Privacy Policy

Effective Date: March 2, 2026
Website: mork-verification.com

1. Data Controller

Services described on this website are provided through:

Nordland Medie Fyrvejen 40, 7900 Nykobing M, Denmark CVR No. 42132616 Email: contact@mork-verification.com

Nordland Medie acts as the Data Controller for personal data processed in connection with client services.

2. Role of Independent Consultant

Operational services may be performed by an independent consultant acting on behalf of Nordland Medie. In such cases, the consultant acts solely under written agreement and documented instructions from Nordland Medie and does not act as an independent Data Controller.

3. Scope of This Policy

This Privacy Policy explains how personal data is processed when you:

• Visit this website

• Submit inquiries

• Engage verification or risk assessment services Processing is conducted in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

4. Data Minimization & Categories of Personal Data

In accordance with the GDPR, we adhere to the principle of Data Minimization. We collect and process only the information that is adequate, relevant, and limited to what is strictly necessary for the purpose of verifying supplier operations.

• A. Information You Provide: Name, Company name, Email address, Phone number, and business-related information submitted in communications.

• B. Automatically Collected Information: IP address, Browser type, Device information, and Access date/time.

• C. Operational Evidence: 4K Video footage and photographic evidence of manufacturing facilities.

• D. Facial Recognition: We do not perform facial recognition or process biometric data. Video footage is captured for the sole purpose of verifying operational machinery, safety protocols, and facility standards. Where incidental images of individuals are captured, they are treated as 'secondary data' and subject to strict access controls.

5. Processing of Visual & Video Evidence

We utilize 4K video as a core component of our independent verification. This serves as Primary Evidence under the Omnibus Directive (EU) 2026/470.

• Security: All footage is encrypted at the point of capture and stored in secure, EU-based cloud environments.

• Purpose: Recordings are strictly limited to verifying ESRS-related disclosures (Environmental and Social standards).

• Non-Intrusion: We take reasonable steps to ensure that video capture focuses on industrial processes and infrastructure rather than individual workers, respecting the privacy of factory personnel in accordance with international labor standards.

6. Purpose of Processing

Personal data is processed for:

• Responding to inquiries and client communication

• Performing contractual services (On-site verification)

• Invoicing, contract administration, and legal compliance

• Preventing misuse or fraud. Personal data is not sold or used for advertising purposes.

7. Legal Basis for Processing (GDPR)

Processing is based on:

(a) Performance of a contract;

(b) Compliance with legal obligations (specifically the evidence-collection requirements of the CSRD and CSDDD)

(c) Legitimate interests in providing independent verification to protect the EU internal market from value chain risks.

8. International Data Transfers (Asia to EU)

Data transfers between Asia and the EU are conducted using the latest EU Standard Contractual Clauses (SCCs), supplemented by 'Transfer Impact Assessments' (TIAs) to ensure that the level of protection in the destination country meets the requirements of the European Court of Justice (CJEU).

9. Data Sharing

Personal data may be shared with service providers engaged by Nordland Medie, professional advisers, or authorities where legally required. All partners are subject to strict confidentiality obligations.

10. Data Retention

Personal data and video evidence are retained for the duration of the contractual relationship, as required under Danish accounting laws, or for a limited period to establish or defend legal claims.

Visual evidence is retained for a period of 2 years to support the Client’s multi-year sustainability reporting cycles and to provide a defensible record for potential CSDDD regulatory reviews, unless a shorter period is requested by the Client.

11. Security Measures

Appropriate technical and organizational measures are implemented to protect personal data, including encrypted communication, restricted access controls, and secure hosting environments.

12. Your Rights

You have the right to access, correct, delete, or restrict the processing of your data. Requests should be directed to: contact@mork-verification.com. You also have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet).

13. Updates

This Privacy Policy may be updated periodically. The current version will always be available on this website.