Privacy policy for NIRAS Group and its subsidiaries
This privacy policy describes how NIRAS Group A/S and its subsidiaries ("NIRAS", "we", "our" and "us") protect your privacy and therefore we wish to inform you about how your personal data is used by us and within the Group.
Data Controller
The legal entity responsible for the processing of your personal data is :
NIRAS A/S
CVR-nr. 37295728
Sortemosevej 19-21
3450 Allerød, Denmark
Contact details
If you want to contact us regarding our processing of your personal data, please contact us at
GDPR@niras.com / T: +45 4810 4200
Table of contents
1. Processing of personal data
4. Suppliers and cooperating partners
1. Processing of personal data
Personal data are all kinds of information that to some extent are related to you personally. If, for some reason, you do not want us to process this information, it may cause problems to maintain and meet possible agreements and legal obligations.
1.1 Data security
We have taken appropriate technical and organizational measures to secure your information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access. We ensure that the processing can only take place when all data protection principles have been met.
1.2 We keep data up to date
Since our services depend on your data being correct and up to date, we ask you to inform us of relevant changes to your data. You can use the contact details stated above to notify us of changes, we will then make sure to update your personal data. In case we become aware that your data are incorrect, we will update them and keep you informed.
When we are a data processor, we process personal data in accordance with the instructions and guidelines set out in the data processing agreement entered into with the data controller.
1.3 Data mining
We collect, process and retain only the personal data that are necessary to fulfil our stipulated goals. In addition, it may be subject to legislative control what kind of data collection and storage is needed for our business operation. The kind and scope of information we process may also be determined by the requirement to fulfil a contract or any other legal obligation.
1.4 Website visitors
In connection with you visiting our website, we will receive personal data about you in the form of cookies. This is described in more detail in NIRAS' cookie policy, which you can find here: https://www.niras.com/cookies/.
Below you can see on what legal bases we process your information, for what purpose and for how long we store it.
2. Potential clients
For you to become our client, we will need to collect the following personal data on you:
- Name
- Enterprise
- Telephone number
- Address
- CVR number
We collect personal data on potential clients for the following purposes:
- Possible future cooperation or financial transaction
- Administration of your relation to us
We collect this information on the following legal basis:
- NIRAS’ legitimate interest in collecting and preserving data of our potential clients is to promote the communication between the two parties. Only data that have been provided by the client will be retained.
We retain the personal data for as long as the legislation allows, and we will erase them when we do not need them any longer. The period depends on the character of the information and the background for our retaining it. Typically, data concerning potential clients will be deleted after termination of the agreement or when the correspondence is no longer considered relevant. We will, however, retain the data as long as the client relation still exists.
- Data on potential clients will be erased no later than two years after the last contact or on the client’s demand
3. Clients
For you to become our client, we will need to collect the following personal data about you:
- Name
- Enterprise
- Telephone number
- Address
- CVR number
- Signature
- Location information
We collect personal data on our clients for the below purposes:
- Processing your purchase, and delivery of our services
- Administration of your relation to us
We collect this information on the following legal basis:
- The processing takes place based on fulfilment of the contract between the client and NIRAS.
We retain the personal data for as long as the legislation allows, and we erase them when we do not need them any longer. The period depends on the character of the information and the background for our retaining it. Typically, data concerning clients will be erased upon termination of the agreement.
- Data on the client will be erased no later than five years after termination of the relationship.
4. Suppliers and cooperating partners
For you to become our supplier or cooperating partner, we will need to collect the following personal data about you:
- Name
- Address
- Telephone number
- CVR number
- Signature
We collect personal data on our suppliers and partners for the below purposes:
- Processing our purchase/services
- Administration of your relation to us
We collect information on the following legal basis:
- The processing takes place based on fulfilment of the contract between the supplier or cooperating partner and NIRAS
We retain the personal data for as long as the legislation allows, and we erase them when we do not need them any longer. The period depends on the character of the information and the background for our retaining them. Typically, data concerning potential clients will be deleted upon termination of the agreement.
- Data on the supplier will be erased upon expiry of the product warranty, otherwise information is retained in accordance with the accounting act.
5. Recruitment
The purpose of processing personal data about you in the recruitment process is to assess whether you are a qualified candidate for a vacant position with us.
Personal data that appears in the recruitment process is the information that appears on your application, CV and other enclosed documents that are registered. It is not necessary that you write your CPR-number.
Your application with supporting documents will be shared internally with relevant staff in the recruitment process, but will not be shared with people outside NIRAS.
Where appropriate, we use external recruiters to assist us in the process, which is why your information may be collected by them on our behalf or shared with them
If you are called for a job interview, we will note information and information for use in the further recruitment process.
We process this information on the following legal bases:
- On the basis of our legitimate interest, which is to assess your qualifications and competences in relation to the advertised position, cf. Article 6(1)(f) of the General Data Protection Regulation.
