Skip to content

Privacy policy

Keyboard med hængelås på

Privacy policy for the handling of personal data at DST Consulting

Respecting and protecting your personal data is of great importance to us. That is why we continuously focus on confidentiality and security and comply with the General Data Protection Regulation when we process the data.

In this privacy policy, you can read about how we handle the personal data that you give us when as a customer you make a request for services or give your consent to receiving newsletters from us.

 

1. Who are responsible for treating and keeping your data

Statistics Denmark is responsible for the use and storage of your personal data:

Data controller:
Statistics Denmark
Sankt Kjelds Plads 11
DK-2100 Copenhagen Ø
dst@dst.dk
CVR – 17150413
Telephone +45 39 17 39 17

Data protection officer:
Amalie Stubdrup
databeskyttelse@dst.dk
Telephone +45 39 17 39 95
2. How we handle your personal data when you are a customer

Purpose:
When you contact us as a customer or potential customer to inquire about services or assignments, we process your personal data and your business data for the purpose of preparing offers and contracts and delivering and invoicing services in accordance with the existing agreement. In this way, the agreement is the legal basis for our processing of your data (the legal framework is Article 6, paragraph 1(b) of the General Data Protection Regulation).

Categories of personal data:
We process your professional contact information, including your name, occupation, telephone number, email and your business data.

Receivers of the data:
We invoice provided services via Navision Stat (the Agency for Public Finance and Management), which will consequently receive the name, CVR number, EAN number (if relevant) and address of your business as well as your name. All forms for ordering products and assignments at dst.dk/tilsalg are handled through a cloud-based add-on for our customer relations management system. This add-on is hosted by ClickDimensions, who has access to your name, business name, CVR number/EAN, business address, email, telephone number, occupation. Clickdimensions’ processing of Statistics Denmark customer data may involve transfer of data to the USA, which is covered by the EU-U.S. Privacy Shield framework agreement and to Israel, which is covered by EU Directive 95/46/EC. You can register for our courses via Nemtilmeld. To learn more about Nemtilmeld’s handling of your personal data, see the privacy policy for the individual course at the bottom of the course registration.

Where we get your data:
We primarily receive the personal data that we process from you.

How long we store your data:
For accounting purposes, we store your data and your business data for five years in accordance with the Danish Bookkeeping Act when you buy services from Statistics Denmark. Should your inquiry not lead to invoicing of a specific service, we typically store your data and your business data for 1-2 years for the purpose of possible later consulting.

3. How we handle your personal data when you subscribe to our newsletters

Purpose:
When you subscribe to our newsletters, we process your personal data and, if relevant, your business data to be able to send you relevant news about our products and services. In this way, your subscription, i.e. your consent, constitutes the legal basis for our processing of your data. (The legal framework is Article 6, paragraph 1(a) of the General Data Protection Regulation).

Categories of personal data:
We process your professional contact information, including your name, email and, if relevant, your business data.

Receivers of the data:
The subscription forms for our newsletters are handled through a cloud-based add-on for our customer relations management system. This add-on is hosted by ClickDimensions, who has access to your name, business name and email. Clickdimensions’ processing of Statistics Denmark customer data may involve transfer of data to the USA, which is covered by the EU-U.S. Privacy Shield framework agreement and to Israel, which is covered by EU Directive 95/46/EC.

Where we get your data:
We have the personal data that we process from you.

How long we store your data:
Statistics Denmark stores your personal data for as long as we have your consent.

The right to withdraw your consent:
You are entitled to withdraw your consent at any time. You can do so by clicking the unsubscribe link in one of our newsletters or via our subscription page www.dst.dk/consulting-nyt. If you choose to withdraw your consent, it does not affect the legality of our processing of your personal data based on your previously communicated consent and prior to your withdrawal. So if you withdraw your consent, it is not effective until the time of withdrawal.

4. How we handle your personal data when you are a business partner, including suppliers

Purpose:
When we engage in a cooperation process or a dialogue with you about a potential partnership, including delivery, we process your personal data to be able to send you emails or communicate with you, e.g. to be able to pay for your services. We process your data as part of our duties as a public authority and in the public interest. (The legal framework is Article 6, paragraph 1(e) of the General Data Protection Regulation).

Categories of personal data:
We typically process your professional contact information, including your name, occupation, telephone number, email and your business data.

Receivers of the data:
In general, we do not disclose the personal data of our business partners. Only if you are a supplier, we pay for your services via the systems Indfak and Navision Stat (the Agency for Public Finance and Management), which will consequently receive the name, CVR number, EAN number (if relevant) and address of your business as well as your name.

Where we get your data:
We primarily receive the personal data that we process from you.

How long we store your data:
Statistics Denmark stores your personal data as a business partner for as long as the cooperation continues and no longer than one year after it ends, in case it is resumed, unless we are legally obliged to store the data for a longer period of time. If you are a supplier, we store your data for as long as the delivery agreement continues and for five years after termination of the agreement in accordance with the Danish Bookkeeping Act, unless we are obliged by other statutes to store the data for a longer period of time.

