1. Data controller and contact information
The local DHI entity that you have entered into a contract with, contacted or in other ways interacted with in accordance with the purposes as set out in section 2 below, is the data controller for the processing of your personal data for the said activities. The list of local DHI entities can be found here: https://worldwide.dhigroup.com, where you also find the applicable contact details. However, you may always contact DHI A/S (Agern Alle 5, 2970 Hørsholm, Denmark, CVR no: 36466871) through +45 4516 9200 or GDPRfirstname.lastname@example.org for matters regarding the processing of personal data.
2. Collection of personal data
In connection with the submission of your data it will always be stated whether the submission is voluntary or necessary for completing the desired action.
Your personal data is collected and processed in one or several of the below cases:
- When you visit a DHI location. We will process your personal data to identify you for visitor registration (name, company, position, email, telephone number) and if you access our free guest Wi-Fi (IP and Mac addresses). At some DHI locations there may be surveillance cameras, and if you appear on any footage, this will entail the processing of your personal data. The legal basis for these processing activities is the GDPR art. 6(1)(f), as it is in our legitimate interest to control access, enable you to access Wi-Fi during your visit and to have video surveillance at our physical locations for security and crime prevention purposes.
- When you sign up for DHI newsletter. The legal basis for such processing is the GDPR art. 6(1)(a). To the extent you have accepted statistical cookies, information gathered by these will be used for marketing purposes combined with this email marketing permission in accordance with our legitimate interest, cf. the GDPR art. 6(1)(f).
- When you enter and browse our website, cookies will be placed in accordance with your cookie consent and the information provided in the cookie-pop-up, which is always available on the website. This may entail the processing of your personal data, hereunder a unique ID number, the IP address, geographical location, the sites you visit, as well as further technical information on your behavior on the website. We rely on the legitimate interest in accordance with the GDPR art. 6(1)(f) for giving you the best possible website experience for the processing of personal data when placing statistical and functional cookies. To the extent you have previously consented to receiving marketing material, we will combine this information with the accepted statistical cookies in accordance with our legitimate interest, cf. the GDPR art. 6(1)(f). We rely on your consent in accordance with the GDPR art. 6(1)(a) for our processing of personal data when placing marketing cookies. We always collect your permission (i.e. cookie consent) in accordance with the applicable cookie legislation prior to the placement of cookies. You prior permission is, thus, a condition for the processing of personal data through cookies.
- When you download our software or applications. The legal basis for such processing is the GDPR art. 6(1)(b).
- When you log in to our MIKE Cloud solutions. DHI may as part of providing any cloud services process personal data regarding end users as a data controller. Such processing is necessary to provide the services, e.g. login and/or contact information. The legal basis for such processing is the GDPR art.6(1)(b) and/or (f).
- When you participate as an external instructor or speaker at webinars, podcasts or courses hosted by DHI. We will process personal data about you when introducing you (name, work email, submitted CV and short biography). The legal basis for such processing is the GDPR art.6(1)(b) and/or (f).
- When you sign up for an event. The legal basis for such processing is the GDPR art. 6(1)(b).
- When you sign up for an online or physical training course or webinar. We will collect personal information about you in connection with your communication and interaction with us. We will only process basic personal data, including name, title or position, email address, telephone and your place and address of employment as well as VAT number. The legal basis for such processing is the GDPR art. 6(1)(b) and/or (f). If you do not wish to receive course invitations in the future, you can unsubscribe at any time by clicking the link at the bottom of the message you receive.
- When you download our eBooks. The legal basis for such processing is the GDPR art. 6(1)(b).
- When you create an account and/or buy products or services at our websites. The legal basis for such processing is the GDPR art. 6(1)(b).
- When you are stated as employee emergency contact (next of kin) by an employee with DHI. We will collect personal data about you (name and contact information) from the DHI employee and process such information in order to be able to contact you in case of an emergency. The legal basis for such processing is the GDPR art. 6(1)(f).
- When you contact us. The legal basis for such processing is the GDPR art. 6(1)(b) and/or (f). The legitimate interest under (f) is for us to be able to respond to your inquiry.
- When DHI provides you or the company you represent with consultancy services. The legal basis for such processing is the GDPR art. 6(1)(b).
- When you participate in voluntary follow-up interviews with the purpose of improvement, quality review, etc. of DHI’s products and services and thus following to the provision of such products and services to you or the company you represent. The legal basis for such processing is the GDPR art. 6(1)(f).
- When you participate in a conference call, video conference or webinar (“online meetings”) using “Teams” and “Zoom”. The Teams service is provided by Microsoft Corporation. The Zoom service is provided by Zoom Video Communications, Inc. and used for webinars, where this service provides features required for the webinar. As online meetings will imply processing of audio and/or video of you, this will entail the processing of your personal data. We require the effective implementation of online meetings in order to fulfil our business purposes. The legal basis for processing is the GDPR article 6(1)(b). In the event we need to record online meetings, we will inform you transparently in advance and – if required – will ask for your consent. If a meeting is being recorded it is visible in the online meeting. In the case of webinars, we may also process the questions asked by webinar participants for the purpose of recording and follow-up of webinars.
