09-09-2018

Aarhus Symposium’s data responsibility

We process personal data and therefore adhere to the General Data Protection Regulation (GDPR) of the European Union and relevant Danish legislation. This privacy policy is intended to let you know how we treat your personal information to ensure a fair and transparent treatment.

We only process personal data for specific purposes based on legitimate interests. Therefore, we only process data which is relevant and necessary to achieve the objectives listed below, and we will cease to store a piece data once it is no longer necessary.

Contact information for the data responsible

Aarhus Symposium ensures that your personal data is treated according to relevant legislation.

Any questions may be addressed to:

Aarhus Symposium
Att: IT Group
Fuglesangs Allé 4, 8210 Aarhus V
CVR: 33735782

mail@aarhus-symposium.org  

Procedure for the treatment of requests for data

Every unit of the organisation has its own unique email address, and access to all relevant data is limited to the specific group. Should any one group receive data which is irrelevant to its own tasks, the data will be forwarded to the correct group and deleted from the mailbox of the initial recipient. Internal sharing of data will happen based on relevance. Data will only be shared externally insofar as clear consent has been given and the identity of the inquirer can be unequivocally confirmed.

Procedure in case of data breach

In the event of a breach, Aarhus Symposium is obligated to notify the Danish Data Protection Agency within 72 hours of the breach. Any external processor of data is obligated to notify Aarhus Symposium of the breach without undue delay. Furthermore, all affected individuals are notified.

A notification contains at least:

  • A description of the breach including how many individuals and how much data are affected

  • A description of the possible consequences of the breach

  • A description of the actions, Aarhus Symposium intends to take to mitigate the consequences of the breach.

The Danish Data Protection Agency can be contacted on dt@datatilsynet.dk or 33 19 32 00.

 

Processing of personal data

We process the following personal data:

  • Participant information

    1. Ordinary personal data:

      1. Contact information such as name, address, phone number, educational institution, field of study, and email address

    2. User surveys

      1. Voluntary evaluation surveys on Aarhus Symposium’s events

  • Member information

    1. Ordinary personal data:

      1. Contact information such as name, phone number, address, educational institution, field of study, student number, and AU-id

  • Applications

    1. CV’s from applicants, unsolicited applications, etc.

Data collection

We only collect data directly from you through the Sign-up module on our website or by direct inquiry.

Purposes for our processing of your personal data

We only process your personal data with a specific purpose and a legal reason.
Legal reasons are in Aarhus Symposium’s case particularly:

  • Legitimate interests in processing your data with your interests in mind.

  • Necessity for our handling of your participation in our events

  • Processing with your explicit and informed consent. 

Purposes:

  • Purposes for processing participant information

    1. Handling the practicalities for your participation

    2. As a part of the planning, execution and follow-up to events

    3. Improvement of our offers and events

    4. Ensuring that our online marketing targets relevant and interested individuals

  • Purposes for processing member information

    1. Contacting active organisers regarding the operations of Aarhus Symposium

    2. Contacting former organisers regarding general Assembly, sharing relevant information, etc.

  • Purposes for processing applications

    1. Uses in connection with recruiting activities

We only treat personal data based on legitimate interests

When we process your personal data based on a weighing of interests, we will only consider our own interests to the extend that they are legitimate. Legitimate interests are for instance:

  • Planning and execution of events

  • Use of situation images taken during events which depict a concrete activity or situation during the event

  • Storage of data of historical value for user surveys, statistics, marketing, etc.

  • Data on responses to user surveys is collected and used in conjunction with participant information for analyses with the aim of improving Aarhus Symposiums offers and events for participants. Participation in surveys is always voluntary

  • Storage of CV’s from volunteer applicants for recruiting purposes

Consent
Usually, our processing of your personal data will be based on consent given when creating a profile for our webpage. This consent encompasses use of images from our events for use on our webpage, social media and promotional material for future partner organisations.

If we seek your consent, you can choose not to grant it and can always retract it by letting us know your desire to retract your consent.

Forwarding of personal data
We will never forward your personal data to companies or others without your explicit consent

Storage and destruction of your personal data
We store your personal data for a period after our events according to the following criteria:

  • For practical and administrative concerns, we store participant information for up to three years after an event

  • We store data exclusively for internal use for the improvement of Aarhus Symposium’s offers and events. This data will never be shared or sold to a third party without your explicit consent.

  • All CV’s from volunteer applicants will be stored until the recruiting process has been concluded for the year after the application was initially sent

  • All collected data is processed and stored according to the requirements of the GDPR


Your rights
You have a number of rights according to the GDPR when we process your personal data:

  • The right to be informed about the processing of data

  • The right to access to your own personal data

  • The right to rectification

  • The right to withdraw consent

  • The right to object

  • The right to object to automated processing

  • The right to be forgotten

  • The right to data portability (receiving data in a commonly used format)

We direct attention to the Danish Data Protection Agency’s guidance on the rights of data subjects.

You can use your rights by contacting us and letting us know your desire to do so. You will find our contact information listed previously. Upon your request, we will look into its validity and act accordingly.

You can always register a complaint with the Danish Data Protection Agency.

Revision of the privacy policy
We retain the right to revise this policy from time to time. Upon revision, the data at the beginning of the document will be changed. At any time, the current privacy policy will be available on our website. Upon any major changes, we will notify you hereof.