Data protection at SDU
Protection of personal data
Every day, SDU processes information about a large number of students, employees, test subjects, patients et al. Therefore, the university complies with the legislation about general data protection to ensure that personal data are not misused and that affected individuals know who are treating their information and why.
Data protection officer
SDU employs a data protection officer (DPO) who advises employees and students about legislation and rules for data protection. You can contact SDU’s data protection officer, Simon Kamber, at email@example.com, if you have any questions concerning SDU’s handling of your personal information.
SDU processes and registers information about individuals who come into contact with the university as for instance employees, students, participants in research projects or conferences – or just as subscribers to SDU publications.
According to the general data protection regulation (GDPR) and the Danish data protection law, SDU, as data controller, must inform registered individuals about their rights concerning the processing of their personal information.
SDU registers personal data in accordance with the general data protection regulation, specifically paragraphs 6, 9 and 10. Personal data used in research projects are registered under the authority of the Danish data protection law § 10.
Processing and retention
SDU’s data processing is designed to be private and confidential. Personal data are processed and retained within the university’s administrative systems. When the information is no longer needed for its original purpose, it will either be deleted or stored within SDU’s recordkeeping systems.
Disclosure of personal information
Personal data will not be disclosed without the registered individual being explicitly informed, unless the university is required to disclose the information to other public authorities.
Right of access
Generally, registered individuals can at any time contact SDU to gain a copy of their personal information retained in SDU systems. Exempt from this are personal data included in research projects and stored by SDU.
Rectification of information
If the registered individual considers the registered information to be incorrect, he or she can contact the university for rectification of the information. This means that the university either rectifies the information or takes note that the information is incorrect and instead registers the correct information.
The registered individual is entitled to having the data controller disregard the information until it has been settled, which information is correct. Registered individuals also have the right to the university not utilizing the information if it is no longer needed.
Registered individuals have the right to object to the processing of their personal information unless the university is processing the information as part of a research project.
If SDU has obtained consent to process the data from the registered individual, said individual can at any time withdraw their consent. Consequently, the university is not entitled to continue the processing of data after the consent has been withdrawn.
Filing a complaint with the Danish Data Protection Agency
Registered individuals can file a complaint concerning the processing of their data with the Danish Data Protection Agency firstname.lastname@example.org.