Privacy policy

Information about processing of personal data

In the following, we have described the processing of personal data by Erhvervsakademiet Copenhagen Business Academy S/I (‘Cphbusiness’, ‘we’, ‘us’) together with the other information we are obliged to provide proactively to data subjects in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 (the ‘General Data Protection Regulation’, ‘GDPR’).

Data controller

The legal entity responsible for processing your personal data is

Erhvervsakademiet Copenhagen Business Academy S/I
CVR number 31678021
Nansensgade 19
DK-1366 Copenhagen K
Tel.: +45 36 15 45 00
persondata@cphbusiness.dk

Contact information for our Data Protection Officer:
E-mail: GDPR@efif.dk
Phone: 89 36 32 80
Address: Sønderhøj 28, 8260 Viby

Joint data responsibility between Cphbusiness and Copenhagen School of Design and Technology during a transition period

Cphbusiness and Copenhagen School of Design and Technology have decided to merge the institutions and establish a new business academy as of 1 July 2025. To prepare for this work, the parties have entered into an agreement on joint data responsibility. 
 
The agreement includes joint processing of personal data necessary for the two current institutions to function as one institution when the merger takes effect. The processing activities include both viewing and, in some cases, processing of data by the other data controller. It includes data about human resources, study administration and general institutional administration related to the phases of the merger. 

Until the establishment of the new institution, the processing of the individual data subject's data will continue at his/her resident institution, as also as described in the privacy policy of Copenhagen Business Academy and the personal data policy of Copenhagen School of Design and Technology. As a data subject with one of the two institutions, you are still affiliated with the institution where you are a student or employee and can assert your rights as a data subject towards the institution as a this is stated in its privacy policy (Cphbusiness) or personal data policy (Copenhagen School of Design and Technology). You will also continue to be covered by your institution's technical and organizational security measures.

Minimum technical requirements for the security of IT solutions

As an independent institution, Cphbusiness is not subject to the minimum technical requirements for the security of IT solutions for state authorities, but we have decided to comply with them for the sake of the data subjects.

Further Cphbusiness uses compliance with the minimum technical requirements as a criterion in the selection of partners in working with suppliers and data controllers.

The current minimum technical requirements have been published on SikkerDigital.dk and can be found here (in Danish): Tekniske minimumskrav for statslige myndigheder

Processing activities

When you are signed up for a newsletter from Cphbusiness

Data covered by the processing activity

If you sign up for a newsletter with us, we will process information about your name and the contact details you provide.

We assume that with your registration you have actively decided that you wish to receive communication about study programmes from Cphbusiness. We do not ask for information about age in connection with registration and therefore do not process information about this. In addition to the processing of contact information for the people who sign up for newsletters, we will process data on opening and click rates for the newsletters and look into which stories and parts of the newsletter are read and clicked on.

We do not analyze this data for the individual user, but only on an aggregated level.

Legal basis for the processing

The legal basis for the processing is the Data Protection Regulation, Article 6, subsection 1 letter a, a specific consent that you give in connection with signing up.

Disclosure of data

The information is not passed on to other parties. Cphbusiness uses an approved data processor for the newsletter, who therefore supports Cphbusiness in carrying out the work, and who therefore processes the personal data under instructions from Cphbusiness.

Disclosure of data

The personal data involved in this process is not disclosed. Cphbusiness uses an approved data processor for the newsletter service, which therefore supports Cphbusiness in carrying out the work, and who therefore processes the personal data under instructions from Cphbusiness.

Storage and deletion

We store information about your registration as long as you have not withdrawn it.

In addition, we delete all registrations for users who have not opened a newsletter in the course of 12 months.

Applicants for study places

Data covered by the processing activity

When you apply for admission to a study programme or part of a study programme at Cphbusiness, we process data about your name, civil registration (CPR) number, previous (including qualifying) education, data about work experience and other documentation that may be required in relation to admission to specific study programmes. For students who need to pay for their participation in a given study programme, we also process payment details.

