How we treat your personal data (English)
Read the Danish original here
The Danish Deafblind Association (FDDB)'s personal data policy and notification of your rights concerning our processing of your personal data
For members, relatives, customers and other people in contact with FDDB.
With this document we want to inform you about how we handle your information, the purpose on what grounds we handle your information and about your rights.
In Part 1 you can read an introduction to what the personal data policy is about and read an explanation of some of the words in the policy.
This information and notification is for information purposes only. You do not need to respond to the information given or otherwise respond to the information.
According to Article 13 of the Data Protection Regulation, we will provide you with a number of information when we receive and process information about you. That is why we have made this information.
We will provide you with the following information:
1. We are the data controller - how to contact us
2. The purposes and legal basis for the processing of your personal data
3. The legitimate interest we have in dealing with the information you give us and consent
4. Categories of personal data
5. Recipients / categories of recipients
6. The period of storage of your information
7. The right to withdraw any consent
8. Right to access to, rectification, deletion of personal data or limitation of processing or objection, including against direct marketing.
9. What happens if you do not want to have your personal information processed
10. Complaint to the Data Inspectorate
In section 2 below you will find an elaboration on the information we must provide to you.
If you have any questions, please do not hesitate to contact us. You can see our contact information in part 2.
Yours sincerely, FDDB
What can you read about here?
In Part 2 you can read more about the purposes for which we collect your personal data, which personal information we collect, how we handle your personal data and how long we keep the information about you. You should read this policy and contact us if there is anything in the policy that you cannot accept. You can always find the current version of the policy on our website in Danish or English. This will be updated regularly.
The overall legal framework for our processing of personal data is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. In addition, the Danish legal regulation, which may be adopted on the basis of the regulation.
All questions regarding our personal data policy and suspicion of non-compliance must initially be addressed to us. See contact information in part 2.
What do words and terms used in this policy mean?
It is not always easy to understand the meaning of words and terms used in this type of documents. Therefore, we have made a brief review of the most important words. You can read the definitions and brief examples of the terms below:
Any kind of information about an identified or identifiable natural person. That is, any information that can directly or indirectly, alone or in combination, identify you. This can be your name, address or telephone number. It may also be other information that indirectly leads to you eg a membership number.
The person, public authority, institution or anybody else who alone or with others determines the purposes and means of processing personal data. In this case, the Danish Deafblind Association is responsible for processing your information in connection with your connection or contact with FDDB.
The natural or legal person, public authority, institution or any other processing personal data on behalf of the data controller. The Danish DeafBlind Association collaborates with several data processors who only process your information in such a way that we give them instructions. We make sure that they guard your information as well as we do, eg the company that made our website.
Any activity or series of activities involving the use of personal data, such as the collection, registration, systematization, modification, search, assembly or disclosure to persons, authorities, companies, etc. outside the Danish DeafBlind Association. Treatment is eg when we use your bank details to refund an amount, and we hereby collect and record the information. At FDDB we treat your information in a number of ways. You can read more about the different treatments of your information in part 2.
Specific categories of personal data, including sensitive information
Information on health, race or ethnic origin, political, religious or philosophical beliefs or trade union affiliation, genetic data or information on a physical person's sexual orientation, as well as information in the form of biometric data, if biometric data is processed for the sole purpose of uniquely identifying a natural person. All of the above information is sensitive information in the meaning of the personal data rules, and at the Danish DeafBlind Association we treat occasionallyand only if necessary.
It is considered a health education in itself that you are a member of FDDB, because it requires an assessment of the health to become a member. The Danish Personal Data Act has introduced a provision that CPR numbers must be treated as sensitive information. Information on social and economic matters, for example, and secret numbers are not considered to be sensitive information according to the personal data regulations. FDDB is also aware that collecting this type of information also has a special purpose and we ensure that the processing takes place on a legal and secure basis. In some cases, we will ask you to consent to us processing that type of information about you.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC and related regulation. One of the personal data requirements is precisely to provide you with all the information that you can read about in this policy.
