THE DANISH TRADE UNION DEVELOPMENT AGENCY PRIVACY POLICY

1 REGARDING THIS POLICY

 

1.1 The Danish Trade Union Development Agency (DTDA) places great emphasis on ensuring that the personal data we handle due to the organisation’s purpose and function will be processed in a safe and reassuring manner in accordance to the prevailing law. As an organisation, we focus on our obligations as data controller and aim to comply with these obligations to the fullest.

 

1.2 This Privacy Policy is applicable for any personal data that you provide us, or we collect on you, e.g. in an employment context, as a supplier, or a user of our services, including interference with our webpage. Please find below an overview of the data we collect, information on how we handle your data and for how long we store it, etc.  Likewise, you find information on your rights and possibilities to redress. Please read this policy and let us know if there is any information within this document, which you cannot comprehend or accept. At any time, the applicable version of the policy is available on www.ulandsekretariatet.dk.

 

2 CONTROLLER ORGANISATION

 

2.1 The controller organisation for processing of your personal data is:

 

Danish Trade Union Development Agency

Islands Brygge 32D

2300 Copenhagen S

Telephone: +45 33 73 74 40

Mail: mail@loftf.dk

CVR-no.: 20453672

 

2.2 All questions about this policy, and all inquiries regarding the  processing of your personal data, including inquiries of insight and rectification, and concerns regarding non-compliance of the applicable rules, should  initially be addressed to the following employee: Data Protection Officer, Susan Gravgaard Andersen, mail: sga@dtda.dk, direct telephone: + 45 33 73 74 53.

 

3 DEFINITIONS

3.1 Some of the most central concepts included in this policy are listed in the section below:

 

Personal data

Any information relating to an identified or identifiable natural person (or ‘data subject’), i.e. all information that directly or indirectly, individually or in combination, can identify a particular natural person.

 

Special categories of personal data (sensitive personal data)

Information revealing racial or ethnic origin, political, religious or philosophical beliefs or trade union membership, genetic or health status, or information regarding a natural person’s sexual relationships or orientation, and information in the form of biometric data, provided that the biometric data is processed for the purpose of uniquely identifying a natural person.

 

Processing

Any operation or set of operations that involves use of personal data, i.e. collecting, recording, organising, altering, retrieving, disseminating, or transferring to persons, authorities, companies etc., outside the organisation.

 

Controller

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purpose and means of the processing of personal data.

 

Processer

A natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

 

General Data Protection Regulation

The European Parliament and the Councils (EU) 2016/679 of 27 April 2016 on the protection of natural persons in connection to processing of personal data and the free exchange of such data, and the repealing of Directive 95/46/EC, with related regulation.

 

Data Protection Act

Act concerning supplementary provisions for the regulation regarding the protection of natural persons in connection to the processing of personal data and the free exchange of such information (L502 of 23. May 2018).

 

4 THE PURPOSE OF PROCESSING YOUR PERSONAL DATA

 

4.1 The overall legal framework for our processing of your personal data is the General Data Protection Act and the Data Protection Act (refer to the above). A basic principle is that personal data must be collected for the explicitly stated and legitimate purposes and cannot be used for other purposes. In accordance to this, we only process your personal data if there is a clear and legitimate purpose to do so, and in each separate case, we limit the data to only constitute the data necessary to achieve the specific purpose. Furthermore, the processing of your data is maintained only as long as the purpose is still valid, including if legislation requires that we save your information in a given period.

 

4.2 Whether you are i.e. a board member, employee, consultant, resource person, partner, supplier of benefits and services, our contact person in an organisation, company or authority, or you have any other relation to us, we need to process your personal data to such an extent that we can fulfil our declaration of purpose as an organisation, and live up to the legal, contractual and additional obligations that we have as an organisation, and partly allow us to provide the services you may demand.

 

5 COLLECTION AND USE OF YOUR PERSONAL DATA

 

5.1 We collect this data directly from you:

 

5.1.1 When you visit our website, we collect information about which pages and features you use, just as we collect some technical information about your computer/tablet/mobile phone as well as your IP address. This information is applied to improve your user experience and to collect statistics concerning user behaviour so that we continuously can evaluate the relevance of the content. On the website, we make use of cookies that are small files stored on your computer/tablet/mobile phone so that your device can be recognised the next time you visit our website, allowing us to collect the above mentioned information. These cookies, however, do not gather information regarding your name, email address, or other personal information, apart from the above mentioned, and they do not provide information concerning user behaviour that can link this behaviour to particular individuals. We refer to our Cookie Policy, where you, amongst others, can find information on how to block cookies if you prefer to do so: www.ulandssekretariatet.dk/content/ulandssekretariatets-cookiepolitik.

