1. We are the data controller - how do you contact us?
The Danish Data Protection Agency is data controller for the processing of the personal data you have sent to the Agency. You will find our contact information below:
The Danish Data Protection Agency, Carl Jacobsens Vej 35, 2500 Valby
CVR No .: 11 88 37 29
Phone: +45 33 19 32 00
E-mail: dt@datatilsynet.dk
2. Contact information of the data protection officer
If you have any questions about our processing of your personal data, you are always welcome to contact our data protection officer.
You can contact our data protection officer in the following ways:
By e-mail: dpo@datatilsynet.dk
By phone: +45 33 19 32 00
By letter: The Danish Data Protection Agency, Carl Jacobsens Vej 35, 2500 Valby, Att .: The Data Protection Officer
3. The purposes and legal basis for the processing of your personal data
We process your personal data in order to handle your complaint or inquiry.
We also process the personal data for the purpose of improving our general case handling and to keep track of the number of cases the Danish Data Protection Agency has processed.
The processing of your personal data is based on Article 6 (1) (e) of the Data Protection Regulation
If you have sent us sensitive information, it will be processed in accordance with Article 9 (2) (f) of the Data Protection Regulation.
If you have sent us information about criminal offenses, our processing is based on Section 8 (1) and Section 8 (2) (3) of the Danish Data Protection Act.
The purpose of processing Danish social security numbers is to unambiguously identify the data subject in accordance with Section 11 (1) of the Danish Data Protection Act.
The purpose of the processing your personal data in the Internal Market Information System (IMI) is to support the administrative cooperation amongst European data protection authorities in accordance with Article 13 of the IMI regulation, cf. Articles 56, 60-66 and 70 (1) of the Data Protection Regulation.
4. Recipients of your personal information
If you have submitted a complaint concerning the processing of your personal data, your complaint will be shared with the data controller when we ask the data controller for a statement.
If the data controller has not taken a position on your complaint, we can - instead of asking for a statement - choose to forward your complaint to the data controller, so that he or she has the opportunity to take a position on your complaint before we are involved in the case.
We may also disclose your personal information if it is otherwise necessary for the processing of the case to e.g. other public authorities such as the other European data protection authorities. When your personal information is disclosed to other European supervisory authorities, it is done through the European Commission's IT system called IMI. The Danish Data Protection Agency also receives personal data from other European data protection authorities via IMI.
The Danish Data Protection Agency regularly publishes selected opinions and decisions on our website, which may be in pseudonymised form. This means that the personal data can no longer be attributed to a specific natural person without the use of additional information which is only available to the Danish Data Protection Agency. Decisions in cases where other European data protection authorities have been involved may also be published on the European Data Protection Board's website in pseudonymous form.
The publication on the Danish Data Protection Agency's or the Danish Data Protection Council's website will mean that your personal information may be disclosed to our external website solution supplier and / or the Data Protection Council. Prior to the publication of an opinion or decision, the Danish Data Protection Agency will inform you and the other parties to the case of our intention to publish the opinion or decision.
If we receive a request for access to the file in which your personal data is included, we will normally be required to disclose the information, unless the information is confidential.
5. Retention of your personal data
Your personal data in the Danish Data Protection Agency's electronic case and document handling system will be transferred to the National Archives in accordance with the rules in the archive legislation after the end of the record period in which the case has been closed.
For a period after the end of the record period in which the case has been closed and transferred for storage in the National Archives, cf. above, the Danish Data Protection Agency will continue to have access to the information in a historical version of the record period in our system. However, the historical version of the record period shall be deleted no later than 10 years after the end of the record period in which the case is closed.
In relation to the personal data processed in IMI, the Commission is e.g. responsible for the operation of the system. Personal data processed in IMI is normally blocked 6 months after the administrative cooperation procedure is formally closed in the system, and all personal data is automatically deleted in IMI 3 years after the formal closure of an administrative cooperation procedure. Personal data in IMI may under certain circumstances be deleted before the end of the storage period.
6. Your rights
You have a number of rights under the Data Protection Regulation and the IMI Regulation in relation to our processing your personal data.
If you want to make use of your rights, please contact us.
Right to information (right of access)
You have the right to access the information we process about you and certain supplementary information.
Right to rectification (correction)
You have the right to have incorrect information about yourself corrected.
Right to deletion
In very special cases, you have the right to have your personal data deleted before the deadlines set in our general deletion policy.
Right to restrict processing
In certain situations, you have the right to have the processing of your personal data restricted. If the processing of your personal data is restricted, we may only process your information - apart from for storage purposes - with your consent, or for the purpose that legal claims can be established, asserted or defended, or to protect a person or important public interests. It should be noted in this context, that archival purposes are to be regarded as important public interests.
Right to object
In certain cases, you have the right to object to our otherwise lawful processing of your personal data.
You can read more about your rights on our website here.