GDPR Compliance

This section applies and provides you with further information if your personal data is processed by one of our companies located in the European Economic Area.

Last Update May 2020


The specific company identified on this page as being the operator of this website is the data controller in the meaning of the General Data Protection Regulation for the processing activities described in this GDPR Privacy Notice.

In the course of our business relationship with you, we may share Business Partner contact information with affiliated NGC AS partners. We and these NGC AS partners are jointly responsible for the proper protection of your personal data (Art. 26 General Data Protection Regulation).

The General Data Protection Regulation requires us to provide you with information on the legal basis of the processing of your personal data.

The legal basis for our processing data about you is that such processing is necessary for the purposes of:

1. Exercising our rights and performing our obligations under any contract we make with you (Article 6 (1) (b) General Data Protection Regulation).

2. Compliance with our legal obligations.

3. Legitimate interests pursued by us. Generally, the legitimate interest pursued by us in relation to our use of your personal data is the efficient performance or management of (i) your use of the Online Offerings, and/or (ii) our business relationship with you. Where the below table states that we rely on our legitimate interest for a given purpose, we are of the opinion that our legitimate interest is not overridden by your interests and rights or freedoms, given (i) the regular reviews and related documentation of the processing activities described herein, (ii) the protection of your personal data by our data privacy processes, including our Binding Corporate Rules on the Protection of Personal Data, (iii) the transparency we provide on the processing activity, and (iv) the rights you have in relation to the processing activity.

In some cases, we may ask if you consent to the relevant use of your personal data. In such cases, the legal basis for us processing that data about you may (in addition or instead) be that you have consented (General Data Protection Regulation).

To provide the Online Offering’s services and functions which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings:

Contract Performance (Article 6 (1) (b) General Data Protection Regulation), Legitimate Interest (Article 6 (1) (f) GDPR).

To bill your use of the Online Offering:

Contract Performance (Article 6 (1) (b) General Data Protection Regulation), Legitimate Interest (Article 6 (1) (f) GDPR.

To verify your identity

Contract Performance (Article 6 (1) (b) GDPR), Legitimate Interest (Article 6 (1) (f) GDPR).

To answer and fulfill your requests or instructions

To process your order or to provide you with access to specific information or offers

To send you marketing information or to contact you in the context of customer satisfaction surveys

As reasonably necessary to enforce the Online Offering’s terms, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on our information technology systems

In the event that we transfer your personal data outside the European Economic Area, we ensure that your data is protected in a manner which is consistent with the General Data Protection Regulation. Therefore, and if required by applicable law, we take the following measures:

We share your personal data with affiliated companies outside the European Economic Area only if they have implemented our International Transaction Corporate Rules (ITCR) for the protection of personal data as stated in the General Data Protection Rules of EU.

We transfer personal data to external recipients outside the European Economic Area only if the recipient has (i) entered into EU Standard Contractual Clauses with us or (ii) implemented Binding Corporate Rules in its organization. You may request further information about the safeguards implemented in relation to specific transfers by contacting

In case of data privacy related concerns and requests, we encourage you to contact our Data Privacy Organization at Besides contacting the Data Privacy Organization, you always have the right to approach the competent data protection authority with your request or complaint. A list and contact details of local data protection authorities is available here.

Stay Connected