Privacy statement for Solar Group

1. Information about the processing of personal data

Your personal data and the security of our processing of such is important to us, and we, therefore, take great care to ensure that your personal data is handled responsibly. Solar’s websites are provided and controlled by:

Solar A/S
Reg. no.: 15908416
Industrivej Vest 43
6600 Vejen
Denmark

(hereinafter ”Solar”, "we", "us " or "our").

This policy explains how we collect, use, store, and protect personal data when you access or use our services, platforms, applications, or business solutions. It also outlines your data protection rights and the legal safeguards applicable to the processing of personal information.

This policy applies to both our online and offline data collection activities, including personal data collected through our websites, applications, business communications, third-party platforms, events, customer interactions, and other commercial touchpoints in accordance with EU Regulation No. 2016/679 the General Data Protection Regulation (GDPR).

This policy provides a general overview of our data protection and privacy practices. Additional provisions, disclosures, or rights may apply depending on the applicable jurisdiction, including country- or state-specific privacy regulations.

Solar Group consists of the following companies besides Solar A/S: 
Solar Norge AS
Solar Sverige AB
Solar Nederland B.V.
Solar Polska Sp.z.oo
P/F Solar Føroyar

For other companies not mentioned above where Solar holds the majority of shares, please see each company’s respective privacy policy for the processing of personal data within that company. 

2. Solar's role as a data controller

This policy is issued on behalf of Solar as the sole data controller for Solar Group. Unless otherwise specified, the entity acting as the data controller is Solar, and Solar is the entity determining the purposes and means of processing your personal data. Where you enter into a contract directly with a local affiliate within the Solar Group, that affiliate will act as the data controller solely in relation to the activities and obligations associated with that contractual relationship.

In connection with the operation of our business, we process certain personal data. We do this in order to serve you in the best possible way. We mainly collect and process general (non-sensitive) personal data.

If you have any questions, comments or inquiries about our processing of your personal data, please contact us at:

Phone number: +45 79 30 00 00
E-mail: legal@solar.dk 

3. What personal data do we collect and why?

Personal data covers any information that can be used to identify an individual, including, but not limited to, his or her first and last name, age, gender, home or other physical address, mobile number, email address or other contact information, whether relating to his or her private residence or place of work.

We use personal data about you to improve our service and to ensure the quality of our products and services and our contact with you.

We process personal data about you in a number of different situations. Read more about our processing in the different situations below.

3.1. Visitors to Solar’s websites and users of Solar’s online services

When you visit Solar’s websites (e.g. https://www.solar.eu), Solar may process information about your IP address as well as information about your computer, device and browser.

We also process information about your visit (e.g., information about how you access our websites, how you navigate around them, which pages you visit, content you view, your searches, advertisements you have seen, etc.). Personal data is collected through cookies, log files and other tracking technologies. You can read more about our use of cookies below.

We also process personal data that you provide to us in connection with your use of the website, for example, when you use our online chat or when you register online, including your name, address, telephone number, email address and any other information you provide to us.

We use your personal data so that we can make relevant products, supplies, benefits and services available to you and to improve your experience of our websites and online services and the services we offer. We also use personal data to show you content on our and other sites based on your activities and preferences and to limit the number of times you see the same content.

When you use our mobile application Solar Mobile, we may track your location data to be able to offer you location-specific services such as Solar Fastbox.

Our legal basis for processing is our legitimate interests in making our website (and online services) available to you pursuant to Article 6(1)(f) of the General Data Protection Regulation or your consent pursuant to Article 6(1)(a) of the General Data Protection Regulation.

3.1.1. Use of cookies

When you visit Solar’s websites, we collect personal data about you accept cookies, which collect information about your behaviour on our website. Information about your behaviour is a processing of your personal data. Therefore, we process personal data about you when we collect data through the setting of cookies on your device.

The personal data collected includes user behaviour, browser type, device category, information about your preferred settings and IP address.

Other examples of personal data collected and analysed:

• date and time of visit
• which pages are visited on the website
• information on the browser and operating system used
• URL
• etc.

