Aarhus University is responsible for conducting research, and providing research-based education and research-based consultancy services to public sector authorities at the highest international level, disseminating knowledge of scientific methods and results, and exchanging knowledge and competences with society at large. In connection with this task, the university has a strong focus on data protection, data security and confidentiality. In the university’s privacy policy, you can read more about how we process personal data when we undertake this task.
Aarhus University
Nordre Ringgade 1
DK-8000 Aarhus C
CVR no.: 31119103
Tel.: 8715 0000
Eail: au@au.dk
www.au.dk
Aarhus University is the data controller in connection with the university’s tasks.
In some situations, Aarhus University will be the data processor if we process personal data on behalf of other parties, e.g. in connection with investigations, research projects or the operation of an IT system. In a situation where AU is the data processor, we will act on the instructions of the data controller in question. This means that the university’s privacy policy will not apply; instead, the processing of your personal data will be governed by a data processing agreement.
As an employee of Aarhus University (e.g. in connection with recruitment, while you are employed, and finally, where required after your employment has ended), we will process your personal data in accordance with applicable statutory requirements and the contract that we have entered into with you. Examples of personal data processed by the university are: name, address, contact details, date of birth, civil registration no., employee number (AU ID) and place of work. Read more about the use of personal data in an employment relationship.
As a student at Aarhus University, we will process your personal data in connection with your studies, and after you have completed your studies, so that we can issue an exam certificate. In some cases, the university will transfer your personal data to external parties, such as SU-styrelsen (the Danish Students’ Grants and Loans Scheme Office). Examples of personal data processed by the university are: name, address, contact details, date of birth, field of study, civil registration no. and grades.
In connection with the university’s tasks, we will process your personal data in conjunction with administrative purposes, such as individual courses, conferences and events, rejection of job applications and refusal of admission to degree programmes. In this connection, the university will process personal data concerning the data subject, who may be a staff member, a student or an external party. Examples of personal data processed by the university are: name, address, contact details, payments, use of the website, and information in connection with registration for an event.
In connection with research projects at Aarhus University, personal data will be processed to varying degrees. Types of personal data and categories of personal data depend on the specific research project.
As an employee, student or data subject at Aarhus University, we will process your personal data for various security-related purposes. This might be in connection with identification of you as a user, or in connection with video surveillance, access control or the use of digital platforms. In this connection, the university will process personal data concerning website traffic, location data, IP addresses, video monitoring, access control log, and so on. Find the university’s cookie policy.
Aarhus University will also process sensitive personal data about you to the extent that this is required by law or in connection with research projects – see section 4.4. As a general rule, sensitive personal data will be processed on the basis of your express consent, unless our processing without consent is permitted by law. Examples of sensitive personal data that we may process are: health data, biometric data and DNA, and details of your political or trade union affiliation.
In some cases, the university provides your personal data to collaborative partners or suppliers that e.g. assist us with the operation of IT solutions, marketing or surveys. In this case, we provide the data on the basis of an agreement, and the processing takes place in accordance with the related instructions. Disclosure may also be to external third parties, if we have been ordered to do so. This might be the Danish Customs and Tax Administration (SKAT), the police or another public authority.
Aarhus University is present on a number of social media platforms. The overall privacy policies for the social media can be found on their respective websites:
To the extent that Aarhus University discloses information for use on social media via external collaborative partners, a data processing agreement between the university and the collaborative partners is used.
AU takes the security and protection of personal data very seriously. The university has developed a number of internal procedures and policies in order to comply with our security standards, including ensuring appropriate technical and organisational security measures for our processing of personal data. Read more about how to report a security breach and information security at the university.
When the purpose of the university’s processing of your personal data has been fulfilled, we will erase, make anonymous or archive your personal data. There may be special rules, including the Danish Bookkeeping Act (Bogføringsloven), the Danish Examination Order (Eksamensbekendtgørelsen), or documentation requirements in connection with research and similar, which impose an obligation or right on us to retain personal data for a longer period.
You have the following rights if Aarhus University processes your personal data:
Note that your rights may be limited by other legislation or be subject to exemptions, e.g. in relation to research and the exercising of public authority.
When AU processes your personal data, we have a duty to provide you with the following information:
You are always welcome to contact Aarhus University in connection with access to the data we are processing about you. Data which is part of a research project is, however, not covered by the right of access.
You can contact Aarhus University’s data protection officer, Karina Søndergaard, if, as a data subject, you have any questions concerning our processing of your personal data. E-mail: dpo@au.dk. You can also send a letter to Aarhus University, Nordre Ringgade 1, DK-8000 Aarhus C, Attn.: Data Protection Officer.
You can read more about your rights and opportunities to appeal on the Data Protection Agency’s website www.datatilsynet.dk, or file an appeal to:
The Danish Data Protection Agency
Carl Jacobsens Vej 35
2500 Valby
Tel no.: 3319 3200
Email: dt@datatilsynet.dk