It is mandatory to provide data about name and civil registration number as well as data required in connection with an application for admission. If we do not receive this data, we cannot process your application.

For course participants who are under the Danish Prison and Probation Service, we also process data about the detention facility and assigned educational counsellor, if such information is provided.

Legal basis for processing

There are different types of legal basis for processing, depending on the type of study programme for which you are applying for admission. The lawfulness of our processing may be based on Article 6(1)(b) of the General Data Protection Regulation where the processing is necessary for us to enter into or perform a contract with you, and/or on Article 6(1)(c), as we are legally obliged to collect certain data about applicants as a basis for our assessment of their applications, as well as on Article 6(1)(e), as the processing is necessary for the exercise of official authority. In rare cases, the lawfulness of our processing will be based on Article 6(1)(f) of the General Data Protection Regulation where the data are necessary for us to pursue our legitimate interests in admitting students at the right level in relation to their competences and qualifications.

The lawfulness of our processing of data about a civil registration number is based on section 11(2) para (1) of the Danish Data Protection Act (Databeskyttelsesloven), as we are required to use the civil registration number in connection with our reporting to public authorities, including reporting as a basis for disbursement of public funds for the study programme.

The lawfulness of our processing of data about criminal offences (we process data about the detention facility assigned educational counsellor, and only if such information is provided, and based on this information it is possible to deduce that the data subject is under the Danish Prison and Probation Service) is based on section 8(3) of the Danish Data Protection Act, as the data are necessary for us to pursue our legitimate interests in complying with our obligations under our cooperation with the Danish Prison and Probation Service.

Disclosure of data

To the extent that we are obliged to do so, we disclose data about you to the Coordinated Enrolment System, the Danish Ministry of Higher Education and Science, Statistics Denmark and the Danish National Archives.

For courses offered by third parties, data about you as a course participant are disclosed to these parties, and we also receive data about your participation from such course suppliers.

For courses run for unemployed persons, data are exchanged with municipal authorities (job centers) and – in some cases – with the Danish Ministry of Employment.

For students who have to pay for their study programme themselves, data may be disclosed to the Danish Debt Collection Agency.

For students who are not citizens of an EU member state, data are exchanged with the Danish Ministry of Immigration and Integration.

Storage and deletion

If you are admitted to a study programme, your data will be transferred and stored in accordance with our storage and deletion time limits for student data. Other data, as well as data about applicants who are not admitted to a study programme, are generally erased after a maximum of one year (and often before); but no earlier than when we have complied with our obligations to the Danish National Archives.

When you are enrolled in an education or take a course at Cphbusiness

Data covered by the processing activity

If you are admitted to a study programme or parts of a study programme, you will be assigned a Cphbusiness email address and a single sign-on (WAYF), which ensures that you are recognized with your rights in those of our systems that you need to use in connection with your study programme. If you have name and address protection, we will ask you to state which alias you want to use on, for example, our learning platform, and we will subsequently process this data.

If you start on a full-time study programme, a portrait photo must be provided in connection with your study start, and we process this photo in connection with the issue of a student identity card, which you can use to identify yourself as a student. We also process this photo in our student administrative systems, where it is used as part of your master data.

During your studies at Cphbusiness, your data – including the data we received in connection with your application for admission – are processed on an ongoing basis together with additional data collected continuously. This comprises data about participation in or absence from courses and classes, the reasons for absence (as disclosed to us by you), data about loans from and other use of our library, submission of papers and assignments and data about consent to lending out of papers and assignments, exam registrations and results, complaints and appeals, applications for exemptions, data about your use of our systems, data about participation in the work of councils and boards, including any participation in talent programmes, as well as other data that you may give us as a basis for our administration of your course of study.

We also process the data required as documentation in state education grant and loan cases, special educational support cases and cases regarding state educational support for adults, in complaints and appeals and in cases concerning other special circumstances. This data may comprise special categories of data (sensitive data’), in particular health data.

Finally, we process your answers to a number of evaluations of and questionnaires about your course of study at Cphbusiness if you choose to participate in these evaluations and questionnaire surveys.

