Privacy Policy

This privacy policy applies for Royal Danish Fish A/S and other companies in the group, hereinafter referred to as RDF Group.

This policy shall help to ensure and document that RDF Group processes and protects registered personal data in accordance with the terms of the General Data Protection Regulation.


Records of processing of personal data

RDF Group processes personal data about:

  • Employees: Job applicants, current and former employees
  • Customers: Private customers – Owners of sole proprietorships – companies’ contacts
  • Suppliers: Private suppliers – Owners of sole proprietorships – companies’ contacts
  • Other contact persons and collaborators in connection with the operation of the company


We have prepared a record of the processing of personal data, which gives an overview of the processes, for which the company is responsible. The personal data is a precondition for RDF Group being able to enter into contracts of employment, customer and supplier contracts as well as communicate with relevant contact persons and collaborators.


Purpose and legitimacy of the processes

Personal data is processed and registered in connection with:

  • Personnel administration, including recruitment, employment, resignation and payroll
  • Master data and contacts for customers as well as marketing, orders, sales and payments
  • Master data and contacts for suppliers as well as requisitions, purchases and payments
  • Personal data that you otherwise provide us, when you are contacting us via e-mails, letters or phone


We will only use personal data for the purposes listed above, and we will only collect data that are necessary to fulfil the purpose.

For current and former employees, we refer to the letter provided in accordance with our disclosure requirements regarding processing of personal data during the employment.


Registration and deletion

RDF Group has introduced the following general guidelines for safe keeping and deletion of personal data:

  • Personal data is kept in physical folders, in IT systems and on external server drives in Denmark.
  • Personal data is kept only as long as needed for the purpose of the process, and as a maximum of 5 years + current accounting year, according to the Accounting Act's requirements for keeping of accounting documents, after which they are deleted/destroyed, unless the information is required to be stored for a longer period of time. This may be case, for example, in defending legal claims.
  • Personal data of employees are deleted five years after the employment has ended, and personal information about applicants both unsolicited and recruited are deleted after six months.



General personal data about customers and suppliers may be transferred to transport companies, shipping agents, telecommunications companies, credit insurance companies, banks and auditors.

The transmission of personal data about employees appears from the letter provided in accordance with our disclosure requirements regarding processing of personal data during the employment.

In addition, personal data is not transmitted to third-party unless we have agreed with you in connection with the collection or obtaining consent from you after informing you about what your data will be used for.



A Cookie is a small data file that is stored at your computer when you visit a website. It enables the websites to remember you when you visit them again. A cookie is not a program and does not contain virus.

We use cookies on our website for the purpose of optimizing the website and its functionality.

You can always reject cookies on your computer by changing the settings in your browser. Where to find the settings depends on which browser you are using.


Links to other websites

Our website may contain links to other websites or to integrated sites. We are not responsible for the contents of the websites of other companies’ (third-party websites) or for the practices of such companies regarding the collection of personal data. When you visit third-party websites, you should read the owners’ policies on the protection of personal data and other relevant policies.


Data processors

RDF Group will only use data processors, who can guarantee that they will implement suitable technical and organizational security measures to fulfill the requirements of the General Data Protection Regulation.


Data security

RDF Group has adopted internal rules on data security that contain instructions and actions that protect personal data from being destroyed, lost or modified, against unauthorized disclosure and against unauthorized access or knowledge of you.

Our IT suppliers continuously ensure that our IT equipment has been updated and has installed appropriate security measures, including firewall and virus protection.


Breach of personal data security

In case of breach of the personal data security, RDF Group will report the breach to The Danish Data Protection Agency as soon as possible and within 72 hours. In cases where the breach entails a high risk for those persons about whom RDF Group processes personal information, we will notify them of the security breach as soon as possible.



RDF Group handles the rights of data subjects, including the right to insight, withdrawal of consent, rectification and deletion, and informs the data subjects about the company's processing of personal data.

If you wish to complain about our processing of your personal data as a registered person, please contact the Danish Data Protection Agency. You can read more about your rights in the Data Inspectorate's Guide of the registrar's rights, which you will find at:


Amendment of data, etc.

If you want us to update, amend or delete the personal data that we have registered about you, want to get access to the personal data processed about you, or if you have any questions concerning the above guidelines, you may contact us at: In that case, we will investigate the matter and give you an answer as soon as possible and not later than one month after we have received the request.


Novagraf A/S