Data Protection Notice

-

1. We are the data controller – how can you contact us?

This Data Protection Notice is intended to inform you about how VisitDenmark processes the personal data you have provided to us, or which we have collected in connection with the purposes stated in section 3 when you act as one of the following: i) job applicant, ii) user of the website, iii) recipient of newsletters, iv) business partner and supplier, v) participant in familiarization- and press trips, vi) participant in exhibitions, workshops and partner events, vii) guest at VisitDenmark, or viii) participant in market research.   

We will only process your personal data in accordance with this Data Protection Notice and the legislation to which we are subject, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“the General Data Protection Regulation”), and Act No. 502 of 23 May 2018 on supplementary provisions to the General Data Protection Regulation (“the Data Protection Act”), as well as other legislation which supplements these rules.

VisitDenmark is the data controller for the processing of the personal data which we have received about you. You can find our contact information below.

VisitDenmark
Islands Brygge 43, 3rd floor
DK-2300 Copenhagen S
Central Business Register (CVR) no. 33055331
Telephone: (+45) 32 88 99 00
E-mail: contact@visitdenmark.com

2. Contact information of the data protection officer

If you have any questions about our processing of your data, you are always welcome to contact our data protection officer, DPO Team ApS.

You can contact our data protection officer in the following ways:

3. What personal data we collect, where we collect it, the purposes thereof, and the legal basis for the processing of your personal data 

We take the protection of personal data seriously and strive for the greatest possible transparency regarding our collection and processing of personal data. When we process personal data about you, you must know what data we process and for what purposes.

In the following, we provide separate information for each of the categories of people whose data we process. Choose on a category for more information.

Job applicants

When you submit your application with attachments, including CV, portrait photo, recommendations, educational certificates and, if applicable, test results, we process your data in order to assess your suitability for the position, including whether we wish to invite you to a job interview and potentially offer you the vacant position.

The purpose of the processing is, as part of the exercise of our public authority to hire employees and to take measures prior to the conclusion of a possible employment contract, see Article 6(1)(b) and (e) of the General Data Protection Regulation.

When you have provided your consent, we can collect information about you from references, including, among other things, information about your work experience and skills. 

The purpose of the processing is as part of the exercise of our public authority to hire employees, see Article 6(1)(e) of the General Data Protection Regulation, and to establish documentation that you have given your consent to the collection of information from your references, see Article 9(2)(a) of the General Data Protection Regulation. 

We can also collect data about you from publicly available sources, including social media. In certain cases, we may request that you complete a qualification- or personality test. We process your data in order to assess your qualifications, skills and personality in relation to the specific vacant position.

The purpose of the processing is as part of the exercise of our public authority to hire employees, see Article 6(1)(e) of the General Data Protection Regulation.

In most cases, we will collect the data directly from you. However, we will also collect information about you from other sources, including recruitment agencies, your references and publicly available sources. If we obtain references, it will be done with your prior consent.

Users of the website

When you visit VisitDenmark’s websites (www.visitdenmark.dk or www.visitdenmark.com), we collect data about your use of the website, including, for example, the type of browser you are using, the search terms you use on the website, your IP address, including your network location, technical data about your equipment, your browser behaviour, and other information about your computer. We collect this data using cookies and other similar technologies. You can read more about the use of cookies in our Cookie Policy.

The purpose is to optimise the user experience and function of the website, including the compilation of statistics. This processing is necessary in order to perform a task which constitutes the exercise of public authority, imposed upon VisitDenmark pursuant to Act no. 648 of 15 June 2010 on VisitDenmark, see Article 6(1)(e) of the General Data Protection Regulation.

When you contact us via our contact information on our website, we can process data about your name, e-mail address and the data you otherwise choose to send to us in connection with your enquiry.

The purpose is to reply to your enquiry. The processing is necessary in order to perform a task which constitutes the exercise of authority by a public body, im-posed upon VisitDenmark pursuant to Act no. 648 of 15 June 2010 on VisitDen-mark, see Article 6(1)(e) of the General Data Protection Regulation.  

Newsletter recipients

When you subscribe to one or more of our newsletters, we collect data about your name, your e-mail address, the newsletter(s) you wish to receive, and that you have given your consent to receive newsletters by e-mail. Depending on the newsletter(s) you subscribe to, we also collect data about the company/organisation you work for, your job title, telephone number, address, and the name of your Instagram profile, blog, or similar. 

The purpose is to send you newsletters which you have requested and to market Denmark as a tourist destination in accordance with the task assigned to VisitDenmark as a public authority pursuant to Act no. 648 of 15 June 2010 on VisitDenmark, see Article 6(1)(e) of the General Data Protection Regulation, and to establish documentation that you have given your consent to receive newsletters by e-mail, see Article 9(2)(a) of the General Data Protection Regulation. 

