Privacy Policy

About the Text: Privacy Policy

The text below is to be regarded as an unofficial translation of the privacy policy of the Danish National Research Foundation. Only the Danish ‘privatlivspolitik’ has legal validity.

1. Introduction

The Danish National Research Foundation (DNRF) processes personal data in order to make grants for research, to recruit employees and to distribute news letters etc.

The DNRF’s processing of personal data is carried out in accordance with EU’s General Data Protection Regulation (EU) 2016/679 of 27 April 2016 as well as relevant Danish national legislation, including the Act on data protection, ref. act No 502 of 23 May 2018.

The DNRF puts emphasis on

  • Limiting registration and processing of personal data to what is necessary
  • Processing personal data as transparent as possible, and
  • Ensuring appropriate security using an appropriate technical and organisational set-up.

The identity and contact details of the DNRF as the controller are:

The Danish National Research Foundation
Holbergsgade 14, 1. sal
1057 København K
Tel.                 +45 3318 1950

Any questions regarding the processing of personal data could be addressed to the Data Protection Officer (DPO) of the DNRF:

Attorney-at-law Charlotte Elverdam
Kochsvej 15, 1. tv.
1812 Frederiksberg C
Tel.: +45 2075 8330

2. Purpose, legal basis, and period of storage

The DNRF processes personal data primarily for three purposes:

  • Granting of funds for research etc
  • Human resources etc
  • Operation of website (dk)

Generally, personal data are collected from the relevant data subject, e.g. in relation to the data subject’s application for grants, application for a job or subscription for news letters from the DNRF etc. The data subjects have no legal obligation to provide personal data to the foundation.

The foundation receives only rarely personal data from other parties than the data subjects themselves. In accordance with applicable regulations, the foundation will inform the data subjects directly about such information and from whom the information was received.

Whether the personal data are collected directly from the data subject or the personal data are received from other parties than the data subject, the data will be processed as described in the following.

2.1 Granting of funds etc.

The DNRF makes grants to finance unique research of international standard as is stipulated in para 1 of the Danish National Research Foundation Act, see consolidated act no 200 of 26 February 2019. In accordance with para 4 of the said act the funds of the foundation are normally granted in open competition on the basis of applications from research institutions and researchers. The board of directors shall supervise the research activities that receive grants from the foundation, and the board publishes a report on the activities of the foundation once a year, ref. para 6 of the act. As part of the follow-up activities the foundation also carries out evaluations as well as analyses on the indirect effects of the grants.

To perform the activities described above the foundation processes personal data including names, addresses, telephone numbers, e-mail addresses, ORCID numbers, CV, etc concerning applicants, co-applicants, external peer reviewers and employees assisting in the performance and implementation of the foundation’s grants. To a limited extent, the foundation asks for CPR-numbers as identification.

The personal data is processed to grant research activities and to monitor the implementation of the grants.

Personal data will be disclosed to

  • Independent Research Fund Denmark (Danmarks Frie Forskningsfond) to assist with proposals for external peer reviewers
  • co-funding foundations concerning grants to the so-called Pioneer Centers
  • to external reviewers both in Denmark, in EU and in third countries if relevant
  • to a limited extent to media monitoring agencies as part of the foundation’s follow-up on grants
  • external consultants and other counsellors assisting the foundation with its activities, including activities concerning evaluations and analyses
  • the Danish Agency for Higher Education and Science, only for research and statistics relating to the data developing program within research and innovation
  • other public bodies if provided in applicable legislation

Personal data processed for the purpose of granting of funds and monitoring the implementation will be stored by the foundation until they are transferred to the state archives in accordance with applicable legislation.

2.2 Human resources etc

The DNRF is managed by a board of directors who appoints a director. The director is responsible for recruitment of administrative employees as stipulated in the executive order, AND no 944 of 8 September 2008.

When performing administrative activities the foundation processes personal data during the recruitment of new employees, of board members and of members of the investment committee as well as during the successive HR administration, including payment of salaries, taxes etc. The personal data processed include names, addresses, telephone numbers, e-mail addresses, CV, bank account numbers, CPR (identification) numbers, photos etc. In case of sickness the foundation may, confidentially, and only if necessary, process data concerning health.

Personal data will be disclosed to Visma DataLøn A/S (Bluegarden), who processes salaries and payments to members of the board and of the investment committee on behalf of the DNRF. Further, personal data will be disclosed to relevant banks, pension schemes, the DNRF’s advisors and other public authorities, including SKAT (tax authorities), if and when required by applicable legislation.

Information on payments to members of the board are published on in accordance with recommendations for good foundation governance.

Personal data provided in relation to applications which are not followed by a job contract will be deleted after six months.

Personal data concerning employees will be deleted five years after termination of the employment, or, at the latest, at the end of the current storage period (”journalperiode”).

2.3 Operation of the website (

The Danish National Research Foundation’s website offers subscription to news letters and ad hoc events.

When subscribing to the news letter, subscribers are registered with their e-mail address. The foundation transfers the e-mail addresses to MailChimp (The Rocket Science Group LLC d/b/a MailChimp, Georgia, USA), who processes the data to distribute news letters to the subscribers on behalf of the foundation. The subscribers give their consent to the processing of their personal data (e-mail addresses) by ticking a specific box on the website.

The subscribers have the right to withdraw their consent at any time by terminating their subscription. If so, the personal data will be deleted for the future.

The foundation uses cookies on the website, please see our cookie policy.

3. Rights of the data subjects

The data subjects have further rights which supplement the information provided above:

  • Right of access
    The data subjects have the right to obtain from the foundation access to the personal data concerning him or her.
  • Right to rectification
    The data subjects have the right to obtain from the foundation the rectification of inaccurate personal data concerning him or her.
  • Right to erasure
    To a limited extent, the data subjects have the right to obtain from the foundation the erasure of personal data concerning him or her.
  • Right to restriction of processing
    The data subjects have the right to obtain from the foundation restriction of processing for a certain period of time.
  • Right to object
    To a certain extent, the data subjects have the right to object to processing of personal data concerning him or her (notably concerning HR issues).

The DNRF assists the data subjects in performing the listed rights.

4. Security

The DNRF protects the personal data from unauthorised processing. The foundation puts emphasis on best practice regarding both the organisational processing of the data (including CPR (identification) numbers) and the technical measures.

The foundation has entered into data processing agreements with the data processors who process personal data on behalf of the foundation.

5. Complaints

If not satisfied with the foundation’s processing of personal data, the data subjects have the right to lodge a complaint with Datatilsynet (supervisory body). The contact details of Datatilsynet are published at

Sign up for our newsletter