1. We are the data controller - how do you contact us?
The Danish Data Protection Agency is data controller for the processing of the personal data you have sent to the external whistleblower channel, which is established in the Agency. You will find our contact information below:
Carl Jacobsens Vej 35
CVR-nr.: 11 88 37 29
Telefon: 33 19 32 02
2. Contact information of the data protection officer
If you have any questions about our processing of your personal data, you are always welcome to contact our data protection officer.
You can contact our data protection officer in the following ways:
By e-mail: email@example.com
By phone: +45 33 19 32 00
By letter: The Danish Data Protection Agency, Carl Jacobsens Vej 35, 2500 Valby, Att .: The Data Protection Officer
3. The purposes and legal basis for the processing of your personal data
We process your personal data in order to handle your report.
We also process the personal data for the purpose of improving our general case handling and to keep track of the number of cases the Danish Data Protection Agency has processed.
The processing of your personal data is based on Article 6 (1) (c) and (e) of the Data Protection Regulation
If you have sent us sensitive information, it will be processed in accordance with Article 9 (2) (g) of the Data Protection Regulation.
If you have sent us information about criminal offenses, our processing is based on Section 8 (1) and Section 8 (2) (3) of the Danish Data Protection Act.
The purpose of processing Danish social security numbers is to unambiguously identify the data subject in accordance with Section 11 (1) of the Danish Data Protection Act.
4. Recipients of your personal information
If you have submitted a report to the external whistleblower channel, we may transmit your information to other recipients if it is necessary to handle your complaint or if it is necessary for the exercise of our official authority.
We will only transmit information that can identify you in exceptional instances, and you will generally be given notice in advance before we do so.
5. Retention of your personal data
Your personal data in the Danish Data Protection Agency's electronic case and document handling system will be transferred to the National Archives in accordance with the rules in the archive legislation after the end of the record period in which the case has been closed.
For a period after the end of the record period in which the case has been closed and transferred for storage in the National Archives, cf. above, the Danish Data Protection Agency will continue to have access to the information in a historical version of the record period in our system. However, the historical version of the record period shall be deleted no later than 10 years after the end of the record period in which the case is closed.
6. Your rights
You have a number of rights under the Data Protection Regulation and the IMI Regulation in relation to our processing your personal data.
If you want to make use of your rights, please contact us.
Right to information (right of access)
You have the right to access the information we process about you and certain supplementary information.
Right to rectification (correction)
You have the right to have incorrect information about yourself corrected.
Right to deletion
In very special cases, you have the right to have your personal data deleted before the deadlines set in our general deletion policy.
Right to restrict processing
In certain situations, you have the right to have the processing of your personal data restricted. If the processing of your personal data is restricted, we may only process your information - apart from for storage purposes - with your consent, or for the purpose that legal claims can be established, asserted or defended, or to protect a person or important public interests. It should be noted in this context, that archival purposes are to be regarded as important public interests.
Right to object
In certain cases, you have the right to object to our otherwise lawful processing of your personal data.