- The processing of your CPR number only takes place if you have submitted it yourself in connection with the application or CV. We process civil registration numbers in order to defend or assert a possible legal claim, cf. section 11(2)(4) of the Danish Data Protection Act, cf. section 7(1) and Article 9(2)(f) of the General Data Protection Regulation.
If you submit personal data of a sensitive nature, we process it on the following legal basis:
- Based on a legitimate interest that is in both parties' interest in the assessment of a future cooperation, cf. Article 6(1)(f) of the General Data Protection Regulation, and the data may be processed for the purpose of establishing or defending any legal claim regarding the recruitment process, cf. Article 9(2)(f) of the General Data Protection Regulation.
Application and supporting documents can be stored for up to 6 months after the recruitment process has been completed, after which your information will be deleted. The purpose of storage after the recruitment process has been completed is to secure interests in the event of any objections to discrimination, discrimination, etc. during the recruitment process.
If we wish to save your application with supporting documents for possible future employment, this is done on the basis of your consent, cf. Article 6(1)(a) of the General Data Protection Regulation.
In unsolicited applications, we process your information on the basis of our legitimate interest, cf. Article 6(1)(f) of the General Data Protection Regulation, which is to assess your qualifications and competencies in relation to possible future employment.
For unsolicited applications, the application and attachments are stored for a maximum of 6 months, after which it is deleted. If we wish to store your application for longer than this, this is done on the basis of a specific consent from you.
Your consent is voluntary and you can withdraw it at any time by contacting us using the above contact details.
6. Courses and seminars
When you participate in a course or seminar at NIRAS, we use your personal data to keep in touch with you before, during and after the activity. If you are employed by one of our customers/partners and you are registered for a course or seminar.
For the purpose of conducting a course or seminar, we process this information about you:
- Name
- Position
- Telephone
- Where you are employed
The sources of the information we process come from yourself or from your employer, if it is the employer who has registered for the course or seminar. We process your personal data as described above based on Article 6.1.b if you are a party to the agreement, as the information is necessary to fulfil an agreement with you. The processing may also take place on the basis of Art. 6.1.f (the balancing of interests rule), where the legitimate interest is to administer seminars and send out evaluation forms, etc.
We store your personal data for as long as necessary to complete the course or seminar in question and to evaluate it. A course may be part of a pre-defined context with other courses or network establishment and in these cases we store your personal data until the entire course or networking work has been completed and evaluated. If you are employed by one of our customers/partners, we store your information as long as we enter into a business relationship with the client.
In the case of a payment arrangement, we store invoice data in the financial year plus 5 years as stipulated by the Bookkeeping Act.
7. Marketing
We use personal data in connection with marketing initiatives, including to be able to target our communications to you. The targeted communication includes the sending of newsletters. For this purpose, we only process personal data, including:
- Name
- Position
- Telephone
- Where you are employed
- We also register which language you wish to receive our material in.
The personal data we use comes from you. The information may also be obtained through the use of our website. If you have signed up for one or more of our newsletters, we will store your personal information for as long as you wish to receive material from us and for two years thereafter. If we have collected publicly available information about you in order to carry out marketing initiatives, we store material about you for as long as the relevant initiative is in progress and two years thereafter.
We process this information on the following legal bases:
- You have consented to us sending you the newsletter, cf. Article 6(1)(a) of the General Data Protection Regulation
Your personal data will be deleted when you withdraw your consent. You are free to withdraw your consent, and you can use the contact information at the top if you wish to withdraw your consent.
8. Social media
When you choose to follow or like us on the social media Facebook, LinkedIn and Instagram, you will see/receive news from us via social media.
When you like and / or follow us, we process the following information about you:
- Your name/username
The purpose of using social media is to keep interested followers updated on e.g. NIRAS projects, events, recruitment, webinars and how it is to work at NIRAS.
We process this information on the following legal bases:
- Our interest in marketing and improving our website and product (Article 6(1)(f) of the General Data Protection Regulation)
8.1 LinkedIn
We are joint data controllers with LinkedIn for the information about you collected when you visit our site. This means that together with LinkedIn, we must distribute and determine the responsibility for complying with the legislation regarding the processing of your personal data.
You can find our agreement on joint data responsibility here: https://legal.linkedin.com/pages-joint-controller-addendum
If you do not have a profile on LinkedIn, information about your device, location/geodata and information about your behavior on LinkedIn and outside LinkedIn is collected, e.g. visits to websites.
If you have a profile on LinkedIn, information that you have given permission to in connection with the creation of your profile is also collected, such as reactions, comments and shares you and others make.
We only receive the information that you send to us in the form of your inquiry, like or comment. In addition, we receive anonymous statistical information about users from LinkedIn, via a feature called LinkedIn Page Analytics.
