This personal data policy describes how the Danish Accreditation Institution uses the personal data that you ‘leave behind’ and/or actively submit when you visit www.akkr.dk or when, in some other way, you’re in contact with us. The policy also has information about your rights, e.g. your right of access to see the data we’ve registered about you, and how you can have your data deleted or how you can have inaccurate data about you corrected.
If you have any questions, please feel free to contact our data protection officer (DPO), Henrik Pedersenl. You’ll find our contact details to the right or below in the section on the Danish Accreditation Institution as a data controller.
The Danish Accreditation Institution is the data controller responsible for processing the personal data that we receive or collect. Any registered person (i.e. data subject) can at any time contact us at:
The Danish Accreditation Institution
Tidemandsvej 1
4300 Holbæk, Denmark
CVR no. (central business registration number): 30603907
Telephone: +45 33 92 69 00
Email: akkr@akkr.dk
See here how to use a secure connection to receive signed and encrypted e-mails (in Danish)
The data protection officer at the Danish Accreditation Institution is Henrik Pedersen. If you have any questions, or if you want us to update, rectify or erase the personal data that we’ve registered about you, you can contact Henrik Pedersen at the above address (att. data protection officer) or via:
Email: dpo@akkr.dk
Telephone: +72 31 88 29
The Danish Accreditation Institution processes personal data pursuant to current legislation, including the General Data Protection Regulation and the Danish Processing of Personal Data Act. The purpose of this processing is to perform the required case processing and/or provide a high level of service. As a professionally independent authority in government administration, our main tasks are stipulated in the Danish Accreditation Act and include:
- Accreditation of educational institutions covered by section 1 of the Act, including of their study programmes (section 2).
- Preparation of accreditation reports that form the decision-making basis for decisions by the Accreditation Council (section 2(2)).
When carrying out accreditation, in the majority of cases we process personal data pursuant to Article 6(1)(e) of the General Data Protection Regulation. This includes processing personal data which is required in connection with exercising our public authority or to carry out tasks in the public interest. As a general rule, these situations involve general personal data such as contact details and CVs.
Processing sensitive personal data and/or civil registration numbers (CPR numbers) only takes place to a limited extent, e.g. in connection with recruitment of panel members, employees or external consultants, where this is deemed necessary. Processing of such data is pursuant to Article 9(2)(g) of the General Data Protection Regulation.
The Danish Accreditation Institution also processes personal data collected in connection with use of our website or subscription to our newsletter with a view to ensuring a good user experience.
Collection of data in connection with use of our website is primarily to gather anonymous statistics in order to adapt content to user needs. For more about this see our cookie policy.
When you sign up to receive newsletters from the Danish Accreditation Institution, you are asked to provide your email. This data will be kept confidential and will be used to send you our newsletters. The data will be deleted if you cancel your subscription at a later stage.
When you sign up for our newsletter, you automatically accept that we can collect statistics about you, e.g. number of times you open the newsletter and click on links. Any statistical data we collect cannot be attributed to named recipients and is used exclusively for our continuous development of the newsletter.
Subscription to the Danish Accreditation Institution’s newsletter is free of charge and non-binding and you may at any time cancel your subscription via a link in the newsletter itself.
At the Danish Accreditation Institution, we process all personal data securely and responsibly in accordance with relevant legislation.
We follow a number of fundamental principles, which means that all personal data must be:
- processed lawfully, fairly and in a transparent manner in relation to citizens, employees and collaboration partners;
- collected for specified, explicit and fair purposes and not further processed in a manner that is incompatible with the original purpose;
- adequate, relevant and limited to what is necessary for the stated purpose;
- correct, and appropriate measures must be in place to ensure that incorrect information is rectified or erased;
- stored so that it is not possible to identify the registered persons for longer than necessary;
- protected against unauthorised or unlawful processing, as well as against loss or damage.
The data protection rules contain a number of rights which you may assert with the Danish Accreditation Institution.
As a registered person (data subject), you have the following rights:
- The right to access – You have the right to see the personal data that about you that the data controller is processing, and you have the right to certain information about the processing
- The right to rectification – You have the right to have incorrect/wrong personal data about you rectified
- The right to erasure or the ‘right to be forgotten’ – As a general rule, you have the right to have your personal data erased if at least one of a number of conditions referred to in the General Data Protection Regulation has been met
- The right to restriction of processing – You have the right to have the processing of your personal data restricted if at least one of a number of conditions have been met
- The right to data portability – In certain circumstances, you have the right to receive your personal data and to request to have this personal data transferred from one data controller to another
- The right to object – You have the right to object to any otherwise lawful processing of your personal data.
- The right not to be subject to a decision based solely on automated processing, including profiling.
However, you should note that, in some cases, these rights may be restricted by other legislation.
This applies regardless of whether you contact us in your capacity of citizen, journalist or employee in a private or public-sector organisation.
Please contact us if you want to exercise your rights described above.
To ensure that your case is processed correctly and to deliver high-quality service, please notify us in the event of changes to your personal data which could affect your case with us.
As far as possible, we will keep the data we have about you up to date.
Your personal data will be filed pursuant to the rules in the Danish Access to Public Administration Files Act and will be submitted to the archival authorities pursuant to the rules in the Danish Archives Act (approx. every five years).
When the purpose of collecting and processing your personal data has been met, or if required by law, your personal data will be deleted.
We only give other entities access to your personal data if necessary, and in accordance with legislation.
Other entities will be granted access to your personal data e.g. in connection with hosting our website, IT security and support matters in relation to our databases and case processing systems.
If you want to know who has access to your personal data, please contact the Danish Accreditation Institution’s data protection officer (DPO) or our main post box, see section 1 above.
The Danish Accreditation Institution has adopted internal rules e.g. regarding processing of personal data and information security. The rules include instructions and measures to protect your personal data from being destroyed, lost or changed, as well as to protect your personal data from unauthorised disclosure and from unauthorised persons gaining access to it or obtaining knowledge about it.
We have established procedures to safeguard the physical and electronic security of your personal data. These procedures ensure that staff and external consultants process your personal data confidentially and using relevant encryption, logging and data backup, as well as screened off workstations and locked cupboards.
Pursuant to current legislation and standards, including the General Data Protection Regulation and the ISO 27001 standard on information security, we perform maturity analyses and risk assessments of suppliers, systems and programs to provide the best possible security for your personal data.
In the event of security breaches presenting a high personal risk for you of identity theft, financial loss, discrimination, loss of reputation or other significant burden, we will inform you about the security breach as soon as possible so that you can take the necessary precautions.
If you disagree with the way in which we process your personal data, or with the purposes for which we process your data, please feel free to contact us. You can also submit a complaint to:
Danish Data Protection Agency
Borgergade 28, 5th floor
1300 Copenhagen K, Denmark
Telephone: +45 33 19 32 00
Email: dt@datatilsynet.dk
We reserve the right to make changes to this personal data policy in the event of significant legislative amendments or the introduction of new technological solutions or features that could improve our website.
This policy was revised most recently in December 2023