When you subscribe to our newsletter, we primarily collect the data directly from you. This is done, for example, when you subscribe via our website or when you request news-letters in connection with trade fairs, partner events, workshops and various other activities, including competitions, under the auspices of VisitDenmark.  

Partners and suppliers

When you communicate with us as a contact person for one of our suppliers or partners, or conclude agreements with us on behalf of the company, organisation or authority you represent, we collect and process data about your name, telephone number, e-mail address, workplace and position.

The purpose is in order to be able to communicate with you and the company, organisation or authority you represent, and to conduct VisitDenmark’s efforts to market Denmark as a tourist destination in accordance with the task assigned to VisitDenmark as a public authority pursuant to Act no. 648 of 15 June 2010 on VisitDenmark, see Article 6(1)(e) of the General Data Protection Regulation.  

In most cases, we will collect the data directly from you. However, we will also collect information about you from other sources, including your employer and your colleagues.

Participants in familiarization- and press trips

When you, as a tour operator, travel agent, journalist, influencer or other representative participate in familiarization- and press trips, we can collect and process data about, for example, your name, address, e-mail address, telephone number, title, gender, marital status, nationality, date of birth, passport number, next of kin information, links to your social media profiles, and special dietary preferences and requirements. In special cases, we can also collect and process special categories of personal data, including health data in the form of allergies and diseases, as well as data about religious beliefs, race and ethnic origin, sexual relations and sexual orientation. 

The purpose is in order to be able to communicate with you and to plan a personalised programme for you in connection with your familiarization- or press trip, including making the necessary travel arrangements and considerations, and to conduct VisitDenmark’s efforts to market Denmark as a tourist destination in accordance with the task assigned to VisitDenmark as a public authority pursuant to Act no. 648 of 15 June 2010 on VisitDenmark, see Article 6(1)(e) of the General Data Protection Regulation.  

We only collect and process health data and other types of special categories of personal data if we find it relevant and reasoned in relation to the specific pro-gramme being planned for you, and if you have granted us explicit consent to do so, see Article 9(2)(a) of the General Data Protection Regulation.  

In most cases, we will collect the data directly from you, including when we communicate with you and when you complete one of our forms for use in connection with your forthcoming familiarization- or press trip. However, we can also collect data about you from other sources, including our partners and suppliers, and from articles and other public media.

Participants in exhibitions, workshops and partner events

When you participate in exhibitions, workshops and partner events, we can collect and process data about, for example, your name, e-mail address, telephone number, organization and title. In special cases, we can also collect and process special categories of personal data, including health data in the form of allergies.

The purpose is in order to be able to communicate with you and to conduct Vis-itDenmark’s efforts to market Denmark as a tourist destination in accordance with the task assigned to VisitDenmark as a public authority pursuant to Act no. 648 of 15 June 2010 on VisitDenmark, see Article 6(1)(e) of the General Data Protection Regulation.

We only collect and process health data if we find it relevant and reasoned in relation to your participation, and if you have granted us explicit consent to do so, see Article 9(2)(a) of the General Data Protection Regulation.

In most cases, we will collect the data directly from you, including when we communicate with you, when you provide us your business card and when you complete your registration to the exhibition, workshop or partner event.

Guests at VisitDenmark

When you visit VisitDenmark and log in to our guest network, we collect and process data about your MAC-address, IP-address, the host name of your computer/device, and the URLs from which you collect data.

The purpose is to gain insight into the activities that take place on VisitDen-mark’s guest network in order to optimise the solution and to enable trouble-shooting. This processing is necessary in order to perform a task which constitutes the exercise of authority by a public body, imposed upon VisitDenmark pursuant to Act no. 648 of 15 June 2010 on VisitDenmark, see Article 6(1)(e) of the General Data Protection Regulation.

Participants in market research

When you, as a contact person or representative of a company or organisation, participate in and provide responses in market research or satisfaction surveys, we can collect and process your name, e-mail address and your responses provided in connection with the satisfaction survey, including, for example, data about the company’s/organisation’s satisfaction with VisitDenmark activities and events.

The purpose is to collect information about the company’s/organisation’s participation in courses and conferences, as well as consumption in connection with these courses and conferences, in order to measure the satisfaction with our activities and events for the purpose of performing VisitDenmark’s efforts to market Denmark as a tourist destination in accordance with the task assigned to VisitDenmark as a public authority pursuant to Act no. 648 of 15 June 2010 on VisitDenmark, see Article 6(1)(e) of the General Data Protection Regulation.

In most cases, we collect data about your name and e-mail address from other tourism organisations. However, we may also be in possession of your contact information from previous relevant communication, including if the company or partner you work for is a partner or supplier of VisitDenmark.

