The Danish National Research Foundation (DNRF) processes personal data in order to make grants for research, to recruit employees and to distribute news letters etc.
As from 25 May 2018 the DNRF’s processing of personal data is carried out in accordance with EU’s General Data Protection Regulation (EU) 2016/679 of 27 April 2016 as well as relevant Danish national legislation.
The DNRF puts emphasis on
- Limiting registration and processing of personal data to what is necessary
- Processing personal data as transparent as possible, and
- Ensuring appropriate security using an appropriate technical and organisational set-up.
The identity and contact details of the DNRF as the controller are:
Any questions regarding the processing of personal data could be addressed to the Data Protection Officer (DPO) of the DNRF:
2. Purpose, legal basis and period of storage
DNRF processes personal data primarily for three purposes:
- Granting of funds etc
- Recruitment of employees etc
- Distribution of news letters etc.
Generally, personal data are collected from the relevant data subject, e.g. in relation to the data subject’s application for grants, application for a job or subscription for news letters from the DNRF etc. The data subjects have no legal obligation to provide personal data to the foundation.
The foundation receives only rarely personal data from other parties than the data subjects themselves. In such cases the foundation will inform the data subjects directly about the information received and from whom the information was received.
Whether the personal data are collected directly from the data subject or the personal data are received from other parties than the data subject, the data will be processed as described in the following.
2.1 Granting of funds etc.
The DNRF makes grants to finance unique research of international standard as is stipulated in para 1 of the Danish National Research Foundation Act no 367 of 10 April 2014. In accordance with para 4 of the said act the funds of the foundation are normally granted in open competition on the basis of applications from research institutions and researchers. The board of directors shall supervise the research activities that receive grants from the foundation, and the board publishes a report on the activities of the foundation once a year, ref. para 6 of the act. As part of the follow-up activities the foundation also carries out evaluations as well as analyses on the indirect effects of the grants.
To perform the activities described above the foundation processes personal data including names, addresses, telephone numbers, e-mail addresses, CV, bank account numbers etc. concerning applicants, co-applicants and employees assisting in the performance and implementation of the foundation’s grants. To a limited extent, the foundation asks for CPR-numbers as identification.
The personal data is processed only to grant research activities and to monitor the implementation of the grants. Data will be disclosed to Independent Research Fund Denmark (Danmarks Frie Forskningsfond) to assist with proposals for external peer reviewers. Following consultation and information of relevant applicants the data will also be disclosed to external reviewers both in Denmark, in EU and in third countries if relevant. To assist the foundation in its follow-up activities, data will, to a limited extent, be disclosed to service providers assisting with media insights and monitoring. Finally, data will be disclosed to other public bodies if provided in applicable legislation.
Personal data processed for the purpose of granting of funds and monitoring the implementation will be stored by the foundation until they are transferred to the state archives in accordance with applicable legislation.
2.2 Recruitment of employees etc
The DNRF is managed by a board of directors who appoints a director. The director is responsible for recruitment of administrative employees as stipulated in the executive order, AND no 944 of 8 September 2008.
When performing administrative activities the foundation processes personal data during the recruitment of new employees as well as during the successive HR administration, including payment of salaries, taxes etc. The personal data processed include names, addresses, telephone numbers, e-mail addresses, CV, bank account numbers, CPR (identification) numbers etc. In case of sickness the foundation may, confidentially, and only if necessary, process data concerning health.
Personal data will be disclosed to Visma DataLøn A/S (Bluegarden), who processes salaries on behalf of the DNRF. Further, personal data will be disclosed to other public authorities, including SKAT (tax authorities), if and when required by applicable legislation.
Personal data provided in relation to applications which are not followed by a job contract will be deleted after six months.
Personal data concerning employees will be deleted five years after termination of the employment, or, at the latest, at the end of the current storage period (”journalperiode”).
2.3 Distribution of news letters etc
The Danish National Research Foundation’s web site www.https://dg.dk offers subscription to news letters and ad hoc events.
When subscribing to the news letter, subscribers are registered with their e-mail address. The foundation transfers the e-mail addresses to MailChimp (The Rocket Science Group LLC d/b/a MailChimp, Georgia, USA), who processes the data to distribute news letters to the subscribers on behalf of the foundation. The subscribers give their consent to the processing of their personal data (e-mail addresses) by ticking a specific box on the web site.
The subscribers have the right to withdraw their consent at any time by terminating their subscription. If so, the personal data will be deleted for the future.
The foundation makes use of photographs of identifiable persons after obtaining written consent from the individual data subject. The foundation will use such photographs as consented to, e.g. in the foundation’s publications or on this website. The data subject has the right to withdraw his or her consent at any time by sending an e-mail to firstname.lastname@example.org. If the data subject does so, the photographs will be deleted for any future use.
3. Rights of the data subjects
The data subjects have further rights which supplement the information provided above:
- Right of access
The data subjects have the right to obtain from the foundation access to the personal data concerning him or her.
- Right to rectification
The data subjects have the right to obtain from the foundation the rectification of inaccurate personal data concerning him or her.
- Right to erasure
To a limited extent, the data subjects have the right to obtain from the foundation the erasure of personal data concerning him or her.
- Right to restriction of processing
The data subjects have the right to obtain from the foundation restriction of processing for a certain period of time.
- Right to object
To a certain extent, the data subjects have the right to object to processing of personal data concerning him or her (notably concerning HR issues).
The DNRF assists the data subjects in performing the listed rights.
The DNRF protects the personal data from unauthorised processing. The foundation puts emphasis on best practice regarding both the organisational processing of the data (including CPR (identification) numbers) and the technical measures.
The foundation has entered into data processing agreements with the data processors who process personal data on behalf of the foundation.
If not satisfied with the foundation’s processing of personal data, the data subjects have the right to lodge a complaint with Datatilsynet (supervisory body). The contact details of Datatilsynet are published at www.datatilsynet.dk.