Privacy notice

1. Contact information for the controller and data protection officer

The Ministry is the controller for the processing of your personal data.

Our contact information is:
Ministry of Foreign Affairs of Denmark
Asiatisk Plads 2, DK-1448 Copenhagen K
CVR no.: 43271911
Telephone: +45 3392 0000
E-mail: um@um.dk

Our Data Protection Officer (DPO) can be contacted here:
E-mail: dpo@um.dk
Telephone: +45 3392 1965
Ministry of Foreign Affairs of Denmark
Asiatisk Plads 2, DK-1448 Copenhagen K
CVR no.: 43271911

2. Description of personal data processing

We have divided our privacy policy into different sections so we can provide clear and transparent information on how we process your personal data. Different parts of the policy apply to you depending on whether you are a customer, supplier, ministry partner or someone associated with these (e.g. employee or consultant), or whether you use our websites and/or receive marketing, newsletters, etc. from us.

2 A. Customer, supplier, ministry partner or someone associated with these (e.g. employee or consultant):

Purpose of the processing:

We collect and process personal data about customers, suppliers, ministry partners and people associated with these, such as employees or consultants, so that we can communicate and collaborate on the signing of/compliance with/performance of contracts entered into with you or the company or organisation you are associated with (e.g. as an employee or consultant) and also to act on requests made by you.

Categories of data we process:

We process general personal data such as name, position, contact information, including e.g. the name of the company or organisation that you work for, address, email address and telephone number, user name, etc.

Sources:

We collect personal data from the following sources:

• Directly from you or the company or organisation you are associated with (e.g. as an employee or consultant).

Legal bases for processing:

We process your personal data based on the following legal bases for processing:

• When it is necessary for the performance of a contract made with you or in order for us to resolve queries etc. prior to your entering into a contract with us (Article 6(1)(b)).
• When processing is necessary in order for us to comply with a legal obligation (Article 6(1)(c)). In some cases we are legally obliged to keep material containing your personal data. This may, for instance, be necessary in documenting audit trails etc. in accordance with the rules of accounting legislation.

Recipients:

Where necessary, we may share your personal data with:

• the customers, suppliers and ministry partners who assist us (possibly as processors) or who we collaborate with in relation to the signing of/compliance with/performance of contracts entered into with you or the company/organisation you are associated with (e.g. as an employee or consultant). In other words, we may share your data with e.g. our service providers of IT tools and our consulting partners.
• our auditors, lawyers and external advisers.
• companies affiliated to us where it is lawful to do so.

Transfer to countries outside the EU/EEA:

Some of our suppliers and service providers of various IT tools, including collaboration tools, are located outside the EU/EEA. For this reason, we may share your personal data with recipients in countries outside the EU/EEA (third countries). This does, however, presuppose that:

• the EU Commission has decided that the respective third country/company in the third country is a country/company that in general offers an adequate level of personal data protection either through legislation or through other measures;
• standard contractual clauses on data protection adopted by the EU Commission have been entered into between us and the respective recipient of your personal data;
• the respective recipient has signed up for an approved code of conduct or an approved certification mechanism; or
• the respective recipient has a set of approved binding corporate rules (BCR) in place.

You can at any time get information about or, if applicable, obtain a copy of the appropriate safeguards that constitute the basis for transfer of personal data to recipients outside the EU/EEA by writing to us, cf. section 1.

Retention/storage:

We will retain personal data about you for as long as is this is necessary to enable us to:

• safeguard the purposes mentioned above.
• document:
  • the collaboration
  • our right to process the personal data and 
  • our compliance with the rules on the processing of personal data and other legislation, e.g. the accounting legislation (which requires us to keep accounting records for five years from the end of the financial year that they concern),
  • in relation to the time limit for proceedings and liability for damages as well as other legal requirements, if relevant. If this is not relevant, we will delete the personal data beforehand.

2 B. User of our websites and/or recipient of marketing, newsletters, etc.

Purpose:

We collect and process personal data for marketing purposes. This could, for instance, be so we can tailor our communications to you on the basis of your occupational field and areas of interest and so we can send you relevant marketing, information and inspiration, e.g. in the form of newsletters and invitations to events, white papers and information on new solutions, new services, etc.

