Privacy

Updated 24 May 2018

1. General remarks

Protecting your personal data is of the highest priority at the IT University of Copenhagen (”ITU”, ”we”, ”our”, ”us”).

This policy (”Privacy policy”) explains in general terms what personal data we collect from you as an applicant, student, supplier/contractor, collaboration partner or ITU conference/event participant; when and why we collect the information; how we use the personal data; the conditions for transfer of personal data to other parties and how we securely store your personal data.

2. Who are we

ITU is a Danish university that teaches and conducts research in information technology. ITU is registered in Denmark and in the Danish Business Registry, CVR no. 29057753.

We may be contacted by phone no. +45 7218 5000, by e-mail at itu@itu.dk or at the address Rued Langgaards Vej 7, 2300 Copenhagen S, Denmark.

Depending on the relation between you and us, it may be necessary for us to process your personal data in some situations.

You may read more about our processing of your personal data in the following sections.

3. Information we collect directly from you

Applicants and students

  • For applicants for master, graduate, single courses and guest courses, personal data is collected directly from you.
  • We also collect personal data directly from enrolled students.
  • These personal data typically include name, address, phone number, e-mail address, CPR-number (Danish civil registration number), education, language exams, work experience and photos for ID-cards.

Suppliers/contractors, collaboration partners etc.

  • By entering into a collaboration agreement etc., we collect a number of personal data, including e.g. name, address, phone number and e-mail address, of the given contacts.

Participants in conferences, workshops, open events etc.

  • We only collect the personal data that you provide yourself when signing up for conferences, workshops, open events etc.

Marketing

  • If you have signed up for our newsletter, we use your e-mail address to send marketing materials.

Inquiries

  • When you send an inquiry to us, we use the information you have provided us in order to answer your inquiry.

4. Information which we collect from third parties

Applicants and students

  • For applicants for bachelor programmes, personal data is collected through the digital portal Optagelse.dk, which is managed by the Ministry of Higher Education and Science.
  • A number of personal data is collected from the abovementioned portal, including name, address, phone number, e-mail address, CPR-number (Danish civil registration number), education, language exams and work experience.

5. Purpose and basis for processing

Our general purpose concerning the processing of your personal data is to deliver high-quality education and research within information technology.

We process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679. This means that all your information which we collect or receive is processed according to the bases for processing contained in the regulation. Depending on the relation between you and us, and therefore depending on the type of information we collect, the basis for processing may vary.

Below is a detailed explanation concerning the different purposes and bases for processing which we use for the different categories of Data Subjects.

Applicants and students

  • The purpose of processing your personal data is to manage all aspects of your application and potential education at ITU.
  • Generally, we process your personal data either in order to comply with a legal obligation to which ITU is subject, or to carry out the performance of a task in the public interest or in the exercise of official authority imposed on us as a public authority, cf. GDPR Article 6(1)(c) and (e).
  • We also process your sensitive personal data, e.g. data concerning health, insofar as it is necessary in order to comply with health and social law obligations/rights, or out of consideration for reasons of substantial public interest on the basis of EU or national law, cf.GDPR Article 9(2)(g).
  • Whenever necessary, we shall request your consent to process your regular and/or sensitive personal data, cf. GDPR Article 6(1)(a) and Article 9(2)(a).

Suppliers/contractors, collaboration partners etc.

  • The purpose of processing your personal data is to fulfil/comply with the agreement that we have entered into.
  • Generally, we process your personal data based on an agreement between you and us, cf. GDPR Article 6(1)(b), or because it is necessary in order for you to enter into a contract with us at a later time, cf. GDPR Article 6(1)(b).

Participants in conferences, workshops, open events etc.

  • We only process your personal data on the basis of your consent, cf. GDPR Article 6(1)(a).

Marketing

  • The purpose of our processing of your personal data is to ensure the general public’s knowledge of ITU and to attract as many interesting candidates as possible, both education and employment wise.
  • Concerning marketing, our basis for processing will always be your specific consent, cf. GDPR Article 6(1)(a) and the Danish Marketing Act Article 10, section 1. Consent is also applicable whenever we process your sensitive personal data, cf. GDPR Article 9(2)(a).

Legal obligations

  • We are subject to a number of legal requirements and obligations that may make it necessary for us to process your personal data in order to comply with the laws, e.g. the Danish Bookkeeping Act, cf. GDPR Article 6(1)(c).

Legal claims

  • Finally, we reserve the right to process your personal data at any given time to the extent that it is necessary for us to safeguard our interests in a legal dispute, cf. GDPR Article 6(1)(e) and Article 9(2)(f).

6. CCTV-surveillance

As part of the security at ITU, we keep the internal building and all entrances and exits under surveillance.

The surveillance recordings are deleted after 30 days.

We only transfer the information in the event that a clear, legal obligation is present, cf. GDPR Article 6(1)(c). This could e.g. be the case should the police request the surveillance in connection with a report of theft or assault.

7. Website, including cookies

This section concerns ITU’s website (www.itu.dk).

