Version 1.3
March 2026.
At Ebbefos Holding, we protect your information. We process your personal data responsibly and with respect for your privacy, and in full compliance with the General Data Protection Regulation, the Data Protection Act, and other legislation. This privacy policy describes what personal data we process and how we process it.
The data controller responsible for the processing of personal data under this privacy policy is:
Ebbefos Holding A/S
CVR 42895458
23 Harbor Street
1058 Copenhagen K, Denmark
The person responsible for personal data protection can be contacted at: support@ebbefos.dk.
Alternatively, you can send a letter marked ‘Personal Data Protection’ to Ebbefos Holding A/S at the above address.
In addition to Ebbefos Holding, this privacy policy also covers our group companies, which are also data controllers:
Personal data’ refers to any information relating to an identified or identifiable natural person. This includes, for example, name, address, telephone number, and email address. ‘Processing’ refers to any form of processing of personal data, such as collection, storage, disclosure, and deletion of personal data.
The table below describes what applies to the processing of your personal data in the various processing activities, including the purpose, legal basis, and deletion period for the processing, as well as information about who we receive personal data from or disclose personal data to as part of the processing, if applicable. If personal data is transferred to third countries, this will also be stated in the table. We only store your personal data if we have a legal basis for doing so, and the personal data will not be processed for longer than is necessary to fulfill the purposes for which the personal data was collected, unless we are legally obliged to do so.
We ensure that adequate technical and organizational security measures are in place to ensure that your personal data is not accessed by unauthorized third parties. All personal data we receive about or from you is stored on secure servers. Our employees are trained to comply with data protection regulations, including our own policies and procedures for processing personal data, and we only authorise staff to access personal data if such access is necessary for the individual employee to perform their job. We also ensure that all data processors we work with have implemented adequate technical and organizational measures to protect your personal data.
We only disclose personal data for processing by other data controllers if we are authorized to do so and disclosure is necessary in that context. Personal data in accordance with this privacy policy may be disclosed to the following categories of recipients:
We only transfer personal data to data processors in third countries (countries outside the EU or EEA) if we have obtained the necessary and appropriate guarantees in advance that the level of protection in the country concerned for the data processor is sufficient in accordance with the Data Protection Regulation. If we use data processors from third countries, the third country will be listed in the table below.
We only collect personal data from third parties if we have legal authority to do so and if the collection is relevant to fulfilling the purpose of the specific processing activity.
When we process personal data, you have the right under the General Data Protection Regulation, subject to the limitations set out therein, to:
In all cases, you must contact the person responsible for personal data protection at the data controller. Contact details can be found in section 2 above under 'Data controller and contact details'. You also have the right to lodge a complaint with a supervisory authority. Complaints to the Danish Data Protection Agency can be made via https://www.datatilsynet.dk/borger/klage/saadan-klager-du.
