Privacy Policy

Who is collecting your personal data?

We process the personal data relating to you as a data subject. We do so in connection with our existing and/or prospective business relationships. In this context, we ask that you share with any and all relevant persons this Privacy Policy and the information it contains.


Personal Data: This term covers “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (Art.4 §1 GDPR).

Sensitive Personal Data: This term covers a subset of data for which even greater care should be taken, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data (processing for the purpose of uniquely identifying a natural person), data concerning health or data concerning a natural person’s sex life or sexual orientation (Art. 9 §1 GDPR).

Processing Data: This term means any set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art.4 §2 GDPR).

Data Subject: This term covers individuals that are identifiable or identified by the processed personal data (Art.4 §1 GDPR).

Data Controller: The Data Controller decides how and why data is processed and ensures that legal obligations are met (Art.4 §7 GDPR).

Data Processor: Anyone processing data on behalf of the Data Controller (Art.4 §8 GDPR).

Third Party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data (Art.4 §10 GDPR).

What personal data do we process?

We may obtain personal data via our online forms on our website or via any other personal contact we may get with you.

We may process the following personal data:

  • Identification data, e.g. names, telephone numbers, email addresses, business contact information;
  • And any other data you may write in the message section of our contact form

Is your data shared with third parties?

We do not pass on your personal data, except as described here or at the time of collection:

  • We may share personal data within the Gunvor Group, in compliance with applicable data protection legislation.
  • Where a transfer of data may be necessary, we will take the necessary steps to ensure that your personal data receives the level of protection required by applicable legislation. We will inform you of this and seek your consent to the processing, in each case as required.
  • We may perform certain operations with the assistance of third parties as suppliers. In the course of the performance of their tasks, your personal data may be shared with them. The suppliers are obliged to process the information received exclusively for the respective services on our behalf and according to our instructions and are obliged to comply with the applicable data protection legislation.
  • We may disclose personal data about you (1) if we are required or permitted to do so by applicable legislation or legal process (court order or subpoena), (2) to legal authorities or other government officials in order to comply with a lawful legal request, (3) as part of an investigation into suspected fraud or illegal activity, or (4) in any other case, with your permission.

On what legal basis do we collect your personal data?

You can visit our website without disclosing your identity. The collection and processing of your personal data takes place for the following purposes, in accordance with Art. 6 GDPR:

  • when necessary for our legitimate business interests given that it is not overridden by your rights;
  • based on your consent, when you use the online contact form or accept cookies; or for additional purposes not mentioned here;
  • necessary to fulfil our legal obligations.

For what purpose do we collect your personal data?

  • to enable the use of and connection to our websites;
  • to ensure that our websites function properly;
  • to ensure the security and stability of the system;
  • to enable us to optimize your online experience;
  • to compile statistics;
  • to interact with you where needed (ex. Contact form).

How long do we keep your data?

To the extent permitted by applicable legislation, we retain the personal data we obtain about you for as long as (1) it is necessary for the purposes for which we obtained it, as set forth in this Privacy Policy, or (2) we have another legal basis, as set forth in this Privacy Policy, for retaining such data beyond the period for which it is necessary to fulfill the original purpose for obtaining the personal data.

We delete personal data from our systems as soon as it is no longer needed, in accordance with our guidelines on how long important information should remain available for future use or reference, and when and how data may be destroyed when it is no longer needed.

The retention period for each category of data will vary depending on how long it is needed for processing, the purpose for which it was collected and legal requirements. After this period, the data will either be permanently deleted or we may keep a secure, anonymized record for research and analysis purposes.

You may at any time exercise your right to have your personal data deleted, see the sections below “What data privacy rights do you have?” and “Contact us”.

What data privacy rights do you have?

You have the right, subject to applicable data protection legislation, to:

  • be informed of any personal data we process about you;
  • request access to, and receive a copy of, the personal data we hold (‘Right to access’, Art. 15 GDPR);
  • if appropriate, request rectification or erasure of the personal data that are inaccurate (‘Right to rectification’, (Art. 16 GDPR);
  • request the erasure of the personal data, subject however to applicable retention periods (‘Right to be forgotten’, Art. 17 GDPR)
  • request a restriction of processing of personal data where the accuracy of the personal data is contested, the processing is unlawful, or if the data subjects have objected to the processing (‘Right to restriction of processing’, (Art. 18 GDPR);
  • object to the processing of personal data, in which case we will no longer process the personal data (‘Right to object’, Art. 21);
  • receive the personal data in structured, commonly used and machine-readable format (‘Right to data portability’, Art. 20);
  • complain in relation to the processing of personal data and, absent a satisfactory resolution of the matter, file a complaint in relation to the processing of personal data with the relevant data protection supervisory authority.

Subject to the limitations set forth herein and/or in applicable local data protection legislation, you can exercise the above rights free of charge by contacting us at the address found in the last section of this document (“Contact us”).

How do we protect personal data?

We provide administrative, technical and physical safeguards, consistent with legal requirements, whenever we collect personal data, designed to protect against the unlawful destruction, loss, alteration, use or disclosure of, or unauthorized access to, the personal data you provide us with.

We provide security in accordance with the principles of the GDPR. The measures taken are technical and organizational data security measures to ensure an adequate level of protection with respect to confidentiality, integrity, availability of data and resilience of systems.

These measures are part of the life cycle of our organization and are implemented at all levels of the system. Furthermore, security is an ongoing process, not a static element. From this perspective, technical and organizational measures are subject to technical progress and further development, as are risks and threats.

Changes in your Privacy Policy

This Privacy Policy may be updated periodically and without prior notice to reflect changes in our reporting. We indicate at the top of this document when it was last updated.

Contact us

For any questions you may have in relation to this Privacy Policy or more generally the processing of your personal data, you may contact us at: [email protected]