When you complete your study programme or part programme, we will issue a diploma to you and send it to you via a secure connection. You may later find that you receive questionnaires and evaluations aimed at ensuring the quality of your study programme and educational institution. You are under no obligation to respond to these evaluations and questionnaires, but we would encourage you to do so, as they are very important for ensuring the quality of your study programme and educational institution.

As part of the quality assurance of our study programmes, we use data-driven education statistics, which are statistical analyses of data about students and applicants. These are, for example, analyses of grade history, the development in retention/drop-out of students on our study programmes and the development in the number and types of complaints and appeals. The analyses form part of Cphbusiness’ quality assurance work. There is no analysis at the individual level.

For students enrolled in online classes

Cphbusiness offers some full-time programmes 100% online, i.e. without physical teaching and participation. (This is subsequently referred to as online classes.) To be a student in an online class, you must agree to the procedures described below.

In online classes, it is a requirement that the students participate online, and for this purpose have acquired relevant equipment to be able to attend an online class, such as a computer with camera, headset with microphone and a fast internet connection. Especially in relation to exams, it is important that each student has a powerful internet connection which can handle simultaneous up- and download of both audio and video.

Students are responsible for this equipment and its operability, both during teaching sessions and examinations.

In online classes, it is also a requirement that you as a student contribute to an active learning environment by participating with the camera tuned on. We emphasize that everyone is present with the camera turned on in the digital classroom, as it is a prerequisite for being able to create relationships that are important for your learning outcome.

We sometimes record lessons in online classes, so you have the opportunity to go back and revisit different parts of the classes and the like. Recordings of teaching are not part of and thus not covered by Cphbusiness' policy for CCTV surveillance.

Legal basis for processing

There are different types of legal basis for processing, depending on the type of study programme on which you are enrolled. The lawfulness of our processing may be based on Article 6(1)(b) of the General Data Protection Regulation, as the processing is necessary for us to enter into or perform a contract with you, and/or on Article 6(1)(c), as we are legally obliged to process certain data about our students, including to report data to public authorities, as well as on Article 6(1)(e), as the processing is necessary for the exercise of official authority. In rare cases, the lawfulness of our processing will be based on Article 6(1)(f) of the General Data Protection Regulation where the data are necessary for us to pursue our legitimate interests in ensuring effective operations.

The lawfulness of our processing of sensitive data is based on Article 9(2)(f) of the General Data Protection Regulation, as the processing is necessary for the establishment, exercise or defense of legal claims, for example a legal claim that you may have for an increased state education grant due to a functional impairment, and on Article 6(1)(e), as the processing is necessary for the exercise of official authority, as well as on Article 6(1)(c), as the processing is necessary for compliance with a legal obligation. Finally, in rare cases, the lawfulness of our processing will be based on Article 6(1)(f), as the processing is necessary for us to pursue our legitimate interests in ensuring adequate, correct and lawful case handling. If the lawfulness of our processing cannot be based on Article 9(2)(f) and no other legal basis can be found in either Article 9 of the General Data Protection Regulation or in the Danish Data Protection Act, we will obtain your consent to our processing of sensitive data.

The lawfulness of our processing of data about a civil registration number is based on section 11(2) para (1) of the Danish Data Protection Act, as we are required to use the civil registration number in connection with our reporting to public authorities, including reporting as a basis for disbursement of public funds for the study programme.

The lawfulness of our processing of data about criminal offences (we process data about the detention facility assigned educational counsellor, and only if such information is provided, and based on this information it is possible to deduce that the data subject is under the Danish Prison and Probation Service) is based on section 8(3) of the Danish Data Protection Act, as the data are necessary for us to pursue our legitimate interests in complying with our obligations under our cooperation with the Danish Prison and Probation Service.

Disclosure of data

To the extent that we are obliged to do so, we disclose data about you to the Coordinated Enrolment System, the Danish Ministry of Higher Education and Science, Statistics Denmark and the Danish National Archives.

