GDPR




Notice to our business partners:       

The Nilfisk group of companies stores and uses contact information about the contact persons and other relevant employees at our business partners globally, as well relevant information about our investors.

The European Union’s (EU)  General Data Protection Regulation 2016/679 (GDPR) governs how Niflisk may use this information. Under the GDPR, information about individuals is called personal data, and has a broad scope: anything that can be used to identify an individual – a name, a bank account number, a photograph – is personal data. Collecting, using, storing and sharing information is called data processing.

The GDPR applies to any Nilfisk company based in the EU and processing the personal data of persons residing anywhere globally. It also applies to Nilfisk companies located outside the EU if, in the course of doing business in the EU, they process the personal data of persons residing in the EU. The GDPR does not apply when a Nilfisk company outside the EU processes personal data of persons residing outside the EU.

What kind of business partner personal data does Nilfisk process and why do we process that data?

Customers, including customers advisors and other representatives, e.g. attorneys:

Nifisk processes the following types of personal data of employees at our customers:

- Names, job titles and job functions
- IP addresses
- Business address and other contact details, e.g. telephone numbers and e-mail addresses

GDPR processing legal basis:

Nilfisk processes this personal data to communicate with customers in order for Nilfisk, as a vendor, to:  
- Comply with its contractual obligations and exercise its contractual rights; 
- Comply with regulatory requirements as a vendor, e.g. reporting to tax authorities, Customs, health and safety agencies, environmental authorities,
        enforcement agencies and
-       address legal issues arising from its business relationships.

Further, Nilfisk processes this data because of its legitimate interests in
- Maintaining and enhancing its relationships with customers, in order to provide them with its products and services,
        including repair and maintenance;
- Regularly providing current or prospective customers with information about Nilfisk’s products and services, e.g. in newsletters;
- Enhance Nilfisk’s website’s functionality and user experience using Cookies,
- Unsolicited commercial contacts and, with prior consent, direct marketing communications, and;
- Generating statistics and other general, anonymized information to enhance products and service.

Nilfisk stores your data for as long as operationally or legally necessary, including:

- Up to ten years after we are in contact about our business relationship;
- Until you instruct us to delete your data, which we will do subject to retaining data necessary for relevant business purposes, e.g. accounting,
        service and legal requirements, or;
- Up to ten years after concluding an actual or potential legal dispute involving the customer.

Nilfisk obtains personal data from customers, Nilfisk employees and e.g., directories, data brokers.

If you want to learn more about receiving newsletters or direct marketing communications, click here.

Vendors, including customers advisors and other representatives, e.g. attorneys:

Nifisk processes the following types of personal data of employees at our vendors:

- Names, job titles and job functions
- Business address
- Other contact details, e.g. telephone numbers and e-mail addresses

Processing legal basis: Nilfisk as a customer processes this personal data to communicate with vendors in order to: 

- Comply with its contractual obligations to its vendors and exercise its contractual rights; 
- Comply with regulatory requirements as a customer, e.g. reporting to tax authorities, Customs, health and safety agencies,
        environmental authorities, enforcement agencies, and;
- Address legal issues arising from its business relationships.

Further, Nilfisk processes this data because of its legitimate interest in maintaining and enhancing its relationships with vendors, in order to obtain or consider obtaining their products and services, including repair and maintenance. 

Vendor due diligence:  Prospective vendors seeking to supply Nilfisk are required, in the Ariba procurement system, to complete due diligence questions about their past and current activities as regards legal compliance (anti-corruption, foreign trade controls, competition law and data protection laws) and corporate social responsibility (CSR) matters. The questions ask e.g. about violations of applicable laws, including trade sanctions, or official investigations, as well as about adherence to CSR regulations and standards.  

In addition, Nilfisk obtains and processes reports from third party due diligence service providers, due diligence reports on vendors and other relevant business partners, covering legal compliance and CSR risks, e.g. records of prosecutions, media coverage and general public reputation.

When a business relationship has begun, Nilfisk monitors its business partner’s compliance with applicable laws, e.g. anti-corruption laws, and the provisions of our agreement.

Due diligence monitoring may include the personal data of key individuals associated with business partners.

Due diligence and monitoring data processing legal basis:

- Nilfisk has a significant legitimate interest in knowing background of prospective business partners before agreeing to do business, in order
        to adequately evaluate legal and reputational risks;
- Nilfisk likewise has a significant legitimate interest in being aware of legal or reputation risks it may face as a result of a business partner’s
        violation of laws, behavior standards or contractual duties;
- Contracts with business partners contain legal compliance and behavior obligations; and 
- Nilfisk must know the legal risks arising from a business partner’s background and ongoing actions in its relationship with Nilfisk in relation to
        potential or actual legal claims, including from relevant law enforcement and other government agencies, e.g. anti-corruption, trade sanctions,
        competition laws.
-       The foregoing interests significantly outweigh individuals’ privacy interests. Due diligence obtained from third parties is kept as confidential
        information available only to employees and third party advisors, e.g. legal advisors, on a need-to-know basis.