4. Recipients of personal data

Your personal data may be transferred to suppliers, partners, contracting parties or other third parties who process data on behalf of VisitDenmark. These companies are data processors and are under our instructions, and they process data for which we are the data controller. They may not use the data for other purposes than the fulfilment of the agreement with us, and they are bound by confidentiality regarding this data. We have concluded a data processing agreement with all of our data processors that meets the requirements of Article 28 of the General Data Protection Regulation. This requires that these data processors carry out adequate technical and organisational measures so that the processing complies with the requirements of the regulation and ensures the protection of your rights.

Your personal data may also be transferred to public authorities if required by law or if it is necessary in order to perform the task assigned to VisitDenmark.

In some cases, we transfer personal data outside the EU/EEA to recipients who do not necessarily have the same level of protection on the processing of personal data as that within the EU/EEA countries. In such cases, we will inform you of the necessary or adequate guarantees and where you can find or obtain them.

In the following, we provide separate information for each of the categories of people whose data we process. Choose a category for more information.

Job applicants

Your personal data can be made available to our data processors, including our suppliers of e-recruitment system, providers of personality tests, and hosting suppliers to the extent that we register your data in our IT systems.

Users of the website

We use external partners for, among other things, technical operation, website improvements, website hosting, and targeted marketing. These companies are data processors and are under our instructions, and they process data for which we are the data controller.

Two of these data processors, Google Analytics w/Google LLC and Google Tag Manager w/Google LLC, are established in the USA. The necessary guarantees for transfer of data to the USA are ensured through the data processor’s certification under EU-U.S. Privacy shield, see Article 45 of the General Data Protection Regulation.

Newsletter recipients

We use external partners for the distribution of newsletters. These companies are data processors and are under our instructions, and they process data for which we are the data controller.

One of these data processors, Salesforce, is established in the USA. The necessary guarantees for transfer of data to the USA are ensured through the data processor’s certification under EU-U.S. Privacy shield, see Article 45 of the General Data Protection Regulation.

Partners and suppliers

Your personal data can be made available to our data processors, including our hosting suppliers, to the extent that we register your data in our IT systems.

Your personal data can also be transferred to other external partners or suppliers to the extent necessary. 

Participants in familiarization- and press trips

Your personal data can be made available to our data processors, including our hosting suppliers, to the extent that we register your data in our IT systems. 

Your personal data can also be transferred to external partners, including destination partners, travel agents, hotels and restaurants to the extent necessary in order to plan and carry out the trip you will be participating in. We only transfer special categories of data, including, for example, data about allergies and diseases, to our partners if you have granted us explicit consent to do so.

Participants in exhibitions, workshops and partner events

Your personal data can be made available to our data processors, including our hosting suppliers, to the extent that we register your data in our IT systems. 
Your personal data can also be transferred to external partners, to the extent necessary in order to plan and carry out the exhibition, workshop or partner event you will be participating in. We only transfer special categories of data, including, for example, data about allergies, to our partners if you have granted us explicit consent to do so.

Your personal data can also be transferred to other participants in the event by distribution of lists of participants containing name and organization. 

Guests at VisitDenmark

Your personal data can be made available to our data processors, including our hosting supplier(s), to the extent that we register your data in our IT systems. 

Participants in market research

Your personal data can be made available to our data processors, including our hosting suppliers, to the extent that we register your data in our IT systems, and our analysis institutions.

In some cases, we will publish the results of our analyses and surveys. In such cases, the publication will be at the aggregate level, which means that the data can no longer be attributed to an identifiable person. 

5. VisitDenmark’s market office in the US

In some cases, your personal data will be available to employees at VisitDenmark’s market office in the US. This applies in particular to the processing of personal data that takes place in connection with activities in the US. The necessary guarantees for transfer of data to the US are based on Article 49(1)(d) of the General Data Protection Regulation.

6. Storage of your personal data

We delete your personal data when we no longer have an objective purpose for storing and processing this data. 

Special laws, for example in the archival legislation, the Danish Act on Limitations and the Dan-ish Bookkeeping Act, may grant us a right or impose a duty upon us to store your personal data for a longer period of time. We also reserve the right to store your personal data for a longer period than stated below if we assess that it will be necessary to determine, assert, or defend a legal claim. 

In the following, we will provide separate information for each of the categories of people whose data we process. Choose a category for more information.

Job applicants

Applications received from applicants who are not offered employment will be deleted no later than 6 months after the end of the application process, unless you have given your consent to a longer period of storage.

Unsolicited applications that are not part of a current hiring process will be deleted no later than 6 months after receipt unless you have given your consent to a longer period of storage, or we have a legal obligation to store the application.