The Ministry reserves the right to collect information about your IP address. An IP address is a unique number assigned to the network devices, e.g. computers, that communicate with each other over the Internet. The Ministry uses your and other users’ IP addresses to tailor communication/marketing, as well as for statistical purposes.

We collect and process information about your behaviour on our website to analyse the use of our website, optimise the user experience and tailor our communications to you. We collect this information based on cookies in accordance with our cookie policy. Cookies are small data files that are stored on a user’s IT equipment so the device can be recognised. The starting point is that information collected about your behaviour on our website based on cookies cannot be associated with you as a person. However, if you have requested or agreed via our website that you want to receive marketing, newsletters, invitations to events, white papers, etc., we will link such personal data to your behaviour on our website in order to tailor our communications and marketing, including e.g. what we present on our website and advertising on other parties’ websites.

If you have given your consent for this purpose, we will use your name and email address, as well as the information you provided about professional areas of interest, to send you emails containing marketing materials in the form of e.g. newsletters and invitations to events etc. If you have also told us your job title and the company you work for (this is optional), we will use this information to tailor the content of the newsletters and invitations to events etc. that we send you to your selected areas of interest. We do this by selecting content that we believe is of most interest to you in light of your work function.

In addition, we use personal data consisting of your name, email address, telephone number, company and position to act on your request to access/receive specific restricted  content on our website, e.g. a white paper, and to subsequently be contacted by us for sales purposes, as well as for statistical and analytical purposes.

Categories of data:

We collect general personal data such as name, position, professional/occupational field, employer, contact information, professional areas of interest and in some cases IP addresses, as well as information about your behaviour on our website.

Sources:

We collect personal data from you and using cookies that you accept the use of on our website.

Legal bases for processing:

We process your personal data based on the following legal bases for processing:

• When you have given consent to receive emails from us containing newsletters and invitations to events etc. (Article 6(1)(a)). You can withdraw your consent to receive newsletters and invitations to events etc. by email at any time by using the unsubscribe link included in the emails. Your withdrawal of consent does not affect the lawfulness of the emails containing newsletters and invitations that we have sent out prior to you withdrawing your consent. When we give you access to/post specific protected content on our website and subsequently contact you for sales purposes, this action is also based on your consent. If you have given your consent for use of third-party cookies that make it possible to deduce personal data about you, cf. our cookie policy, then such disclosure of data about you to the third party is based on this consent.
• When it is necessary for the performance of a contract made with you or in order for us to resolve queries etc. prior to your entering into a contract with us (Article 6(1)(b)).

Recipients:

We will disclose or make available personal data about you to the following recipients:

• processors that assist us with the sending of newsletters, tailoring of marketing/advertising and for statistical purposes; and
• third parties: if you have given your consent for use of third-party cookies that make it possible to deduce personal data about you, cf. our cookie policy, then the collection/disclosure of data to the respective third parties takes place in accordance with our cookie policy. Our websites use e.g. Google’s services for statistical and marketing purposes and Facebook for marketing purposes. Read more about the basis for Google’s processing of personal data in Google’s privacy policy and your options for managing your privacy settings on Google’s homepage www.google.com. Read more about the basis for Facebook’s processing of personal data in Facebook’s information on personal data protection and security and your options for managing your privacy settings on Facebook’s homepage www.facebook.com.

Transfer to countries outside the EU/EEA:

If you have given your consent for use of third-party cookies that make it possible to deduce personal data about you, cf. our cookie policy, then data about you can be disclosed to the third party based on this consent. In such cases, Google and Facebook – depending on your privacy settings in these services – using cookies left by these services via our website, can collect and keep your data (e.g. IP address and cookie data) on foreign servers outside the EU/EEA. Google and Facebook are both certified under the Privacy Shield agreement.

Retention/storage:

We will retain personal data about you for as long as is this is necessary to enable us to:

• safeguard the purposes mentioned above:
• document:
• our right to process the personal data and
• our compliance with the rules on the processing of personal data and other legislation, e.g. marketing legislation,
• in relation to the time limit for proceedings and liability for damages as well as other legal requirements, if relevant. If this is not relevant, we will delete the personal data beforehand.

