Data Protection and Privacy Policy

1.      Introduction

The purpose of Better Energy’s (depending on geographical area: (i) Denmark: Better Energy Management A/S, (ii) Finland: Better Energy Finland I Oy, (iii) Poland: Better Energy Poland sp. z o.o., (iv) Sweden: Better Energy Sweden AB or any Better Energy entity being a party to the contract you, or the entity you represent, entered into – hereafter “Better Energy”, “BE”, “us”, ”we” or ”our”) Data Protection and Privacy Policy (hereinafter the “Policy”) is to explain how we collect, treat and protect personal data.

The Policy is prepared and made available to comply with the General Data Protection Regulation (2016/679 of 27 April 2016) (hereinafter the ”GDPR”) and the rules included herein on information to be provided to you.

2.      What type of personal data we have

We currently collect and process the following categories of your personal data: identity, business contact details, and if applicable, the entity you represent. Depending on the case, we may also collect your banking details (bank account number) for payment purposes.

If you visit our website, we do not collect data. 

If you are a landowner, especially when we want to enter into a contract with you, or if you own neighbouring land, we also collect your personal data regarding the land you own and the neighborhood.

If you are applying for a position at BE, we also collect your personal data regarding contact details, information about your education, work experience and professional qualifications.

 3.      How we get your personal data, why we have it and what we do with it

Most of your personal data we process is provided to us directly by you or the entity you represent, in order to facilitate business relation with BE.

We also retrieve personal information indirectly, e.g., from online sources, such as internet websites and public databases, etc. when we need to initiate a dialogue with you or the entity you represent to enquire about your openness to facilitate cooperation with BE.

If you are a landowner, especially when we want to enter into a contract with you, or if you own neighbouring land, we also collect your personal data from publicly available sources, such as land registries, local authorities, from your neighbours or acquaintances, the entities we cooperate with, etc. 

We collect and process your personal data, in particular, because:

1)     it is necessary in order to enter into and perform the contract with you or the entity you represent (Article 6(1)(b) of the GDPR);

2)     we have a legal obligation to process your personal data to the extent specified in applicable provisions of law (Article 6(1)(c) GDPR), e.g. in order to transfer data to the tax authorities, for the purposes of bookkeeping, obtaining permits, etc.;

3)     BE or BE group have a legitimate interest to pursue (Article 6(1)(f) GDPR), e.g.:

a)     for the purposes of conducting, developing and optimising BE business activity, including project development, obtaining permits, etc.;

b)     for the purposes of business partners’ and procurement management, optimising the terms of BE cooperation with business partners and other stakeholders, etc., as well as aligning with BE capital group internal policies regarding procurement and cooperation with business partners, stakeholders, etc.;

c)      for the purposes related with risk management and compliance, as well as for the purposes of conducting internal proceedings (including Raise Your Concern, Know Your Customer, etc.), keeping records and monitoring information on conflicts of interests and violation of ethics to the extent necessary for counteracting abuses or criminal activity;

d)     for the purposes related to IT service and ensuring IT and information security, monitoring of data flow within BE, management of mobile devices, systems access management, ensuring BE continuity of business and data quality management;

e)     for the purposes related to physical security of BE offices, sites and facilities, including,
if applicable, video monitoring and recording of persons entering and leaving;

f)       for the purposes of internal reporting within BE or within BE capital group, including management reporting, as well as for the corporate investment and financing purposes, including due diligence, etc.;

g)     for the purposes related to marketing and business development, cooperation with business partners, other stakeholders, etc., and improving BE branding, including, in particular, for purposes related to organisation and participation in conferences and press appearances, press releases, participation in events and also broader advertising and promotional activities of BE capital group;

h)     for the purposes of exercising legal rights and entitlements of BE or BE capital group;

i)       if applicable, for the purposes of selling BE receivable debts;

j)       if applicable, for the purposes of handling dispute proceedings, proceedings pending before authorities and other proceedings, including for purposes of pursuing or defending against claims, etc.;

4)     in other cases, if you voluntarily provide us with additional personal data about yourself - we process this data on the basis of your consent (Article 6(1)(a) GDPR or Article 9(2)(a) GDPR).

