The Policy will inform you of the data we collect, how we process your data, how we store it, and for how long etc.
You are encouraged to familiarize yourself with this Policy and contact us if you find information herein that is unacceptable to you. You will find the latest valid version of this policy at www.nordu.net.
- Data Controller
- The data controller responsible for the processing of your personal data is:
DK 2770 Kastrup
+45 32 46 25 00
info [@] nordu [.] net Org. # 17490346
The general legal processing framework is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, and the attendant rules. In addition, the Danish act which will be passed based on the Danish Bill to introduce supplementary provisions to the EU Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data which was introduced on 25 October 2017 will apply.
- Questions and requests concerning this Policy:
All questions and requests concerning this Policy, the processing of your data and any suspected non- compliance should initially be directed to our privacy group.
All questions and requests will be handled in a prioritized order, and may be rejected if no proof if identity is provided upon request. We will respond to your question or request within 1 month from date of receipt of your request. If, for some reason, we cannot meet your request we will contact you.
Our privacy group can be contacted at:
Privacy [@] nordu [.]net
Some of the most important terms of data protection law are defined below:
- Personal Data
Any information relating to an identified or identifiable natural person. This means all information which, directly or indirectly, alone or when combined, can identify a particular natural person.
- Data Controller
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
- Data Processor
The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller
Any operation or set of operations which is performed on Personal Data or on sets of Personal Data such as collection, recording, structuring, alteration, consultation, combination, disclosure by transmission or transfer to persons, public authorities, companies, etc. outside NORDUnet.
- Special Categories of Personal Data
Data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, health data or data concerning a natural person’s sex life or sexual orientation as well as biometric data if such biometric data are processed for the purpose of uniquely identifying a natural person (sensitive data).
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, and the attendant rules.
- Danish Data Protection Act (databeskyttelsesloven)
[ONLY IN DK] The Danish Act which will be passed based on the Danish Bill to introduce supplementary provisions to the EU Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (Bill no. L68) which was introduced on 25 October 2017
- Purpose of Processing
Depending on whether you are a customer of ours, a business partner or perhaps just someone who uses our website, we may be required to process your Personal Data or we may need to process your Personal Data to the extent required for us to provide the services you request and comply with the obligations imposed on us. This applies with regard to handling your purchase of products and services like conference participation. This applies also for purposes of our marketing communications towards you.
- Personal Data we Process about you
- When you participate in events hosted by NORDUnet, we consider you a customer, and we may process the following data about you:
- Personal Data:
- Name, organization, e-mail, clothing size, phone numbers
- Special Categories of Personal Data:
- If you require catering of any kind, we will ask about your dietary requirements to safeguard your health and wellbeing.
- If you require assistance with mobility issues, we ask for information on how to assist you.
If you require assistance from us to obtain visa or similar, we will collect and process Personal Data and special categories of Personal Data to the level required by the relevant authorities.
- We may collect Personal Data about you from third parties if needed. Examples of such third parties could be relevant authorities for visa processing.
- If you are a business partner of ours, we process the following kind of Personal Data about you: Name, e-mail address, phone numbers, organisation, position
- If you are a user of our media services, and you did not get access to the service directly from NORDUnet, please note that we are not the Data Controller, and you should direct all your questions and requests to the organization that provided you with access to the service. We process the following kind of Personal Data about you: Name, username, e-mail address, phone numbers, IP addresses
- If you are a user of our websites, please see clause 6 about Cookies
- If you are / were an applicant for a job position, we process any data you have provided through the application, the CV, tests or through communications such as e-mail correspondence, phone conversations and job interviews.
- Why we Process your Personal Data
We use your Personal Data for several different purposes, depending on whether you are a customer of ours, a business partner of ours or just someone who uses our website.