For courses offered by third parties, data about you as a course participant are disclosed to these parties, and we also receive data about your participation from such course suppliers.

For courses held for unemployed persons, data are exchanged with job centers and – in certain cases – with the Danish Ministry of Employment.

For students who have to pay for their study programme themselves, data may be disclosed to the Danish Debt Collection Agency.

For students who are not citizens of an EU member state, data are exchanged with the Danish Ministry of Immigration and Integration.

If Cphbusiness receives a request from law enforcement authorities about disclosure of information, we are obliged to comply with it.

Storage and deletion

We store the data necessary to be able to recreate diplomas for 30 years after the issue of the diploma, as we are legally obliged to do so. As a general rule, other data are erased when we have met our obligations to the Danish National Archives in relation to the data in question.

Administration of internships

Data covered by the processing activity

If you are an internship host or some other form of contact person for at student taking an internship, we process data about your name, your contact details, your job title, the company you represent and the internship agreement(s) entered into for our students.

If you are doing an internship as a student, we process data about your civil registration number and name, data about the internship place and period, your work tasks in connection with your internship as well as evaluations and statements from the internship place.

Legal basis for processing

The lawfulness of our processing is based on Article 6(1)(b) of the General Data Protection Regulation, as the processing is necessary for us to enter into or perform a contract with you as internship host, on Article 6(1)(c), as we have a legal obligation to process certain data in connection with students’ internship course, as well as on Article 6(1)(e), as the processing is necessary for the exercise of official authority. In rare cases, the lawfulness of our processing will be based on Article 6(1)(f), as the processing is necessary for us to pursue our legitimate interests in supporting a good internship course for both the student and the internship place.

Disclosure of data

We disclose the data to the internship place when a student initiates the submission of an internship contract. Otherwise, data are not disclosed without consent.

Storage and deletion

We store the data necessary to be able to recreate diplomas for 30 years after the issue of the diploma, as we are legally obliged to do so. As a general rule, other data are erased when we have met our obligations to the Danish National Archives in relation to the data in question.

With regard to information about internships and contact persons, we will generally store this information until the student's internship (and subsequent relevant complaint periods) has ended. In certain cases, we will obtain consent for longer storage and then store the information in accordance with the consent.

International exchange stays

Data covered by the processing activity

If, while you are a student, you apply for a place as an exchange student with another institution via Cphbusiness International, we process data about your application, including your civil registration number and name, your study programme and class at Cphbusiness, the institution with which you want to go on an exchange stay, data about any organizations that handle the exchange process as well as the data necessary for your application to be processed by the desired institution.

Legal basis for processing

The lawfulness of our processing is based on Article 6(1)(c) of the General Data Protection Regulation, as we have a legal obligation to process certain data about our students, including reporting information to public authorities, on Article 6(1)(e), as the processing is necessary for the exercise of public authority, as well as, to a limited extent, on Article 6(1)(f), as the processing is necessary for us to pursue our legitimate interests in ensuring good and efficient cooperation with the educational institutions with which we collaborate.

The lawfulness of our processing of data about a civil registration number is based on section 11(2) para (1) of the Danish Data Protection Act, as we are required to use the civil registration number in connection with our reporting to public authorities, including reporting as a basis for disbursement of public funds for the study programme.

Disclosure of data

We disclose data to the educational institution you have applied for a place at, if it is an institution with which Cphbusiness has exchange agreements. If this is an educational institution outside the EU, the data are generally transferred on the basis of Article 49(1)(b) of the General Data Protection Regulation.

Storage and deletion

Exchange stay data form part of the material necessary to enable us to prepare – and subsequently recreate –your diploma. Therefore, we store the data for 30 years after the issue of the diploma, as we are legally obliged to be able to recreate your diploma during this period.

Administration of conferences and open events etc.

Data covered by the processing activity

If you attend a conference or an open event with us, we process data about your name and your contact details, data about the event that you are participating in as well as payment details for events for which a participant’s fee is charged.