Before we set cookies, you will be informed about the use and purpose of collecting the personal information. Before setting other than necessary cookies on your IT equipment, we obtain your consent. Cookies necessary to ensure the functionality and settings of the website are used without your consent.

If you consent to cookies for marketing purposes, you also consent to Solar using various social media plugins (e.g. LinkedIn and Facebook).
Some cookies are set by third parties, which are detailed in our Cookie Declaration. You can find the Cookie Statement by clicking on the icon in the bottom left corner on our website.

You can find more information in our Cookie Policy about our use of cookies, the retention period of cookies, and how you can delete or refuse cookies. You can find our Cookie Policy here.

3.2. Customers of Solar and customer portal

When you are a customer of Solar and/or register on our customer portal, we process personal data about your name, your company address, work telephone number, e-mail address, title, your purchases, payment information and other information that you provide to us. This may be, for example, in connection with your purchase of our services on our webshop and other situations related thereto.

We process personal data for the purpose of fulfilling the agreement with our customers, for the purpose of providing the services, managing customer relationships, invoicing, keeping statistics and performing quality management, as well as to maintain our customer records and provide general service and sales to our customers.

We also process personal data that relates to transaction-related disputes submitted by customers, clients, or business partners, together with all associated communications, documentation, and records of actions taken in relation to such disputes.

Our legal basis for processing is the agreement with you under Article 6(1)(b) of the General Data Protection Regulation, our legitimate interests in administering your data as a customer under Article 6(1)(f) of the General Data Protection Regulation or to comply with a legal obligation to which Solar is subject, cf. Article 6(1)(c) of the General Data Protection Regulation.

3.2.1. Customer service

When you contact our customer service via e-mail, chat or telephone, etc., we record the personal information that you give us.

The purpose of Solar's use of the personal data is to service and assist you with your queries and to process your request to exercise your rights. We also process such data in order to gain insights on how we can improve our product portfolio and services.

The legal basis for our processing is our legitimate interests under Article 6(1)(f) of the Data Protection Regulation. The legitimate interests we pursue are handling your enquiry, follow-up and general customer service.

3.3. Recruitment

When you apply for a position with us, we receive and process a range of personal data about you. This includes:

• Contact details, birth date, national ID (e.g., CPR, BSN, PESEL, P-tal), gender, nationality
• CV, application letter, qualifications, and references
• Results from assessments, interviews, and social media (LinkedIn, etc.)

To the extent where you are to undertake a position of trust, including if you are to undertake a position as a manager with financial responsibility or accounting and bookkeeping tasks, we may obtain information about your credit rating from a credit rating agency. If, during the recruitment process, information is obtained about your credit rating, we will notify you separately.
 

3.3.1 Storage and erasure of information processed during the recruitment process

If you are not offered the position you applied for, we will delete any information registered about you within 6 months. The purpose of the storage is to document the recruitment process and the reason for not offering you the position.

If you are employed with us, we will retain the information from the recruitment process as part of your employee portfolio during your employment in order to document your employment history. You will receive separate information in this regard in connection with your employment with us.

3.3.2 Storage for the purpose of recruitment at a later time (cv-database)

In certain situations, we would like to keep your application even though it has been turned down for the purpose of recruitment at a later time. If we want to keep your application, we will ask for your consent. We will keep your application for 6 months for this purpose.

The legal basis for our processing is Article 6(1)(b), (c), (f); Article 9(2)(a) of the General Data Protection Regulation; and applicable national legislation (e.g., Danish, Swedish, Polish labour codes).

3.4. Employees at Solar

We process data about our employees in particular when handling employment relationship matters, but also in respect to our suppliers, partners and other third parties. In connection with employment with us, we collect, receive and process certain personal data. This includes:

General Data
Includes name, address, contact info, job title, bank info, work schedules, and salary. Used to fulfill employment contracts and comply with tax/labour law obligations.

Evaluation & Work History
Includes performance appraisals, training records, and potential warnings or disciplinary actions. Used for HR management and legal compliance.

Health Data
Includes medical certificates and information related to sick leave, maternity/paternity, and work injuries.