We will not make decisions towards you in an automated manner or profile your personal data.

4.      Collecting personal data with cookies

We do not use cookies.

 5.      Obligation to provide BE with your personal data

If you fail to provide us with all required personal data, this may cause the inability to enter into or perform the contract with you or the entity you represent, or for BE to comply with legal obligations or pursue legitimate interest of BE or BE capital group.

To the extent where personal data is collected on basis of consent, providing personal data is voluntary.

 6.      How long we process your personal data

Your personal data is processed for as long as necessary for the purposes described in point 3 of this Policy, e.g.:

1)     for the entire duration of negotiations between BE and you or the entity you represent, and if applicable, for the entire duration of bid or tender procedure;

2)     if you, or the entity you represent, enter into a contract with BE – for the entire duration of such contract;

3)     after this time, for predefined period and/or to the extent required by provisions of law or for pursuing BE legitimate interests, as described in point 3(3) of this Policy;

4)     in case where you consented to processing personal data, until withdrawal of such consent.

 7.      Who we share your data with

The personal data is primarily used internally in BE, as described above. We only pass on personal data to others when the law allows it or requires it.

From time to time, we use external companies as suppliers to assist us in delivering our services. Where the external parties are data processors, the processing is always performed on the basis of a data processing agreement in accordance with the requirements hereto under the GDPR. Where the external parties are data controllers, the processing of personal data will be performed based on said external parties’ own data privacy policy and legal basis which the external parties are obligated to inform about unless the applicable legislation allows otherwise.

In particular, BE may share your data with:

1)     public authorities, entities performing public tasks or acting at the direction of public authorities, to the extent and for purposes which follows from provisions of law, e.g., tax authorities, business authorities, courts of justice, permitting authorities, public regulators or inspections, the police, as well as transmission or distribution system operators, etc.;

2)     BE capital group and investors, including potential investors, financing entities, including potential financing entities, advisors, etc., where personal data is shared depending on the circumstances, in particular, for administrative purposes and the purposes of internal reporting, due diligence, etc.;

3)     entities supporting us in our business processes and operations, including data processors on behalf of BE, and our partners, e.g., service providers in the area of IT, asset and/or facility management providers, accounting and bookkeeping, property protection, auditing and controlling, banks, postal and courier companies, entities from BE capital group, suppliers, business partners, etc.

 8.      Do we transfer personal data to third countries

Generally, we do not transfer personal data to third countries outside of EU/EEA.

However, in justified and required cases (e.g., when it is required by law or needed to exercise an agreement with our suppliers, in particular in the area of IT), your personal data may be shared with entities in third countries outside EU/EEA, which may not provide a level of data protection similar to the one in EU, in particular: United States, Ukraine, United Kingdom of Great Britain and Northern Ireland.

In general, the transfer of data outside EU/EEA shall take place on basis of standard contractual clauses for the transfer of personal data to third countries (as per the template adopted by the European Commission, hereinafter “the SCC”), concluded with the data recipients – unless the European Commission have issued a decision on the adequate protection of personal data in such third country. In such cases, such decision will be the basis for transferring personal data, instead of the SCC.

You have the right to obtain a copy of the abovementioned standard data protection clauses (or other applicable safeguards of data transfer outside the EU/EEA) via BE.

We may also use Microsoft services to process personal data. You can read more about Microsoft's protection of personal data and their use of sub processors on this link: https://privacy.microsoft.com/  

 9.      Your data protection rights

Under data protection law, you have rights including:

1)    Your right of access - You have the right to ask us for copies of your personal data.

2)   Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

3)  Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

4)   Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances.

5)   Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.

6)   Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we will respond to you within one month.

 10.   The right to withdraw your consent

If you provided us with your personal data based on your consent, you can freely withdraw it at any time, without any negative consequences towards you. Please, be aware that the processing of your personal data covered by the consent, before it is withdrawn, remains lawful.

 11.   How to complain

Please contact us at GDPR@betterenergy.dk if you wish to evoke one of your data protection rights or file a complaint.

You can also file a complaint to applicable data protection authorities if you are unhappy with how we have used your data.

