AAU logo

Privacy and cookie policy

Aalborg University Privacy policy

  • +

    1 Aalborg University is the data controller

    Aalborg University (AAU) is one of Denmark’s eight universities, and we collect and process personal information about various individuals. As a rule, Aalborg University will record and process your personal data if you are or have been employed or enrolled as a student, if you have attended a conference, if you have collaborated with the University or if you subscribe to any of the University’s web services.  Furthermore, the University processes personal data in connection with research projects. In all of such cases, Aalborg University is the data controller.

    Aalborg University’s privacy policy applies to all personal data collected and processed by Aalborg University. In this privacy policy, ‘AAU’, ‘the University’, ‘we’, ‘us’ or ‘our’ refer to Aalborg University.

    AAU primarily records personal data in accordance with the data protection regulations: EU’s General Data Protection Regulation (GDPR) and the Danish Data Protection Act which was passed by the Danish Parliament on 17 May 2018.

    Aalborg University’s official contact details:

    Aalborg University
    Fredrik Bajers Vej 5
    PO box 159
    DK-9100 Aalborg
    Tel.: +45 9940 9940
    aau@aau.dk
    www.en.aau.dk
    CVR No.: 29102384   

  • +

    2 The types of personal data we collect and process

    In our privacy policy, the term ‘personal data’ refers to information that relates to you and may be used to identify you either alone or in connection with other information collected about you.

    In general, we process the following personal data:

    Data Scope of application
     Name, address, occupation, email address, phone number and date of birth

     If you apply for a job
     If you apply for admission to a degree programme
     If you attend a conference
     If you use AAU’s facilities, such as when you book a seminar room

     Danish civil registration number (CPR)

     If you are an AAU staff member (including non-tenured staff)
    If you are an AAU student

     Account details, financial company information (only sole trader businesses)

     If you have financial transactions

     Staff number, username, place of employment

     If you are an AAU staff member

     Information on your education and grades 

     If you are an AAU student

     Information about your employment, knowledge and experience

     If you apply for a job

     If you are an external examiner

     Digital data, such as traffic data, location data and other forms of communications data, including IP addresses, data related to devices (PCs, telephones and tablets) and technical data, such as device type and operating system

     Relates to how we design our website, platforms and digital applications

     Data on when you use your access card to enter our buildings

     Securing our building

    2.1 Sensitive personal data

    If required by law or when you participate in specific research projects, AAU will also record sensitive personal data about you. We will require your explicit consent to collect and process sensitive personal data, unless we are permitted by law to collect and process such data without your consent. We may collect and process the following sensitive personal data:

    • Your health data
    • Biometric data, such as DNA information
    • Political affiliations and trade union membership
  • +

    3 How we use personal data

    We collect and process personal data for various purposes. In general, we collect and process personal data within the following five areas of application:

    3.1 Staff members

    We use your personal data for recruitment purposes; during your recruitment process, during your employment and to a certain extent, we use your personal data after your employment has ended. In general, we process personal data for recruitment purposes to comply with certain legal requirements, such as transferring personal data to SKAT, the Danish Customs and Tax Administration, or for being able to pay your salary.

    3.2 Students

    We process your personal data if you are an AAU student. If you are an AAU student, we will process your personal data both before and after your enrolment at AAU. We do this to be able to enrol you as an AAU student and allow you to attend exams at AAU. In some cases, we will share your personal data with others, such as with the agency responsible for the Danish State Educational Grant and Loan Scheme; moreover, in being able to issue you a degree certificate, we will store some of your personal data for an extended period after you have graduated from AAU.

    3.3 Research

    In our capacity as a research institution, we collect and process a vast amount of personal data as part of our research projects. The nature of the personal data depends on the individual research themes for which they are used.

    3.4 Administration and cooperation

    We collect and process personal data for various administrative purposes, such as during conferences and other events organised by AAU and attended by both staff members and external participants. In general, we use these personal data to be able to provide participants with practical information, such as the time and place of a conference, or we use the information to be able to communicate with participants after the conference, such as when we forward slides used at a conference or when we charge participation fees.

    3.5 Legal requirements and security reasons

    We often need to process your personal data in complying with a wide range of legal requirements. Furthermore, we may process your personal data for security reasons, for example for the purpose of building security, when we need to protect the rights of others, etc.

  • +

    4 Third parties and personal data

    In some cases, we may share your personal data with a third party outside the University; for instance, we may share your data with external data processors, collaboration partners or other authorities or public bodies.

    As a rule, your personal data will not be disclosed to a third party without your knowledge unless the University is required to pass on this information to other public authorities. For example, we may share personal data with public authorities, such as SKAT, the Danish Customs and Tax Administration, the Police and supervisory authorities when the disclosure of such data is required by law.

  • +

    5 Your rights

    Along with all other organisations that collect and process personal data, Aalborg University is required to provide information on when we collect and process personal data, both on our own initiative and when we are asked to do so.

    In general, AAU collects and processes personal data on individuals who are or have been AAU students or staff members and on individuals who have participated in conferences or who have collaborated with AAU. Furthermore, AAU processes personal data in connection with research projects.

    When we process your personal data, you have certain rights:

    • Your personal data should be processed lawfully, fairly and in a transparent manner
    • You must be informed of your personal data being processed (this privacy policy is an example of this)
    • You must be able to gain access to the personal data processed by AAU
    • You may request that we correct any inaccurate information about you
    • Some situations permit you the right to require that we delete information about you
    • You may require that we share your personal data with you or another organisation
    • You have the right to object to us processing your personal data for direct marketing purposes
    • You have the right to object to automated individual decision-making, including profiling
    • You have the right to object to the continued processing of your personal data
    • In certain circumstances, you have the right to temporarily restrict or discontinue the processing of your personal data

    Please note, however, that these rights may be subject to exemptions or limitations, such as in relation to research and in the exercise of official authority.