Family & Emergency Contacts
Data about children (for leave entitlements) and emergency contacts (spouse, partner, etc.).

Control & Monitoring
Includes logging of email/internet usage, GPS data for mileage, and security monitoring via camera surveillance where applicable.

The legal basis for our processing is Article 6(1)(b), (c), (f); Article 9(2)(b) of the General Data Protection Regulation; and applicable national employment legislation. Sensitive data such as health, union membership, or ethnic origin is only processed when required for legal obligations or employee rights.
 
Disclosure of personal data during employment
Solar may disclose your personal data during the employment period to:

• Tax authorities
• Insurance and pension providers
• External auditors
• IT system vendors
• Law enforcement (where required)

All data processors are subject to contractual obligations under GDPR Article 28.

We retain data for the duration of your employment and thereafter only as long as legally required or necessary for defense against legal claims.

3.4.1 Solar Family

Solar process personal data and special category of personal data in connection with applications submitted to Solar’s employee foundation programme “Solar Family”. This includes application for financial support related to serious illness, medical conditions, family hardship, or other exceptional personal circumstances defined in the Solar Family programme. 

The personal data processed for these purposes may include:

• identification and contact information relating to the employee and relevant family members, including children;
• employment information;
• financial information necessary to conduct the assessment for your application;
• information relating to health conditions or medical circumstances affecting the employee or their dependents, including children; and
• supporting documentation voluntarily submitted as part of an application.

Where applications include information relating to dependents or family members, including children above the applicable age of consent threshold, Solar may require separate and explicit consent directly from the relevant individual before processing their personal data, including any special category data concerning health.

Processing of personal data, including special category data, about a child below the applicable consent age is carried out only on the basis of consent given or authorized by the holder(s) of parental responsibility. Where the parents do not cohabit but share parental responsibility, consent must be obtained from both holders. Solar processes such personal data for the purposes of:

• administering and assessing applications for financial assistance;
• determining eligibility for grant of foundation funds;
• managing the distribution of foundation funds;
• maintaining appropriate records, governance, and audit documentation; and
• complying with applicable legal and regulatory obligations.

The legal basis for our processing is the employees or the data subjects’ explicit consent under Article 9(2)(a), together with Article 6(1)(a). Consent is specific and informed, and the data subject may withdraw it at any time. We also process data based on our legitimate interest in administering employee welfare and support programs pursuant to Article 6(1)(f) GDPR. 

Access to personal data and special category of personal data is restricted to authorized personnel, foundation administrators, and individuals with a legitimate business need to review the information in connection with the administration of the foundation. All information is handled confidentially and protected through appropriate technical and organizational security measures.

Personal data collected in connection with foundation applications will only be retained for as long as necessary to fulfill the purposes described above, including any applicable legal, accounting, reporting, or audit requirements. If your application is rejected, all personal data will be deleted within 6 months from the notification of the rejection. Personal data processed for applications that have been granted can be kept as long as necessary to fulfill Solar’s legal obligations for e.g. bookkeeping but will be deleted 5 years from the date of grant of the application.  

In accordance with applicable tax legislation in all Solar Group countries, Solar may be required to report information regarding grants or financial support payments to the local Tax authorities where the recipient is subject to taxation in the country of residents. Such reporting may be based on the recipient’s civil registration number, where applicable.

Except for disclosures required by law or regulatory obligations, Solar will not disclose personal data to third parties without an appropriate legal basis.

3.5. Business partners and/or suppliers to Solar

We collect and process personal data that is necessary for our cooperation with suppliers and other business partners in order to enter into a commercial relationship with us or to interact with us. We endeavor to only collect such information we deem necessary for the cooperation, including especially to fulfil our obligations and safeguard our interests in relation to the purchase of goods and services.

In relation to suppliers and other business partners, we typically only collect and process general personal data such as name, address, telephone number, email address and similar contact information from relevant contact persons. This includes information exchanged with us, e.g. email correspondence, telephone memos and other types of mail, etc.

Processing of such personal data is necessary to pursue our legitimate interest in relation to managing our ordinary business activities.