If the event is streamed, we also process data about you in the form of audio and video recordings.

Legal basis for processing

The lawfulness of our processing is based on Article 6(1)(a) of the General Data Protection Regulation and a specific consent which you grant in connection with either registration for or participation in the event or on Article 6(1)(b), as the processing is necessary for us to enter into or perform a contract with you, as well as on Article 6(1)(f), as the data are necessary for us to pursue our legitimate interests in holding such events.

If the event is streamed and recorded for subsequent accessibility, we always provide information about this both before the event and in connection with the actual event.

Disclosure of data

If the event is held in collaboration with external partners, we may disclose data about your name and, if relevant, the business that you represent to these partners, so they have the best possible basis for organizing their contribution to the conference. We provide information about such a collaboration when you register for the event.

Storage and deletion

As a general rule, we store the data for five years from the end of the year in which the event was held.

Data about suppliers and other partners

Data covered by the processing activity

If we have entered into an agreement with you or a company you represent in relation to us on the delivery of goods or services between Cphbusiness and you or the company you represent, we will process data about your name, your contact details, the company you represent, our correspondence with you as well as data about our trading history with you or the company you represent.

Legal basis for processing

The lawfulness of our processing is based on Article 6(1)(b) of the General Data Protection Regulation, as the processing is necessary for us to enter into or perform a contract with you or the company you represent, and on Article 6(1)(f) of the General Data Protection Regulation, as the processing is necessary for us to pursue our legitimate interests in effective communication and relations with our suppliers, internship hosts and other partners.

Storage and deletion

The personal data may be included in our accounting records, for example in connection with invoices. Accounting transactions are stored for five years from the end of the year which the transaction concerns, see the requirements of the Danish Bookkeeping Act (Bogføringsloven). Other personal data, including master data, agreements, correspondence and trading history, are stored for five years from the end of the year in which the latest interaction or transaction with you/your company took place. However, data about contact persons will be erased immediately if/when we are informed that a contact person has been replaced. 

Processing of enquiries from people without affiliation to Cphbusiness

Data covered by the processing activity

When you contact us as a citizen without affiliation to Cphbusiness, we process data about your name or the name you use, your contact details and the content of your enquiry for the purpose of answering your enquiry.

Legal basis for processing

Depending on the nature of the enquiry, the lawfulness of our processing will be based either on Article 6(1)(c) of the General Data Protection Regulation, as the processing is necessary for compliance with our legal obligations under the Danish Access to Public Administration Files Act (Offentlighedsloven) and the Danish Public Administration Act (Forvaltningsloven), or on Article 6(1)(f) of the General Data Protection Regulation, as the processing is necessary for us to pursue our legitimate interests in processing enquiries from external persons.

Storage and deletion

As a general rule, we store your data for six months, after which the data are erased. However, data which are subject to an archiving obligation in accordance with the Danish Archives Act (Arkivloven) will be erased at the earliest when the archiving has been completed. However, we may store your data for a longer period if this is necessary for us to comply with a legal obligation or for us to establish, exercise or defend a legal claim.

CCTV surveillance

Data covered by the processing activity

We have established CCTV surveillance at our locations for crime prevention and investigation purposes.

We therefore process data in the form of images of you when you are at our locations.

Legal basis for processing

The lawfulness of our processing is based on Article 6(1)(f) of the General Data Protection Regulation, as the data are necessary for us to pursue our legitimate interests in creating safe and secure premises for our employees and students, as well as on the Danish TV Surveillance Act (TV-overvågningsloven).

Data about criminal offences shown on the recordings are processed in accordance with section 8(3) of the Danish Data Protection Act.

You can request a copy of Cphbusiness’ policy for CCTV surveillance by contacting us.

Disclosure of data

We may disclose the data to law enforcement authorities if this is necessary for purposes of investigation and criminal proceedings.

Storage and deletion

The recordings are stored for 30 days, after which they are erased. However, recordings may be stored for longer where this is necessary for the investigation and handling of specific incidents.