If you wish to delete your information from LinkedIn, you must delete your profile. If you delete your profile, it also means that your posts, photos and information will be deleted. If you have questions about LinkedIn Page Analytics, please contact LinkedIn.
8.2 Facebook og Instagram
We are joint data controllers with Meta for the information about you collected when you visit our pages on Facebook and/or Instagram. This means that together with Meta, we must distribute and determine the responsibility for complying with the legislation regarding the processing of your personal data.
You can find our agreement on joint data responsibility here: https://www.facebook.com/legal/controller_addendum
Meta collects information about you, even if you don't have an account with them. You can read more about this here: Meta's Privacy Policy – How Meta collects and uses user data | Privacy Center (facebook.com)
Meta also uses Insights on Facebook /Instagram to collect statistical information about visitor behavior on the page, including age, gender, relationship status, work, lifestyle, areas of interest, information about purchases and geographical information. For this purpose, Meta has placed cookies on your device when you visit Facebook/Instagram. Each cookie contains a unique identification code that remains active for a period of two years unless they are deleted before the end of this period. Meta receives, stores and processes your personal data through these cookies. We receive aggregated results from this information.
To read more about Facebook's/Instagram's use of cookies here:
https://m.facebook.com/policies/cookies/
Cookie Policy | Instagram Help Center
We do not disclose information about you that we receive from Meta. However, Meta may disclose information about you to third parties. You can read more about this under the item "how is this information shared" in their Privacy Policy.
If you wish to delete your cookies, you can see how via our Cookie policy, or you can contact Meta.
9. Consultancy network
When we receive your registration for the consulting network, your registration will be handled according to the following principles:
Competences and CV including enclosures will be distributed internally to relevant persons.
Personal data received in your registration for the consultancy network will be processed as follows: Consent; It is the understanding that in connection with the consultant himself passing on his data to AlfaNordic, then these data are processed with the consent of the consultant. Our processing will stop at the point in time when the consent is withdrawn.
We will store your information including enclosures until you no longer want to be part of the consultancy network. Your information will automatically be deleted 2 years after last contact.
Every 6 months you will be asked if you want to continue to be part of the consulting network. If you no longer wish to be a member of the consultancy network, all information, CV and supporting documents will be deleted.
Your consent is voluntary and you can withdraw it at any time by contacting us using the contact details above or by using your login to the consultancy network.
10. Passing of information
We use several third parties to retain and process the data, including suppliers of IT solutions: Activecampaign, Coma Systems, Keepit, Maconomy, Microsoft, People Test Systems and Umbraco. These companies solely process information on our behalf and may not use it for their own purposes. Where applicable, data may be passed on to lawyers, banks, government agencies, subsidiaries, accountants, insurance companies, and pension providers.
We only use data companies in the EU and third countries having the necessary security-related guarantees, and companies in countries that can provide your data with adequate protection.
In some cases, however, we use American software and solutions in connection with the daily operation. A risk assessment is conducted for each provider.
11. Your rights
- You have a right any time to be informed about the data we retain on you, where they come from and what we use them for. You can also get information about how long time we store your personal data and who receives data about you to the extent we pass on data in Denmark and abroad.
- On your request we can give you the data we retain on you. However, access may be restricted for the sake of other persons’ privacy protection, trade secrets and intellectual property rights.
- If you believe that the personal data, we retain on you are inaccurate, you have a right to have them corrected. You need to contact us with information of the inaccuracies and how they can be corrected. Please be as specific as possible about your corrections, otherwise, it will complicate our work, and may in some cases lead to our non-compliance with your correction.
- In some cases, we will have an obligation to erase your personal data. This applies e.g. if you withdraw any consent given. If you believe that your data are no longer required in relation to the purpose for which we obtained them, you may ask us to erase them. Moreover, you can contact us if you believe your personal data are being processed in violation of the law or other legal obligations.
- You have a right to file a complaint with the Danish Data Protection Agency Datatilsynet
- You have a right to raise an objection to our processing of your personal data. You can also object to our passing on your data for marketing purposes. You can send your objection to us using the contact details above. If your complaint is justified, we will make sure to stop processing your personal data.
- You can use data portability if you want your data transmitted to another data responsible or data controller.
- We erase your personal data on our own initiative when they are no longer required for the purpose for which we collected them, or when we have no lawful rights to store them any longer.
You can exercise your rights by contacting NIRAS at GDPR@niras.com or by phone +45 4810 4200
When you contact us with a request to have your personal data corrected or erased, we will investigate whether the conditions are fulfilled, and will hence implement corrections or erasure as soon as possible.
There may be conditions or limitations to these rights. It is therefore not certain that you e.g. have the right to data portability in the specific case – this depends on the specific circumstances of the treatment activities.
Last edited: 27-01-2023
Reach out if you have any questions