The processing is based on Article 6(1)(b) or Article 6(1)(f) of the General Data Protection Regulation.

We retain necessary personal data of our business partners and suppliers as long as there is an active cooperation with Solar. When there is no longer an active cooperation, personal data is not retained longer than necessary to fulfil the purposes for which it was collected. The personal data may, for example be stored in accordance with other relevant legislation such as Bookkeeping Acts or as a result of a dispute. When your personal data is no longer needed, we ensure that it is deleted in a secure manner.

3.6. Participants in competitions

When you participate in competitions issued by Solar, we process personal data regarding your name, e-mail address and response to the competition in question.

We process your personal data for the purpose of managing competitions, drawing winners, etc.

Our basis for processing is our legitimate interests in conducting the competition and contacting the winner in accordance with Article 6(1)(f) of the General Data Protection Regulation.

you participate in a competition with us but are not drawn as a winner, your personal data in relation to the competition will be deleted immediately after the winner is drawn.

3.7. Marketing recipients

When you receive marketing, including newsletters from Solar, we process personal data about your name, address, telephone/mobile number, email address and product interest. We also process information about your preferences in relation to marketing or communications, your use of the marketing we send to you (including, for example, whether you have opened an email from us, whether the email has been read and which links you have opened), and other information that you provide to us.

We process your personal data for the purposes of marketing our company and its services, setting you up and managing you as a marketing subscriber. We use the personal information about your preferences and usage to understand the way our customers receive our marketing and to improve marketing to you and our other customers going forward.

We will only send you marketing material by email or other electronic means once we have obtained your consent where this is required under the relevant Marketing Practices Act in relation to the European ePrivacy Directive.

We also use personal data about you to show you content on our and other sites based on your activities and preferences, as well as to measure the effectiveness of our content and marketing.

The basis for processing is our legitimate interest in complying with your wish to receive marketing from us, in accordance with Article 6(1)(f) of the Data Protection Regulation or your consent under Article 6(1)(a) of the Data Protection Regulation.

You can read more about our processing of personal data when sending newsletters in our newsletter terms.

In accordance with the Danish Consumer Ombudsman’s guidelines and requirements, we will keep evidence of your consent to send you marketing material by email until two years after we last used your consent.

3.8. Participants in events

When you register for and participate in events organised by Solar, we process personal data about your name, address, telephone number/mobile number, and email address, as well as the event you are participating in.

We process this personal data for the purposes of event administration and security, and for us to send you relevant material.

Our basis for processing is our legitimate interests in organising events under Article 6(1)(f) of the Data Protection Regulation or your consent under Article 6(1)(a) of the Data Protection Regulation.

3.9. Customer satisfaction surveys

When you participate in Solar's customer satisfaction surveys and/or our loyalty analyses, we process personal data about your name, e-mail address, telephone number, customer number, your answers and feedback to us in the customer satisfaction surveys and loyalty analyses.

The personal data is collected and stored for the purposes of continuously improving our customers' experience with Solar, developing our products and services and optimising internal processes and systems, etc.

The processing of personal data is based on Article 6(1)(f) of the Data Protection Regulation. The legitimate interest for collecting and storing personal data about you is to pursue our legitimate interests in improving our customer service, optimising our products, services and our general operations, etc.

3.10. CRM system

Solar may collect and store information about customers, potential customers and business partners in a CRM system. Solar only processes ordinary personal data, such as name, address, telephone number, e-mail, position and professional/personal interests.

The personal data is collected and stores for the purpose of relationship management in order to build, optimise and maintain existing and potential client relationships. This is done in order to improve the client experience by marketing services, events or other initiatives.

The processing of personal data is based on our legitimate interests pursuant to Article 6(1)(f) of the Data Protection Regulation. The legitimate interests for collecting and storing data about the data subject in our CRM system is to pursue our legitimate interests in maintaining and optimising the relationship by offering, implementing and evaluating marketing measures.

3.11. Whistleblower scheme

Solar operates a confidential whistleblower scheme for reporting serious breaches of internal policies, laws, or ethical standards.