The Data Protection Act
L68 adopted May 17, 2018. Supplementary Provisions for the Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the Data Protection Act). Both this law and the aforementioned regulation are made to protect you and your information and to create transparency in relation to what information about you, various companies, associations and other data controllers hold.
Information about our processing of your personal data and your rights
1. We are the data controller - how can you contact us?
The Danish DeafBlind Association is the data controller for the processing of the personal data we have received about you. You will find our contact details below.
The Danish DeafBlind Association
Blekinge Boulevard 2, 2630 Taastrup
Tel. 36 75 20 96
CVR no. 16867691
If you have any questions about our processing of your information, you are always welcome to contact our data protection officer Zen Anne Donen.
You can contact our Data Protection Officer in the following ways:
• mail: firstname.lastname@example.org
• telephone: +45 36 75 20 96
• by letter: FDDB (The Danish DeafBlind Association), Blekinge Boulevard 2, 2630 Taastrup, Denmark. 'Data Protection Officer'
2. The purposes and legal basis for the processing of your personal data
We process your personal information for the following purposes:
• Member administration if you request to be or is already a member of FDDB. This includes registration for events, collection of membership fees, reimbursement of expenses, information about the association's work including members’ news groups and participation in the news and members’ portal IDEKSY
• Managing newsletters
• Managing of events, booking of lectures etc.
• Administration in connection with the booking of a visit by a deafblind consultant and contact with social worker for members and non-members
• Administration of scholarships for members and non-members
• Managing fundraiser activities including marketing towards contributors
• Ordering of leaflets and information and lending of games
• Webshop administration, including registration of purchases
The legal basis for our processing of your personal information follows from:
• The Data Protection Regulation Article 6 paragraphs. 1 (a), (b) and (f) and also Article 9 (1) (a); 2 (a) and (d) as regards health information. In the case of sensitive information, Article 9 (2) of the Regulation deals with: 2 a) and d).
• This means that we are allowed to process your personal data because we either have your consent, have a contract with you and / or you are a customer with us and / or because we cannot manage your membership without this information.
3. Our legitimate interests in processing personal data and consent
As mentioned above, our processing of your personal data takes place, among other things, on the basis of the regulation on estimating the interests in the data protection regulation Article 6 (1). 1, f. The legitimate interests justifying the treatment are that as a member organization we cannot fulfill our obligations to you and to other members unless we have certain personal information about you. For example, we need to be able to identify you with name and address. We also need to have a CPR number in order to get a refund for expenses at events at the Fuglsang Center. If you need to be refunded expenses in connection with an event, we need your bank details or similar.
It is also considered legitimate interest to process information about you if you are a customer with us. Direct marketing is also a legitimate interest, but at any time you can disclaim this - see below.
You must be aware that at any time you can object to us treating your information when it is based on legitimate interests. See more about your right of opposition under item 8.
Our treatment of sensitive personal data, including health information, is based on the fact that we are an association with an interest political aim and that treatment of data takes place as part of our legitimate activities. For example, in some cases, we need to know if you need a particular type of interpreter to ensure that this interpretation is available for an event. It is considered sensitive information because it indicates something about your health.
In some cases, we obtain your consent to the processing of information. We do this, for example, if you want to receive our newsletter and in some cases if we need sensitive information for our consulting work or the like.
4. Categories of personal data
We handle information regarding member administration including name, address, mail, telephone number, date of birth, bank details and CPR number. We also deal with identification information including name, address, mail, telephone number of customers, contributors or others who will enter into agreements on eg home visits, loan of games, ordering of lectures etc.
We treat sensitive information. For members, health information will be included for use in the association and in connection with events. For members and persons who receive counseling, sensitive and / or confidential information received, for example, about economic, health and social conditions can be treated in some cases.
For members and non-members applying for scholarships, in some cases sensitive and / or confidential information that the applicant submits in connection with an application can be treated, for example regarding economic, health and social conditions.