- When DHI performs analysis of public satellite images and public data on water levels for our own databases and/or on behalf of our customers, DHI may potentially process personal data, as the title number/parcel number in the land registry may potentially expose personal data. We note that the satellite images and data on water levels are publicly available and, thus, primarily come from the following sources https://scihub.copernicus.eu. We may combine these publicly available data with other non-sensitive datasets, whereas our legal basis for such processing is our legitimate interest in accordance with the GDPR art. 6(1)(f).
If you use your email address in more than one of the above cases, your personal data will only be collected and registered in one place. This way your information is already stored when you interact with us, and you will not receive the same marketing material from DHI more than once.
3. Use of personal data
We will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorised by you. DHI will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
Please note that we will only use your personal data to send marketing material if you have given your explicit consent, unless legislation allows us to contact you without your prior consent.
DHI keeps statistics about which areas of the site our users visit. This information is used to improve the website. We do use data about how our users navigate, to better understand how our users use our websites and from that we try to improve the user experience. Furthermore, we collect information about what our users, as a unit, prefer. This information is also used to improve the website. We do not sell or otherwise disclose information about how our users navigate and use our website.
4. Sharing of personal data
We do not transfer your personal data to any third parties without your consent, except for what is described in this section, without your consent.
Your personal data may be disclosed to partners of DHI (providers who deliver services on behalf of DHI), for example IT service providers, and in relation to sending out newsletters. These partners only process the personal data on behalf of DHI and in accordance with DHI’s instructions. Furthermore, your personal data may be shared with business partners, e.g. freight companies, for the delivery of goods you buy in our webshop.
Your personal data may also be shared within the DHI Group with all DHI affiliated companies. A list of all affiliated companies may be found on the following link: https://worldwide.dhigroup.com.
Under specific circumstances and with reference to legislation, it might be necessary to transfer information to public authorities or the police. For example, information may be disclosed to the police in case of suspicion of credit card fraud.
In the case of a re-organisation, full or partial sale of the company, any disclosure in such connection will be in accordance with current legislation for the processing of personal data.
If your personal data are transferred to data controllers or data processors, which are located in countries outside the EU/EEA not ensuring an adequate level of data protection, such transfers will be adequately safeguarded by DHI, e.g. via the EU Commission’s Standard Contractual Clauses. Please contact us if you wish further information.
5. Deletion of personal data
We will delete your personal data when we no longer need to process them in relation to one or more of the purposes set out above. However, the data may be processed and stored for a longer period in anonymised form.
We take appropriate measures to ensure that we process and store your personal data based on:
- as a minimum for the time period in which we deliver a service to you,
- in accordance with law, contract, or our legal obligations,
- or as long as the data are necessary in order for the purposes for which they are collected, or longer if it is required by contract, applicable law, or for statistical purposes governed by appropriate security measures.
We have implemented security measures to ensure that our internal procedures meet our high security policy standards. For example, we use encryption. Furthermore, we strive to ensure the ongoing confidentiality, integrity, availability and resilience when processing your personal data. In the event of physical or technical incidents, we make every effort to restore the availability and access to your personal data in a timely manner. We also have processes for assessing and evaluating the effectiveness in order to ensure that the security level is sufficient.
8. Your rights
You are at any time entitled to be informed of the personal data about you that we process, but with certain legislative exceptions. You also have the right to object to the collection and further processing of your personal data including profiling/automated decision-making. Furthermore, you have the right to have your personal data rectified, erased or blocked according to the rules. Moreover, you have the right to receive information about you that you have provided to us, and the right to have this information transmitted to another data controller (data portability).
9. Withdrawal of consent
You may, at any time, withdraw any consent you have given and we will delete your personal data, unless we can continue the processing based on another purpose. If you wish to withdraw your consent, please contact us at GDPRemail@example.com or +45 4516 9200.
10. Links to other websites etc.
Our website may contain links to other websites or to integrated sites. We are not responsible for the contents of the websites of other companies or for the practices of such companies regarding the collection of personal data. When you visit other websites, you should read the owners' policies on the protection of personal data and other relevant policies.
12. Amendment of data etc.
If you want us to update, amend or delete the personal data that we have recorded about you, or if you wish to get access to the data being processed about you, or if you have any questions concerning the above guidelines, you may contact us at GDPRfirstname.lastname@example.org or +45 4516 9200. You may also write to us at the following address:
DHI A/S, Agern Allé 5, 2970 Hørsholm, Denmark
If you wish to appeal against the processing of your personal data, please contact us by email, telephone or letter as indicated above. You may also file a complaint with your local data protection authorities, a list of which can be found here: https://edpb.europa.eu/about-edpb/board/members_en.