Personal Data Policy
When we carry out our day-to-day tasks, the Agency for Culture and Palaces collects and processes a number of personal data, for which we are the data controller. If we process data about you, you have specific rights and are protected by the General Data Protection Regulation and the national legislation.
Who do we process information on?
We process personal data about our applicants, beneficiaries, suppliers, partners and owners of properties with listed buildings, scheduled field boundaries or scheduled monuments of the past, among other things. We only process the data to the extent necessary for the specific purposes, and when there is a legal basis for it.
What kind of personal data is collected?
Personal data is any form of data about an identified or identifiable natural person. In other words, all kinds of data that can be associated with a person. It can be, for example, first and last name, a home address, e-mail address or a social security number, information about physical, mental, economic, cultural or social conditions. Data on legal entities is not covered by the definition of personal data.
We usually process general information, such as your name, address and contact details. Depending on the nature of the case or inquiry, we also process identification information (CPR number), data concerning criminal offences and sensitive data.
Where does your data come from?
We process personal data that you provide to us yourself or that we receive from other authorities, companies or citizens in connection with a case or inquiry.
Please note that if you send us a regular e-mail, the data is not encrypted. If you send us data about private matters, CPR number and the like, you should use Digital Post or other secure connection.
How do we process the personal data?
“Processing” of personal data includes any activity to which personal data is subject, e.g. collection recording, structuring, organisation, storage, adaptation, alteration, consultation, use or disclosure.
The personal data that the Agency for Culture and Palaces collects are recorded in the IT systems used by the Agency for Culture and Palaces. The daily processing of personal data is handled by the employees, councils, committees, etc., who process your personal data in order to carry out their tasks.
Who do we disclose your personal data to?
The Agency for Culture and Palaces will in some cases be obliged to transfer data to other authorities. We will only disclose your personal data to third parties if we are legally required to do so or if it is necessary in order for us to carry out our duties as an authority.
What legal basis do we have for processing your data?
The Agency for Culture and Palaces is a public authority, and we are required by Danish law to solve the tasks within our area of authority. This is the primary reason we can legally process your personal data.Our legal basis for processing your general data is Article 6(1)(c) and (e) of the General Data Protection Regulation. Our basis for processing sensitive data is primarily in accordance with Article 9(2)(f) or (j). There may be other legal grounds. When we process data about criminal offenses or violations of laws, our legal basis is Article 10 of the General Data Protection Regulation and Section 8 of the Danish Data Protection Act.
We offer that you can receive our newsletters. We need to process your contact details in order for us to send you the newsletters. If you wish to receive newsletters from us, we will use your consent as a legal basis to process your data. The basis for how we can legally obtain your consent can be found in Article 6(1)(a) of the General Data Protection Regulation.
We publish personal data about senior executives, councils, committees and the like on our website and on social media platforms with legal basis in Article 6(1)(f) as part of our legitimate interests in making content accessible to our users.
When will your information be deleted?
Information about you is stored for as long as we believe it is necessary to fulfil our obligations as a public authority and in order to comply with applicable legislation.
We have internal guidelines for the period of storage of all categories of personal data. These are set in relation to the obligations we are subject to under applicable legislation.
If you have a case that is being processed by us, we will store your personal data in the agency’s filing systems. Personal data that is recorded in the agency’s filing systems, from which no information can be deleted, is not deleted. Physical and electronic archives are handed over to the Danish National Archives at the end of a filing period in accordance with the rules of the Danish Archives Act and provisions of the Danish National Archives on this.
What are your rights?
The General Data Protection Regulation gives you, as the data subject, these special rights.
Right to see your own personal data (right of access)
You have the right to gain access into the personal data we process about you. In addition, you have the right to obtain a number of additional information, including whether it is general or sensitive data, what our purpose in processing the data is, who receives your data, etc.
Right to have inaccurate data about yourself corrected (rectification)
If you become aware that there is an error in the data that we have recorded about you, you have the right to have inaccurate personal data about yourself corrected. The inaccurate data is not deleted in the agency’s filing systems but is supplemented with the correct data. You also have the right to have your information supplemented with additional information if this will make your personal data more complete or up to date.
If we have disclosed inaccurate information to others, we will notify them of which information is erroneous and supplement it with the correct information.
Right to erasure (right to be forgotten)
In special cases, you have the right to have data about you deleted before the time we normally delete the data.
Right to restriction of processing of your data
In some cases, you have the right to restrict our processing of your data, so that as a rule, we only store your data, unless you consent to other types of processing of the data. If we need to process the data in order for a legal claim to be established, exercised or defended, or to protect a person or important societal interests, we are permitted to process the data without your consent.
Right to object our otherwise lawful processing of your data
In some cases, you have the right to object our otherwise lawful processing of your personal data.
The right to withdraw your consent
If our processing of your personal data is based upon your consent, you have the right to withdraw your consent at any given time. You can do this by contacting us using the contact details provided below.
If you choose to withdraw your consent, it will not affect the legality of our processing of your personal data based on your prior consent and up to the time of withdrawal. Therefore, withdrawing your consent will only take effect from this point on.
You can read more about the rights in the Danish Data Protection Agency’s guide on the rights of the data subjects, which can be found at www.datatilsynet.dk.
If you wish to exercise your rights, please contact us. We recommend that you use this form.
However, you are also welcome to contact us by other means. Our contact details are listed below.
For security reasons, you may be asked to prove your identity.
Contact details and our data protection officer (DPO)
The Agency for Culture and Palaces is the data controller for the processing of the personal data that the agency has received about you.
Our contact details are:
The Agency for Culture and Palaces,
1611 Copenhagen V,
VAT no.: DK34072191,
Telephone: +45 33 95 42 00,
If you have any questions about processing of your data by the Agency for Culture and Palaces, you are always welcome to contact the agency’s data protection officer (DPO).
You can contact the agency’s data protection officer in the following ways:
Telephone: +45 33 95 42 00,
Mail: Data Protection Officer (DPO),
Letter: The Agency for Culture and Palaces, Hammerichsgade 14, 1611 Copenhagen V.
Complaints to the Danish Data Protection Agency
You have the right to complain if you are dissatisfied with the way we process your data. If you wish to complain, please file a complaint with the Danish Data Protection Agency.
Use of social media
We use social media in order to be in close contact with interested users. We use the following social media:
You will be able to get in touch with us through these social media outlets, and in response to your inquiries, we will process your personal data to the extent that they are included in your inquiry. Depending on your conduct on our fan pages on social media, we and the social media may collect the following data about you when you visit the site:
- If you “follow” the fan page
- Comments that you leave on the fan page
- That you have visited our fan page