5. How we handle your personal data when you participate in an international consulting project

Purpose:

When we are in contact with you as an existing, future or potential project participant, we process your personal data and/or your business data for the purpose of preparing offers and contracts and delivering and invoicing services in the project in accordance with the concluded agreement. In this way, the agreement is the legal basis for our processing of your data (the legal framework is Article 6, paragraph 1(b) of the General Data Protection Regulation).

Categories of personal data:

Expert, project assistant, interpreter or representative of local business partner
We process your contact and professional data, including your name, date of birth, personal ID (e.g. CPR no.), telephone number, email, nationality, sex, passport details, occupation, education, work experience, qualification details and, if relevant, your bank and/or business data.

Expatriate adviser
We process your contact and professional data, including your name, date of birth, personal ID (e.g. CPR no.), telephone number, email, nationality, sex, passport details, occupation, education, work experience, qualification details and, if relevant, your business data.

For expatriates and any accompanying family, we also process data about health conditions for the purpose of taking out an expatriate insurance policy under the terms of the contract.

Representative of donor organisation
We process your contact and professional data, including your name, telephone number, email and occupation.

Receivers of the data:

In connection with your participation in international advisory projects, we may share your personal data with other institutions and authorities in and outside Denmark.

Any general personal data we receive on you as a project participant is included in offer and contract. Accordingly, the donor organisation of the project as well as the local business partner receive this data.

If you are a project participant with a business of your own, we will pay your invoices via Navision Stat (the Agency for Public Finance and Management), which will consequently receive the name, CVR number, EAN number (if relevant) and address of your business as well as your name.

If you are a representative of a donor organisation, we issue invoices to your organisation via Navision Stat (the Agency for Public Finance and Management), which will consequently receive the name, CVR number, EAN number (if relevant) and address of the organisation as well as the name of the representative from the donor organisation.

If as a project participant you receive fees for your services via SLS (the government’s payroll system), SLS will receive your name, address, CPR number and banking details.

As a local project participant (e.g. interpreters and project assistants), you will be paid a fee for your services via a local bank, which receives your name, address and account details.

If as a project participant you need to get a visa with the assistance of Statistics Denmark, we will share your passport details and any general personal data with the passport-issuing embassy or the company that can manage the visa application.

In most cases, international advisory projects pertain to cooperation with countries defined as insecure third countries in the General Data Protection Regulation. We will only transfer your personal data in cases where compliance with the contractual obligations and consequently your work and the completion of the project depends on it. The work with international advisory projects is of major public interest as stipulated by the Act on Statistics Denmark. For this reason, the transfer of personal data to insecure third countries falls within Article 49, paragraph 1(d) of the General Data Protection Regulation. For projects funded by the EU, any transfer of personal data to other institutions, regardless of country, additionally falls within Regulation (EU) 2018/1725 (IDPR).

To take out an expatriate insurance policy, the insurance company GOUDA will receive the health information we received about you and any accompanying family that you may have, if you are an expatriate adviser.

Where we get your data:

We primarily receive the personal data that we process from you or your employer.

How long we store your data:

If you participate in a project funded by the EU, for documentation purposes for subsequent auditing, we store your general personal data physically and electronically for seven years after the closing of the project in accordance with EU’s “Practical Guide for Procurement and Grants for European Union external actions” (PRAG).

If you participate in a project funded by other donor organisations, for accounting purposes and for subsequent auditing, we store your general personal data physically and electronically for five years after the closing of the project in accordance with the Danish Bookkeeping Act, unless our contractual terms with the donor organisation stipulates otherwise.

If we help you with your visa application, we will store your passport details and personal data entered in the application until a visa is issued, after which we will delete the data physically and electronically.

We will delete any health information we may receive from you in order to take out expatriate insurance as soon as we have transferred the information to GOUDA. 
6. Your rights

Danish legislation on the protection of personal data gives you the right:

  • to acquire knowledge to a great extent about the personal data of yours that we process.
  • to object to the collection and further processing of your personal data.
  • to have your personal data revised and to limit our processing of your personal data.
  • in certain cases, to have your personal data deleted.
  • in certain cases, to request a copy of your personal data.

If you want to exercise your rights, please contact us at databeskyttelse@dst.dk.

You can learn more about your rights in a guide (in Danish) from the Danish Data Protection Agency about the rights of registered persons at www.datatilsynet.dk.

Furthermore, you can lodge a complaint with the Danish Data Protection Agency, if you are not satisfied with our handling of your personal data. You can find contact information for the Danish Data Protection Agency at www.datatilsynet.dk.

7. Data security

Statistics Denmark has high security standards. We have procedures to ensure that we live up to these standards and comply with the requirements for appropriate security measures in the legislation on the protection of personal data.

We process personal data in accordance with Statistics Denmark’s general security measures described in Statistics Denmark’s information security policy and data confidentiality policy. In addition, we comply with the ISO27001 security standard.

Contact

DST Consulting
Phone: +45 39 17 36 00