Privacy Policy

Respect for privacy and personal data protection is part of Statkraft’s corporate culture. This enables us to maintain an environment where our customers, vendors and other stakeholders can trust Statkraft to process their personal data.

As a customer, vendor or stakeholder, your privacy is important to us. We constantly strive to ensure compliance with all applicable data protection laws and regulations and our privacy and data protection policies.

This privacy statement explains how, why and for how long Statkraft processes your personal data.

Blue PDF icon


Statkraft collects personal data to operate effectively and provide you with the necessary services. We process customer and vendor data, including:

• contact information of the relevant persons involved

• information relating to accounts

• spend thresholds, spending and spending patterns

• details on what you are empowered to do on behalf of the organisation you represent (customers and vendors)

We also process environmental and social management data, including information about local stakeholders such as information on livelihood, health, contact information and other similar information.

Additionally, we process other partner and stakeholder data, including information about politicians, press contacts and journalists as well as relevant interest groups.



Statkraft processes your personal data to provide or procure goods or services to or from you or your organisation. For example, we will process your personal data:

• to ensure good communication lines with our vendors and customers

• to ensure the security and availability of our services

• to improve our services and communication channels

• for marketing and other customer relation and management purposes

• for contract management purposes

• to manage trading services



We collect your personal data from different sources. You provide some of this data directly through a customer or vendor relationship. Other data is collected from your activities as a customer, vendor or other stakeholder. We also obtain data from other sources.

Here are some situations where we process your personal data: Information provided by you, such as:

• when you enter into contracts or agreements with us

• when you submit forms to us

• when you access our webpages or use our social media platforms

• when you establish a customer or vendor account with us

• when you send us emails or contact us through other means

Information we receive from your activities as a customer, vendor or other stakeholder, such as:

• your use of our trading portals

• your use of our webpages

• when you order goods or services from us

Information gathered from third parties, such as:

• public authorities

• credit institutions

• other publicly available information



Statkraft retains personal data for as long as necessary to fulfil the purposes for collection. Your personal data will be stored and deleted in accordance with applicable laws.



We share your personal data with:

Other companies in the Statkraft group

To the extent it is necessary for fulfilling any of the purposes above, your data is shared with other companies in the Statkraft group.

Statkraft is currently implementing Binding Corporate Rules (BCR). The BCR will establish a legal basis for intra-group transfer of personal data outside the EU/EEA and will be binding for the entire Statkraft group.


We use a number of vendors who provide services such as IT services and support, cloud services, etc. We may allow such vendors to access/receive your personal data to the extent relevant to deliver these services.

We will ensure adequate data processing agreements with our suppliers for the purpose of protecting your privacy. When processors outside of the EU/EEA are used, we will ensure that a legal basis for the transfer of personal data exists.

Public authorities

We will also disclose your personal data where required by law, by order or requirement of a court, administrative agency or government tribunal or in response to legal process.



Statkraft is committed to protecting the security of your personal data.

• We manage information so it is accurate, readily available and handled in accordance with its sensitivity.

• We use a variety of security technologies and information security procedures to help protect your personal data from unauthorised access, use or disclosure.

• We limit access to your personal data to only personnel or third parties who are tasked with processing this data on Statkraft’s behalf. These parties are subject to strict requirements regarding confidentiality and Statkraft can implement disciplinary actions or terminate the agreement if these conditions are not met.



Statkraft AS is the controller and is responsible for the main decisions about the purposes and means of the processing of your personal data. The various Statkraft subsidiaries are responsible for selected processing activities within their sphere of control.



Statkraft processes personal data only if, and to the extent, that at least one of the following applies:

• the data subject has given consent to the processing of his or her personal data for one or more specific purposes

• processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

• processing is necessary for compliance with a legal obligation to which the controller is subject

• processing is necessary in order to protect the vital interests of the data subject or of another natural person

• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

• processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data



At any time you have the right to ask us to:

• provide you with further details on how we use your personal data

• provide you with a copy of the information that you have provided to us

• update/correct your personal data

• provide information about the logic involved in the automatic processing of your personal data in the case of the automated decision-making

• delete any personal information that we no longer have legal grounds to process

• provide you with your personal data in a structured, commonly used and machine-readable format or transmit the data to another controller

• stop particular processing where this is based on legitimate interests unless our reasons for processing the information outweigh any prejudice to your data protection rights

• restrict how we use your information whilst a complaint is under investigation

• lodge a complaint through the contact details in this privacy statement or to the relevant regulatory authority



If you have any requests, questions or complaints about how we process your personal data, please contact us at



This privacy statement is based on the transparency requirements in Regulation (EU) 2016/679 (General Data Protection Regulation). This privacy statement will be updated when necessary. Any changes will be published in this document.



Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


Statkraft uses Google Analytics to get a better understanding of how visitors use the web site. The purpose of this is to improve content, navigation and structure on the web sites. Google Analytics mainly uses first-party cookies to report on visitor interactions on your website. These cookies are used to store non-personally identifiable information. Browsers do not share first-party cookies across domains. Google Analytics data may not be shared without customer consent, except under certain limited circumstances, such as when required by law. Website visitors that don’t want their visit data reported by the Google Analytics JavaScript can install the Google Analytics opt-out browser add-on. The Google Analytics opt-out browser add-on does not prevent information from being sent to the website itself or in other ways to web analytics services. Learn more about the Google Analytics opt-out browser add-on (

How can I delete cookies? If you do not accept the usage of cookies, you can disallow the usage of cookies in your web browsers security settings. You can find information on how to delete cookies in your browser here:’s-Cookies.