About cookies

  • Cookies are used by virtually all websites. In some cases, cookies are the only way to make a website work properly.
  • A cookie is a file that is stored on your computer or other IT-equipment. It makes it possible to recognize your computer/other IT-equipment and collect information regarding pages and functions that are accessed by your browser. However, cookies cannot see who you are, what your name is, where you live or whether the computer/other IT-equipment is used by one or more persons.
  • Our website uses cookies. You are informed about the use of cookies before they are placed on your computer/other IT-equipment. We – and everyone else – are obliged to do so. Read more about cookies and the legal regulation (Executive Order on Cookies) on the Danish Business Authority’s website, https://erhvervsstyrelsen.dk/

Cookies for statistical purposes

  • When visiting our website for the first time, you will see a banner with information regarding cookies for statistical purposes. If you click on the link “no thank you” for our use of cookies for statistical purposes, there will be no cookies placed for statistical purposes. We do however use a cookie in order to remember your option of clicking “no thank you” for statistical purposes. If you continue clicking your way through to another page without choosing “no thank you”, or if you click “OK”, a cookie will be installed to collect statistics, after which the banner will disappear.
  • Cookies for statistical purposes are used by ITU in order to collect data about our visitor’s web traffic pattern on www.itu.dk. We use cookies in this regard in order to give you the best possible user experience on our website. We use the web analytics tool Matomo, which ensures that we exclusively store data on a server located at ITU. For example, ITU collects data regarding what pages a user begins with, which pages they leave the website from, and which words they have used in order to find ITU in search engines such as Google.
  • None of your personal data is stored.

Deleting or deactivating cookies from your browser

  • Should you wish to avoid cookies completely, you must deactivate cookies from your browser. We refer to the following website, where you can find information on how to deactivate cookies from your browser: http://minecookies.org/cookiehandtering/. However, be aware that if you deactivate cookies, you cannot log in or use other functions that require the website to remember your cookie choices.

8. Security

We maintain the necessary organizational, technical and physical security precautions in order to protect your information against accidental or illegal destruction, loss, changes, unauthorized transfer of or access to such in accordance with the data protection regulations in Denmark and the EU.

When assessing what level of security is adequate, particular attention is paid to the risks that may be posed through processing, in particular concerning accidental or illegal destruction, loss, changes, unauthorized transfer of or access to personal data that is transferred, stored or in any other way processed.

9. Storage

We store your personal data until it is no longer necessary for us to process them. In certain cases, it may be difficult to give an accurate time frame in advance, however the below shows our framework for the time spent processing your personal data.

Applicants and students

  • We store your personal data according to several legal obligations for public authorities, including the Danish Archiving Act, Public Information Act, Public Administration Act, University Act and the Executive Order concerning Exams. We delete information regarding enrolled students once our basis for processing as a public authority ceases.
  • Furthermore, we only process students’/former students’ personal data to the extent that we have a distinct basis for processing for this.
  • If consent is the distinct basis for processing, we store your personal data until the purpose of the processing has ended, or until you withdraw your consent.

Suppliers/contractors, collaboration partners etc.

  • Personal data affiliated with transactions between you and us are generally and at the latest deleted according to the regular limitation period of 5 years after the agreement expires.

Participants in conferences, workshops, open events etc.

  • We delete the personal data you have given us immediately upon your request.

Marketing consent

  • We delete your personal data as soon as possible after you unsubscribe.

Your inquiries

  • As a general rule, we store your personal data up to 6 months after processing has ended, unless our journaling/filing obligation states otherwise.

In the event that we have reasons to store your personal data in order to comply with legal obligations that we are subject to, including e.g. legal disputes, we reserve the right to store your personal data for a longer period of time and as a minimum until the matter in question has ended.

10. Sharing your personal data

We share your personal data with third parties whenever necessary. Third parties mean the following:

  • Approved/authorized data processors that assist us with IT- or other services.
  • Other public authorities, whenever a legal basis for processing is present

We also share your personal data with the above or other third parties if we are obliged to do so in accordance with legal regulations, or in order to protect our interests in a legal dispute.

11. Your rights

You have the right to request access to, rectification or erasure of personal data, which we process about you. You may also request us to restrict our processing of your personal data, just as you may object to our processing and request us to transfer your personal information to others. 

However, it is not certain whether we may or are able to comply with your request, e.g. due to a legal requirement. We therefore recommend that you contact us regarding your initial inquiries in the event that you are dissatisfied with our processing of your personal data in any way. In this way, we hope to achieve a joint solution concerning your inquiry.

All abovementioned inquiries may be directed in writing by e-mailing our Data Protection Officer at dpo@itu.dk.

You also have the right to file a complaint with the Danish Data Protection Agency concerning our processing of your personal data. You may read more about this and find the Danish Data Protection Agency’s contact details via: https://www.datatilsynet.dk/

12. Changes

We reserve the right to make changes to our Privacy Policy. In the event of any changes hereto, we shall post a notification on our website for 30 days after the changes have come into effect.