    Moreover, it is essential that you provide us with correct information and that you inform us whenever your personal data change.

    5.1 The right to be informed

    When AAU collects and uses the personal data of individuals, we are required to provide the following information to such individuals:

    • AAU’s contact details and, where relevant, the contact details of AAU’s data protection officer
    • AAU’s purposes for processing your personal data and the lawful basis for the processing
    • The categories of personal data obtained and how they have been obtained
    • The recipients or categories of recipients to whom the personal data have been or will be transferred, including recipients in third countries or international organisations
    • The retention periods for the personal data
    • The rights of data subjects
    • The right to lodge a complaint with the Danish Data Protection Agency or another supervisory authority
    • The existence of automated decision-making, including profiling
    • Whether AAU plans to use personal data for a new purpose

    This right to be informed applies regardless of whether AAU has collected the personal data directly from the data subject or obtained the personal data from a third party.

    5.1.1 Exemptions

    AAU is not required to comply with the obligation to inform data subjects where it is clear that the data subject is already familiar with the above information; similarly, the right to be informed does not apply in such cases when personal data must remain confidential or when the University has a statutory obligation to process personal data.

    5.2 The right of access

    The right of access provides individuals with the right to make a subject access request to obtain information on what happens to their personal data.

    The right of access provides you with the right to obtain confirmation as to whether AAU processes personal data about you; if this is the case, you have the right to request access to your personal data and you have the right to request access to the following information:

    • The purposes for which your personal data are processed
    • The categories of personal data obtained and how they have been obtained
    • The recipients or categories of recipients to whom the personal data have been or will be transferred, including recipients in third countries or international organisations
    • The retention periods for the personal data
    • The rights of data subjects
    • The right to lodge a complaint with the Danish Data Protection Agency or another supervisory authority
    • Where the personal data are not collected from the data subject, any available information as to their source;
    • The existence of automated decision-making, including profiling

    5.2.1 Deadlines

    When you make a subject access request, AAU must respond as soon as possible and no later than a month after having received your request. This deadline will apply whether you request to receive general or more specific information about your personal data[LH1] . However, AAU may extend the time limit to respond to subject access requests if a request is particularly complex. If special circumstances apply, we may send a preliminary response to you, stating the reasons for the delay.

    5.2.2 Submitting a subject access request

    There are no specific requirements as to how you should submit a subject access request. You can request access via email, by post, over the telephone or by contacting us in person. However, we kindly ask you to follow the steps below as this makes it easier for us to respond to your request.

    You are not required to state your reasons for requesting access.

    Since the subject access request forms contain confidential information, we recommend that you send these to AAU using secure email via e-Boks or Digital Post (lifeindenmark.borger.dk), select ‘Aalborg Universitet’. Alternatively, you can send your subject access request form to AAU via email at anmodning@aau.dk.

    5.2.3 Responding to subject access requests

    Before responding to your subject access request, we must be able to verify your identity, and we will therefore forward the requested information to you via e-Boks/Digital Post. If you do not wish to receive the response via e-Boks/Digital Post, you must collect the information in person at the University; on collecting the response in person, you will need to present a valid photo ID. By only responding to your subject access request by way of the above methods, we ensure that such responses do not fall into the wrong hands.

    Upon complying with your subject access request, AAU must always consider whether this may infringe the rights of other individuals or organisations. This may constitute an infringement of the rights and freedoms of other individuals or an infringement of trade secrets or intellectual property rights. In such cases, we will blur any information that may breach the rights of other data subjects before submitting the response to you.

    When responding to subject access requests, AAU will forward the response form and a copy of the data held by AAU on the data subjects.

    5.2.4 Refusal of subject access requests

    In the event that AAU cannot comply with your subject access request, you will receive a refusal of your subject access request along with the reasons for refusal within one month.

    Your subject access request may be refused if your right of access does not apply to how we process your personal data, if we are not processing your personal data or if we cannot verify your identity.

    The right of access does not apply to personal data used as part of research projects. Therefore, if you have submitted your personal data to AAU via a research project, you do not have a right of access to such information.

  • +

    6 Security and storage

    Aalborg University treats all personal data as confidential. All personal data are processed and stored in the University’s own case administration systems. When the University no longer uses the data for the purposes for which they were collected, the data will be erased or archived in Aalborg University’s filing system. However, the University may need to comply with other legislation which may require us to store personal data for shorter or longer periods.

    We value security and have introduced a number of security measures that help us protect both your personal data and our business. In this respect, we have increased security through the introduction of various strategies, controls, policies and technical measures. We protect your personal data through the application of encryption methods and other security measures, such as firewalls and password protection. We continuously seek to increase security and ensure that our staff members are well equipped for the ever-changing technical opportunities.

  • +

    7 Contact details and how to submit a complaint

    7.1 Data protection officer

    If you have any questions on how we collect and process your personal data, you may contact Aalborg University’s data protection officer Teia Melvej Stennevad at dpo@aau.dk.

    7.2 Submitting a complaint to the Danish Data Protection Agency

    You can find more information on your rights in the General Data Protection Regulation, chapter 3.

    Data subjects have the right to submit a complaint about how their personal data is processed to the Danish Data Protection Agency at dt@datatilsynet.dk or by post to Datatilsynet/the Danish Data Protection Agency, Borgergade 28, 5., 1300 Copenhagen K.

    However, before contacting the Danish Data Protection Agency, we recommend that you contact Aalborg University’s data protection officer who may be able to solve the matter.

DATA PROTECTION OFFICER at AAU

Aalborg University has a Data Protection Officer.

AAU'S DATA PROTECTION OFFICER(in danish)