Privacy notice for Demant A/S

1. Introduction

In this privacy notice, "we", "us" and "our" refer to Demant A/S.

At Demant A/S, we respect and protect data privacy, and we are dedicated to being as transparent as possible regarding the use of your personal data.

This privacy notice explains how and why we process your personal data when you interact with us.

2. Who we are

As we process your personal data and determine the purposes and means of the processing, we act as a data controller pursuant to article 4(7) of the GDPR.

You can contact us by using the following contact information:

Demant A/S
Kongebakken 9
2765 Smørum
Denmark

Tel: (+45) 3917 7100
Email: privacy@demant.com

3. Sources, types of personal data, purposes and legal bases

3.1. Investor and media contact

Personal data are either collected from your employer or directly from you, e.g. as part of your e-mail signature, business card, subscription to our announcements etc.
We usually collect personal data, such as your contact details (name, address, email address, telephon no., fax no.), your job title and the name of your employer.

Personal data are collected for the following purposes:

Processing your personal data is based on our legitimate interest in accordance with GDPR article 6(1)(f).

3.2. Company announcements, press releases, newsletters and event invitations

We only process personal data that you have chosen to give us, for instance by subscribing to our company announcements, press releases or newsletters or by accepting our event invitations.

We usually collect personal data, such as contact details (name, email address and telephone no.), your job title, the name of your employer and your country, and the fact that you have signed up to receive updates and communication. If you attend events, we process information on the type of event you have chosen to participate in, including the date, time and location of the event.

We may choose to document the events. If we do so, we will take pictures, images, audio and/or video recordings or the like during the events. Please note that we own all rights to the images and other material without limitation and our rights remain in force regardless of when the images, etc. were taken and last used.

Personal data are collected for the following purposes:

Processing your personal data is our legitimate interest in accordance with article 6(1)(f) of the GDPR.

We will only send out newsletters to you, if you have provided us with a marketing consent.

3.3. Website cookies

While you are visiting our website, we may collect personal data by using cookies on the site. Personal data may be collected for a number of purposes. Our legal basis for processing your website cookies is our legitimate interest in accordance with article 6(1)(f) of the GDPR. See our cookie policy on www.demant.com/cookie-policy for further details on how we collect, process and retain cookies.

4. How we share your personal data

We will not pass, sell or otherwise share or disclose your personal data to third parties, except as described herein or otherwise stated at the time when the personal data are collected.

We may share your personal data with third parties (e.g. vendors, service providers and/or partners), if it is deemed necessary or we are legally obligated to do so. We may also share your personal data with affiliated companies within the Demant Group in accordance with our legitimate purposes for collecting your personal data. Please refer to the organisational chart in our latest annual report to see which companies are part of the Demant Group. You can find our latest annual report on www.demant.com.

5. Transfer of personal data to third countries

In order to fulfil the purpose(s) of processing your personal data, we may share personal data with affiliated companies in the Demant Group located outside the EU/EEA and non-affiliated companies, such as service providers or business partners, located outside the EU/EEA, provided that this is considered necessary in relation to a particular data processing activity.

If your personal data are transferred to a country outside the EU/EEA, we will take appropriate technical and organisational measures to ensure that processing of such data will meet the requirements of the relevant data protection laws, including protection of the rights of the data subject. Where necessary, we have entered into the EU Commission’s standard contractual clauses with the recipients of personal data. The EU Commission finds that these clauses provide adequate guarantees for the protection of privacy, basic rights and liberties, and for exercising associated rights.

6. How long do we keep your personal data?

We will retain your personal data as long as necessary in order to fulfil the purpose(s) of processing your data.

We will delete your personal data, when they are no longer required in relation to the purpose of our collection of your personal data, e.g. when we no longer need you as a media contact, as we have been notified that you have left your job position at your employer, when you unsubscribe to our direct marketing or announcements or when an image in which you appear no longer serves a purpose.

If you would like to receive more detailed information about our policy on retaining personal data, please contact us by using the contact information in section 2 above.

7. Your privacy rights

Pursuant to the GDPR, as a result of our processing of your personal data, you may exercise a number of rights. They are:

These rights may, however, be subject to conditions and/or exemptions, e.g. to ensure other people’s privacy, trade secrets and intellectual property rights or to comply with a legal obligation.

If you would like to exercise one or more of your rights, please contact us by using the contact information in section 2 above.

