Privacy notice
1.    Data controller

The entity responsible for the processing of your personal information is:

GRO Capital A/S
Grønningen 17, 2. DK - 1270
Copenhagen
KCVR no.: 29 42 55 58

Contact details of Gitte Kindvig, CFO:
[email protected]
+ 45 23 73 21 78

2.     Description of the processing

Purpose

Business partners

GRO Capital processes personal data of our business partners, e.g. suppliers, and employees of our business partners to be able to registrer contact persons and contact our business partners as part of our day-to-day business.

In case of a disagreement, we may also process personal data in relation to a legal claim against or received from a business partner.

General contact

GRO Capital will process your personal data if you contact us via one of the e-mail addresses stated on our website to be able to handle your enquiry.

If you contact us with an unsolicited job application, please refer to our privacy notice for job applicants.


Categories of personal data

Business partners

We process the following categories of personal data about you:

a)  Ordinary personal data:

·      Name, work email address, work number, employer, title, whether an investor or not and content of correspondence.

General contact

We process the following categories of personal data about you:

a) Ordinary personal data:

·      Name, (work) email address, (work) phone number, employer, title, content of correspondence.

Source of the personal data

Business partners

We collect your personal data from the following source(s):

·      Directly from you

·      From your employer

·      Online sources, e.g. social media or company websites that are publicly available

General contact

We collect your personal data from the following source(s):

·      Directly from you

Legal basis for the processing

Business partners

We process your personal data on the following legal bases:

Article 6.1.f (necessary for the pursuit of legitimate purposes of us). GRO Capital processes your personal data based on following legitimate interests:

·      GRO Capital's legitimate interest in being able to contact our business partners and employees of our business partners to carry out the contract, we have concluded with our business partners.

·      GRO Capital's legitimate interest in being able to establish, exercise and defend a legal claim in relation to a business partner.

General contact

We process your personal data on the following legal bases:

Article 6.1.f (necessary for the pursuit of legitimate purposes of us). GRO Capital processes your personal data based on following legitimate interests:

·      GRO Capital's legitimate interest in being able to handle any enquiry received.

·      GRO Capital's legitimate interest in being able to establish, exercise and defend a legal claim in relation to a specific enquiry.

Recipients

Business partners

We share your personal data with:

·      Other GRO Capital entities, including funds and investment vehicles

·      Advisors, e.g. consultants and legal advisors

·      IT providers, who offers IT systems, hosting and support.

General contact

We share your personal data with:

·      Other GRO Capital entities, including funds and investment vehicles

·      Advisors, e.g. consultants and legal advisors

·      IT providers, who offers IT systems, hosting and support.

Data retention

Business partners

We will retain personal data processed for this purpose for:

As long as necessary to fulfil the purpose for which it was collected. We will delete your personal data when the contract with your employer has been fulfilled or terminated, and we no longer need the personal data for documentation purposes, i.e. typically five years after the end of the business year in which the contract was fulfilled or terminated.

In some situations, we will process your personal data for a longer period of time, e.g. for GRO Capital to be able to establish, exercise or defend a legal claim.

General contact

We will retain personal data processed for this purpose for:

As long as necessary to fulfil the purpose for which it was collected. We will delete your personal data after your enquiry has been handled, and we no longer need the personal data for documentation purposes, i.e. typically 5 years after our latest correspondence.

In some situations, we will process your personal data for a longer period of time, e.g. for GRO Capital to be able to establish, exercise or defend a legal claim.

3.     Transfers to countries outside the EU/EEA

As part of our business operations, we will be transferring personal data to countries outside the EU/EEA, including to our office in the United Kingdom and to our investors in USA and Australia.

United Kingdom has been deemed by the Commission of the European Union to have an adequate level of protection of personal data pursuant to GDPR article 45. If our investors in USA have self-certified under the EU-US Data Privacy Framework ("DPF"), reliable transfer mechanisms for transfers of personal data to these investors will be in place, ensuring data protection that is consistent with the GDPR and EU law. The transfers of personal data to investors who have self-certified under the DPF will therefore take place on the basis of GDPR article 45.

Transfers to USA to investors who have not self-certified under the DPF and Australia will take place on the basis of GDPR article 49.1.b. USA and Australia usually do not ensure a level of protection essentially equivalent to that ensured within the EU/EEA. Therefore, you must be aware that these countries may not provide effective legal remedies to exercise your rights and may allow unjustifiable access to personal data by public authorities.

Furthermore, we will be transferring personal data to our data processors Microsoft and Dropbox, which may imply further transfers to their sub-processors.

Transfers to Microsoft may include limited transfers to countries outside the EU/EEA, including to Australia, Brazil, Canada, China, Egypt, Hongkong, India, Israel, Japan, Malaysia, Serbia, Singapore, South Africa, South Korea, Switzerland, United Kingdom, United Arab Emirates and USA, and transfers to Dropbox may include limited transfers to USA.

Canada, Israel, Japan (provided that the recipient is subject to the Japanese Act on the Protection of Personal Information - Act No. 57 of 2003), South Korea, Switzerland and United Kingdom have been deemed by the Commission of the European Union to have an adequate level of protection of personal data pursuant to GDPR article 45. Microsoft and Dropbox have self-certified under the DPF, and transfers to these data processors in USA will therefore also take place on the basis of GDPR article 45.

Transfers to recipients in the countries that have not been deemed by the Commission of the European Union to have an adequate level of protection of personal data or to recipients in USA who have not self-certified under the DPF will take place on the basis of the following legal basis:

·       Through the use of "Standard contractual clauses for international transfers" as published by the Commission of the European Union, or any other contractual agreement approved by the competent authorities. You may obtain a copy of the contract/agreement by contacting [email protected].

4.     Your rights

You have the following rights:

·        You have the right to request access to, rectification or erasure of your personal data.

·        You also have the right to have the processing of your personal data restricted.

·        You have the right to receive your personal information in a structured, commonly used and machine-readable format (data portability).

·        You may always lodge a complaint with a data protection supervisory authority, e.g. The Danish Data Protection Agency.

Furthermore, you have the right to object to processing of your personal data as follows.

·       If processing of your personal data is based on article 6(1)(f), see above regarding legal basis, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data.

You can take steps to exercise your rights by sending us an email via [email protected].

There may be conditions or limitations on these rights. It is therefore not certain for example you have the right of data portability in the specific case - this depends on the specific circumstances of the processing activity.

Last updated: 27 November 2023

We Invest in and Develop Outstanding Software Companies

PRESS RESPONSIBLE
Krista Hein Lindahl

[email protected]

LONDON

GRO, 12 Hay Hill
London W1J8NR
United Kingdom