 

5.1.2 If you utilise our social media, including Facebook and Instagram, information is automatically generated about your own profile on the given media, just as we – and other users – can see the different personal data, including photos you may have made available.

 

5.1.3 If you utilise our movie-download-service, we collect the following personal information: Name, email address and possibly educational institution and level.

 

5.1.4 If you have a connection to us, other than just being a user of our website or our social media, a number of common contact information about you is generally collected. Thus if you are board member, employee, intern, consultant, resource person, partner, or supplier of benefits or services for us, if you are our contact person in an organisation, company or authority, if you appear in an article on our website or in one of our publications, or if you are a recipient of one such publication or other material from the DTDA, we collect the following common personal information from you: Name, title, organisation, email address and telephone number. When there is a purpose behind, we also collect the address, zip code, city and country, as well as we in some cases, if necessary, collect additional contact information from you, for example, your Skype address. If you conduct a written inquiry to the DTDA, we will similarly – depending on how many contact details you include in your inquiry – for a period of time obtain ordinary personal information about you, corresponding to the above.

 

5.1.5 From employees, and individuals who appear in the DTDA’s articles and additional communication materials, we collect photos and occasionally video material, which, following prior agreement, can be used on our website, social media or in publications. If your consent is acquired, your photo or video material may also be used in connection to additional publications, e.g. as inclusion in an article for the daily press etc.

 

5.1.6 If we are to make payments to you, we collect your account number and additional relevant payment information from you.

 

5.1.7 If you apply for a job position or internship at the DTDA, we collect a written application, a CV and potentially diplomas and references from you. If you are hired or get an internship we furthermore collect your social security number, the contact information of your closest relatives and information about your pension fund, if applicable. Your CPR number is applied partly to access control in the FH House (where the DTDA resides) and partly for reporting to the Danish Tax Authorities. Additionally, as an employer, we will regularly collect common employment-related personal data about you, such as requests for further training etc.

 

5.1.8 In general, we do not collect sensitive personal information about you (refer to section 3 above regarding special categories of personal data). Due to the DTDA’s position in the trade union movement, and the organisation’s stated purpose and function, it, however, happens that we – e.g. in regards to professional resource persons solving international assignments for us – are forced to collect information concerning the associated trade union membership. Similarly, in some cases, we as an employer will be forced to obtain information concerning health status to adhere to our responsibilities, e.g. if we are to report a work injury.

 

5.2 We collect this personal data about you from others:

 

5.2.1 In rare cases, we may need to collect personal data about you from others (not sensitive personal data). This can, for example, be information from the listed reference persons if you are applying for a position at DTDA, or it can be your contact information if you work for an organisation, company or authority that we need to maintain contact with. In terms of employees, we automatically collect relevant tax information in connection with your payroll.

 

6 OUR BASIS FOR PROCESSING YOUR PERSONAL DATA

 

6.1 In order for us to process your personal data, a valid legal basis must exist in each case, as described in the General Data Protection Regulation article 6, paragraph 1. Our basis for processing your personal data is grounded in the presence of at least one of the following circumstances, reliant on the situation.

 

6.2 In many cases, our basis for processing your personal data is based on the fact that such processing is necessary for us to enter or perform a contract with you or to handle requests etc., prior to a possible agreement with us. This is typically required if you are e.g. a supplier of benefits or services to us, or if you are a partner, resource person, consultant, employee or intern. In this case, the legal basis for our processing is the General Data Protection Regulation article 6, paragraph 1(b).

 

6.3 In some cases, we are legally obligated to process personal data about you in accordance with the legalisation in the Act on Bookkeeping, the Act on Personal Tax or the Consolidation Act on an Employer’s Obligation to Inform Employees of the Conditions Applicable to the Employment Relationship., or pursuant to the Danish Foreign Ministry’s guidelines for funding commitments. An obligation as such can e.g. concern the need to provide documentation of transaction tracks and similar, according to the rules of the Act on Bookkeeping, and we are generally required to store accounting material for 5 years from the termination of the financial year to which the accounting material relates. Whenever we have a legal obligation to process your personal information our basis of doing so is the General Data Protection Regulation article 6, paragraph 1(c).

 

6.4 In certain situations, we have the possibility of processing your personal data if it is necessary to pursue a legitimate interest, if this, however, does not outweigh your individual right to protection of your personal data. In such cases, our basis for processing your personal data is the General Data Protection Act article 6, paragraph 1(f).

 

6.5 In other cases, our basis for processing your common personal data will be based on your obtained consent, cf. the General Data Protection Regulation article 6, paragraph 1(a). In such cases, it is our responsibility to ensure that your consent is voluntarily and the purpose is specific, informed and unequivocally. Furthermore, you have the right to withdraw your consent at any given time (c.f. section 10 below).

