Skip to main content
CM Biomass logo
Products
Global Presence
Creating Value
Financial
Careers
Contact

Privacy Policy – CM Biomass Partners A/S

At CM Biomass Partners A/S (”CM Biomass”, ”we”, ”us” or ”our”) confidentiality and data protection is a high priority. This privacy policy applies for our processing of personal data and provides you with the information you have the right to receive according to applicable data protection law. You must read the privacy policy before submitting your personal data to CM Biomass.

 

Data Controller and Contact Information

The data controller for your personal data is:
CM Biomass Partners A/S
Address: Sundkrogsgade 11, 2. 2100 Copenhagen, Denmark
Company registration no.: 32283853
Email: [email protected]
Telephone: +45 3226 0300

 

When do we collect your personal data?

CM Biomass may collect, process and store personal data about you in the following instances:

When You Visit and Browse Our Website

When you visit our website, we collect information about you through cookies. Cookies are small text files that are stored on your device when you interact with our website.

Categories of Personal Data

  • Browser type
  • Location at login
  • Language
  • Actions on site
  • How you access our website

Purpose

Cookiedata is used for improving the website and user experience

Legal Basis

Our use of cookies for the purpose of collecting personal data is carried out in accordance with section 3 of the Executive Order (No. 1148 of 9 December 2011). The legal basis for the processing is your consent according to Article 6(1)(a) of the General Data Protection Regulation (GDPR) and our legitimate interest in improving our website and the user experience according to Article 6(1) (f) of the GDPR.

Retention Policy

Cookies are stored according to our Cookie Policy.

When You Apply for a Job Through Our Career Portal

We process your personal data when you apply for a job through our job portal.

Categories of Personal Data

We process the following categories of personal data when you send us a job application through our job portal:

  • Contact information (First name, last name, e-mail address, phone number, address)
  • Birthday
  • Citizenship
  • Gender
  • Personal data which you have disclosed in your job application and CV as well as any attachments.
  • Personal data you disclose during the recruitment process.
  • Results of personality tests and IQ tests etc.
  • References from your previous and/or current employer.
  • Work history
  • Educational background

When applying for specific job positions, we may also process personal data regarding your criminal record. The legal basis for this processing is either our requirement to do so by law or our legitimate interest in ensuring that you are suitable for the position.

Purpose

The purpose of the processing of your personal data is to evaluate your application and potentially establish an employment relationship.

Legal Basis

The processing of your personal data is based on either two of these legal bases:

  1. Your consent, according to Article 6(1)(a) of the General Data Protection Regulation (GDPR).
  2. Our legitimate interests in accordance with Article 6(1) (f) of the GDPR, where such interests are not overridden by your rights and freedoms.

You can read more in our privacy note for job applicants: Privacy Policy.

Retention Policy

We store your personal data according to our Privacy Notice for Job Applicants.

TV Surveillance

Our office is located in a shared office space where video surveillance of the common areas has been established by the property owner. The surveillance is administered solely by the property manager, who is the data controller. For any questions regarding the surveillance, please contact the property manager at the specific location directly.

Contact Persons at Suppliers and Other Business Partners

This section describes our policy for processing personal data collected from owners of sole proprietorships or from contact persons at customers, suppliers and other business partners who collaborate with us.

Categories of Personal Data

We may process the following categories of personal data:

  • Identification data, such as name, e-mail address, telephone number, and similar contact details.
  • Individual data, such as preferred language.
  • Organizational data, including company name, company address, job title, business area, primary work location, and country.
  • Contractual data, including purchase orders, invoices, contracts, and other agreements between your company (or your employer) and CM Biomass, which may contain your contact information and records of communication.
  • Communication data, including information provided in email correspondence, meeting notes, and other business-related communication channels.
  • Legitimation documents, such as passport or drivers’ license, if required for ‘know your customer’ (KYC) or other due diligence procedures.
  • Financial data, including payment terms, bank account information, and credit ratings.

Purpose

Your personal data may be processed for the following purposes:

  • To plan, execute and manage the business relationship, including contract negotiation and fulfilment.
  • Administrative purposes, such as processing payments, credit evaluation, bookkeeping, audits, invoicing, and providing customer and supply support.
  • To respond to inquiries, requests, and general communication initiated by you or your organization.
  • To maintain and document correspondence in connection with our ongoing business relationship.
  • For product and service development and optimization.
  • For compliance with legal obligations, including anti-money laundering (AML) and KYC requirements, and to prevent fraudulent or unlawful activities.
  • For handling disputes and legal claims.

