We are the data controller – how can you contact us?
This Data Protection Notice is intended to inform you about how VisitDenmark processes the personal data you have provided to us, or which we have collected in connection with recipient of newsletters.
We will only process your personal data in accordance with this Data Protection Notice and the legislation to which we are subject, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“the General Data Protection Regulation”), and Act No. 502 of 23 May 2018 on supplementary provisions to the General Data Protection Regulation (“the Data Protection Act”), as well as other legislation which supplements these rules.
VisitDenmark is the data controller for the processing of the personal data which we have received about you. You can find our contact information below.
Islands Brygge 43, 3rd floor
DK-2300 Copenhagen S
Central Business Register (CVR) no. 33055331
Telephone: (+45) 32 88 99 00
2. Contact information of the data protection officer
If you have any questions about our processing of your data, you are always welcome to contact our data protection officer, DPO Team ApS.
You can contact our data protection officer in the following ways:
• By e-mail: firstname.lastname@example.org
• By telephone: (+45) 71749020
What personal data we collect, where we collect it, the purposes thereof, and the legal basis for the processing of your personal data
We take the protection of personal data seriously and strive for the greatest possible transparency regarding our collection and processing of personal data. When we process personal data about you, you must know what data we process and for what purposes.
When you subscribe to one or more of our newsletters, we collect data about your name, your e-mail address, nationality, IP-adresse, source, time and date for subscription, the newsletter(s) you wish to receive, and that you have given your consent to receive newsletters by e-mail. Depending on the newsletter(s) you subscribe to, we also collect data about the company/organization you work for, your job title, telephone number, address, and the name of your Instagram profile, blog, or similar.
The purpose is to send you newsletters which you have requested and to market Denmark as a tourist destination in accordance with the task assigned to VisitDenmark as a public authority pursuant to Act no. 648 of 15 June 2010 on VisitDenmark, see Article 6(1)(e) of the General Data Protection Regulation, and to establish documentation that you have given your consent to receive newsletters by e-mail, see Article 6(1)(a) of the General Data Protection Regulation.
When you subscribe to our newsletter, we primarily collect the data directly from you. This is done, for example, when you subscribe via our website or when you request newsletters in connection with trade fairs, partner events, workshops and various other activities, including competitions, under the auspices of VisitDenmark.
When you sign up for VisitDenmark's newsletter, VisitDenmark can share your personal information with Facebook. Your personal information is part of a profiling, with the goal to identify a new target group with the same target profile as you. The purpose is to be able to market to similar individuals as you, but not to expose you to targeted marketing. The processing is carried out as part of VisitDenmark's exercise of authority to market Denmark as a travel destination, cf. the General Data Protection Regulation art. 6. 1, litra e. You have at all times an unconditional right to object to the processing of your personal data for profiling, cf. the General Data Protection Regulation art. 21, 2.
When you sign up for VisitDenmark's newsletter, VisitDenmark creates a profile of you over time, based on your click behavior and thus what you are particularly interested in reading. We do this to increase the relevance of our newsletters to you as a user.
Your behavior within our newsletter is registered via VisitDenmark's E-mail marketing platform using UTM tracking parameters. The purpose of the processing is to send you targeted newsletters, as part of VisitDenmark's exercise of authority to market Denmark as a travel destination, cf. the General Data Protection Regulation art. 6. 1, litra e. You have at all times an unconditional right to object to the processing of your personal data for profiling cf. the General Data Protection Regulation art. Art. 21, para. 2.
Recipients of personal data
Your personal data may be transferred to suppliers, partners, contracting parties or other third parties who process data on behalf of VisitDenmark. These companies are data processors and are under our instructions, and they process data for which we are the data controller. They may not use the data for other purposes than the fulfilment of the agreement with us, and they are bound by confidentiality regarding this data. We have concluded a data processing agreement with all of our data processors that meets the requirements of Article 28 of the General Data Protection Regulation. This requires that these data processors carry out adequate technical and organisational measures so that the processing complies with the requirements of the regulation and ensures the protection of your rights.
