Aarhus University is the data controller in connection with the university’s tasks.
As an employee of Aarhus University (e.g. in connection with recruitment, while you are employed, and finally, where required after your employment has ended), we will process your personal data in accordance with applicable statutory requirements and the contract that we have entered into with you. Examples of personal data processed by the university are: name, address, contact details, date of birth, civil registration no., employee number (AU ID) and place of work. Read more about the use of personal data in an employment relationship.
As a student at Aarhus University, we will process your personal data in connection with your studies, and after you have completed your studies, so that we can issue an exam certificate. In some cases, the university will transfer your personal data to external parties, such as SU-styrelsen (the Danish Students’ Grants and Loans Scheme Office). Examples of personal data processed by the university are: name, address, contact details, date of birth, field of study, civil registration no. and grades.
In connection with the university’s tasks, we will process your personal data in conjunction with administrative purposes, such as individual courses, conferences and events, rejection of job applications and refusal of admission to degree programmes. In this connection, the university will process personal data concerning the data subject, who may be a staff member, a student or an external party. Examples of personal data processed by the university are: name, address, contact details, payments, use of the website, and information in connection with registration for an event.
In connection with research projects at Aarhus University, personal data will be processed to varying degrees. Types of personal data and categories of personal data depend on the specific research project.
Aarhus University will also process sensitive personal data about you to the extent that this is required by law or in connection with research projects – see section 4.4. As a general rule, sensitive personal data will be processed on the basis of your express consent, unless our processing without consent is permitted by law. Examples of sensitive personal data that we may process are: health data, biometric data and DNA, and details of your political or trade union affiliation.
In some cases, the university provides your personal data to collaborative partners or suppliers that e.g. assist us with the operation of IT solutions, marketing or surveys. In this case, we provide the data on the basis of an agreement, and the processing takes place in accordance with the related instructions. Disclosure may also be to external third parties, if we have been ordered to do so. This might be the Danish Customs and Tax Administration (SKAT), the police or another public authority.
Aarhus University is present on a number of social media platforms. The overall privacy policies for the social media can be found on their respective websites:
To the extent that Aarhus University discloses information for use on social media via external collaborative partners, a data processing agreement between the university and the collaborative partners is used.
AU takes the security and protection of personal data very seriously. The university has developed a number of internal procedures and policies in order to comply with our security standards, including ensuring appropriate technical and organisational security measures for our processing of personal data. Read more about how to report a security breach and information security at the university.
When the purpose of the university’s processing of your personal data has been fulfilled, we will erase, make anonymous or archive your personal data. There may be special rules, including the Danish Bookkeeping Act (Bogføringsloven), the Danish Examination Order (Eksamensbekendtgørelsen), or documentation requirements in connection with research and similar, which impose an obligation or right on us to retain personal data for a longer period.
You have the following rights if Aarhus University processes your personal data:
Note that your rights may be limited by other legislation or be subject to exemptions, e.g. in relation to research and the exercising of public authority.
When AU processes your personal data, we have a duty to provide you with the following information:
You are always welcome to contact Aarhus University in connection with access to the data we are processing about you. Data which is part of a research project is, however, not covered by the right of access.
You can contact Aarhus University’s data protection officer if, as a data subject, you have any questions concerning our processing of your personal data. The data protection officer is Søren Broberg Nielsen (firstname.lastname@example.org).
You can read more about your rights and opportunities to appeal on the Data Protection Agency’s website www.datatilsynet.dk, or file an appeal to:
The Danish Data Protection Agency
Carl Jacobsens Vej 35
Tel no.: 3319 3200