For that reason, Danfoss has implemented a set of Binding Corporate Rules (BCRs), introducing a global standard of data protection requirements to be complied with by all Danfoss entities. The BCRs have been approved by the European data protection agencies and establish the foundation for Danfoss’ processing of personal data.
1. General principles for processing of personal data
In order to ensure that your personal data is processed correctly and with a suitable level of data protection, Danfoss has adopted the following processing principles:
Danfoss will always inform you of the collection and processing of your personal data unless we have a legitimate reason not to do so.
2. Types of personal data
We will collect and process your personal data in a number of ways when you engage with us via the various existing channels.
Some of the personal data is necessary to process in order for us to provide you with the services you have requested and some personal data you can choose to provide voluntarily. We will always let you know which personal data is necessary (e.g. via the use of an asterisk (*)) and the consequences of not providing such data to us, for instance that we will not be able to (fully) satisfy your request.
The personal data that we collect and process can generally be divided into the following categories:
As a general rule we will not process any special categories of personal data (special personal data) about you unless you have provided your explicit consent thereto or we are required to do in order to comply with applicable regulation.
3. Our purposes for processing your personal data
We only process your personal in order to pursue a legitimate purpose and generally we will only process your personal data if:
We process your personal data for the following purposes:
5. Use of your personal data throughout the Danfoss group
Danfoss is a global organisation with entities across the world. As a general rule, the data controller with respect to the personal data processed about you will be the local Danfoss entity in which you are a customer, with whom you engage in contact or enter into an agreement with. However, in order to pursue the purposes listed above in section 3, we may share your personal data with other Danfoss group entities either to carry out a task as instructed by the data controller (recipient acting as data processor) or to pursue a legitimate purpose of its own (recipient acting as individual data controller) provided that such making available or disclosure of your personal data is not restricted by law.
With respect to Danfoss entities established in countries outside the EEA not considered a safe third country (i.e. not ensuring an adequate level of data protection), the Danfoss BCRs serve as the legitimate basis for the transfer of your personal data.
You will be able to get an overall view of the countries with a Danfoss presence here:
6. Disclosure, transfer and making available personal data to recipients
Our disclosure and transfer of your personal data to recipients (natural or legal persons, public authorities, agencies or another body, to which the personal data is disclosed) is kept to a minimum and is subject to the existence of an adequate level of data protection.
We may disclose or make personal data available to recipients under the following circumstances:
If the recipient of the personal data is located in a country outside the EU/EEA not ensuring an adequate level of data protection, we will only transfer your personal data to such recipient following execution of a written transfer agreement based on the EU Commissions Standard Contractual Clauses.
7. Automated individual decisions
We may use automated decision making based on your personal data. Automated decision making will only take place if the decision is:
In case we use automated decision making, we will ensure that suitable security measures are implemented.
Special personal data will in no event be subject to automated decision making unless you have provided your explicit consent or the processing is necessary for reasons of substantial public interest, on the basis of applicable law.
8. Your consent
As stated above some of our processing activities will be based on your consent. In such case, you will have the right to withdraw your consent at any time.
If you withdraw your consent, we will cease to process your personal data, unless and to the extent the continued processing or storage is permitted or required according to the applicable personal data legislation or other applicable laws and regulations.
Please note that the withdrawal of your consent will not affect the lawfulness of processing conducted prior to the withdrawal. Further, as a consequence of your withdrawal of your consent, we may not be able to satisfy your requests or provide you with our services.
9. Data Security
In order to safeguard your personal data, Danfoss has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected, having regard to the state of art and the costs of their implementation.
Following the evaluation of the risk, Danfoss has taken measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of personal data over a network, and against all other unlawful forms of processing.
In order to ensure that we always comply with applicable data protection legislation and the requirements laid down in the Danfoss BCRs and to ensure that our employees are familiar with such regulation, we have established an internal privacy training and education program that our employees across the world with permanent or regular access to personal data are obligated to complete.
11. Internal audits
Danfoss carries out regular audits of the ongoing processing of personal data to ensure that all Danfoss entities abide to the Danfoss BCRs and process personal data accordingly.
The audits cover all aspects of the BCRs including all IT systems, databases, security policies/standards, training programmes, privacy policies and manuals in place within Danfoss in respect of the BCRs.
12. Your rights
You have the right to access to the data processed about you, subject to certain statutory exceptions. Furthermore, you can object to the collection and further processing of your personal data. In addition, you have the right to correct your personal data, if necessary. You may also choose to request us to restrict the processing.
We will delete or correct any information, which is inaccurate or out of date by reason of the time elapsed since it was collected or by reason of any other information in our possession.
If you provide us with a written request, we will also delete your personal data without undue delay, unless we have a legal basis to continue the processing, e.g. if the processing is necessary to establish, exercise or defeat a legal claim or necessary to the performance of a contract with you.
In order to make use of any of the rights mentioned above, please contact us via the points of contacts listed in section 16.
With regard to such requests, kindly provide us with relevant information to take care of your request, including your full name and email address so that we can identify you. We will respond to your request as soon as possible and within one month.
If you disagree with our processing of your personal data please be informed that you can lodge a complaint with your local data protection agency.
If you have any complaints about the processing of personal data carried out by Danfoss, please feel free to contact us at any time.
Danfoss has established a privacy complaint system – the Danfoss Ethics Hotline – where you will be able to submit your complaint online. The Danfoss Ethics Hotline is available here:
You may also submit a complaint directly with your local Danfoss entity or with the parent company Danfoss A/S:
Att. Global Data Protection Office
We will review and assess your complaint and if necessary we may contact you in order to obtain further information.
We strive at processing any complaint or objection within one month. If it is not possible to make a decision within one month, we will inform you grounds for the delay and of the time (not exceeding 6 months from receipt) at which the decision can be expected to be provided.
At any time before, during or after the complaint process described above, you may also raise a complaint/file a case with your local data protection agency, or other authorities within the jurisdiction of the relevant local Danfoss entity or Danfoss A/S.
14. Links to other websites, etc.
Our websites may contain links to other websites or to integrated sites. We are not responsible for the contents of the websites of other companies (third-party websites) or for the practices of such companies regarding the collection of personal data. When you visit third-party websites, you should read the owners' policies on the protection of personal data and other relevant policies.
16. Contact information
Att. Global Data Protection Office
In some Danfoss companies you may also contact your Local Data Protection Officer, the contact details of which you can find here:
Local Protection Officers:
Danfoss Power Solutions GmbH & Co. OHG
Sondex Deutschland GmbH
21423 Winsen / Luhe
Danfoss Silicon Power GmbH
Husumer Str. 251
Version 1.2, May 08, 2018