Aarhus University Seal

Privacy Policy

Aarhus University is responsible for conducting research, and providing research-based education and research-based consultancy services to public sector authorities at the highest international level, disseminating knowledge of scientific methods and results, and exchanging knowledge and competences with society at large. In connection with this task, the university has a strong focus on data protection, data security and confidentiality. In the university’s privacy policy, you can read more about how we process personal data when we undertake this task. 

1. Legal information and contact details

Aarhus University

Nordre Ringgade 1
DK-8000 Aarhus C
CVR no.: 31119103
Tel.: 8715 0000
Eail: au@au.dk
www.au.dk

2. Aarhus University as data controller

Aarhus University is the data controller in connection with the university’s tasks.

3. Aarhus University as data processor

In some situations, Aarhus University will be the data processor if we process personal data on behalf of other parties, e.g. in connection with investigations, research projects or the operation of an IT system. In a situation where AU is the data processor, we will act on the instructions of the data controller in question. This means that the university’s privacy policy will not apply; instead, the processing of your personal data will be governed by a data processing agreement.

4. Processing and categories of personal data and use

4.1 Staff members

As an employee of Aarhus University (e.g. in connection with recruitment, while you are employed, and finally, where required after your employment has ended), we will process your personal data in accordance with applicable statutory requirements and the contract that we have entered into with you. Examples of personal data processed by the university are: name, address, contact details, date of birth, civil registration no., employee number (AU ID) and place of work. Read more about the use of personal data in an employment relationship.

4.2 Students

As a student at Aarhus University, we will process your personal data in connection with your studies, and after you have completed your studies, so that we can issue an exam certificate. In some cases, the university will transfer your personal data to external parties, such as SU-styrelsen (the Danish Students’ Grants and Loans Scheme Office). Examples of personal data processed by the university are: name, address, contact details, date of birth, field of study, civil registration no. and grades.

4.3 Others

In connection with the university’s tasks, we will process your personal data in conjunction with administrative purposes, such as individual courses, conferences and events, rejection of job applications and refusal of admission to degree programmes. In this connection, the university will process personal data concerning the data subject, who may be a staff member, a student or an external party. Examples of personal data processed by the university are: name, address, contact details, payments, use of the website, and information in connection with registration for an event.

4.4 Research

In connection with research projects at Aarhus University, personal data will be processed to varying degrees. Types of personal data and categories of personal data depend on the specific research project.

4.5 Security-related purposes

As an employee, student or data subject at Aarhus University, we will process your personal data for various security-related purposes. This might be in connection with identification of you as a user, or in connection with video surveillance, access control or the use of digital platforms. In this connection, the university will process personal data concerning website traffic, location data, IP addresses, video monitoring, access control log, and so on. Find the university’s cookie policy.

5. Processing and use of sensitive personal data

Aarhus University will also process sensitive personal data about you to the extent that this is required by law or in connection with research projects – see section 4.4. As a general rule, sensitive personal data will be processed on the basis of your express consent, unless our processing without consent is permitted by law. Examples of sensitive personal data that we may process are: health data, biometric data and DNA, and details of your political or trade union affiliation.

6. Recipients of your information – external third parties

In some cases, the university provides your personal data to collaborative partners or suppliers that e.g. assist us with the operation of IT solutions, marketing or surveys. In this case, we provide the data on the basis of an agreement, and the processing takes place in accordance with the related instructions. Disclosure may also be to external third parties, if we have been ordered to do so. This might be the Danish Customs and Tax Administration (SKAT), the police or another public authority.

7. Social media

Aarhus University is present on a number of social media platforms. The overall privacy policies for the social media can be found on their respective websites:

To the extent that Aarhus University discloses information for use on social media via external collaborative partners, a data processing agreement between the university and the collaborative partners is used.

Read more in Aarhus University’s cookie policy.

8. Security

AU takes the security and protection of personal data very seriously. The university has developed a number of internal procedures and policies in order to comply with our security standards, including ensuring appropriate technical and organisational security measures for our processing of personal data. Read more about how to report a security breach and  information security at the university.

9. Erasure of personal data

When the purpose of the university’s processing of your personal data has been fulfilled, we will erase, make anonymous or archive your personal data. There may be special rules, including the Danish Bookkeeping Act (Bogføringsloven), the Danish Examination Order (Eksamensbekendtgørelsen), or documentation requirements in connection with research and similar, which impose an obligation or right on us to retain personal data for a longer period.

10. Your rights

You have the following rights if Aarhus University processes your personal data:

  • Right of access - you have the right to see the personal data concerning you that is processed by the data controller and to receive various information concerning the processing.
  • Right to rectification - you have the right to have inaccurate/incorrect personal data about you corrected.
  • Right to erasure or the “right to be forgotten”.
  • Right to restriction of processing.
  • Right to data portability - in some cases, you have the right to receive your personal data and to request that the personal data be transferred from one data controller to another.
  • Right of objection - you have the right to object to the otherwise lawful processing of your personal data.
  • Right not to be subject to an automatic decision based solely on automated processing, including profiling.

Note that your rights may be limited by other legislation or be subject to exemptions, e.g. in relation to research and the exercising of public authority.

11. Duty of disclosure

When AU processes your personal data, we have a duty to provide you with the following information:

  • Contact details for AU
  • Contact details for our data protection officer
  • The purpose of processing and the legal basis for processing
  • Categories of personal data
  • Recipients or categories of recipients
  • Transfers to recipients in third countries
  • Where the personal data originates from
  • Storage of your personal data
  • Automatic decisions, including profiling
  • The right to withdraw consent
  • Your rights
  • Appeals to the Danish Data Protection Agency

12. Right of access

You are always welcome to contact Aarhus University in connection with access to the data we are processing about you. Data which is part of a research project is, however, not covered by the right of access.

13. Data Protection Officer (DPO)

You can contact Aarhus University’s data protection officer, Karina Søndergaard, if, as a data subject, you have any questions concerning our processing of your personal data. E-mail: dpo@au.dk. You can also send a letter to Aarhus University, Nordre Ringgade 1, DK-8000 Aarhus C, Attn.: Data Protection Officer.

14. Appeals to the Danish Data Protection Agency

You can read more about your rights and opportunities to appeal on the Data Protection Agency’s website www.datatilsynet.dk, or file an appeal to:

The Danish Data Protection Agency

Carl Jacobsens Vej 35
2500 Valby
Tel no.: 3319 3200
Email: dt@datatilsynet.dk