Privacy Policy

Processing data

DeiC collects information about you when you visit our websites, use our newsletter, sign up for our conferences, or use the services provided by DeiC. In addition, DKCERT, which is part of DeiC, collects information in some cases, as described below.

This privacy policy describes how DeiC generally processes, uses and passes on your personal data.

There may be different variations of this policy for different services offered by DeiC. If this is the case, it will, however, appear from the service and from any data processing agreements you agree to in order to use the service.

Types of information

DeiC collects and processes the following types of personal data about you (to the extent that the data are relevant to you specifically):

Common categories of personal data:

  • Name, address, possibly email address, phone number, work relations, sex, age, educational background
  • NetFlow data and, possibly, other logging data, including IP addresses, timestamps, etc.

Special categories of personal data (‘sensitive personal data’):

  • Data concerning health (e.g. allergies or any disabilities that are relevant for registering for a conference or other events).

Furthermore, DeiC’s website uses cookies, which are text files stored on your computer, mobile phone, or similar devices to remember settings and gather statistics. Cookies do not contain malicious code such as virus.  Read more about our cookie policy here: https://www.deic.dk/en/cookies.

Purpose

We use the data collected about you on our websites to optimise our websites and improve your experience with the website.

Data obtained in connection with our newsletters, conferences and other services are used to verify your identity for receiving, participating in, or using the above.

For DKCERT, the purpose is the prevention, processing and investigation of security incidents, including abuse, on the Danish Research Network.

The legal framework for processing and communicating personal data

The legal framework for collecting, processing and communicating personal data is as follows:

  • For the websites of DeiC, personal data is collected and processed pursuant to Article 6(1)(f) of the General Data Protection Regulation
  • For DeiC’s newsletters, conferences and services ordinary personal data are collected, processed and communicated pursuant to Article 6(1)(b) of the General Data Protection Regulation, while any sensitive personal data are collected, processed and communicated pursuant to Article 9(2)(a) of the General Data Protection Regulation.
  • DKCERT collects, processes and discloses personal data pursuant to Article 6(1)(e) of the General Data Protection Regulation.

Disclosure of personal data

As a rule, DeiC will not pass on your data to others unless this is required by law. However, some data collected when you register for a conference are shared with the venue at which the conference is held.

Similarly, DKCERT may pass on logging data to the police in connection with investigations into violations of the law.

Security

DeiC has adopted technical and organisational measures to safeguard against your data being accidentally or illegally deleted, made public, lost, corrupted, or disclosed to unauthorised persons, misused, or otherwise treated in violation of applicable legislation.

Using data processors

Your personal data is processed and stored by DeiC or at one of DeiC’s data processors, who store data on behalf of and based on the instructions of DeiC.

Some of DeiC’s services may use sub-contractors. If this is the case, it will, however, be stated in the data processing agreement for the service in question.

The storage period

DeiC stores your personal data for as long as necessary to perform the purposes stated above. As a public authority, DeiC is required to store records for five years pursuant to the Archives Act and the Public Records Act. Similarly, DeiC is required to store all payment information for five years pursuant to the Financial Statements Act.

There may be cases where DeiC is compelled to store your personal data for a longer period of time, e.g. in relation to complaints and actions for damages. In such cases, the data will be stored until cases are finally closed.

Your rights

Pursuant to the General Data Protection Regulation you have certain rights, including the right of insight into your personal data, the right to rectify incorrect data, the right to have data deleted, the right to restrict processing, the right to data portability, the right to object to the processing of personal data, including in connection with automated individual decision-making (‘profiling’).

You also have the right to complain to a competent regulatory authority, including the Danish Data Protection Agency.

Contact information

DeiC
Asmussens Allé, Building 305
DK-2800 Lyngby
CVR: 30 06 09 46
Tel.: 35 88 82 02
E-mail: sekretariat@deic.dk or gitte.kudsk@deic.dk

If you have any questions about our processing of your information, please contact our data protection consultant.

E-mail: morten.eeg@deic.dk

Phone: +45 93 51 13 80

Rev. 16. maj 2018