The University of Copenhagen processes and records information about persons who are in contact with the University, mainly employees, emeriti, students, alumni, applicants, visiting researchers, participants in research projects or conferences - or simply subscribers to our publications.
Applied acts and articles
As data controller under the General Data Protection Regulation, the University of Copenhagen is obliged to inform all data subjects about their rights in respect of processing of their data.
Personal data is registered in accordance with Article 6 of the General Data Protection Regulation. Sensitive data, i.e. data on health or data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, and data concerning a person’s sexual relations and sexual orientation is registered in accordance with Article 6 and 9 of the said Regulation.
Processing of sensitive data in research projects is covered by article 6 (1a) and article 9 (2a) if the data subject consents to the data processing. Sensitive data is processed in accordance with article 6 (1e) of the general Data Protection Regulation, and section 10 of the Danish Act on processing of data, if it is processed without the consent of the data subjects. According to this Act, the University of Copenhagen may only process sensitive personal data and data concerning criminal convictions and offences without the data subject's consent, if the processing is aimed at statistical or scientific studies with potential public interest and if the processing is necessary to conduct the studies.
Processing and storage
The University of Copenhagen processes personal data confidentially. Personal data will be processed and stored in the University’s secure filing systems. When the data is no longer necessary for the purpose for which it was collected, it is deleted or filed in the University’s records.
The University may store the data if it is part of a lawsuit or if the University is considering using the data in a lawsuit.
Disclosure of information
Information will not be disclosed to anyone without the data subject being informed unless the University is obliged to disclose the information to other public authorities.
Research data from official statistics and registers will only be disclosed for statistical or scientific purposes.
In connection with international research collaborations, personal data is transferred to partners in other countries. When transferring data to countries outside the EU/EEA, the transfer is subject to the research project participants’ consent or approval by the Danish Data Protection Agency. To the extent possible, the personal data transferred will be pseudonymised. This means that participants’ names and civil registration numbers will be replaced by a participant number, so that the recipient cannot identify the person who is the source of the transferred data.
If personal data is transferred to countries outside the EU/EEA without the participant’s consent, the University of Copenhagen will enter into an agreement with the foreign cooperation partners that obliges the international partners to comply with the European data protection standards.
You can see the European Commission’s decision on the European standard contractual clauses in the right-hand box on this page.
Some countries outside the EU/EEA comply with the European data protection standards, and it is therefore not necessary to oblige partners in these countries to comply with the standard contractual clauses.
Read about the countries outside the EU/EEA that comply with the European data security standards on the Danish Data Protection Agency’s website. ‘Tredjelandsoverførsler’ (transfers to third countries) (datatilsynet.dk) (in Danish only)
The University of Copenhagen will inform participants in research projects of the rules if their personal data is transferred to international partners.
Data subjects may contact the University of Copenhagen at any time to obtain copies of the information stored in the University’s records or filing systems.
The University of Copenhagen is not obliged to hand over copies of information from research projects.
Correction of information
If the data subject believes that incorrect information has been stored, they may ask the University to correct the information. The information will be corrected accordingly or it will be noted in the files that the person concerned has asked for a correction.
The data subject is entitled to the information being ignored until it is decided which information is correct. Data subjects are also entitled to request that the University does not use the information if it is no longer needed.
Participants in research projects are not entitled to correction of research data.
Data subjects have the right to object to the processing of information when the University processes information according to a legal obligation. This means that the data subject has the right to deny that the University processes the information. However, participants in a research projects do not have the right to object to the processing of their own data in the project.
Withdrawal of consent and the right to erasure of information
If the University of Copenhagen has obtained the consent of a data subject to process information, the data subject may at any time withdraw the consent. If the consent is withdrawn, the University may not continue to process information after the consent has been withdrawn.
The data subject has the right to erasure of information recorded by the University provided the information is no longer necessary for the purpose for which it was collected.
The information must be erased also when the data subject withdraws the consent or in case the information has been processed unlawfully by mistake. The data subject has, however, no right to erasure of information that has been filed in the University’s archives in accordance with the Archives Act.
Information in a research project may not be erased if this is likely to mean that it will be impossible or gravely impede the conclusion of the research project.
Data Protection Officer
The University of Copenhagen has a data protection officer (DPO). Data subjects may contact the DPO, Lisa Ibenfeldt Schultz via firstname.lastname@example.org, with any questions relating to the data processing at the University of Copenhagen.
Data subjects are entitled to logde complaints about the processing of their data to the Data Protection Agency (Datatilsynet) via email@example.com.
Personal data on websites and Facebook pages
The European Commission’s decision
The European Commission’s decision June 4 on standard contractual clauses when transferring personal data to countries outside the EU/EEA.
Read or download the European Comission's decision here.