Purpose and Scope
The scheme allows employees and stakeholders to report suspected misconduct anonymously or confidentially. It is intended for reports involving serious offences, including financial crime, harassment, discrimination, or regulatory violations.

Data Processing and Control
Reports are received and processed by an authorized internal whistleblower unit. If needed, Solar may engage legal advisors or auditors.
The processing includes investigating and documenting reports and any corrective action.

Confidentiality and Anonymity
The identity of the whistleblower is protected and only disclosed:

• With the individual’s explicit consent
• Where required by applicable law
• To relevant authorities or courts where legally obligated.

Although anonymity is respected, the nature of certain reports may indirectly reveal the identity of the reporter.

Data Subject Rights
Individuals mentioned in a report have rights under GDPR, including the right to access and rectify personal data. Notification to such individuals may be delayed or withheld to protect the investigation.

Retention
Whistleblower-related data is retained only as long as necessary for the purposes for which it was collected and in compliance with legal obligations. Unsubstantiated reports are deleted promptly.

Legal Basis
The processing of personal data in the context of the whistleblower system is based on:

• GDPR Article 6(1)(c): Legal obligations
• GDPR Article 6(1)(f): Legitimate interests in ensuring lawful and ethical conduct
• GDPR Article 9(2)(b): Employment and social protection law.
  
  

You can find our Whistleblower policy here.

3.12 Video monitoring and registration at Solar headquarters and premises

Solar process personal data about visitors to our headquarters for site security, access control, prevention and investigation of incidents, and protection of our property and staff (CCTV). Also, Solar process data in connection with visitor administration, including knowing who is on the premises in order to tell the employee you are visiting that you have arrived, secure health and safety as well as to coordinate evacuation in case of fire or emergencies. 

The processing of personal data is based on our legitimate in maintaining a safe and secure site, protecting our assets and personnel, and managing visitor access and evacuations, including in emergencies pursuant to Article 6(1)(f) of the Data Protection Regulation.

3.13 Third party social networks

Processing on social networks
Solar process personal data about individuals who interact with our brand on social media (e.g., likes, comments, shares, messages, and profile information visible to us) to analyze and report engagement and post/ad performance, gather insights into brand perception and audience demographics, give our audience the opportunity to influence future products/services, and collate and respond to messages efficiently.

The processing is based on our legitimate interests under Article 6(1)(f) GDPR in understanding and improving engagement, product portfolio improvement, and providing efficient customer and stakeholder support. Please note that social media platforms may process your data for their own purposes as described in their privacy policies.

Processing for targeted marketing
Solar may process personal data for targeted advertising on social media platforms to deliver, measure, and optimize ads to relevant audiences, including creating/look alike audiences and suppressing existing customers from campaigns.

The platforms may act as independent or joint controllers and may use the data for their own purposes per their privacy policies.

The processing is based on your consent for cookies or similar technologies on our channels (see our Cookie Policy) and, where applicable, our legitimate interests under Article 6(1)(f) GDPR in marketing our services, measuring reach, and preventing irrelevant advertising

Processing for statistics and ad effectiveness
We process personal data to compile usage statistics, measure and improve the effectiveness of our paid ads (including reach, conversions, frequency capping, and audience insights), and to generate aggregated reports on campaign performance.

The processing is based on our legitimate interests under Article 6(1)(f) GDPR in understanding audience behavior and improving the relevance and efficiency of our marketing, while applying data minimization and purpose limitation principles.

Where cookies or similar technologies on our channels are used to collect data for these purposes, we rely on your consent for those technologies (see our Cookie Policy).

4. Sharing information with Solar Group companies

Our group companies may, where necessary, access personal data to provide services to your organization on our or their behalf. Such access is required to perform the activities described above, including for example to:

• deliver ordered products and services
• contact you regarding account, order, and transaction matters
• send information about our websites, applications, and policies
• send direct marketing communications (where permitted and/or based on a valid legal basis)
• send product catalogs and other printed marketing materials
• process data under formal processing arrangements, e.g., fulfill your orders, administer accounts, and/or manage preference settings (including cookie preferences)
• conduct internal research, analytics, and reporting
• identify, investigate, and prevent activities that may breach our policies or applicable law.