8. Right to lodge a complaint

If you have any questions, comments or requests in relation to how we use your personal data, please let us know by contacting us using the contact information described in section 2 above.

Should you still not be satisfied with the way we use your personal data, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet). You can contact the agency by using the following contact information:

Datatilsynet
Carl Jacobsens Vej 35
2500 Valby
Denmark

Tel: (+45) 3319 3200
Email: dt@datatilsynet.dk

9. Changes to the privacy notice

We may update this notice from time to time by publishing a new version on www.demant.com.

This privacy notice was updated on 8 February 2022.

Privacy Notice for Demant A/S’ processing of personal data on social media platforms

1. Introduction

At Demant A/S, we respect and protect the privacy of our users, and we are dedicated to being as transparent as possible regarding the use of your personal data.
This privacy notice ("Privacy Notice") explains how Demant A/S processes your personal data in connection with your interaction with Demant A/S as a data controller by use of different social media platforms, such as Facebook, Instagram, Twitter, YouTube and LinkedIn.

In this Privacy Notice, "we", "us" and "our" mean Demant A/S.

We may change this Privacy Notice from time to time, so please check back when you use our services to make sure that you have seen the most recent version.

2. Who we are

If you have any questions about this Privacy Notice, or you would like to exercise your rights, you can contact us by using the contact points below.

Demant A/S
Kongebakken 9
DK-2765 Smørum
Denmark
Tel: +45 3917 7100
Email: privacy@demant.com

3. Personal data we collect and use

We may process the following types of personal data:

• Information about you, such as your name, email, age, gender, country, job title, current and former employer, education background, profile picture, interests, your friend list/connections/followers etc., and other publicly available information, provided that you have published all this information on your social media profile or posted it on one of our social media pages.
• Other information you provide to us by posting on our social media page, including your comments and/or likes to our posts and pictures or direct messages you send to us via our social media platforms.


In addition to the above, the different social media platforms collect personal data concerning you through your use of these social media platforms and through the use of cookies and similar technologies, including cookies collected via the social media tools, such as Facebook Insights, Facebook Pixel, Facebook Custom Audience, Facebook Lookalike Audience, Twitter Pixel, LinkedIn Insight Tag and LinkedIn sponsored InMail, etc.

In some cases, for instance, in relation to our Facebook page, Demant A/S acts as joint controller together with Facebook in relation to the processing of your personal data. Thus, we recommend that you read Facebook's privacy notice to understand how Facebook processes your personal data.

We generally refer to the different social media platforms' privacy notices for more information about their processing of your personal data. Below you will find a listing of the social media platforms that Demant A/S uses and a reference to their privacy notices.

•  Facebook's data policy
•  LinkedIn's privacy notice
•  Instagram's data policy
•  Twitter's privacy policy
•  YouTube's privacy policy provided by Google

4. Why do we collect and use your personal data and what is our legal basis for doing so

We use your personal data for the following purposes:

• To understand the audience to our social media channels by getting to know the demographic, preferences and interests which enables us to provide relevant information.
• To analyse trends and profiles to enhance, modify, personalise and improve our services and communications for the benefit of our audience.
• To process and respond to requests and enquiries received from you.
• To carry out market surveys to enhance, modify, personalise and improve our services and communications for the benefit of our users through our social media pages on Facebook, Instagram, Twitter and YouTube.
• To recommend products and services we think you will be interested in. We do to carry out direct marketing to our customers and/or potential customers. However, if we use electronic methods, such as email or direct messaging through our social media pages, for instance, via Facebook and/or Instagram, to send direct marketing to you, we will only do so if it is permitted under the applicable rules on direct marketing.

The legal basis for collecting and processing your personal data via our different social media pages is our legitimate interest as described above in accordance with EU General Data Protection Regulation (“GDPR”) art. 6(1)(f). Our legitimate interests are under these circumstances regarded to override your interests.

5. How we share your personal data

We will not pass, sell or otherwise share or disclose your personal data, except as described herein or otherwise stated at the time the personal data is collected.

As mentioned under section 3, we may act as joint data controller in relation to the processing of your personal data via our social media pages together with the specific provider of the social media, for instance, Facebook Inc. or Facebook Ireland Ltd. This means that we are jointly responsibly for processing of your personal data. We have inserted a reference to Facebook’s privacy notice in section 3.