 

6.6 If it is necessary for us to process sensitive personal information about you (refer to section 3 above regarding specific categories of personal data) e.g. your trade union membership, the basis for this processing is the General Data Protection Regulation article 9, paragraph 2(d), as we are a non-profit organisation and our aim is of “trade union nature”. The processing of your sensitive personal data is done as part of our legitimate activities to contribute to alleviating poverty and supporting the development of just and democratic societies through the promotion of decent work in developing countries. Apart from this, the processing of your sensitive personal data will only take place under the condition that you have a close relation to us, e.g. as a professional resource person or employee.

 

6.7 Under certain circumstances, especially if you are not closely affiliated with our organisation or if your sensitive personal data is expected to be transferred externally, we will, before processing your information, obtain your explicit consent; cf. the General Data Protection Regulation article 9, paragraph 2 (a). In relation to such consent, we encompass the same obligations as stated in section 6.5 above.

 

7 SHARING YOUR  PERSONAL DATA

 

7.1 If you visit our website, the information will in some cases be shared with third parties through the use of cookies. For further information, please refer to our Cookie Policy, where information is found on how to block cookies if you prefer to do so: www.ulandssekretariatet.dk/content/ulandssekretariatetscookiepolitik

 

7.2 If you create a post etc. on our social media, including Facebook and Instagram, these are automatically shared – together with the personal data that it potentially contains – with other users of the same media.

 

7.3 We have the right to share your personal information with the suppliers and partners who assist us with IT- operations, web-hosting, etc. In such cases, we enter data processing agreements that ensure that the processing of your personal data is conducted in a safe manner and in accordance with the legal basis.

 

7.4 If you have entered a contractual obligation with us, or encompass a close relation to the DTDA in another way, we have the right to share your personal information with relevant suppliers, such as our bank, auditor, insurance company, payroll case manager etc. In such cases, we similarly enter into data processing agreements, which ensure that the processing of your personal data is conducted in a safe manner and in accordance with the legislation in question.

 

7.5 In addition to the above, we share your personal information to the extent that we are obliged to, e.g. as a consequence of requirements for reporting to public authorities, including Danish Tax Authorities.

 

8 SHARING YOUR INFORMATION WITH RECEIVERS OUTSIDE OF EU/EEA

 

8.1 As the DTDA is an organisation whose overall objective is to help alleviate poverty and support the development of just and democratic societies through the promotion of decent work in developing countries, we have established offices in a number of countries outside the EU/ EEA. In special cases and only when there is a specific purpose behind it, we may share selected personal data with these offices. However, this typically only applies to individuals who have a close connection to the DTDA, and who are involved in missions or solving international tasks, e.g. professional resource persons, board members, consultants, employees etc.

 

8.2 If we share your data with recipients located outside the EU/EEA, in particular, our local offices or relevant partner organisations, this will be done according to the General Data Protection Regulation article 49, paragraph 1, and will either be a necessary act in connection with entering or performing a contract between the DTDA and you or another party, or be an act based on your prior explicit consent.

 

9 DELETING YOUR PERSONAL DATA

 

9.1 As an organisation, we are obliged to limit the amount of personal data we collect and save, with fixed procedures put in place to eradicate such information. We maintain your personal data according to the following rules:

 

9.2 If you utilise our website, various data will automatically be stored as described above.

Information concerning this data, and how long it is stored, can be found in our Cookie Policy: www.ulandssekretariatet.dk/content/ulandssekretariatets-cookiepolitik

 

9.3 If you utilise our social media, the profile and personal information you provide as a user will, in general, be available indefinitely unless you actively remove this yourself.

 

9.4 If you use our movie-download-service, your personal data will be stored throughout the current year and a subsequent period of 1 year.

 

9.5 Contact information and similar common personal data that are collected and used in relation to ongoing case processing, including inquiries from the public regarding our activities, is saved as long as the casework is carried out and for a subsequent period of up to 1 year. Common personal data concerning contact persons from authorities, organisations and companies, such as the Ministry of Foreign Affairs with whom the DTDA routinely or occasionally communicate with, e.g. consultants and journalists, are stored as long as this is relevant to the DTDA’s functions.

 

9.6 If you apply for a position at the DTDA, we will save your application and supplementary appendixes in up to 6 months. If we wish to save your application etc. for a longer period, we will request your consent to do so. Such consent may be revoked at any time.

 

9.7 Relevant personal data which the DTDA is obliged to store in accordance with the Act on Bookkeeping, including payment information, contracts, etc., is stored in the current year and a subsequent period of 5 years. If we, in relation to other relevant legislation or to enforce a possible legal claim, are forced to store personal data for an extended period of time, we will do so.

