Transparency in data processing
Cphbusiness works to ensure that as a person registered with us, you are guaranteed the transparency to which you are entitled under the EU General Data Protection Regulation.
We only process personal data for that purpose; if we need it for another purpose, we will inform you first.
Situations in which we process your data (general citizens)
When, as a citizen with no links to Cphbusiness, you contact us in writing, we receive your enquiry in secure systems and process it with the aim of answering your questions. When we have finished processing the matter, it is deleted within the email systems but retained in journal data, as Cphbusiness is subject to the provisions on open administration and the duty to record data. We do not disclose your data to any other party.
Situations in which we process your data (newsletter recipients)
If you subscribe to a newsletter from Cphbusiness, we will use your email address to send you marketing information. We do not disclose your data to any other party. You can unsubscribe from the newsletter at any time.
Situations in which we process your data (suppliers, partners, internship hosts and contact persons)
If we have an agreement with you whereby you provide a service to us or we provide a service to you, we will process your personal data for the purpose of fulfilling this agreement. We do not disclose your data to any other party.
When you host an internship for a Cphbusiness student or act as a contact person during an internship, your data will be processed in our CRM system as part of the internship contract for the student. The purpose is to establish the frame work for the student’s internship. We do not disclose your data to any other party.
Situations in which we process your data (applicants and students)
When you apply for admission to a study programme or a part of a study programme at Cphbusiness, this is usually done by creating an application in a system and uploading documentation. We receive this information via a secure connection and process it in our various study administration systems, to assess whether you meet the admission requirements. If information is missing or there are any questions, we will contact you. We use secure connections for this communication.
If you are admitted to the study programme or part of a study programme, you will receive notice, and prior to commencing studies you will be assigned a Cphbusiness email address and be added to the systems we use to support our tuition such as our learning platform. You will be added with a single sign-on (WAYF), which ensures that you are recognised as a user in the systems with your assigned privileges.
While you study at Cphbusiness, your data is processed on an ongoing basis as you attend lectures, receive and answer emails and sit exams, and if you lodge any complaints or apply for exemption etc. You will also occasionally receive questionnaires and evaluations aimed at ensuring the quality of your study programme and educational institution. You are under no obligation to respond to these evaluations and questionnaires, but we would encourage you to do so, as they are very important for ensuring the quality of your study programme and educational institution. (Please note that a study-start test will be held for full-time study programmes in connection with commencing studies, for which attendance is compulsory.)
When you complete your study programme or part of a study programme, we will send you a diploma via a secure connection. You may later find that you receive questionnaires and evaluations aimed at ensuring the quality of your study programme and educational institution. You are under no obligation to respond to these evaluations and questionnaires, but we would encourage you to do so, as they are very important for ensuring the quality of your study programme and educational institution.
As part of the quality assurance for our study programmes, we are working with data-driven education statistics, which are statistical analyses of information, students, and applicants. There is no analysis at the individual level.
All administrative processing of your personal data takes place in secure systems, to which only security-cleared personnel have access, and is in line with national legislation. In rare instances, you will have to give consent for your data to be processed.
All surveys sent to you by Cphbusiness are either in line with legislation or required by the Danish Ministry of Higher Education and Science.
Situations in which we disclose your data (applicants and students)
Cphbusiness only discloses data about you in very rare cases. This applies to situations where the ministry or its underlying agencies or other government authorities order us to do so, for example when reporting study activities for all students. Cphbusiness is granted funding to provide education and do research on the basis of this reported information. Cphbusiness does not have the option to refrain from disclosing this data, and you therefore cannot request to be exempted from this disclosure. Disclosure takes place via secure connections, and the government authorities also have a very clear focus on data security and using data for the intended purpose.
Cphbusiness does not disclose data about you to any third party, unless the third party has a clear legal authority to receive and process the data. This applies, for example, if you participate in a course paid for by your employer. In this case, we will disclose data about your course registration which your employer needs in order to pay for your participation. (Typically your name, the name of the course, the starting date and price.) If your course is cancelled or no payment is charged for other reasons, your employer will be informed so that the company is aware that the attendance fee does not have to be paid. No further data about you will be disclosed.
Cphbusiness uses data processors that assist us with IT or other services. These data processors act on instructions from Cphbusiness and process personal data on behalf of Cphbusiness. Cphbusiness thereby ensures that the data processors observe applicable legislation.
Situations in which we disclose your data (employees)
Cphbusiness discloses data about employees to the Danish Tax and Customs Administration (SKAT), pension funds and other relevant government authorities – for example to municipalities for reimbursement in connection with long-term illness. Apart from these legally entitled recipients, Cphbusiness discloses no data about employment without the employee’s consent.
As part of the security at Cphbusiness, we monitor inside our buildings and entrances and exits. Recordings are deleted after 30 days. The recordings are stored in secure systems, to which only security-cleared personnel have access. We only disclose this data if there is a clear legal obligation to do so – for example if the police request the recordings in connection with a report of theft or assault.
We store your data until it is no longer necessary for us to process it. In some situations, it can be difficult to provide a precise time frame beforehand, but the section below outlines our framework for how long your data is stored.
Applicants and students
We store your personal data in accordance with the various legal requirements for government agencies and institutions, including the Danish Archives Act (Arkivloven), the Danish Public Information Act (Offentlighedsloven), the Danish Public Administration Act (Forvaltningsloven),the Danish Act on Business Academies for Higher Education Programmes (Lov om erhvervsakademier for videregående uddannelse) and the Examination Order (Eksamensbekendtgørelsen). We will delete such data for enrolled students when our reason for processing the data as a government institution has passed.
We also only process data about students/former students where a separate basis for doing so exists.
If the separate basis is consent, we store such personal data until the purpose of the processing has expired or you revoke your consent.
Suppliers, partners, etc.
Data linked to transactions between you and us is generally deleted no later than at the end of the ordinary time limit of five years after the expiry of the agreement.
Participants at conferences, workshops, open house events, etc.
We delete your personal data immediately at your request.
Deleted as soon as possible after you unsubscribe.
Enquiries from you
Will normally be stored for up to six months after processing is complete, unless journal obligations require otherwise.
If we have reason to keep your personal data in order to meet legal obligations such as in relation to legal disputes, we reserve the right to keep your personal data for an extended period, and at least until the case is closed.
As mentioned above, Cphbusiness aims primarily to process data we have the legal authority to process, but where we can only do so after obtaining consent from you, we will only process that data once we have obtained consent and we will stop at the moment you want to withdraw your consent, if that is what you choose to do.
Transparency is also ensured by the fact that you are always welcome to ask to inspect the personal data we have registered about you and how we use it.
We would, however, encourage you to use this option cautiously and not too frequently – at ‘reasonable intervals’ as the General Data Protection Regulation puts it.
Have you used Unibuddy?
In case you ask questions to a student ambassador via Unibuddy on cphbusiness.dk we will process your data up to 24 months after your last interaction with the Cphbusiness student ambassador chat. We do so in order to be able to track the effect of the student ambassador chat function: Have potential students who have asked questions enrolled into a programme at Cphbusiness? You can at any time exercise your right to anonymize data which you have disclosed via Unibuddy. Click here to anonymize your data.
Where do the rules come from?
Article 5 of the General Data Protection Regulation sets out the principles governing the processing of personal data, which everyone, including Cphbusiness, must comply with. Article 12 of the Regulation describes the responsibility of a data controller for ensuring transparency in the processing of data.