Nilfisk stores your data for as long as operationally or legally necessary, including:

- Up to ten years after we are in contact about our business relationship;
- Until you instruct us to delete your data, which we will do subject to retaining data necessary for relevant business purposes, e.g. accounting,
        service and legal requirements (NOTE: deleting your data might mean that our business relationship ends if we no longer may contact you), or; 
- Up to ten years after concluding an actual or potential legal dispute involving the vendor.

Nilfisk obtains personal data from vendors and Nilfisk employees.

Other business partners, e.g. advisors, consultants, agents, prospective partners:

Nilfisk processes personal data for these types of third parties in the same way as it does for customers and vendors, and for the same commercial, contractual and legal purposes. As required by law, certain key advisors are included on an Insider List of persons with knowledge of sensitive Nilfisk business information. 

Sharing and transfer of data:

Nilfisk shares business partner data, on a need-to-know basis, within the Nilfisk organization, and with certain data processors. 

Customers: Your data will generally be available in the following places within Nilfisk:

- Your own country
- The EU
- The United States
- India

Nilfisk will also share your personal data with third party dealers of its products in your local area, in order that they can contact you about potential business. You can opt out of this service here.

Vendors, other business partners: Your data is accessible to all Nilfisk companies globally, and relevant third party business partners, unless otherwise agreed. You can see the list of countries here​.

General: Nilfisk will share relevant data as needed with third parties engaged to support Nilfisk operations, e.g. accounting, logistics, insurance, quality control, enhancing products and services, gauging customer loyalty. Nilfisk transfers and/or makes data accessible outside the European Economic Area (EEA)  under standard EU data transfer agreements with the data recipients, on an as needed basis, to global Nilfisk companies, data processors and companies providing communications and other services. The countries outside the EEA where data may be transferred or is accessible through Cloud Systems is: LIST LINK

Investors:

In accordance with Danish legislation and the rules imposed by the NASDQ share exchange, Nilfisk  maintains a shareholder register of all investors, including the name, address, title, contact details and share account number that each individual investor has provided. The data are processed by a third party data processor, and a small number of Nilfisk employees in Treasury and Group Legal may access the register. Data is deleted within a few days after a Nilfisk shareholder disposes of his/her shares.

Individual investors wishing to attend shareholder meetings provide Nilfisk’s data processor with their names and the names of their guests. These data, and the attendance registration number, are stored by the processor no later than five years after the meeting, and then deleted. Investors may also join quarterly webinars using their name and e-mail address, and those data are deleted no later than five years after the call. Only Nilfisk employees involved in those events can access the data in both cases.

Nilfisk University:

Persons request to receive training on Nilfisk products through Nilfisk University (NU) have consented through the application process to having specific data processed in relation to admission, training, testing and evaluation. Their data are available to Nilfisk employees involved in the training and accounting and relevant third party data processors in the EU, US and India, and to their own employers, which may be Nilfisk customers. Further data processing details are found on the admission and other NU materials. 

Your rights regarding your personal data.

The GDPR, when applicable, grants certain rights regarding Nilfisk’s processing of their data. Contact Nilfisk’s Group Legal Dept. if you wish to exercise the following rights, if applicable, regarding your data:

- Request right of access to the personal data Nilfisk has about you, and receive it a copy of it.
- Ask Nilfisk to correct or update your data if our information is inaccurate.
- Request Nilfisk to stop or limit processing your data to the extent feasible while correcting errors.
                      o​​     Including for customers: stopping unsolicited contacts or direct marketing communications.
- Under certain circumstances, request data portability, e.g. to provide your personal in a PDF (machine readable) format to you or transmit such
        data to another data controller, if technically feasible.
- Request erasure of your personal data if specific conditions are met.
- Withdraw your consent to processing of personal data which will be effective from the time of withdrawal.

Nilfisk will comply with your requests to the extent possible, subject to:

- Its obligations under laws and agreements, 
- Its recordkeeping practices, including retaining necessary business documents 
- Its legal interests, including those related to possible legal claims.

All of which may limit Nilfisk’s ability to fully comply with your request. You can also contact your national data protection agency with questions or complaints about Nilfisk’s processing of your personal data.

If you have questions:

- The Nilfisk company collecting and processing your data is the Data Controller 
- The list of relevant Nilfisk companies is found here​
- If you have questions about deleting your personal data at Nilfisk, please click here​
- If you have other questions about your personal data at Nilfisk, please click here.
- EU data protection agencies, please click here.
- With other questions, please contact the Global Compliance Officer in Group Legal:
        Nilfisk A/S, Kornmarksvej 1, DK-2605 Brondby, Denmark: gdpr.com@nilfisk.com
​​​​​​​​​