Rud Pedersen Group GDPR Policy

1. Introduction

1.1 In this document you can find Rud Pedersen’s publicly available Privacy Policy as required by Article 1 4(5)(b) in the General Data Protection Regulation (EU) 2016/679 (hereinafter the “GDPR”).

2. Our Organisation

2.1 Rud Pedersen is a Public Affairs Bureau with offices in Denmark, Norway, Sweden, Finland, Belgium, Germany and Estonia. Each office is an independent legal entity belonging to the same group.

2.2 We are a specialized communications consultancy which advises companies, NGOs, municipalities and other organisations regarding the political process in national and international contexts.

3. Processing of Personal Information

3.1 During the course of our work, we collect personal information for the purpose of uncovering the political process through political analyses and gaining insight into relevant politicians and stakeholders in relation to a given political context.

3.2 We process the following information:

  • Name and other publicly available information, e.g. occupation, contact information and political orientation at a personal and organisational level.

  • Political history, e.g. former involvement in political discussions.

  • Work area and priorities, e.g. an organisation’s or entrant’s priorities in a political area.

  • Process and influence, e.g. an organisation’s or entrant’s role in a political process, including the influence on such process.

4. Purpose of Processing

4.1 The purpose of our processing of personal information is to inform our clients about the political context of a given case within a given political area. Our ability to deliver a comprehensive and unique service to our clients regarding the clients’ political interest deeply depends on our profound knowledge about the stakeholders and other persons characterizing the political landscape.

4.2 Our service to the clients is solely delivered with focus on the political aspects of a case. Any personal information is presented neutrally and with attention to the political and economic aspects only. Therefore, individual persons’ private details are never in focus – attention is made solely to information relevant on a professional, political level.

4.3 As a consequence of the purpose specified above, we strictly process information from:

  • The registered persons, e.g. from social media or media statements

  • Commonly recognized public media, e.g. newspapers, news media, the website of the Parliament, political programs, ministerial websites, etc.

  • Information gathered through our social network, including our continuous dialogue with political entrants, the civil service, politicians, journalists, NGOs, etc.

4.4 All employees of Rud Pedersen have been instructed to solely collect and process personal information which is correct and necessary to fulfil the described purpose.

5. Legal Grounds of Processing

5.1 We process personal information in accordance with our legitimate interest in carrying on business with analyses and general information regarding the political process. We conduct our business on conditions, which do not override the interests of the registered persons’ right of data protection and privacy, cf. Article 6(1)(f) in the GDPR. We process special categories of information with respect to Article 9(2)(e) and (g).

6. Transfer of Personal Information

6.1 We share personal information with our Group companies in the EU as part of our international profile and our interest in delivering cross border services.

6.2 We transfer personal information to our entrusted data processors, who perform services for us, including cloud services or other IT infrastructure service providers. Our data processors are subject to the same security requirements as Rud Pedersen and they have no independent right to use the data. All our data processors are established in the EU/EEA.

6.3 We forward personal information to our clients. Our clients are responsible for their own use of data and, for confidentiality reasons, we do not disclose information about our clients.

6.4 We do not transfer, share or forward personal information in any other way than specified above.

7. Deletion

7.1 We keep personal information for as long as it is necessary to fulfil the purpose of the processing. Therefore, the storage time depends on the character of the case and the stakeholders’ individual position and influence over time. On these grounds, we do not automatically delete all information at a specific date or time.

7.2 Our advice and use of information is dependent on our continuous updating of data, meaning that we do not keep standalone and/or historical analyses, which dates more than 7 years back in time.

8. Your Rights

8.1 At any time, you are entitled to ask us what information we process about you. In this case, we will be able to confirm or invalidate whether your information is processed or not, but we do not provide a copy of such information, as our analyses and stakeholder mapping are core values in our business and are therefore considered business secrets. If you become familiar with a specific matter, you may of course ask us to rectify wrongful data, including deleting, objecting to or limiting our continued processing.

8.2 Please note that you cannot exercise your rights contrary to our continued processing, if the processing is necessary for our fulfilment of any provision of the law. The same applies if our processing is litigation.

8.3 If you wish to contact us with regard to the processing of your personal information, please send an email to [email protected]

8.4 In case you do not feel that we have responded adequately to your inquiry, you are welcome to write again. If your inquiry is an objection to our continued processing of your personal information, we kindly ask you to further explain the reason for your objection. We process any objection with confidentiality and do not store such data with other personal information.

8.5 If you wish to make a complaint, you may contact the Swedish Data Protection Agency.

9. Security Measures

9.1 We have implemented a number of technical and organizational measures to ensure the proper protection of our data against unauthorized access. We have also implemented a fine mesh of control for our employees’ access to different types of data.

9.2 Our security measures are subject to continuous updates and include the following:

  • Centralized user database for all computers, mail accounts and wireless network

  • Password protection, including use of complex passwords and periodic change of passwords

  • Encryption of computers, file sharing services and cloud traffic

  • Firewall, anti-virus, anti-malware and filtration of data traffic

  • Backup

  • Automatic security updates

  • Separate guest network

9.3 All data is stored on servers within the EU/EEA.