- If you are a customer of ours, we use your Personal Data to:
- Enable website functionality
- Send order confirmations to you
- Answer any questions from you and comply with your requests
- Issue confirmation of your participation to the events that you have signed up for
- Issue registration badges where relevant
- Issue participants lists to administer your participation
- Notify you of activities related to your participation
- Reply to questions and requests from you
- Collect statistics on participation for future planning
- If you are a business partner of ours, we use your Personal Data to:
- Contact you in order to give you or ask for information
- Arrange meetings
- If you are user of our websites, we use your Personal Data to:
- Enable website functionality
- Gather statistics about your browsing actions and patterns on our website
- Improve website design
- If you are user of our media services, we use your Personal Data to:
- Enable system functionality
- Improve system design
- If you are / were an applicant for a position, we use your Personal Data to:
- Establish whether or not we have a position for you
- Communicate with you regarding the position
- Legal basis for Processing your Personal Data
- When you become a customer of ours or enter into an agreement of some kind with us, we will process your general Personal Data for that specific purpose. We may also process your general Personal Data if, for example, you have a question or query before deciding whether to enter into an agreement with us. The legal basis of processing is Article 6(1)(b) of the GDPR, as the processing of your Personal Data is necessary for the performance of our agreement with you or in order to take steps at your request prior to entering into an agreement with us.
- We may also process general Personal Data about you because of our legitimate interests in processing such data, see Article 6(1)(f) of the GDPR, unless our legitimate interests are overridden by your fundamental rights and freedoms which require protection of your own general Personal Data.
- We have a legitimate interest in processing your Personal Data (your name and email address) for marketing purposes. Our legitimate interest is thus our need to know your preferences to allow us to tailor our communications and propositions to you and ultimately offer products and services which better meet your needs and wishes. We obviously also comply with the Danish Marketing Practices Act (markedsføringsloven). In addition, we also generate various statistical data on the number of customers, purchases, website use, etc. on this basis.
- In some cases we are also legally required to process Personal Data about you. By way of example, this could be for purposes of providing an audit trail etc. in accordance with the provisions of the Danish Bookkeeping Act (bogføringsloven). Among other things, we are required to keep our accounting records for five years after the end of the financial year which the records concern.
- If you provide or have provided us with Special Categories of Personal Data (sensitive data), eg. Personal Data about your health, the basis of our processing is Article 9 of the GDPR. We process Special Categories of Personal Data in the following cases:
- If you participate in events that require catering of any kind, we will ask about your dietary requirements to safeguard your health and wellbeing.
If you require assistance from us to obtain visa or similar, we may collect and process special categories of Personal Data to the level required by the relevant authorities to process a visa for you.
- If you require assistance with mobility issues, we ask for information on how to assist you.
- If you are not a customer of ours, but just use our website, we have a – limited – need to be able to manage the Personal Data provided by you yourself, eg. for cookie management purposes. For more details, please read our cookie details in clause 6 above.
- In some cases, we may log the IP addresses of those who visit our website, sends us emails etc. An IP address may constitute Personal Data, and if we process your IP address, we will do so on the same basis as described in clause 8.2 above.
- Sharing your Personal Data
Your personal data will not be shared with sponsors.
We may share your personal data with the suppliers, partners, and the Nordic NRENs who assist in the execution of your order, and who assist in our IT operations.
In addition, we will share your Personal Data to the extent that we are required to do so, for example as a result of requirements to report information to relevant public authorities.
- Sharing your Personal Data with non-EU/EEA recipients
A few of our service providers are located outside the EU/EEA. We may therefore sometimes share your Personal Data with non-EU/EEA recipients. However, this will require:
- That the country in question or the international company provides an adequate level of protection as determined by the European Commission, or
- That the standard contractual clauses on data protection adopted by the European Commission have been entered into between us and the recipient of your Personal Data, or
- That the recipient in question is certified in accordance with Article 42 of the GDPR, or
- That the recipient in question has adopted a set of Binding Corporate Rules.
We may also sometimes ask for your consent to a transfer to non-EU/EEA recipients, or such transfer may sometimes be necessary for the performance of an agreement with you or the implementation of pre- contractual measures taken at your request. Such derogations for specific situations are governed by Article 49 of the GDPR.
