The purpose of this policy is to inform you as a student, collaborative partner or visitor to our website of how we treat your data at the University College of Copenhagen (KP). We take our data responsibility seriously, and we make sure that the data processing is legal and transparent.
This data protection policy is written in accordance with the demands of the European Parliament and the council’s regulation 2016/679 of 27 April 2016. It concerns the protection of natural persons with regard to the processing of personal data and the free movement of such data.
If you have any inquiries regarding our processing of personal data, or if you would like to exercise your rights to access or object to our data processing, you can contact us as follows. Be sure to use your study mail if you are a student at KP when you contact us.
KP has assigned the role as Data Protection Officer to Karsten Holt at DPO-team:
Tel: 71 74 90 20
The Danish Data Protection Agency can be reached at:
Carl Jacobsens Vej 35
Our processing basis is mainly based on the General Data Protection Regulation article 6 paragraph 1 point (e) as we as a public educational institution carry out an educational task in the public interest and we make decisions that tends to exercise official authority.
Besides this, we have an important task in doing research, where personal data is treated in accordance with the Data Protection Act (Databeskyttelsesloven) §10.
As a public institution we treat personal data in accordance to § 11 in the law mentioned above.
For a number of other situations our processing basis is:
The General Data Protection Regulation article 6 paragraph 1 point (a) – consent (which is used for photos)
The General Data Protection Regulation article 6 paragraph 1 point (b) – contract (when you sign up for courses)
The General Data Protection Regulation article 6 paragraph 1 point (c) – compliance with legal obligations – concerns our specific duty to treat or pass on personal data in regards to the following laws:
- Professionshøjskoleloven (University Colleges Act), chapter 2 and subsequent orders
- Lov om erhvervsakademiuddannelser og professionsbacheloruddannelser (Professional and vocational educations Act), chapter 1, 2, 3 and 6 and subsequent orders
- Lov om erhvervsuddannelser and lov om erhvervsfaglig studentereksamen (Vocational Educations Act) and the subsequent orders
- Adgangsbekendtgørelsen (Order for Access)
- Eksamensbekendtgørelsen (Order for Examinations)
- SU-loven (Economic support for the Students Act)
- Lov om åbne uddannelser (Open Education Act) and subsequent orders
- Lov om videregående uddannelse (Further Education Act)
- SPS-lov and subsequent order (Economic special support Act)
- Curricula and other regulations set by KP
We use this type of data about you – students and participants
KP uses data about you to manage your education with us. We use data about you to improve our service and ensure quality in our educational offerings and other services, as well as in our communication with you.
The data we use includes:
- Personal data – name, address, phone number, profession, payment info, data traffic, login data, logfiles for specific systems
- Information regarding professional qualifications and personal competencies, diplomas
- Social Security number
- Special category of personal data when needed – such as health information
- KP compiles anonymised or pseudonymised data for general statistics, as well as for training and organisational development.
We collect and store data for specific purposes
The purpose of handling your personal data is to create the foundation for administrative operations, which KP does according to law and as public institution.
KP collects and stores data in order to:
- Manage your relationship with us
- Manage your education
- Meet legal and contractual requirements
- Improve our education and services
- Customise our communications to you
- Contact you with relevant offers after you graduate (for instance offers on further education, alumni network etc.). You can always choose not to be contacted with these offers.
We pass on your information in the following situations
KP pass on your personal data to third party if obliged by law or in case of an investigation.
KP pass on the following categories of personal data:
- Information on study activity if a student has an educational requirement, is in rehabilitation, etc. if KP is obliged to do so or if you have given consent that KP can disclose the information in question to an authority.
- Information relating to payment of SU, e.g. leave, study activity, interruption or termination of education.
The data is passed on to the following recipients:
- Municipalities, job centres etc.
- Danish Agency for Institutions and Educational Grants
- Authorised accounting firms in connection with an audit of KP
- Other public institutions or third party, who can ask for access to the files in regards
Personal data are in specific cases handed to the police in case of an investigation of fraud, theft, vandalism, or other criminal offence. In specific cases, personal data can be passed on to law firms if there is a need of special attention.
Use of personal data – others
As part of our course activities we administrate personal data from many different people, both in our case handling and in the daily running of business.
Due to The General Data Protection Regulation, KP must inform you how we treat and protect personal data. This information concerns professionals, business associates, future clients and recipients of our electronic newsletters.
Which personal data do we treat and where do we get them from?
We collect and treat personal data about you, which we have received from you or collected on public websites (municipalities and public schools, virk.dk or your company’s website).
This information includes your name, workplace and contact info (phone number and email address).
We do not treat any information about you, that falls within the category of personal data (defined as such in the GDPR).
We will only process data about you that is relevant and adequate according to the purposes defined above. The purpose is key in defining which type of data about you we consider relevant.
We only collect, process, and store the personal data necessary to fulfill the purposes defined above. We do not collect data that are not necessary for the purpose.
In addition, it may be determined by law what type of data we need to collect and store. The type and extent of the personal data we process may be necessary to fulfill a contract, education agreement or other legal obligation.
We verify that the personal data we process about you is accurate. We make sure to update your personal data on an ongoing basis. We will also ask you to provide us with relevant changes to your data.
We delete or anonymise your personal data when it is no longer necessary for the purpose that was the reason for our collection, processing and storage of your data, unless there are regulatory purposes that require us to store data.
Protection of personal data
KP ensures that personal data is stored securely and confidentially. We have information and security rules, that contains instructions and measures that protect your personal data from being lost, changed, or unknowingly passed on to strangers.
Personal data is stored in systems with limited access, so that only the relevant employees of KP have access to the personal data. Technical security measures in the form of two-factor validation, backup, logging, encryption, etc. have been implemented.
We make sure that security and access is constantly checked.
In the event of a security breach resulting in a high risk of compromising your data, we will notify you of the breach immediately.
We regularly asses our procedures and systems by analysing and implementing appropriate technical and organisational measures to protect your data.
You have the right to access your personal data
At any given time you have the right to know what data we process about you, where they originate from and what we use them for. You also have the right to know for how long we keep your personal data and who receives data about you to the extent that we pass on data in Denmark and abroad.
If you request it, we may inform you of the data we process about you. However, access may be restricted for the privacy, business secrets and intellectual property of other persons.
You may exercise your rights by contacting us. Our contact information can be found at the top of this policy.
Inaccurate personal data can be rectified or deleted
If you believe that the personal data we process about you is inaccurate, you have the right to have the data rectified. You must contact us and inform us of the inaccuracies and how they can be corrected.
In some cases, we will be obliged to delete your personal data. This applies, for example, if you withdraw your consent. If you believe that your data is no longer necessary for the purpose for which we obtained it, you may request for it to be deleted. You may also contact us if you believe that your personal data is being processed in violation of the law or other legal obligations.
When you make a request to have your personal data corrected or deleted, we investigate whether the conditions are met, if so, we delete or change the text immediately.
You have the right to object to our processing of personal data
You have the right to object to our processing of your personal data. You can use the contact information at the top to submit an objection. We then assess whether your objection is justified. If your objection is justified, we will cease processing your personal data.
You have the right to receive the personal data you have provided us. If you wish to access your data, or object to our data processing, we will investigate if it is possible and respond to your inquiry as soon as possible and no later than one month after we have received your inquiry.
You have the right to have your data
You have the right to access the personal data you have passed on to us and to be given it in a structured, commonly used, readable format (data portability).