We may share your personal data with affiliated companies within the Demant Group in order to deliver, enhance and develop our products and services. Please refer to the organisational chart in our latest annual report to see which companies form part of the Demant Group. You can find our latest annual report at www.demant.com.

We may share your personal data with our service providers for a variety of tasks, such as:

• assisting us with administering or troubleshooting our website;
• assisting us with the supply or design of our products or with our business administration;
• assisting us with our marketing campaigns, for instance, via Facebook Custom Audiences and Facebook Lookalikes;
• providing us with electronic or physical storage services or systems.

We will only share your information under these circumstances, if it is necessary in order for our service providers to perform the specific service for us. These service providers are not authorised to keep or use your personal data for any other purposes, and they will always be under an obligation to keep your personal data safe and confidential.

We may disclose your personal data to selected third parties, such as law enforcement agencies, regulatory authorities and our professional advisors if we are under a duty to do so in order to comply with any legal obligation, or if it is in our legitimate interests, or in order to enforce or apply our website Terms of Use or other related contracts with you or your company.

6. Transfer of data to third countries

In order to deliver our products and services to you, we may share your personal data with affiliated companies in the Demant Group located outside the EU/EEA and non-affiliated companies, such as service providers or business partners located outside the EU/EEA provided this is considered necessary in relation to a particular data processing activity or performance of the service.

If your personal data are transferred outside the EU/EEA, we will implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the relevant data protection laws including ensuring the protection of the rights of the data subject. Where necessary, we have entered into the EU Commission’s standard contractual clauses with the recipient of the personal data. The EU Commission finds these clauses to provide adequate guarantees for the protection of privacy, basic rights and liberties, as well as for exercising the associated rights.

7. How long do we keep your personal data

We will keep your personal data for as long as necessary for legitimate legal or business reasons, including to comply with any regulatory obligations.

We will delete your personal data, when it is no longer required in relation to the purpose for our collection, processing and storage of your personal data. We will also store personal data that we are obliged to keep in accordance with the law.

If you have commented on any of our posts on social media platforms, such comments will be deleted at the time when the post in question is deleted. We may, however, choose to delete specific comments at an earlier point in time. You may also at any time choose to delete your own comment.

Information that is collected via social media platforms for a specific purpose, for instance, a targeted marketing campaign, will be deleted 1 year after the specific processing activity is carried out. Certain data may be retained up to 2 years after the specific campaign for documentation purposes.

If you would like more detailed information about our retention policy, please contact us by using the contact points in section 2 above.

8. Your privacy rights

Pursuant to the GDPR, as a result of our processing of your personal data, you may exercise a number of rights. They are:

• The right to access to your personal data
• The right to have us rectify (correct) your personal data
• The right to have us delete your personal data
• The right to restrict our processing of your personal data
• The right to data portability
• The right to object to our processing

These rights may, however, be subject to conditions and/or exemptions, e.g. to ensure other people’s privacy, trade secrets, intellectual property rights or to comply with a legal obligation.

If you would like to exercise one or more of your rights, please contact us by using the contact points in section 2 above.

9. Right to lodge a complaint

If you have a concern in relation to how we use your data, please let us know, and we will reply to your queries and, if necessary, take steps to ensure our practices are consistent with our obligations. If you are still not satisfied with the way we use your data, you have the right to lodge a complaint with the relevant national data protection authority. In Denmark, the relevant data protection authority is The Data Protection Agency (Datatilsynet). You can contact The Data Protection Agency at Carl Jacobsens Vej 35, 2500 Valby, tel.: +45 3319 3200, email: dt@datatilsynet.dk.

10. Children's privacy

We provide solutions for children but our social media pages on Facebook, Instagram, Twitter, YouTube and LinkedIn are not intended or designed to collect personal data about children under the age of 13. We do not intentionally collect personal data from any person we know to be under the age of 13.

11. Third party links

Demant A/S social media pages on Facebook, Instagram, Twitter, YouTube and/or LinkedIn may contain links to websites of other companies and organisations. This Privacy Notice does not apply to such third-party sites, and we suggest that you contact those third-party sites directly for information on their data collection and distribution policies.

12. Changes to the privacy notice

We may update this Privacy Notice from time to time by publishing a new version on our website www.demant.com and different social media pages on Facebook, Instagram, Twitter, YouTube and/or LinkedIn.

This Privacy Notice was updated on March 17 2021.