Your personal data may also be transferred to public authorities if required by law or if it is necessary in order to perform the task assigned to VisitDenmark.
We use external partners for the distribution of newsletters. These companies are data processors and are under our instructions, and they process data for which we are the data controller.
One of these data processors, Salesforce, is established in the USA. The necessary guarantees for transfer of data to the USA are ensured through EU Commission's standard contractual provisions (SCC).
Storage of your personal data
We delete your personal data when we no longer have an objective purpose for storing and processing this data.
Special laws, for example in the archival legislation, the Danish Act on Limitations and the Danish Bookkeeping Act, may grant us a right or impose a duty upon us to store your personal data for a longer period of time. We also reserve the right to store your personal data for a longer period than stated below if we assess that it will be necessary to determine, assert, or defend a legal claim.
Data collected in connection with your subscription to our newsletters will be deleted when your consent to receive newsletters is withdrawn, unless we have a legal obligation to store the data.
However, we store documentation of your consent for two years after you withdraw it in accordance with the guidelines set by the Danish Ombudsman.
The General Data Protection Regulation grants you a number of rights in relation to our processing of data about you. In order to establish transparency regarding the processing of this data, we inform you below about your rights.
You can read more about your rights in the Danish Data Protection Agency’s guide on the rights of data subjects, which you can find at www.datatilsynet.dk.
Right of access
You are at all times entitled to request information from us about, among other things, the personal data we have registered about you, the purpose of the registration, the categories of personal data, recipients of the personal data, and the origin of this personal data.
You have the right to obtain a copy of the personal data we process about you. If you would like a copy of your personal data, send a written request to email@example.com. You may be asked to provide proof that you are the person you claim to be.
Right to rectification
You have the right to rectification of incorrect personal data we have relating to you. If you become aware of errors in the personal data we have registered about you, you are encouraged to contact us in writing so that the personal data can be rectified.
Right to erasure
In certain cases, you have the right to erasure by us of all or parts of your personal data prior to the time of our standard general deletion. This applies, for example, if you withdraw your consent and we do not have another legal basis to continue the processing. To the extent that continued processing of your data is necessary, e.g. for our compliance with legal obligations, including the Danish Public Administration Act or the Danish Archive Act, or in order to establish, assert or defend legal claims, we are not obliged to delete your personal data.
Right to restriction of processing
In certain cases, you have the right to restrict the processing of your personal data to mere storage, e.g. if you believe that the data we process about you is not correct.
If you have the right to restrict the processing, we may only process your data – apart from storage – with your consent, or for the purpose of establishing, asserting or defending a legal claim, or to protect a person or important societal interests.
Right to object
In some cases, you have the right to object to our otherwise legal processing of your personal data. You also have the right to object to the processing of your data for direct marketing purposes including profiling.
Right to data portability
In some cases, you have the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable format, and to have this personal data transferred to another data controller.
Right to withdraw consent
You have the right to withdraw consent that you have granted to us for a given processing of your personal data. If you wish to withdraw your consent, please contact us at firstname.lastname@example.org.
Right to complain
You have the right to submit a complaint to the Danish Data Protection Agency, Bor-gergade 28, 5, 1300 Copenhagen K, Denmark, regarding VisitDenmark’s processing of your personal data. A complaint can be submitted by e-mail to email@example.com or by telephoning +45 33 19 32 00.
We have taken adequate technical and organisational safeguards to prevent personal data from being accidentally or illegally destroyed, lost, altered or damaged, and to prevent unauthorised access or abuse by third parties.
Only employees who have a legitimate need for access to your personal data to perform their work have access to this data.
Changes to this information
If we make changes to this Data Protection Notice, you will be notified of these changes to the extent that the changes concern the processing of your personal data and.
This is version 7.1 of VisitDenmark’s Data Protection Notice, dated November 2021.