Data protection and cookie policy

Latest update on: 21-03-2018

1. Personal data
Personal data submitted to the Aarhus 2017 Foundation (”Aarhus 2017”) is protected by the legislation in force at the time in question, including The Danish Act on Processing of Personal Data (persondataloven) as well as the General Data Protection Regulation (GDPR) and the Danish Data Protection Law effective as of 25 May 2018. Aarhus 2017 collects information about stakeholders, project owners, sponsors, partners, suppliers and citizens. The data in question includes the following, depending on the category of the data subjects registered:

• Names
• Contact details
• Passport numbers
• ’CPR numbers’ or corresponding foreign civil registration numbers (only collected and processed for compliance with accounting and tax law requirements and will not be disclosed)

Volunteers (ReThinkers) are referred to the following page for information about their rights: http://www.aarhus2017.dk/en/personal-data-rethinkers/

Aarhus 2017 has adopted internal rules for information safety, containing instructions and precautionary measures that protect personal data collected from being destroyed, lost or modified, from unauthorised disclosure, and against access or knowledge by unauthorised persons.

2. Data controller and data processors
The data controller is the Aarhus 2017 Foundation, Hack Kampmanns Plads 2, 2., DK-8000 Aarhus C, Denmark (company reg. no. 34731152). As data controller, Aarhus 2017 is responsible for the collection, safekeeping and processing of your data in accordance with The Danish Act on Processing of Personal Data (persondataloven) as well as the General Data Protection Regulation (GDPR) and the Danish Data Protection Law effective as of 25 May 2018.

Aarhus 2017's data processors shall treat the processing of personal data as if the Aarhus 2017 Foundation was in charge of the processing in accordance with the data processing agreement entered into with the data processor. Like the agreement with the (external) data processor, Aarhus 2017's data processors are also governed by duty of confidentiality. The following data processors are involved in data processing on behalf of the Aarhus 2017:

• Novicell, Søren Nymarks Vej 6, DK-8270 Højbjerg, Denmark (company reg. no, 20297743)
• Rambøll Management Consulting A/S, Olof Palmes Allé 20, DK-8200 Aarhus N, Denmark (company reg. no, 60997918)
• ITK, Rådhuspladsen 2, 8000 Aarhus C, (company reg. no. 55133018)

3. Purpose of the data collection
The purposes of the data collection are:

• transmission of data to the Aarhus University (company reg. no. 31119103) for their independent research-based evaluation of European Capital of Culture Aarhus 2017 and possible further evaluation and research into the effects of culture- and city projects,
• reporting to public and private organisations that have contributed with financial support to Aarhus 2017, including private sponsors, the EU, the Central Denmark Region, the 19 municipalities of the Region and the Agency for Culture and Palaces,
• legal compliance,
• publication on Aarhus 2017’s website, for information purposes and for knowledge sharing,
• information from external project owners is collected for the purpose of planning, coordination, marketing, information disclosure on behalf of external projects as part of the cultural capital project, and
• issuing of newsletters to persons signed up for Aarhus 2017’s newsletter via the website.

Aarhus 2017 solely process personal data necessary and relevant in relation to the purposes defined above, and we control on a continual basis that the processed personal data is not erroneous or misleading.
Personal data will be deleted by Aarhus 2017 when it is no longer necessary in relation to the purposes constituting the basis for the collection of the data.

4. Cookies
4.1. What is a cookie?

Cookies are used by almost all websites. In some cases, the use of cookies is the only way to make a website work as intended.

A cookie is a file which is placed in your computer or other IT equipment. It makes it possible to recognise your computer and collect information about which sites and functions are visited by your browser. However, cookies cannot see who you are, what your name is, where you live or if the computer is used by one or more persons. Also, cookies cannot spread computer viruses or other harmful programmes.

This website uses cookies, but you will be informed about cookies being placed before they are placed.

4.2. Cookies for statistical purposes
We use Google Analytics to collect statistics about user behavior on the website. We use this information to understand the users’ behavioral patterns, so that we can present the most relevant information to our users.

4.3. Decline or delete cookies
You can always decline or delete cookies on your computer via the settings in your browser. Where you find the settings, depends on which browser you are using. Be aware that the website cannot remember the selections that you make if you decline cookies.

4.4. Cookies from our collaborators
Likewise, our collaborators, Facebook and Google, use cookies – the so-called third-party cookies. The purpose of this type of cookies is to ensure delivery of targeted online advertisements.

For more information about rules re. cookies, please visit the website of the Danish Business Authority.

5. Your rights as a registered individual
The Danish Act on Processing of Personal Data (persondataloven) grants you the following rights as a registered individual:

• The right to be informed about the collection/processing of information for use by electronic data processing (§§ 28 and 29), as complied with by this policy
• The right to request access into data processed electronically (§ 31)
• The right to oppose data being processed electronically (§ 35)
• The right to require correction, deletion or blocking of information which is erroneous, misleading or in a similar way is processed in violation of the law (§ 37)

You can read more about the data regulation on www.datatilsynet.dk, or by contacting The Danish Data Protection Agency (Datatilsynet) directly.

You can make complaints about the processing of your personal data to:

The Danish Data Protection Agency
Borgergade 28, 5.
DK-1300 København K 
Phone: +45 3319 3200
Fax: +45 3319 3218
Email: dt@datatilsynet.dk