 12.   Changes to this Policy

We reserve the right to update and amend this Policy. If we do, we correct the date and the version at the bottom of this Policy. In case of significant changes, we will provide notification in the form of a visible notice, for example on our website or by direct message.

 13.   Contact

If you have questions or comments to this Policy or if you would like to invoke one or more data subject rights, please contact us at email: GDPR@betterenergy.dk.

 14.   Website usage terms and conditions

The information on the website is correct at the time of publishing, as far as reasonably possible. Better Energy does not guarantee that information, links, or other data retrieved from the website are correct. Better Energy is not liable under any circumstances for any errors or omissions in the website content. Better Energy reserves the right to make changes or corrections at any time without prior notice. Interruptions of service may occur at any time due to site maintenance or other reasons. Better Energy does not accept liability arising from any interruptions of service or other disruptions that may occur on the website.

 15.   Copyright

The content on this website is the property of Better Energy and is protected by copyright law. Unless otherwise stated, the content must not be reproduced, transmitted, copied, distributed, or stored without prior permission from Better Energy.

Last update: 1 April 2025

 

Data Ethics Policy

1.      About this policy

1.1   Background

At Better Energy, we recognise the critical importance of ethical considerations in the handling, processing, and storage of data. We are committed to upholding high standards of integrity, transparency, and respect for individual privacy. We have developed this Data Ethics Policy to guide our employees in the responsible use of data.

This policy draws on established concepts in personal data privacy, human rights, and business ethics to ensure we work with data in a way that creates impact without harming individuals and society.

1.2   Purpose

Data ethics involves more than just protecting personal data of individuals. It is about balancing the benefits driven by the evolution of technologies with data privacy and protection – in favour of individuals as well as businesses. Essentially, data ethics refers to the ethical aspect of how technology interacts with people's rights, legal principles, and societal values, considering the implications of technological progress.

This policy sets out the direction for data ethics in Better Energy which does not already follow from laws and regulations or internal policies on data and privacy protection and information security and applies to any form of processing and use of data.

1.3   Scope

The policy applies to all types of data created, obtained, or processed by Better Energy Holding A/S and/or any direct or indirect subsidiary or associate company (as defined in the Danish Financial Statements Act) of Better Energy Holding A/S (collectively ‘Better Energy’). This policy covers data in relation to our energy parks, the work product of our employees or data concerning job candidates or employees of Better Energy, external consultants working for-, and third parties associated with Better Energy, also in anonymised or aggregated form to the extent such data is not covered by personal data privacy policies and -notices.

This policy applies to all employees of Better Energy.

2.      Data ethics principles

By adhering to this Data Ethics Policy, Better Energy aims to foster a culture of trust, integrity, and responsibility in the handling of data. Our commitment to ethical data practices reflects our dedication to maintaining high standards of professionalism and respect for individuals' rights to privacy and the confidentiality of data from business partners.

Better Energy handles data in relation to our business partners, investors, suppliers, and advisors as well as personal data for employees, job candidates, external consultants, landowners, neighbours to our energy parks, real estate tenants and users of EV charging stations.

Further, we process production data from our energy parks, data from the work product of our employees, and data in either by combining it into groups (aggregated form) or by removing personal details to keep it anonymous (anonymised form).

2.1 Data ethics and regulatory requirements

Legislation cannot keep up with technological developments and cover all conceivable issues that may arise from such developments. There may also be situations in which legislation allows a given use of data, but where it is nevertheless not compatible with Better Energy's purpose and values that the use takes place. Better Energy is dedicated to not only following the letter of the law but also doing what is right and holding ourselves accountable for our actions.

2.2   Data collection and purpose limitation

We collect only the personal data necessary for the intended purpose and ensure that it aligns with our business objectives. We will not process sensitive personal data for purposes incompatible with the original purpose for collection unless explicitly authorised. For non-personal data, we will consider if the data is needed.

2.3 Data minimalisation

We implement practices to minimise the amount of personal data collected, processed, and stored to the extent necessary for the defined purposes.