Solar does not directly transfer data or allow affiliates within Solar Group to access data outside of the European Economic Area. In case transfer of data happens to a third countries, it happens based on one of the following conditions:

• The commission has decided that there is an adequate level of protection in the country in question;
• Standard Contractual Clauses are used; or
• Exceptions in special situations apply, e.g. to fulfill a contract with you or to obtain a consent from you to conduct a specific transfer.

5. Disclosure of your personal data with others

Solar may disclose your personal data to other suppliers and/or service providers in the ordinary course of our business.

Solar may also disclose your personal data to a public authority in situations where we are specifically obliged to disclose your personal data pursuant to legislation and notification obligations to which we are subject.

When disclosing personal data, we will ensure that we have the legitimate basis for processing such disclosure.

Solar also discloses your personal data to data processors, for example in connection with the management of our internal systems. Our data processors only process your personal data for our purposes and under our instructions. We enter into data processing agreements with our data processors to ensure that the required security is in place to protect the data and comply with our data protection obligations.

5.1. Sharing information with other companies

Solar shares personal data with trusted third parties in the categories below to operate our webshop, fulfill orders, and support our business processes:

• IT service providers: Trusted global partners supplying IT infrastructure, hosting, security, support, and system administration, for both customer/partner facing solutions and our internal systems.
• Third party project partners: Customers and collaboration partners who receive limited, purpose bound personal data for a specific order, matter, or customer offer.
• Payment service providers and processors: Global providers securing efficient payment flows for online checkout, invoicing, bank transfers, and point of sale.
• Catalog printing, mailing, and postal partners: Vendors that produce and distribute catalogs, magazines, and other printed marketing materials.
• Marketing and advertising partners: Providers enabling tailored ads, promotions, campaigns, and performance measurement across our webshop, email, and social media; including audience expansion (“look alike”) and suppression services to avoid irrelevant messaging.
• Social media and search platforms: Partners that host our presence, enable interactions with our brand, support targeted marketing of our product portfolio, and provide insights on audience engagement, brand perception, and campaign effectiveness.
• Tax, customs, regulators, and other authorities: Public authorities to whom disclosures are required under applicable laws and reporting obligations.
• Professional advisers: Lawyers, banks, auditors, and insurers providing consultancy, financial, legal, insurance, and accounting services. 

6. Transfer of personal data to countries outside the EU/EAS

In connection with our processing of your personal data, we may transfer the data to countries outside the EU/EEA.

The data protection legislation in these countries may be less strict than the legislation applying in the EU/EEA. However, in some countries, the EU Commission has determined that the level of data protection is equivalent to the level of protection in the EU/EEA. If we transfer personal data to countries where this is not the case, the transfer of your personal data to these countries outside the EU/EEA will be based on the standard transfer contracts drawn up by the European Commission and specifically designed to ensure an adequate level of protection.

You can read more about the transfer of personal data to countries outside the EU/EEA on the European Commission’s website.

If you would like further information about our transfer of personal data to countries outside the EU/EEA, please contact us at legal@solar.dk.

7. Retention period, data integrity and security

Your personal data will not be kept longer than necessary to fulfil the purposes for which it was collected and legitimately processed. This implies that we will keep and process your personal data as long as we are providing services to you and also keep it afterwards for as long as would be needed for the settlement of any potential disputes that may be raised afterwards or as long as the law otherwise provides for. When your personal data is no longer needed, we will ensure that it is deleted in a secure manner.

We protect your personal data and have internal rules on information security. It is our policy to protect personal data by taking adequate technical and organisational security measures.

We have implemented security measures to ensure data protection for all personal data that we process. We conduct regular internal follow-ups on the adequacy of and compliance with policies and measures.

8. Your rights

8. Updates

From time to time, it will be necessary to update this Privacy statement. We will review our Privacy statement on a regular basis in order to ensure that it is updated, valid and in accordance with current legislation and the principles for processing personal data. We will publish new versions of the statement on our website.

This statement is valid from 18 June 2026