Privacy policy
How we process your personal data.
When the Ministry of Culture receives information about you, we must, in accordance with the General Data Protection Regulation*, provide you with information on how we process this data. This principle applies regardless of whether you contact the Ministry yourself, through your work as a journalist or employee of a private company or other public authority.
The following information is for informational purposes only. You do not have to do anything and you do not lose any rights by not reading the information on this webpage.
What is personal data?
Personal data means any information relating to an identified or identifiable natural person. This could be information such as name, address, e-mail address, social security number or financial information. Personal data may also be information about the owner of sole proprietorships or shareholders of a company.
Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, registration, systematisation, storage, disclosure and erasure.
The regulation concerning the processing of personal data can be found in:
- The General Data Protection Regulation
– it is also known as the GDPR; - The Danish Data Protection Act
1. We are the data controller – how do you contact us?
The Ministry of Culture is the data controller which processes the personal data we have received about you. You will find our contact information below:
Ministry of Culture
Nybrogade 2
1203 Copenhagen K
Telephone: +45 33 92 33 70
Email: kum@kum.dk
CVR No: 67 85 50 19
If your inquiry contains sensitive or confidential information about you or another person (e.g., health information or social security number), we encourage you to send your inquiry via secure email or Digital Post by logging in to www.borger.dk
2. Contact details of the Data Protection Officer
If you have any questions about our processing of your personal data, you are always welcome to contact our data protection officer.
You can contact the Data Protection Officer in the following ways:
Mail: databeskyttelse@kum.dk
By post:
Data Protection Officer (DPO)
Ministry of Culture
Nybrogade 2
1203 Copenhagen K
3. Purposes and legal basis for the processing of your personal data
We process the personal data that you provide us or that we receive from other authorities, companies or citizens in connection with a request or a case.
We process your personal data in order to carry out the necessary case handling as part of our tasks as a public authority, e.g., replying to inquiries, processing requests for access to documents and handling complaints.
We usually process general personal data, such as your name, address and other contact information. Depending on the nature of the case or inquiry, we also process identification information (CPR number), sensitive personal data and information about criminal offences.
The processing of general personal data is based on Article 6(1)(c) and/or (e) of the General Data Protection Regulation.
Sensitive information is processed in accordance with Article 9(2)(f) and 9(2)(g) of the General Data Protection Regulation, cf. Section 7(4) of the Data Protection Act.
Sensitive information is data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a person, data concerning health and data concerning sex life or sexual orientation.
If we receive information on criminal offences, our processing is based on Article 10 of the General Data Protection Regulation and Section 8(1) and (2) of the Data Protection Act.
If we process information about your personal identification number (CPR), this is done for the purpose of unique identification, cf. Section 11(1) of the Data Protection Act.
We offer you the opportunity to receive our newsletters. It is necessary to process your contact information in order for us to send you newsletters.
If you want to receive newsletters from us, we use your consent as a legal basis for processing your personal data. The basis on which we can lawfully obtain your consent in this way is found in Article 6(1)(a) of the General Data Protection Regulation. In this case, where the processing of your data is based on your consent, you can choose to withdraw this consent. In the case of a subscription to our news, you can unsubscribe from your news subscription at any time, and then your contact information will be deleted.
4. Disclosure of your personal data
In some cases, we will disclose your personal data if this is necessary for the performance of our tasks. For example, disclosure to other public authorities or parties to ongoing proceedings, in so far, the data may substantiate a case before the courts.
We only disclose your personal data to third parties if we are legally obliged to do so or if it is otherwise necessary for us to perform our tasks as an authority.
5. Storage of information about you
We store your personal data in our electronic case and documents handling system. As a public authority, we are obliged to store documents and information relevant to the case handling in accordance with the rules of the Danish Access to Public Administration Files Act.
Our storage period is five years. After the five years, we submit a copy of the content of our electronic case and documents handling system to the Danish National Archives in accordance with the rules of the Danish Archives Act. For a period after the end of the storage period in which the case has been closed and transferred for storage in the Danish National Archives, we will continue to have access to search for the information in a historical version of the journal period.
When we receive your information, we take the necessary measures to ensure that it is processed securely. We have implemented a number of technical and organizational security measures that protect against accidental or unlawful destruction as well as loss or deterioration of information. In addition, measures have been put in place to ensure that your data is not disclosed to unauthorized persons, misused or otherwise processed in violation of the General Data Protection Regulation.
6. Your rights
Under the General Data Protection Regulation, you have a number of rights in relation to our processing of personal data about you.
If you wish to exercise your rights, please contact us. Under the General Data Protection Regulation, you have:
- Right to view information (right of access): You have the right to access the information we process about you and a number of additional information.
- Right to rectification (correction): You have the right to have incorrect information about yourself corrected.
- Right to erasure (deletion): In special cases, you have the right to have information about you deleted. The right to erasure of data by public authorities is limited due to the rules on record keeping and archiving.
- Right to restriction of processing: In some cases, you have the right to have the processing of your personal data restricted.
- Right to object: In certain cases, you have the right to object to our otherwise lawful processing of your personal data.
You can read more about your rights in the Danish Data Protection Agency's guide on the rights of data subjects, which you can find at www.datatilsynet.dk
7. Complaint to the Danish Data Protection Agency
You have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data.
You can find the Danish Data Protection Agency's contact information at www.datatilsynet.dk
*Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. Article 13(1) states that the controller must provide the data subject with a set of information when personal data are collected from the data subject.