DeiC collects information about you when you visit our websites, use our newsletter, sign up for our conferences, or use the services provided by DeiC. In addition, DKCERT, which is part of DeiC, collects information in some cases, as described below.
There may be different variations of this policy for different services offered by DeiC. If this is the case, it will, however, appear from the service and from any data processing agreements you agree to in order to use the service.
Types of information
DeiC collects and processes the following types of personal data about you (to the extent that the data are relevant to you specifically):
Common categories of personal data:
- Name, address, possibly email address, phone number, work relations, sex, age, educational background
- NetFlow data and, possibly, other logging data, including IP addresses, timestamps, etc.
Special categories of personal data (‘sensitive personal data’):
- Data concerning health (e.g. allergies or any disabilities that are relevant for registering for a conference or other events).
We use the data collected about you on our websites to optimise our websites and improve your experience with the website.
Data obtained in connection with our newsletters, conferences and other services are used to verify your identity for receiving, participating in, or using the above.
For DKCERT, the purpose is the prevention, processing and investigation of security incidents, including abuse, on the Danish Research Network.
The legal framework for processing and communicating personal data
The legal framework for collecting, processing and communicating personal data is as follows:
- For the websites of DeiC, personal data is collected and processed pursuant to Article 6(1)(f) of the General Data Protection Regulation
- For DeiC’s newsletters, conferences and services ordinary personal data are collected, processed and communicated pursuant to Article 6(1)(b) of the General Data Protection Regulation, while any sensitive personal data are collected, processed and communicated pursuant to Article 9(2)(a) of the General Data Protection Regulation.
- DKCERT collects, processes and discloses personal data pursuant to Article 6(1)(e) of the General Data Protection Regulation.
Disclosure of personal data
As a rule, DeiC will not pass on your data to others unless this is required by law. However, some data collected when you register for a conference are shared with the venue at which the conference is held.
Similarly, DKCERT may pass on logging data to the police in connection with investigations into violations of the law.
DeiC has adopted technical and organisational measures to safeguard against your data being accidentally or illegally deleted, made public, lost, corrupted, or disclosed to unauthorised persons, misused, or otherwise treated in violation of applicable legislation.
Using data processors
Your personal data is processed and stored by DeiC or at one of DeiC’s data processors, who store data on behalf of and based on the instructions of DeiC.
Some of DeiC’s services may use sub-contractors. If this is the case, it will, however, be stated in the data processing agreement for the service in question.
The storage period
DeiC stores your personal data for as long as necessary to perform the purposes stated above. As a public authority, DeiC is required to store records for five years pursuant to the Archives Act and the Public Records Act. Similarly, DeiC is required to store all payment information for five years pursuant to the Financial Statements Act.
There may be cases where DeiC is compelled to store your personal data for a longer period of time, e.g. in relation to complaints and actions for damages. In such cases, the data will be stored until cases are finally closed.
Pursuant to the General Data Protection Regulation you have certain rights, including the right of insight into your personal data, the right to rectify incorrect data, the right to have data deleted, the right to restrict processing, the right to data portability, the right to object to the processing of personal data, including in connection with automated individual decision-making (‘profiling’).
You also have the right to complain to a competent regulatory authority, including the Danish Data Protection Agency.
If you have any questions about our processing of your information, please contact our data protection consultant.
Phone: 93 51 14 65
Rev. 7. september 2021