Legal Basis

We will mainly process your personal data based on the following legal bases:

  • Contractual Obligation: The processing of your personal data will in some cases be necessary for the performance of a contract (Article 6 (1) (b) of the General Data Protection Regulation).
  • Legitimate Interests: We may process your personal data pursuant to our legitimate interest in, for instance, to manage daily operations according to lawful and fair business practices, including planning, performing, and managing the business relationship or our legitimate interest in e.g., conducting credit ratings, statistics, analysis, marketing activities (where consent is not required), providing support as well as improving and developing our products and services. The processing may also be necessary for our legitimate interests in preventing fraud or establish, exercise, or defend legal claims (Article 6 (1) (f) of the General Data Protection Regulation).
  • Legal Obligation: The processing of your personal data will in some cases be necessary to comply with legal obligations, such as our obligations to prevent illegal activity (Article 6 (1) (c) of the General Data Protection Regulation).

Retention Policy

We retain personal data only for as long as necessary to fulfill the purposes for which the data was collected, including for the purpose of complying with legal, accounting, and regulatory requirements. The retention period depends on the nature of the relationship and the data in question.

  • Potential Customers:
    Personal data of potential customers and their representatives will be retained for up to 2 years the date of the last meaningful interaction (e.g., meeting, call, email), unless consent is renewed or a business relationship is established.
  • Actual Customers and Business Partners:
    For actual customers and business partners, personal data will be retained for up to 5 years from the date of the most recent transaction, agreement, or relevant communication. This retention period is based on general limitation periods under applicable commercial laws and ensures compliance with accounting, tax, and contractual documentation requirements.

After the expiration of the retention period, the data will be securely deleted or anonymized unless further retention is required by law or necessary for the establishment, exercise, or defense of legal claims.

 

Disclosure to Other Data Controllers and Transfer to Data Processors

We may share your personal data with trusted third-party service providers who provide services on our behalf and under our instructions. These may include providers of IT systems, customer support, invoicing, email, marketing services, and affiliated companies. Such parties will only process your data in accordance with data processing agreements that ensure appropriate technical and organizational safeguards.

In certain situations, your personal data may also be disclosed to third parties where necessary and legally justified, including to:

  • Public authorities and law enforcement agencies
  • Professional advisors such as auditors and legal counsels
  • Courts and dispute resolution bodies
  • Affiliated or group companies
  • Potential or actual buyers in connection with a merger, acquisition, or sale of all or part of our business

Where personal data is transferred to countries outside the EU/EEA that do not offer an adequate level of protection, such transfers are safeguarded by the European Commission’s Standard Contractual Clauses (SCCs) or other lawful mechanisms. If personal data is transferred to the United States, the transfer may rely on the EU-U.S. Data Privacy Framework, provided the recipient is certified under the framework.

 

Your Rights

  • You have the right to access the personal data we process about you.
  • You have the right to object to our collection and further processing of your personal data.
  • You have the right to have your personal data rectified and deleted, with certain statutory exceptions, including applicable bookkeeping and anti-money laundering legislation.
  • You have the right to request us to restrict the processing of your personal data.
  • Under certain circumstances you may also request to receive a copy of your personal data as well as the transmission of your personal data which you have provided us with to another data controller (data portability).
  • You may, always, withdraw any consent you may have given. We will then delete your personal data unless we can continue the processing on another basis. Our newsletter can be unsubscribed by clicking the link at the bottom of the newsletter. Please be aware that withdrawal of your consent does not affect the legality of the processing based on your consent prior to the withdrawal.

 

Questions or Complaints

If you have any questions in relation to this privacy policy or if you wish to make a complaint in connection to our processing of your personal data, please contact us at [email protected].

If your complaint is not resolved by us and you wish to proceed with the case, you can send your complaint to the supervisory authority in your country.

Changes to the privacy policy

We reserve the right to make changes to this privacy policy from time to time. When updated, the date at the bottom of the privacy policy will be updated accordingly.

This is version 2 of CM Biomass’ privacy policy, last updated on 27/05-2025.