| Activity | Purpose | Personal data | Home | Collection | Disclosure of information | Transfer of data to third countries | Deletion deadline |
|---|---|---|---|---|---|---|---|
| General inquiries | When you contact us via our contact forms, app, email, telephone, Facebook, or letter, we collect and process the information you provide to us. The processing is done for the purpose of handling and responding to your inquiry. | Name Contact details (telephone number and email) Content of the inquiry | GDPR, Art. 6(1)(f) (balancing of interests rule), where our legitimate interest is to respond to your inquiry. | Collected from data subject | NA | NO | Up to 3 years from the date of inquiry. |
| Subscribe to newsletter | When you sign up for our newsletter, we collect and process the information you provide us with when you sign up. We also continuously collect information about reading and interaction with newsletters in order to target our marketing. | Name Address (optional) Birthday (optional) Contact details (phone number and email) Tracking of reading and interaction | GDPR, Art. 6(1)(a) (consent). | Collected from the data subject through registration via a form. | NA | NO | Up to 3 months after unsubscribing from the newsletter. |
| Contacting customer service | When you contact us via our contact forms, by email, by telephone, or by letter, we collect and process the information you provide to us. The processing is done for the purpose of handling and responding to your inquiry. | Name Contact details (telephone number and email) Content of the inquiry | GDPR, Art. 6(1)(f) (balancing of interests rule), where our legitimate interest is to respond to your inquiry. | Collected from the data subject. | NA | NO | Up to 3 years from the date of inquiry. |
| Recording of telephone calls in the customer service center | Contact with our customer service center via telephone may be recorded after prior consent for use in internal employee training. | Audio recording of the telephone conversation Telephone number Time of the call. | GDPR, Art. 6(1)(a) (consent) | Call to customer service | NA | NO | Up to 3 months after the interview. |
| Customer relationship management (CRM) | Processing in the CRM system is intended to provide an overview of our network, identify marketing and sales opportunities, and customize and plan events. | Customer name Contact person Address Tel. | GDPR, Art. 6(1)(f) (balancing of interests rule), where our legitimate interest is to be able to manage and strengthen customer relationships and develop our business and services. | Publicly available sources such as cvr.dk, BBR, LinkedIn.com, websites | NA | NO | As long as the data is necessary for the purposes mentioned, or until the data subject requests deletion of the data. |
| Battery monitoring | Monitoring of battery for maintaining operation, service intervals, system updates, etc. | Customer name Address Tel. Battery identification number Battery location | GDPR, Art. 6(1)(b) (performance of a contract) GDPR, Art. 6(1)(f) (balancing of interests), where our legitimate interest is to ensure the ongoing operation of the battery. | Collected directly from the data subject or through disclosure by a distributor/partner. | Service partner/technician | NO | Up to 12 months from removal of the battery. |
| Suppliers | Supplier management for optimal purchasing of goods and services. | Supplier name Contact person Address Tel. Account details Delivery times, errors/defects, etc. | GDPR, Art. 6(1)(b) (performance of a contract) GDPR, Art. 6(1)(f) (balancing of interests), where our legitimate interest is to be able to evaluate the business relationship. | Collected from the data subject. | NA | NO | As long as the data is necessary for the purposes mentioned, or until the data subject requests deletion of the data. |
| Debt collection | If a debt arises to us, we will process all the information necessary to determine the claim and collect the debt owed to us. | Name Contact details (address, telephone number, email) Information about the circumstances that led to the debt Any judgments in the case | GDPR, Art. 6(1)(f) (balancing of interests rule), where our legitimate interest is to settle the debt. GDPR Art. 9(2)(f) (legal requirement rule). | Collected from the data subject. | Public authorities (including, in particular, the police and courts) Debt collection partner | NO | Until the claim is settled or becomes time-barred. |
| Recruitment | Review of your job application and other documents. Assessment of your professional and personal qualifications in relation to the position you are applying for. Completion of personality profile and test. Obtaining references from previous employers. Criminal record check, if relevant to the position you are applying for. | Name Address Tel. Job application CV Photo on CV Contact details and references Exam certificates Other information contained in your application and other documents enclosed. | GDPR, Art. 6(1)(f) (legitimate interests), where our legitimate interest is to hire the best candidate for the advertised position. | Collected from the data subject. | NA | NO | Until 6 months after the job posting has been made inactive, unless you consent to a longer storage period. |
| Energy trading | Administration of the agreement on the supply of electricity, including invoicing and billing. Disconnection of electricity supply. Communication with the network operator/bailiff/authorities in connection with any disconnection of electricity supply. The supplier only processes personal data to the extent necessary to fulfill the purposes for which the data was collected. | Customer name Address Tel. Payment information Agreement number Meter number Complaints Consumption-related data CPR number for registration in Datahubben. | GDPR, Art. 6(1)(b) (performance of a contract) GDPR, Art. 6(1)(c) (compliance with legal obligations) | Collected from the data subject. | Network companies, Datahub/Energinet, and other public authorities (including, in particular, the police and the courts) Inkassopartner | NO | As long as the data is necessary for the purposes mentioned. |