We will, for instance, keep data on your consent and any withdrawal of your consent to receive emails containing newsletters and invitations to events for up to two years after the last round of newsletters and invitations are sent out.

3. Personal data to third parties

As a starting point, we do not sell, publish or pass on your personal data to a third party without your consent, unless it is necessary to complete a contract or transaction and necessary to ensure compliance with Danish legislation in force at the time in question. In order to perform a contract, it will, however, be necessary to pass on your data to our business partners to enable us to deliver our products or services to you.

4. Cookies

Please refer to our cookie policy for information on the use of cookies. If cookies mean that personal data will be collected, this will appear clearly in our cookie policy and/or this privacy policy.

5. Apps developed by the Ministry

Please refer to the processing of personal data in Ministry apps for information on personal data collected via apps developed by the Ministry.

6. Your rights

Under the General Data Protection Regulation you have a number of rights in respect of our processing of personal data about you.

If you want to exercise your rights, you must contact us. You can find our contact information in section 1.

We will act on your request as soon as possible in accordance with applicable legislation. If we – for one reason or another – cannot accommodate your request, we will contact you.

Right to view information (right of access):

You are entitled to access the data that we process about you, including the purposes of the processing, as well as certain additional information.

Right to rectification (correction):

You are entitled to have incorrect data about you corrected.

Right to erasure:

In special cases, you are entitled to have data about you erased, before our ordinary general erasure takes place.

Right to restriction of processing:

In certain cases, you are entitled to have the processing of your personal data restricted. If you are entitled to restricted processing, we must in the future only process your personal data – apart from retention – with your consent, or if the purpose is to establish, defend or exercise a legal claim, or to protect a person or important public interests.

Right to object:

In certain cases, you are entitled to object to our otherwise lawful processing of your personal data. You can – for reasons relating to your particular situation – instruct us not to process your personal data in cases where the processing is based on Article 6(1)(e) (task carried out in the public interest or in the exercise of official authority), including profiling based on these provisions. This privacy policy states to what extent we process your data for such purposes. We are then no longer permitted to process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.

You can also object to the processing of your data for direct marketing and profiling in connection with marketing. After such an objection we are no longer permitted to process your personal data for this purpose.

Voluntariness:

When we collect personal data from you, it is your choice whether you want to provide the data to us. If you do not give us the personal data, the consequence of this may be that we cannot safeguard the purposes above, including:

• that we cannot enter into a customer/supplier or other working relationship with you, including being able to communicate and have regular contact with you or the company you are associated with (e.g. as an employee or consultant);
• that we cannot act on your requests; and
• that we cannot give you user access to our services and systems.

Withdrawal of consent:

If the processing of your personal data is based on your consent, you are entitled to withdraw your consent at any time. If you withdraw your consent, this will not affect the lawfulness of the processing that took place before you withdrew your consent.

If you have given your consent to receive newsletters and invitations to events etc. via email, you can withdraw your consent at any time by using the unsubscribe link included in the emails sent to you.

Data portability:

In certain cases, you are entitled to receive your personal data (only data about yourself that you have provided to us) in a structured, commonly used and machine-readable format and also to have such personal data transferred to another controller (data portability).

7. Security

The Ministry has an information security management system. We process all data, including your personal data, in accordance with the security policies, processes and controls contained within our ISO27001 certified information security management system. This means that your personal data are protected from destruction, loss or alteration, from unauthorised disclosure and from unauthorised access to or knowledge of such data.

8. Complaining to the Danish Data Protection Agency

You have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with the manner in which we process your personal data:

Danish Data Protection Agency, Borgergade 28, Floor 5, DK-1300 Copenhagen K, telephone +45 3319 3200, e-mail: dt@datatilsynet.dk.

9. Updates to this policy

We are obliged to comply with basic principles on the protection of personal data and on data protection. We therefore regularly review this privacy policy to keep it up to date and in line with applicable principles and legislation. This privacy policy may be amended without notice.

Substantial changes to this privacy policy will be published on our website together with an updated version of this privacy policy.