2.4 Transparency

We are committed to providing clear and concise information to individuals about how their data is processed. This includes transparent communication about the purposes of data collection, the legal basis for processing and the rights of data subjects.

2.5 Security and confidentiality

We implement robust security measures to safeguard data against unauthorised access, disclosure, alteration, and destruction. We protect proprietary and confidential information about Better Energy’s business as well as information received from our partners and stakeholders.

All employees and third parties with access to data are required to adhere to confidentiality obligations.

We recognise that production data from our energy parks can be used for purposes of insider trading or market manipulation of the wholesale energy market. We balance this risk with the need to give external business partners access to our production data to support our operations. We take steps to actively protect and limit access to such data by externals to the extent possible.

Concerning data from operations, security camara footage may be sensitive because it documents the actions of potentially identifiable individuals. Security- and confidentiality measures are in place in terms of use and storage of such footage. We balance these measures with the need for such footage for security reasons around electricity production infrastructure.

We do not sell data in our possession, including personal data, production data from our energy parks and data from the work product of our employees.

2.6 Data subject rights

We respect the rights of data subjects and provide mechanisms for individuals to exercise their rights, including the right to access, rectify, erase, and object to the processing of their personal data.

We will not make decisions towards job candidates in an automated manner. Further, we will not profile candidates based on their data unless this is perceived as an acceptable and justified practice in individual jurisdictions, and only in accordance with guidelines provided by local Data Protection Authorities.

2.7 Data transfer

In the event of international data transfers, we ensure compliance with applicable legal frameworks, such as the EU-US Data Privacy Framework or Standard Contractual Clauses, to guarantee an adequate level of protection for personal data.

2.8 Artificial intelligence and algorithms

Better Energy recognises that harnessing the power of Generative AI (GenAI) or Large-Language Models (LLM’s) has become an essential part of various industries. However, while these tools offer immense potential, there are crucial considerations to keep in mind to ensure responsible and secure usage.

We are committed to use GenAI and LLMs in a responsible manner, avoiding prompts that may inadvertently expose sensitive or personal information or be perceived as unethical processing of data. We take responsibility for the output from such tools when used in a work product. When applying tools based on GenAI and LLMs, both prompts and the output must be considered carefully and critically, and the output must never be used as a stand-alone solution.

Better Energy has started developing algorithms for production data analysis, and these are developed and deployed carefully and critically, and in light of potential data ethics considerations. Ethical considerations concerning performance data focus on preventing manipulation.

When an algorithm is developed and/or deployed, it is the responsibility of the owner of such algorithm to ensure that the data processing is fair, tested, and does not contribute to societal social injustices, also when working with aggregate or anonymised data.

3 Governance

3.1 Roles & responsibilities

We establish clear lines of accountability for data protection within the organisation. Regular training, controls and monitoring activities are conducted to ensure ongoing compliance with this Data Ethics Policy.

3.2 Non-compliance

Data breaches

All suspected data breaches should be raised to Better Energy’s Legal department without undue delay via GDPR@betterenergy.com.  

Raising Your Concern

If you suspect that there is an instance of misconduct in relation to Better Energy, you are encouraged to raise your concerns at as early a stage as possible.

Employees of Better Energy should reach out to the direct manager, the Chief Legal Officer, a member of the Raising Your Concern team or, if anonymity is preferred, via the dedicated Raising Your Concerns channel.

Business partners and suppliers are encouraged to raise concerns towards your regular contact person at Better Energy or, if anonymity is preferred, via the dedicated Raising Your Concerns channel: https://betterenergy.integrityline.com/frontpage.  

Violations of this policy may be subject to disciplinary action, including termination of employment or contractual relationship, and may result in legal consequences.

3.4 Revision history

Version Date     Summary of changes    Valid from

V1        2024-03-21       Initial approved version 2024-03

 

4 Appendix

4.1 Definitions

Aggregated data: This refers to data that has been combined or summarised in a way that individual details are obscured, but trends or patterns can still be observed.

Anonymised data: This is data that has been stripped of any personally identifiable information (PII) such as names, addresses, or other direct identifiers, making it impossible or very difficult to identify specific individuals from the data alone.