You are entitled to information about or a copy of any appropriate safeguards which form the basis of the transfer of Personal Data to non-EU/EEA recipients or – in the case of derogations provided under Article 49 of the GDPR – the derogations which form the basis of such transfer
- Retention and erasure of your Personal Data
We will retain your Personal Data in accordance with the following rules:
- If you are a customer (participant, speaker, or in other ways submitting your data to NORDUnet conferences, workshops or similar events) we retain your data for up to 5 years from the date of our last interaction. Clothing size and data about mobility issues and dietary requirements will be retained for 6 months after the event.
- If you are a user of our website without being an existing or former customer, we will retain the Personal Data we have recorded about you for up to 1 year from date of collection.
- If you are a business partner of ours, we retain your data for up to 5 years from expiry of the contract.
- If you are a user of our media services, and you got access to the service directly through NORDUnet, we will retain the Personal Data we have recorded about you for up to 5 years from the date of last interaction. If you got access to the service through another organization, such as an educational institution or an NREN, please note that we are not the Data Controller, and act only as per their instructions, and all questions and requests should be directed to them.
- If you are an applicant for a position, we retain your data for up to 6 months from last date of interaction.
- Your rights
For any questions and requests regarding your rights, please contact us through our privacy group. Contact details and conditions can be found in clause 2.2.
You have the right to access the Personal Data we process about you, including the purposes for which the Personal Data were collected.
- Rectification and erasure
You have the right to request rectification, supplementary processing, erasure or blocking of the Personal Data we process about you. We will comply with your request to the extent necessary. If, for some reason, your request cannot be complied with, we will contact you.
- Restriction of Processing
In certain circumstances, you have the right to restrict the processing of your Personal Data. Please contact us if you would like to restrict the processing of your Personal Data.
- Data portability
You have the right to receive your Personal Data (only data about you which you yourself have provided to us) in a structured, commonly used and machine-readable format (data portability). Please contact us if you would like to exercise your rights concerning data portability.
- Right to object
You have the right to ask us not to process your Personal Data in cases where the processing is based on Article 6(1)(e) (performance of a task carried out in the public interest or in the exercise of official authority) or Article 6(1)(f) (legitimate interests). The extent to which we process your Personal Data for such purposes is described in this Policy. You may exercise the right to object at any time by contacting us.
- Withdrawal of consent
If the processing of your Personal Data is based on your consent, you have the right to withdraw consent at any time. If you withdraw consent, this will not affect the legality of the processing that was carried out before such withdrawal. Please contact us if you would like to withdraw consent.
If you wish to opt out of receiving promotional and marketing communications in general, including by ordinary post, email, texts, telephone or other electronic media, please contact us.
Your exercise of the above rights may be subject to conditions or restrictions. For example, you may not be entitled to data portability in all situations – this will depend on the circumstances of the relevant processing activity in each case.
- Any consequences of not providing your Personal Data
If you are required to provide us with Personal Data about you, this will be stated clearly where we collect the Personal Data. If you do not wish to provide the Personal Data we request, it may have the consequence that we will not be able to provide the services you have requested, execute your orders, etc.
- Use of automated decision making / profiling
We do not use automated decision making as part of any of our personal related business processes, marketing, HR, etc. We may use automated decision making / profiling for security investigations which is covered by article 22 of GDPR.
At NORDUnet, our processing of Personal Data is governed by our GDPR and IT Security Policies. These policies also govern our risk assessments and impact analysis of existing as well as new or changed processing activities. We have implemented internal rules and procedures to provide and maintain appropriate security from collection to erasure of Personal Data, and we will only engage Data processors to process our Personal Data if they maintain a similar appropriate security level.
- Complaints to supervisory authority
Any complaint about our processing of your Personal Data may be submitted to the Danish Data Protection Agency:
The Danish Data Protection Agency, Borgergade 28, 5th floor, 1300 Copenhagen K, Denmark, tel.: +45 3319 3200, email: firstname.lastname@example.org
- Updating this Policy
NORDUnet is required to comply with the fundamental principles of data protection and privacy law. Therefore, we will review this Policy on a regular basis to keep it up to date and ensure compliance with applicable principles and law. This Policy is subject to change without notice. Material changes will be announced on our website and an updated version of the Policy will be made available.
This version of the Policy is effective 2020-02-19