Research and development activities

Information covered by the processing activity

In addition to the provision of education, Cphbusiness is also required to carry out practice-oriented and application-oriented research and development activities. In this way, we very often come into contact with different types of personal data. The type of data will depend on the nature of the different research projects.

Very often, data collection consists of interviews and questionnaire surveys, whereby data subjects are contacted directly and can thus decide on their participation. In such a context, we will inform you about the purpose of the processing and how the data subject's data is included and for how long.

There are also a few examples where Cphbusiness processes data about data subjects without making direct contact with the people concerned. As a general rule, these are projects where data is extracted from different source systems. This data will subsequently be anonymized or pseudonymized prior to further processing. In such projects, it is not possible to identify the individual data subject.

Legal basis for processing

The legal basis for the processing of data where the data subjects decide on their participation in the form of interviews or questionnaires, is Article 6(1)(a) of the General Data Protection Regulation, a specific consent that you give in connection with your participation or participation in the research and development activity.

For projects where personal data are anonymized or pseudonymized, the legal basis for the processing is Article 89 of the General Data Protection Regulation, as it is processing for the purpose of scientific investigations of significant social importance and where the processing is necessary for the purposes of research.

Disclosure of information

Data subjects' data collected in connection with the projects will not be disclosed. Depending on the nature of the activity, reporting on the research and development projects, will result in knowledge production and communication about it, and for some types of projects, research results will be disseminated by clear agreement with the data subjects, from which it is possible to deduce that a specific data subject has participated in the project. This only happens in cases where there is clear agreement with the individual data subject to this effect.

For research projects involving anonymized or psedonymized personal data, the information will not be disclosed in a personally identifiable form. It is only disclosed, if at all, in aggregated form.

Storage and deletion

We store the information necessary for the reliability and validity of the research that has taken place. Other information is generally deleted when we have fulfilled our obligations to the Danish National Archives in relation to the information in question.

Operation of website

Data covered by the processing activity

When you visit our website, we process data about you in the form of cookies.

You can read more about this processing, including about the cookies we use and the purposes for which we use them, in our cookie policy.

Legal basis for processing

The lawfulness of our processing is based on Article 6(1)(f) of the General Data Protection Regulation, as the data are necessary for us to pursue our legitimate interests in optimizing our website and ensuring stable operation thereof.

Disclosure of data

The data in certain cookies can also be accessed by third parties – please see the details on this in our cookie policy.

Storage and deletion

The storage period for the individual cookies is stated in our cookie policy, to which reference is made.

Use of social media

It is possible to follow Cphbusiness on a number of social media. Cphbusiness uses these media for marketing purposes, and citizens may interact with Cphbusiness’s profile and with other users on Cphbusiness’s wall and posts.

If you do so as a user, you should be aware that you provide personal data about yourself, both in the form of data which is visible in the medium and in the form of cookies. Cphbusiness has access to these data to a certain extent, as the social media most often entail joint data controlling.

Legal basis for processing

The lawfulness of our processing is based on Article 6(1)(f) of the General Data Protection Regulation, as the data are necessary for us to pursue our legitimate interests in optimizing our website and generally ensuring stable operation thereof.

Disclosure of data

The data in certain cookies can also be accessed by third parties – please see the details on this in our cookie policy.

Storage and deletion

The storage period for the individual cookies is stated in our cookie policy, to which reference is made.

Recruitment of employees

Data covered by the processing activity

When you apply for a job with Cphbusiness, we process data about your name, your contact details, data about completed and any ongoing study programmes and training programmes, data about current and previous employment, data about special competences, (for example language skills, certifications and the like), results from tests done as part of the recruitment process, references and other data that you as an applicant may state in your application or CV.

Legal basis for processing

The lawfulness of our processing is based on Article 6(1)(b) of the General Data Protection Regulation, as the processing is necessary for us to enter into or perform a contract with you, and on Article 6(1)(f), as the data are necessary for us to pursue our legitimate interests in treating all applicants in a fair and serious manner and selecting the best qualified applicant for positions with us.