 

9.8 Relevant personal data appearing in correspondences, reports or other written material that is of significance for the implementation of the DTDA’s ongoing program activities and partnerships in a given developing country, or for the development of new program phases or partnerships, is stored during the period of activity in the given country and a subsequent period of 5 years.

 

9.9 Name, title and other common personal data concerning the DTDA’s board members and auditors will appear on various accounts and minutes and will be stored indefinitely.

 

9.10 Personal data, including photo and video material, appearing in the articles and other articles of the DTDA communication materials, are in general stored indefinitely. If you have given consent to the usage of your personal data, this consent may, however, be revoked at any given time.

 

10 YOUR RIGHTS

 

10.1 Information: It is our responsibility to inform you about which personal data we collect from you, the purpose, how your information is used, what basis we have to process your information, who it is shared with, how long it is stored, etc. This is, accomplished through this policy, but equally through our direct communication with you.

 

10.2 Insight: You have the right to obtain insight into the personal data that we process on you. By contacting us you can request insight into the personal data we have registered on you, including the purposes for which the data is collected. We will comply with your insight request as soon as possible and within the applicable deadline.

 

10.3 Rectification: You have the right to request rectification or additional processing of the personal data we process on you. We will comply with your request as soon as possible, to the extent that it is necessary. If we cannot accommodate your request, we will contact you.

 

10.4 Erasure: You have the right to request for erasure or blocking of the personal data that we process on you (the right to be forgotten). We will comply with your request as soon as possible to the extent it is necessary. If we cannot accommodate your request, we will contact you.

 

10.5 Limitation of Processing: Under special circumstances, you have the right to limit the processing of your personal data. Please contact us if you wish to limit the processing of your personal data.

 

10.6 Data Portability: You have the right to receive your personal data (only information regarding yourself that you have provided us with) in a structured, commonly used and machine-readable format (data portability). Please contact us if you want to exploit the possibility of data portability.

 

10.7 The Right to Object: You have the right to request us not to process your personal data in cases where processing is based on article 6 of the Data Protection Regulation, paragraph 1(f) (legitimate interest). If you have any doubts as to whether this applies, please contact us. You may at any time exercise the right to object by contacting us.

 

10.8 Revoke of consent: If the processing of your personal data is based on your consent, you have the right to revoke your consent at any given time. Your revoke does, however, not affect the legality of the processing that was performed before you withdrew your consent. Please contact us if you wish to revoke your consent.

 

10.9 Taking advantage of the abovementioned rights can be subject to conditions or restrictions. It is therefore not certain that you, for example, have the right to attain data portability in the specific case – as it depends on the special circumstances of the particular processing activity.

 

10.10 If you wish to take advantage of one or more of the abovementioned rights, please contact us as stated in section 2.2 above (refer to page 1).

 

11 POSSIBLE CONSEQUENCES OF NOT RELEASING PERSONAL INFORMATION

 

11.1 If it is necessary for us to obtain personal data from you, for example, to enter a contract, or to provide you a requested service, it will appear where we collect the information. If you do not wish to provide the personal data that we request, it may have the consequence that we cannot enter the particular contract with you nor provide the specific service.

 

12 SAFETY

 

12.1 We ascribe great importance in protecting your personal data and oversee that the processing at all times is performed in a safe and reassuring manner. We ensure this, e.g. by having physical access control in our office, by ensuring that access and processing of your personal data is limited to only a few relevant employees, and by carrying out relevant risk assessments and complying with the provisions of our IT security policy. We likewise perform regular IT audits.

 

12.2 In the event that a breach of data security is identified, we are obliged to report this to the Danish Data Protection Agency, unless “it is unlikely that the breach of personal data security entails a risk to the rights or freedoms of natural persons” (cf. the Danish Data Protection Agency’s Instructions for handling a breach of the personal data protection, Feb. 2018). Alternatively, if such a violation entails high risk, we are likewise obliged to notify you if it involves your personal data.

 

13 COMPLAINTS

 

13.1 If you are dissatisfied with our processing of your personal data, you may appeal to the appropriate public authority which is:

 

Danish Data Protection Agency

Borgergade 28, 5th floor

1300 Copenhagen K.

Phone +45 3319 3200

Email: dt@datatilsynet.dk

 

14 UPDATING THIS POLICY

 

14.1 The DTDA is obliged to adhere to the basic principles of protection of personal data and data protection. We therefore regularly review this policy to keep it updated and in accordance with applicable principles and legislation. This policy is subject to change without notice. Major readjustments will be published on our website, along with an updated version of the policy.

 

 

This policy was last updated on May 17, 2018.

AddToAny

Share/Save