1. Grundfos
  2. Legal
  3. Data Ethics Policy

Legal and policies

Data Ethics Policy

1.       PURPOSE AND SCOPE

Innovation has always been a driving force behind Grundfos’ purpose. We recognize that it is key to our continued innovation that we work with data and new technologies, and that we as part of such work take data protection seriously. In our work we collect, store and use data of primarily our employees, suppliers and other business partners. The purpose of this Data Ethics Policy is to describe our ethical considerations in the way we work with such data in the Grundfos Group.

2.       RESPONSIBILITY

Grundfos Legal is responsible for this policy.

Our Chief Information Security Officer, Grundfos Data Governance Council and Grundfos Legal jointly facilitate the ongoing initiatives around our handling of data.

3.       PRINCIPLES

Below, we set out the principles we follow when we handle data, including collect, process and use personal data, and implement new technologies:  

We:

Annual review:

on a yearly basis measure our level of data privacy and security maturity.


Control over personal data:

prioritize the ability of data subjects to retain control over their personal data.

have channels for data subjects to submit requests to exercise their rights.


Employees:

believe that our employees should never lose their right to privacy in our workplaces. Therefore, we will only process personal data of our employees in a proportional, transparent manner and only to a necessary extent, where it has a legitimate ground.

are responsible data controllers through the whole employee journey. I.e., during our recruitment, hiring, performance development and rewarding processes we take measures to have accurate data, so we can make bias free decisions.


GDPR as a standard:

apply the European Union General Data Protection Regulation (“GDPR”) as a common standard in countries with privacy laws less strict than the GDPR.


Human rights:

recognize that personal data is part of human dignity and that respect for personal data is a basic human right. For those reasons, we will never treat personal data as an exploitable asset.


Internal awareness:

educate, motivate and engage our employees to understand, promote and contribute actively to our privacy compliance.

have available training tailored to the specific roles of our employees, including data privacy training of our employees in Marketing, Sales, HR and IT Services.


Legal compliance:

commit to comply with privacy laws and other laws governing data and stay up to date with the legal developments.


New technologies, including artificial intelligence (“AI”):

do not employ technologies or methods that can result in unfair treatment or consequences for data subjects.

recognise AI as a possibility for innovation and development, however always being mindful users of AI.

intend that no business solutions enabled by the use of generative AI may be designed, tested, or implemented without the approval of an internal Generative AI Expert Group with members from Grundfos IT, Legal, and Corporate Communications  

have implemented guidelines on how to use generative AI solutions in a compliant and ethical way.


Security measures:

implement appropriate technical and organisational measures, like using pseudonymized or aggregated data for product development whenever it is possible and implementing security and privacy measures when we develop new solutions.

select our data controllers diligently and in line with the current security recommendations.

4.       OTHER POLICIES AND GUIDANCE

This policy is supplemented by some of our other policies and guidelines, including our Code of Conduct, Guidelines to Grundfos Employees On How To Process Personal Data, IT-Cybersecurity Rules of Behaviour and the above-mentioned Generative AI Guidance.