5. Recipients or categories of recipients
We pass on or transfer your personal information to the following recipients:
Member information such as name and special considerations may in some cases be passed on to others, including:
• The Fuglsang Center when participating in events there
• Other organizers of excursions eg bus companies, meeting places, restaurants or places for accommodation
• The Bureau that prints our members’ magazine
• CFD eg if a member through the FDDB adviser wants help from a deafblind consultant. In that case, consent will be obtained.
• Doctoral boards . If a member has applied for one of the scholarships described on the FDDB website. The information disclosed is only those which the applicant himself has submitted in connection with the application.
Non-member information such as name and address may be disclosed to others in the event of:
• Purchases on the webshop are passed on to the supplier eg Postnord
• If you would like a visit by a FDDB consultant, we will provide you with the information you provide to the consultant who will be with you. The consultant will obtain your own consent if you wish that he or she will assist you with something, and that means that your information must be passed on to, for example, a deafblind consultant at CFD.
• Doctoral boards. Grants that can be applied by other than members, see above regarding the same information about members.
We have stated in our data processing agreements with our suppliers of website, webshop, IDEKSY and FDDB's own IT systems that there must not be servers that process our data in countries outside the EU.
6. The time period for storing your personal data
We are, according to the rules, only allowed to store your personal data for as long as we need them, or as long as we have to keep them according to other rules, eg concerning accounting and tax-paying. This means, for example, that information to be used for audit purposes according to the law must be kept for 5 years. This also applies to information about former members. We delete personal information that we no longer need with fixed intervals according to specified internal security rules.
7. Right to withdraw consent
If you have provided information to us on the basis of a consent, you have the right at any time to withdraw your consent. You can do this by contacting us - see our contact details, under item 1.
If you choose to withdraw your consent, it will not affect the legality of our processing of your personal data on the basis of your previously notified consent and up to the time of the withdrawal. Therefore, if you withdraw your consent, it will not be effective until that time.
8. Your rights
According to the Data Protection Regulation, you have a number of rights in relation to our processing of information about you.
If you want to exercise your rights, please contact us - see our contact details, under item 1.
Right to see information (right of access)
You have the right to gain insight into the information we deal with about you, as well as a number of additional information.
Right to correction
You have the right to get incorrect information about yourself corrected.
Right to delete
In special cases, you have the right to have your information deleted before the time of our general deletion.
Right to limitation of treatment
In some cases, you have the right to have your personal data processed restricted. If you have the right to have the treatment limited, in future we will only have to process the information - except for retention - with your consent or for the purposes of legal claim, enforcement or defense, or for the protection of a person or important public interest.
Right to objection
In some cases, you have the right to object to our otherwise legal processing of your personal information.
If we choose to maintain our treatment, you are entitled to an explanation of why we cannot meet your objection.
Right to object to direct marketing
You can object to the processing of your direct marketing information. That is, if you as a contributor no longer want to be the subject of marketing from FDDB, you can ask that we do not use your information for marketing.
Right to transmit information (data portability)
You may, in certain cases, be entitled to receive your personal information in a structured, commonly used and machine-readable format, and to have these personal data transferred from one data controller to another without hindrance.
You can read more about your rights in the Data Inspectorate's guidance on the rights of the data subjects that you find at www.datatilsynet.dk
9. What happens if you do not want your personal information processed?
If you do not want us to process your personal information, it may affect the services we provide.
If you are a member, we treat the information we need to manage your membership. Therefore, we will not be able to have you as a member anymore if it is all the personal information we have that you will not have processed. If it is only about eg personal data in connection with individual events, this may mean that we cannot offer you participation in an event if we cannot process your personal information. If it is about a single piece of information about you, such as eating vegetarian, you may risk that we cannot meet the needs of the individual information. For example, if you are looking for a scholarship, we cannot process your application if we do not get all the information that we ask for in this connection.
If you buy something at our webshop, we will only process the information we need to fulfill our agreement with you. Therefore, we cannot enter into a purchase agreement if we are not allowed to process your information.
10. Complain to the Data Inspectorate
You have the right to complain to the Data Protection Agency, if you are unhappy with the way we treat your personal data. You will find the Data Inspectorate's contact information at www.datatilsynet.dk