Users of the website

Data collected in connection with your use of VisitDenmark’s website will be deleted when we no longer have an objective purpose for storing and processing this data.

Data collected in connection with general enquiries will be deleted on a running basis as they are replied to, unless we have a legal obligation to save the enquiry.

Newsletter recipients

Data collected in connection with your subscription to our newsletters will be deleted when your consent to receive newsletters is withdrawn, unless we have a legal obligation to store the data. 

However, we store documentation of your consent for two years after you withdraw it. 

Partners and suppliers

Your personal data is deleted in connection with the termination of the cooperation with our partner or supplier, unless we have a legal obligation to store the data. 

Participants in familiarization- and press trips

Data collected in connection with our communication with you will be deleted when we no longer have an objective purpose for storing and processing this data.

Data collected in connection with the planning and carrying out of familiarization trips will be deleted no later than 3 months after the completion of the trip, unless we have a legal obligation to store the data. Special categories of personal data that we process on the basis of your consent will be deleted no later than at the time when the data is no longer needed or when you withdraw your consent, unless we have a legal obligation to store the data.

Participants in exhibitions, workshops and partner events

Data collected in connection with our communication with you will be deleted when we no longer have an objective purpose for storing and processing this data.

Data collected in connection with the planning and carrying out of the exhibition, work-shop or partner event will be deleted no later than 3 months after the completion of the event, unless we have a legal obligation to store the data. Special categories of personal data that we process on the basis of your consent will be deleted no later than at the time when the data is no longer needed or when you withdraw your consent, unless we have a legal obligation to store the data. 

Guests at VisitDenmark

Data collected in connection with your use of our network will be automatically deleted one month after it is collected, unless we have a legal obligation to store the data.

Participants in market research

Your personal data will be deleted or aggregated, i.e. made anonymous, immediately after we have completed our market analysis unless otherwise stated in connection with the given survey, or unless we have a legal obligation to store the data.

7. Your rights

The General Data Protection Regulation grants you a number of rights in relation to our processing of data about you. In order to establish transparency regarding the processing of this data, we inform you below about your rights.

You can read more about your rights in the Danish Data Protection Agency’s guide on the rights of data subjects, which you can find at www.datatilsynet.dk

Right of access

You are at all times entitled to request information from us about, among other things, the personal data we have registered about you, the purpose of the registration, the categories of personal data, recipients of the personal data, and the origin of this personal data.

You have the right to obtain a copy of the personal data we process about you. If you would like a copy of your personal data, send a written request to dpo@visitdenmark.com. You may be asked to provide proof that you are the person you claim to be.

Right to rectification

You have the right to rectification of incorrect personal data we have relating to you. If you become aware of errors in the personal data we have registered about you, you are encouraged to contact us in writing so that the personal data can be rectified. 

Right to erasure

In certain cases, you have the right to erasure by us of all or parts of your personal data prior to the time of our standard general deletion. This applies, for example, if you withdraw your consent and we do not have another legal basis to continue the processing. To the extent that continued processing of your data is necessary, e.g. for our compliance with legal obligations, including the Danish Public Administration Act or the Danish Archive Act, or in order to establish, assert or defend legal claims, we are not obliged to delete your personal data.

Right to restriction of processing

In certain cases, you have the right to restrict the processing of your personal data to mere storage, e.g. if you believe that the data we process about you is not correct.  
If you have the right to restrict the processing, we may only process your data – apart from storage – with your consent, or for the purpose of establishing, asserting or defending a legal claim, or to protect a person or important societal interests. 
Right to object
In some cases, you have the right to object to our otherwise legal processing of your personal data. You also have the right to object to the processing of your data for direct marketing purposes.

Right to data portability

In some cases, you have the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable format, and to have this personal data transferred to another data controller.


Right to withdraw consent

You have the right to withdraw consent that you have granted to us for a given processing of your personal data. If you wish to withdraw your consent, please contact us at dpo@visitdenmark.com.

Right to complain

You have the right to submit a complaint to the Danish Data Protection Agency, Bor-gergade 28, 5, 1300 Copenhagen K, Denmark, regarding VisitDenmark’s processing of your personal data. A complaint can be submitted by e-mail to dt@datatilsynet.dk or by telephoning +45 33 19 32 00.

8. Security

We have taken adequate technical and organisational safeguards to prevent personal data from being accidentally or illegally destroyed, lost, altered or damaged, and to prevent unauthorised access or abuse by third parties.

Only employees who have a legitimate need for access to your personal data to perform their work have access to this data.

9. Changes to this information

If we make changes to this Data Protection Notice, you will be notified of these changes to the extent that we still possess personal data relating to you.

10. Versions

This is version 3 of VisitDenmark’s Data Protection Notice, dated 4 October 2019.