Privacy Policy

What is personal data?

Personal data is any type of information relating to an identified or identifiable natural person, i.e. all types of information that can be directly or indirectly linked to a person such as a name, private address, e-mail address or social security number.

Where does your personal data come from?

The Danish Competition and Consumer Authority processes the personal data that you provide to us or that we receive about you from other authorities, companies, citizens or others.

The Danish Competition and Consumer Authority can also obtain your personal data from other authorities, companies, citizens or others when it is necessary for the performance of our tasks.

The purposes and legal basis for processing of your personal data

The Danish Competition and Consumer Authority primarily processes your personal data in order to carry out tasks and legal obligations, cf. article 6(1)(c) and article 9(2)(f) and (j) of the General Data Protection Regulation (GDPR), or as part of the exercise of official authority, cf. article 6(1)(e) of the GDPR.

When we process personal data relating to criminal convictions and offences, our processing is based on Section 8(1) and Section 8(2)(3) of the Danish Data Protection Act.

Processing of Danish social security numbers is carried out for the purpose of unique identification of the data subject, cf. Section 11(1) of the Danish Data Protection Act.

Our newsletters are sent on the basis of consent, cf. article 6(1)(a) of the GDPR.

Where is your personal data processed?

At the Danish Competition and Consumer Authority, your personal data may be processed in the authority’s IT systems, e.g. in our case management system and joint state IT systems.

Who has access to your personal data?

Employees of the Danish Competition and Consumer Authority have access to your personal data to the extent that it is necessary for processing your inquiry or carrying out the Authority’s tasks. The employees are subject to a duty of confidentiality during and after their employment to ensure the confidentiality of your personal data.

The Agency for Governmental IT Services is the data processor for the majority of the Danish Competition and Consumer Authority’s processing of personal data. The Agency for Governmental IT Services and other data processors only have access according to instructions from the Danish Competition and Consumer Authority and only to the extent that is necessary to carry out the Authority’s tasks.

How and for how long do we retain your personal data?

Your personal data will be stored for as long as necessary to fulfil the Danish Competition and Consumer Authority’s obligations as a public authority and to comply with applicable legislation, including the Danish Archives Act. We store your personal data securely and confidentially in IT systems with controlled and restricted access and on servers located on specially secured premises. We work continuously to protect the confidentiality of the data we process and to secure data against unauthorized access, alteration, publication or destruction.

Your personal data in our electronic case management system will be transferred to the Danish National Archives after the end of the record period in which the case has been closed in accordance with the Danish Archives Act. However, for a period thereafter, we will continue to have access to search for the data in a historical version of the record period in the case management system.

When can we disclose your personal data?

The Danish Competition and Consumer Authority only disclose your personal data when it is necessary for our general performance of tasks, e.g. in connection with a hearing of parties to a case, or the processing of your inquiry. We also disclose your personal data if it is necessary for other authorities to carry out their tasks, e.g. for use in police investigations.

Moreover, we disclose your personal data if it is required by law. If we receive a request for access to documents in a case involving your personal data, we must normally disclose the data, unless it is confidential, in accordance with the Danish Public Information Act.

What are your rights?

The General Data Protection Regulation provides you with a range of rights in articles 13-18 and articles 20-22.

In the following, your rights are described more generally. If you would like a more detailed description of your rights, you can read the regulation or the Guidelines on the rights of data subjects from the Danish Data Protection Agency or contact our Data Protection Officer at dpo@em.dk.

The right to be notified that your personal data is being processed

The Danish Competition and Consumer Authority must provide you with a range of information if we process your personal data. This applies both when we receive your data from you but also when we receive the data from others than yourself.

However, the obligation to provide information in the General Data Protection Regulation do not apply to cases and investigations under the Danish Competition Act, cf. Section 13 a of the Danish Competition Act.

The right of access

You can request access to the personal data that the Danish Competition and Consumer Authority processes about you and to receive a range of information about how and why we process your personal data.

However, in cases and investigations under the Danish Competition Act, you do not have the right of access, cf. Section 13 a of the Danish Competition Act. Moreover, we can decline your request for access if you will thereby obtain information that may infringe the rights and freedoms of others.

Furthermore, there are limitations on the right of access when we receive personal data in connection with the preparation of general analyses, whereby the processing is exclusively for statistical or scientific use, cf. Section 22(5) of the Danish Data Protection Act.

The right to rectification

You have the right to rectification of inaccurate personal data concerning you without undue delay and you have the right to have incomplete personal data completed.

However, there are limitations on the right to rectification when we receive personal data in connection with the preparation of general analyses, whereby the processing is exclusively for statistical or scientific use, cf. Section 22(5) of the Danish Data Protection Act.

The right to erasure

As a general rule, the Danish Competition and Consumer Authority is not allowed to delete information, including personal data, as we, as a public authority, have an obligation to keep and archive records in accordance with the Danish Public Administration Act, the Danish Public Information Act and the Danish Archives Act.

However, we only store personal data for the period of time necessary to fulfil the purpose of the processing, and in special cases you have the right to have your personal data deleted before our regular general deletion occurs.

The right to restriction of processing

In certain circumstances, you have the right to have our processing of your personal data restricted, e.g. while it is being investigated whether your data is correct or if the data is necessary to establish a legal claim.

If you have the right to have the processing restricted, we may in future only process the personal data – apart from storage – with your consent, or if the data is necessary for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interests, including archival purposes.

Information security

It is a high priority for the Danish Competition and Consumer Authority to protect citizens, companies and the Authority against unauthorized access, alteration, publication or destruction of the information we process. We pay particular attention to securing your data, and we therefore have a sufficient level of information security for all employees and business partners as well as in all our IT resources, e.g. IT systems, hardware and electronic data media.

The right to appeal

You can complain to the Danish Data Protection Agency or the Danish courts about the Danish Competition and Consumer Authority’s processing of your personal data if you believe that the processing is in breach of the data protection regulation.

You can find the Danish Data Protection Agency’s contact information at datatilsynet.dk

The Data Protection Officer

The Ministry of Industry, Business and Financial Affairs has appointed a Data Protection Officer who is also the Data Protection Officer for the Danish Competition and Consumer Authority. The Data Protection Officer’s task is, among other things, to inform and advise us about our obligations in the General Data Protection Regulation (GDPR) and Danish Data Protection Act. At the same time, the Data Protection Officer monitors and ensures the Danish Competition and Consumer Authority’s compliance with the GDPR.

The Data Protection Officer can provide further information about the rules for data protection and guide you about your rights in relation to the processing of your personal data by the Danish Competition and Consumer Authority.

The Data Protection Officer can be contacted at the e-mail address dpo@em.dk or on the phone number +45 33 92 33 50. You should be aware that if you wish to send secure digital mail, you must send it to the Ministry of Industry, Business and Financial Affairs’ main mailbox em@em.dk which forwards it to dpo@em.dk.

Cookies

The Danish Competition and Consumer Authority’s use of cookies on its websites is described in the cookie policy.

The Danish Competition and Consumer Authority’s cookie policy