NORDUnet want to protect the privacy of participants to our events and of individuals who give NORDUnet their personal details.

PRIVACY POLICY NORDUnet A/S

1        General

1.1        This Privacy Policy (the Policy) is valid to all the information you provide us with and or which we gather about you from your registration to our events, conferences, including your visits to our websites. The Policy will inform you of the data we collect, how we process your data, how we store it, and for how long.

1.2        You are encouraged to familiarize yourself with this Policy and contact us if you find information herein that is unacceptable to you. You will find the latest valid version of this policy in www.nordu.net.

2        Data Responsible

2.1        The data responsible organisation for processing of your data is

NORDUnet A/S
Kastruplundgade 22,1
DK 2770  Kastrup
+45 32 46 25 00
info [@] nordu [.] net
Org. # 17490346

(hereinafter ”NORDUnet”)

2.2        The overall legal framework for our processing of personal data is vested in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)  

2.3        All questions to this Policy, the processing of your data and any suspicion on non-compliance must initially be addressed to privacy [.] questions [@] nordu [.] net.

3        Definitions

3.1        Below you will find definitions on some of the most essential privacy policy notions.

3.1.1      ‘Personal data’

means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 


 

3.1.2       ‘Controller’

means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; 


3.1.3      ‘Processor’

means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; 


3.1.4      ‘Processing’

means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3.1.5      Sensitive Data

Data on race and ethnic origin, political, religious or philosophic conviction, or union affiliation, genetic data, health data and information on the sexual relation and or sexual orientation of a person including information in the form of biometric data if such biometric data is processed with the specific objective of identifying a physical person (sensitive data).

 

3.1.6      General data protection regulation

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

 

3.1.7      Data protection act

The Act that may be adopted on the basis of the bill proposed on additional regulations to the protection of natural persons in regard to the processing of personal data and on the free movement of such data as proposed on 25th October 2017

 

4        Purpose of the processing of your personal data

4.1        According to your actual use of our services and or offerings, such as participation to our events, we may be required to process your personal data or we may find it necessary to process your personal data to the extent required for us to provide the services requested by you and for NORDUnet to live up to our obligation as an organization and a company. This is applicable to both your participation in our events, workshops, conferences, your request for services, and or our marketing efforts towards you.

5        The personal data we process about you

5.1        We collect this information directly from you:

5.1.1      When you participate in events hosted by NORDUnet we collect the following standard personal data from you: Name, organization, e-mail.

5.1.2      As a general rule we do not collect any sensitive data about you but in the events that require catering of any kind we will ask about your dietary requirements to safeguard your health and wellbeing.

5.1.3      If you require assistance from us to obtain visa or similar we may collect sensitive data to the level required by the relevant authorities to process a visa for you.

 

6        How we process your data

6.1        Your data is used to

  • Issue confirmation of your participation to the events that you have signed up for
  • Issue registration badges where relevant
  • Issue participants lists to administer your participation
  • Notify you of activities related to your participation
  • Make website functionality available to you
  • Reply to questions and requests from you
  • Collect statistics on participation for future planning

 

 

7        Basis of processing

7.1        We process your data to the specific purpose for which it has been collected. NORDUnet has a legitimate interested in processing your data (name and e-mail) for NORDUnet’s marketing purposes. Our legitimate interests are thus to know your preferences in order for us to adjust our offerings to you and eventually offer products and services that better fulfil your needs and requests. NORDUnet complies with the rules and regulations laid down by the marketing act.

 

7.2        In certain cases, we may be legally obligated to process your personal data. It may be for documentation of transactions or similar as per the relevant accounting standards. This means that we are obliged to keep accounts for five years from the end of the relevant accounting year.

8        Sharing of your personal data

8.1        We may share your personal data with the suppliers, partners, and the Nordic NRENs who assist in the execution of your order, and who assist in our IT operations.

8.2        Your personal data will not be shared with sponsors for commercial use

8.3        To this should be added that we share your information where we are obliged as a result of reporting to public authorities, such as TAX, etc.

9        Storage and deletion of your personal data

9.1        We store your personal data in accordance with the below rules

9.1.1      If you are a customer (participant, speaker, or in other ways submitting your data to NORDUnet conferences, workshops or similar events) we keep your data for up to five years from the date of registration.

10      Your Rights

10.1      Access

10.1.1    You are entitled to receive a list of the personal data we process on you. You can contact us via privacy [.] questions [@] nordu [.] net and request an overview of the data we have registered including the purpose for which the data has been collected; we will respond to your request within 1 (one) month from date of receipt of your request.

10.1.2    Conference participants can check the link included in the email confirming your registration to see the data you have provided for that specific event.

10.2      Correction and deletion

10.2.1    You are entitled to request correction and deleting of the personal data we process on you, in so far this does not interfere with our compliance to legislative requirements. We will respond to your request 1 (one) month from date of receipt of your request. If, for some reason, we cannot meet your request we will contact you.

10.3      Limitation of Processing

10.3.1    You may have the right to have the processing of your personal data limited. Please contact us at privacy [.] questions [@] nordu [.] net if you want to invoke a limitation of the processing of your data.

10.4      Data Portability

10.4.1    You have the right to receive your personal data (only data relating to yourself that you have provided to us) in data structures commonly used and in machine readable format (data portability) Please contact us privacy [.] questions [@] nordu [.] net if you want to invoke your right to data portability.

10.5      Right of petition

10.5.1    You are entitled to request us not to process your personal data in the events where the processing is based upon article 6, section 1(e) (task of community relevant or public authority) or article 6, section 1(f) (legitimate interest). It appears from the present Policy to which extent we process your data for such purposes. You are entitled to exercise your right of petition at any time by contacting us.

10.6      Revocation of consent

10.6.1    If the processing of your personal data is based upon your consent you are entitled to withdraw your consent at any time. Your revocation may not affect the legitimacy of the processing that was performed before you withdrew your consent. Please contact us if you want to withdraw your consent.

10.6.2    If you want to withdraw your consent to receiving sales promotion and offers you can do so by contacting us on info [@] nordu [.] net. If we are in doubt about your identity we can ask you to identify yourself. Apart from the standard communication cost this is a free service.

10.7      Certain conditions or limitations may prevail in connection to the use of the above rights. Therefore, you may not have the right to data portability in certain cases. This depends upon the specific circumstances relating to the actual processing activity.

11      Potential consequences of not providing personal data.

11.1      If you are obligated to give data about yourself to us it will appear where we collect the data. If you do not want to share the personal data requested it may have the consequence that we cannot supply you with the services you request, process your order, admit you to our events and conferences.

12      Security

12.1     Within NORDUnet the processing of personal data is subject to the NORDUnet IT & security policy. The NORDUnet IT and Security policy also includes rules for risk evaluation and impact analysis of existing and new and amended processing activities. NORDUnet have implemented internal rules and procedures for the maintenance of sufficient security from the time we collect personal data to deletion, and we only leave processing of personal data to processors who keep a sufficiently suitable security level.

13      Complaints to authorities

13.1      If you are dissatisfied with our processing of your personal data you can issue a complaint to the Danish Data Authority;


Datatilsynet, Borgergade 28, 5th floor, DK- 1300 København K.  

13.2      Update of this Policy

13.2.1    NORDUnet shall comply with the basic principles for protection of personal data and data protection. Hence, we review this policy at regular intervals to keep it updated and in compliance to valid principles and legislation. This policy may change without prior notice. Considerable changes of the present policy will be made public in our website with an updated version of the policy.

 

 

This policy has been updated as per 9th March, 2018