Disclosure of data

Depending on the recruitment circumstances, we may disclose data to

• The temporary employment agency you are affiliated with, if this is the case
• Municipal authorities such as e.g. the job center, if your job center is involved in the employment process
• Niels Brock Copenhagen Business College (for office trainees).

Storage and deletion

For applicants who succeed in obtaining employment with us, the data are transferred as part of the data we process in connection with the employment and are stored in accordance with our policy on storage of personal data.

For applicants who do not succeed in obtaining employment with us, the data are erased no later than 12 months after you have received a final rejection of your application, unless you have granted your consent for us to store the data for longer.

Personnel management

Data covered by the processing activity

When you are employed by Cphbusiness – and for five years from the end of the year in which your employment terminated – we process data about your civil registration number, name, contact details, data about completed and any ongoing study programmes and training programmes, data about previous employment, data about special competences, for example language skills, certifications and the like, results from tests done as part of the recruitment process, data about current and previous salary/remuneration and adjustments, data about deductions and income tax rate, data about bank accounts, data about workplace, data about teaching schedule and the like, results of evaluations and employee performance reviews, data about competence development, lecturer requests, data about illness, holidays, working hours and maternity/paternity leave, any sanctions in employment law, including warnings, as well as other data you have submitted to us as an applicant in connection with the employment process or in the subsequent course of your employment.

Your employee profile on our intranet is deactivated when you leave your position, and it will be erased completely after five years. Your employee profile on our website will be erased completely with immediate effect when you leave your position. Any content you may have posted on our intranet as part of your work at Cphbusiness will be kept, and you will be shown as the sender for up to five years after you have left your position.

Legal basis for processing

The lawfulness of our processing is based on Article 6(1)(b) of the General Data Protection Regulation, as the processing is necessary for us to enter into or perform a contract with you, as well as on Article 6(1)(f), as the data are necessary for us to pursue our legitimate interests in having the best possible basis for managing our business in accordance with our right of management and so that we can contribute to creating a good and developing course of employment.

The lawfulness of our processing of data about your civil registration number is based on section 11(2) of the Danish Data Protection Act.

If, in exceptional cases, we process special categories of data (‘sensitive data’) about you, these will usually be health data, and the lawfulness of our processing of these data is based on section 12 of the Danish Data Protection Act.

Disclosure of data

We disclose data to the Danish Tax Agency and Statistics Denmark, as well as to other public authorities to which we are obliged to disclose data.

For lecturer requests, we also disclose data to an assessment committee and to the Danish Ministry of Higher Education and Science.

Storage and deletion

As a general rule, we store your data for five years from the end of the year when your employment has terminated.

Transfer of data-to-data processors and transfer to third countries in connection with this

In addition to disclosure of data and any consequent transfer of data to third countries, as described in connection with the individual processing activities, Cphbusiness transfers your personal data to the data processors which provide IT services or other services to us.

As data processors, these companies are only allowed to process data in accordance with the instructions we give them – unless they are required by law to process data – and they are thus not allowed to use the data for their own purposes.

Some of these data processors are based in countries outside the EU/EEA or use subprocessors based outside the EU/EEA, including in countries that do not ensure the same level of protection of personal data that you have within the EU/EEA. We only transfer personal data to these data processors if they are subject to Binding Corporate Rules or if another transfer basis has been established – most often the EU Commission’s standard contractual clauses.

Where the transfer basis is the EU Commission’s standard contractual clauses, you can request a copy of these contracts by contacting us at persondata@cphbusiness.dk.

Storage and deletion

The duration of our storage of your data depends on the purpose of our processing. Under each processing activity, we have described for how long we generally store the data processed as part of the individual processing activity.

However, we may store your data for longer if

• it is necessary to comply with a legal obligation
• it is necessary for the establishment, exercise or defense of a legal claim or
• you have granted your consent for a longer storage period.

In addition, we will erase your data at the earliest when our archiving obligation vis-à-vis the Danish National Archives for the data in question has been complied with.

