The Policy will inform you of the data we collect, how we process your data, how we store it, and for how long etc.
You are encouraged to familiarize yourself with this Policy and contact us if you find information herein that is unacceptable to you. You will find the latest valid version of this policy at www.nordu.net.
All questions and requests concerning this Policy, the processing of your data and any suspected non- compliance should initially be directed to our privacy group.
All questions and requests will be handled in a prioritized order, and may be rejected if no proof if identity is provided upon request. We will respond to your question or request within 1 month from date of receipt of your request. If, for some reason, we cannot meet your request we will contact you.
Our privacy group can be contacted at:
Privacy [@] nordu [.]net
Some of the most important terms of data protection law are defined below:
Any information relating to an identified or identifiable natural person. This means all information which, directly or indirectly, alone or when combined, can identify a particular natural person.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller
Any operation or set of operations which is performed on Personal Data or on sets of Personal Data such as collection, recording, structuring, alteration, consultation, combination, disclosure by transmission or transfer to persons, public authorities, companies, etc. outside NORDUnet.
Data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, health data or data concerning a natural person’s sex life or sexual orientation as well as biometric data if such biometric data are processed for the purpose of uniquely identifying a natural person (sensitive data).
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, and the attendant rules.
[ONLY IN DK] The Danish Act which will be passed based on the Danish Bill to introduce supplementary provisions to the EU Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (Bill no. L68) which was introduced on 25 October 2017
Depending on whether you are a customer of ours, a business partner or perhaps just someone who uses our website, we may be required to process your Personal Data or we may need to process your Personal Data to the extent required for us to provide the services you request and comply with the obligations imposed on us. This applies with regard to handling your purchase of products and services like conference participation. This applies also for purposes of our marketing communications towards you.
If you require assistance from us to obtain visa or similar, we will collect and process Personal Data and special categories of Personal Data to the level required by the relevant authorities.
We use your Personal Data for several different purposes, depending on whether you are a customer of ours, a business partner of ours or just someone who uses our website.
If you require assistance from us to obtain visa or similar, we may collect and process special categories of Personal Data to the level required by the relevant authorities to process a visa for you.
Your personal data will not be shared with sponsors.
We may share your personal data with the suppliers, partners, and the Nordic NRENs who assist in the execution of your order, and who assist in our IT operations.
In addition, we will share your Personal Data to the extent that we are required to do so, for example as a result of requirements to report information to relevant public authorities.
A few of our service providers are located outside the EU/EEA. We may therefore sometimes share your Personal Data with non-EU/EEA recipients. However, this will require:
We may also sometimes ask for your consent to a transfer to non-EU/EEA recipients, or such transfer may sometimes be necessary for the performance of an agreement with you or the implementation of pre- contractual measures taken at your request. Such derogations for specific situations are governed by Article 49 of the GDPR.
You are entitled to information about or a copy of any appropriate safeguards which form the basis of the transfer of Personal Data to non-EU/EEA recipients or – in the case of derogations provided under Article 49 of the GDPR – the derogations which form the basis of such transfer
We will retain your Personal Data in accordance with the following rules:
For any questions and requests regarding your rights, please contact us through our privacy group. Contact details and conditions can be found in clause 2.2.
You have the right to access the Personal Data we process about you, including the purposes for which the Personal Data were collected.
You have the right to request rectification, supplementary processing, erasure or blocking of the Personal Data we process about you. We will comply with your request to the extent necessary. If, for some reason, your request cannot be complied with, we will contact you.
In certain circumstances, you have the right to restrict the processing of your Personal Data. Please contact us if you would like to restrict the processing of your Personal Data.
You have the right to receive your Personal Data (only data about you which you yourself have provided to us) in a structured, commonly used and machine-readable format (data portability). Please contact us if you would like to exercise your rights concerning data portability.
You have the right to ask us not to process your Personal Data in cases where the processing is based on Article 6(1)(e) (performance of a task carried out in the public interest or in the exercise of official authority) or Article 6(1)(f) (legitimate interests). The extent to which we process your Personal Data for such purposes is described in this Policy. You may exercise the right to object at any time by contacting us.
If the processing of your Personal Data is based on your consent, you have the right to withdraw consent at any time. If you withdraw consent, this will not affect the legality of the processing that was carried out before such withdrawal. Please contact us if you would like to withdraw consent.
If you wish to opt out of receiving promotional and marketing communications in general, including by ordinary post, email, texts, telephone or other electronic media, please contact us.
Your exercise of the above rights may be subject to conditions or restrictions. For example, you may not be entitled to data portability in all situations – this will depend on the circumstances of the relevant processing activity in each case.
If you are required to provide us with Personal Data about you, this will be stated clearly where we collect the Personal Data. If you do not wish to provide the Personal Data we request, it may have the consequence that we will not be able to provide the services you have requested, execute your orders, etc.
We do not use automated decision making as part of any of our personal related business processes, marketing, HR, etc. We may use automated decision making / profiling for security investigations which is covered by article 22 of GDPR.
At NORDUnet, our processing of Personal Data is governed by our GDPR and IT Security Policies. These policies also govern our risk assessments and impact analysis of existing as well as new or changed processing activities. We have implemented internal rules and procedures to provide and maintain appropriate security from collection to erasure of Personal Data, and we will only engage Data processors to process our Personal Data if they maintain a similar appropriate security level.
Any complaint about our processing of your Personal Data may be submitted to the Danish Data Protection Agency:
The Danish Data Protection Agency, Borgergade 28, 5th floor, 1300 Copenhagen K, Denmark, tel.: +45 3319 3200, email: email@example.com
NORDUnet is required to comply with the fundamental principles of data protection and privacy law. Therefore, we will review this Policy on a regular basis to keep it up to date and ensure compliance with applicable principles and law. This Policy is subject to change without notice. Material changes will be announced on our website and an updated version of the Policy will be made available.
This version of the Policy is effective 2020-02-19