What personal data we collect, where we collect it, the purposes thereof, and the legal basis for the processing of your personal data
When you visit VisitDenmark and log in to our guest network, we collect and process data about your MAC-address, IP-address, the host name of your computer/device, and the URLs from which you collect data.
The purpose is to gain insight into the activities that take place on VisitDen-mark’s guest network in order to optimise the solution and to enable trouble-shooting. This processing is necessary in order to perform a task which constitutes the exercise of authority by a public body, imposed upon VisitDenmark pursuant to Act no. 648 of 15 June 2010 on VisitDenmark, see Article 6(1)(e) of the General Data Protection Regulation.
Recipients of personal data
Your personal data may be transferred to suppliers, partners, contracting parties or other third parties who process data on behalf of VisitDenmark. These companies are data processors and are under our instructions, and they process data for which we are the data controller. They may not use the data for other purposes than the fulfilment of the agreement with us, and they are bound by confidentiality regarding this data. We have concluded a data processing agreement with all of our data processors that meets the requirements of Article 28 of the General Data Protection Regulation. This requires that these data processors carry out adequate technical and organisational measures so that the processing complies with the requirements of the regulation and ensures the protection of your rights.
Your personal data may also be transferred to public authorities if required by law or if it is necessary in order to perform the task assigned to VisitDenmark.
In some cases, we transfer personal data outside the EU/EEA to recipients who do not necessarily have the same level of protection on the processing of personal data as that within the EU/EEA countries. In such cases, we will inform you of the necessary or adequate guarantees and where you can find or obtain them.
Your personal data can be made available to our data processors, including our hosting supplier(s), to the extent that we register your data in our IT systems.
Storage of your personal data
We delete your personal data when we no longer have an objective purpose for storing and processing this data.
Special laws, for example in the archival legislation, the Danish Act on Limitations and the Dan-ish Bookkeeping Act, may grant us a right or impose a duty upon us to store your personal data for a longer period of time. We also reserve the right to store your personal data for a longer period than stated below if we assess that it will be necessary to determine, assert, or defend a legal claim.
Data collected in connection with your use of our network will be automatically deleted one month after it is collected, unless we have a legal obligation to store the data.
Your rights
The General Data Protection Regulation grants you a number of rights in relation to our processing of data about you. In order to establish transparency regarding the processing of this data, we inform you below about your rights.
You can read more about your rights in the Danish Data Protection Agency’s guide on the rights of data subjects, which you can find at www.datatilsynet.dk.
Right of access
You are at all times entitled to request information from us about, among other things, the personal data we have registered about you, the purpose of the registration, the categories of personal data, recipients of the personal data, and the origin of this personal data.
You have the right to obtain a copy of the personal data we process about you. If you would like a copy of your personal data, send a written request to dpo@visitdenmark.com. You may be asked to provide proof that you are the person you claim to be.
Right to rectification
You have the right to rectification of incorrect personal data we have relating to you. If you become aware of errors in the personal data we have registered about you, you are encouraged to contact us in writing so that the personal data can be rectified.
Right to erasure
In certain cases, you have the right to erasure by us of all or parts of your personal data prior to the time of our standard general deletion. This applies, for example, if you withdraw your consent and we do not have another legal basis to continue the processing. To the extent that continued processing of your data is necessary, e.g. for our compliance with legal obligations, including the Danish Public Administration Act or the Danish Archive Act, or in order to establish, assert or defend legal claims, we are not obliged to delete your personal data.
Right to restriction of processing
In certain cases, you have the right to restrict the processing of your personal data to mere storage, e.g. if you believe that the data we process about you is not correct.
If you have the right to restrict the processing, we may only process your data – apart from storage – with your consent, or for the purpose of establishing, asserting or defending a legal claim, or to protect a person or important societal interests.
Right to object
In some cases, you have the right to object to our otherwise legal processing of your personal data. You also have the right to object to the processing of your data for direct marketing purposes including profiling.
Right to data portability
In some cases, you have the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable format, and to have this personal data transferred to another data controller.
Right to withdraw consent
You have the right to withdraw consent that you have granted to us for a given processing of your personal data. If you wish to withdraw your consent, please contact us at dpo@visitdenmark.com.
Right to complain
You have the right to submit a complaint to the Danish Data Protection Agency, Bor-gergade 28, 5, 1300 Copenhagen K, Denmark, regarding VisitDenmark’s processing of your personal data. A complaint can be submitted by e-mail to dt@datatilsynet.dk or by telephoning +45 33 19 32 00.