Your rights

As a data subject, you have the following rights under the General Data Protection Regulation:

1. You have the right to request access to, rectification of or deletion of your personal data.
2. You also have the right to object to the processing of your personal data and have the processing of your personal data restricted
3. In particular, you have an unconditional right to object to the processing of your personal data for the purpose of direct marketing.
4. If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any given time. Your withdrawal will not affect the lawfulness of the processing done prior to your withdrawal of your consent.
5. In certain cases, you have the right to receive the personal data which you yourself have provided in a structured, commonly used and machine-readable format (data portability).
6. You have the right not to be subject to automated decision-making, including profiling, in cases where the decision has a significant impact on you.

Please note that there may be conditions or restrictions attached to the exercise of some of these rights.

You may exercise these rights by contacting us – our contact details are shown in the ‘Data controller’ section at the top of the document.

In addition to the above rights, you can always file a complaint with a data protection authority, for example the Danish Data Protection Agency. You can read more about the possibilities for filing a complaint and about your rights in general at datatilsynet.dk/english.

Updates of information about processing of personal data

We may update our information about processing of personal data from time to time. You can always find the current version at our website.

The information was last updated on 1 February 2025.

The website uses cookies

Some are used for statistical purposes and others are set up by third party services. When visiting cphbusiness.dk/english, you will be exposed to a pop-up asking for your permission to use cookies. By clicking 'Accept all', you accept the use of cookies.

Different types of cookies

Strictly necessary

Strictly necessary cookies help make a website navigable by activating basic functions such as page navigation and access to secure website areas. Without these cookies, the website would not be able to work properly.

Functional

Functional cookies make it possible to save information that changes the way the website appears or acts. For instance your preferred language or region.

Statistical

Statistical cookies help the website owner understand how visitors interact with the website by collecting and reporting information.

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and interesting to the individual user and thus more valuable for publishers

Unclassified

We are in the process of classifying unclassified cookies together with the providers of the individual cookies.

What is a cookie?

A cookie is a small datafile that is saved on your computer, tablet or mobile phone. A cookie is not a program that can contain harmful programs or viruses.

How/why the homepage uses cookies

Cookies are necessary for the homepage to function. Cookies help us get an overview of your visit to the homepage so that we can continually optimize and adjust the homepage to your requirements and interests. For example, cookies remember what you might have added to a shopping cart, if you have previously visited the page, if you are logged in and what languages and currency you want to be displayed on the homepage. We also use cookies to target our ads to you on other homepages. On a very general level, cookies are used as part of our services in order to show content that is as relevant as possible to you.

How long are cookies saved?

How long cookies are saved on your device can vary. The time when they are scheduled to expire is calculated from the last date you visited the homepage. When cookies expire, they are automatically deleted. You can view a complete list of cookies below.

This is how you can reject or delete your cookies

You can always reject cookies on your computer, tablet or phone by changing your browser settings. Where these settings can be found depends on the type of browser you are using. If you do change the settings, please be aware that there will be some functions and services that you cannot use because they rely on the homepage being able to remember the choices you have made.

You can choose to not receive cookies from Google Analytics here.

Deleting cookies

You can delete cookies that you have previously accepted. If you are using a PC with a recent version of a browser, you can delete your cookies by using these shortcut keys: CTRL + SHIFT + Delete

If the shortcut keys do not work and/or you are using an Apple computer, you must find out, what browser you are using and then click on the relevant link:

• Internet Explorer
• Microsoft Edge
• Mozilla Firefox
• Google Chrome
• Opera
• Safari
• Flash cookies
• Apple
• Android
• Windows 7

Remember: If you are using several different browsers, you must delete the cookies in all of them.

Do you have any questions?

Should you have any questions or comments in connection with this information and/or our processing of personal data, you are welcome to get in touch with us. The cookie declaration itself is updated every month via Cookie Information. If you have any questions regarding the Cookie Information, you can send an e-mail to info@cookieinformation.com.