Introduction

Hydro’s privacy policy provides general information about how the Hydro Group (hereinafter “Hydro”) processes personal data. The purpose of this policy is to explain what personal data Hydro collects, as well as when, why, and how we process such data for specific purposes. All processing of personal data is in accordance with Hydro’s Data Protection Procedure, which is our global procedure based on the EU General Data Protection Regulation (GDPR), and applied group wide as applicable, subject to deviations in relevant local legislation. This privacy policy does not cover processing of personal data related to Hydro’s employees.

Hydro’s mother company is Norsk Hydro ASA (Norwegian organization No. 914778271). Hydro’s lead data protection authority is the Norwegian Data Protection Authority; Datatilsynet.

Hydro’s Binding Corporate Rules (BCR) for data protection and intragroup transfer of personal data 

Hydro has committed itself to a general principle of protecting personal data through the Hydro Code of Conduct, which is available here. To ensure such protection, Hydro has adopted a global procedure for data protection. The Hydro Data Protection Procedure ensures the implementation of consistent and uniform data protection principles within the Hydro Group. 

If necessary for the purpose of a specific processing activity, personal data may be transferred between legal entities within the Hydro Group. Each entity will be acting as a Data Controller, either jointly or separately, or as a Data Processor on behalf of other entities, depending on the relevant activity. Hydro’s Data Protection Procedure is approved by European Data Protection Authorities to function as Binding Corporate Rules (BCR). These rules form a basis for safe personal data transfer from Hydro companies established within the European Economic Area (EEA) to Hydro companies established outside the EEA.

A public version of Hydro’s Data Protection Procedure is available here.

When and why we collect and process personal data:

 

About individuals’ data privacy rights and how to contact us

If we are processing personal data about you, you may at any time reach out to us with questions, concerns, or complaints. You can email us on privacy@hydro.com or use the contact form on our website (choose topic: “Data Privacy”). You may also approach one of our local Data Privacy Officers, where appointed. Certain Hydro group entities are required per law to appoint a local Data Protection Officer.

Upon request, you have the right to be informed about any personal data we may process about you. You may request the deletion of any excessive personal data or ask for corrections should you believe the data is incorrect.

If you are not satisfied with our response to your request or how we addressed your concerns, you may contact the Norwegian Data Protection Authority, Datatilsynet, to lodge a complaint. As an EU resident you may also choose to contact your local Data Protection Authority.

To learn more about individuals’ rights under applicable EU data protection law, please read more on Datatilsynet’s website (available in both Norwegian and English).

Changes to this privacy policy

This privacy policy will be updated from time to time and the latest version will always be available on our website.

This privacy policy was last updated in October 2023.