential areas for improvement so as to continually improve the relevance of and accessibility of the content we provide. One of the methods used is cookies. You can read more about our cookie policy under the cookie notice.

For how long will we store your personal data

How long we will hold your personal data for will vary and will be determined by the following criteria:

• the purpose for which we are using it (as further described in this policy) – we will need to keep the data for as long as is necessary for that purpose; and
• legal obligations – laws or regulations may set a minimum period for which we have to keep your personal data.

Your rights

You have the right to gain access to the data processed about you. You also have the right to object to the processing of your personal data and to rectify the data processed if relevant. Please note that Vestas may not always be obliged to comply with such a request. 

Furthermore, if you wish to exercise your right to access your personal data, to object to it being processed or to rectify processed data, please contact us at: dataprivacy@vestas.com. Further, if you have any complaints about Vestas’ processing of your personal data, you may contact the Danish Data Protection Agency.