Aarhus School of Architecture collects information about you when you visit our websites, use our newsletter, sign up for our conferences, or use the services provided by the school.
There may be different variations of this policy for different services offered by Aarhus School of Architecture. If this is the case, it will, however, appear from the service and from any data processing agreements you agree to in order to use the service.
Types of information
Aarhus School of Architecture collects and processes the following types of personal data about you (to the extent that the data are relevant to you specifically):
Common categories of personal data:
- Name, address, possibly email address, phone number, work relations, sex, age, educational background
- NetFlow data and, possibly, other logging data, including IP addresses, timestamps, etc.
Special categories of personal data (‘sensitive personal data’):
- Data concerning health (e.g. allergies or any disabilities that are relevant for registering for a conference or other events).
We use the data collected about you on our websites to optimise our websites and improve your experience with the website.
Data obtained in connection with our newsletters, conferences and other services are used to verify your identity for receiving, participating in, or using the above.
The legal framework for processing and communicating personal data
The legal framework for collecting, processing and communicating personal data is as follows:
- For the websites of Aarhus School of Architecture, personal data is collected and processed pursuant to Article 6(1)(b) or Article 6(1)(e) of the General Data Protection Regulation
- For Aarhus School of Architecture’s newsletters, conferences and services ordinary personal data are collected, processed and communicated pursuant to Article 6(1)(b) of the General Data Protection Regulation, while any sensitive personal data are collected, processed and communicated pursuant to Article 9(2)(a) of the General Data Protection Regulation.
Passing on personal data
As a rule Aarhus School of Architecture will not pass on your data to others unless this is required by law. However, some data collected when you register for a conference are shared with the location where the conference is held.
Similarly, Aarhus School of Architecture may pass on logging data to the police in connection with investigations into violations of the law.
Aarhus School of Architecture has adopted technical and organisational measures to safeguard against your data being accidentally or illegally deleted, made public, lost, corrupted, or disclosed to unauthorised persons, misused, or otherwise treated in violation of applicable legislation.
Using data processors
Your personal data is processed and stored at Aarhus School of Architecture itself or at one of Aarhus School of Architecture’s data processors, who store data on behalf of and based on the instructions of Aarhus School of Architecture.
Some of Aarhus School of Architecture’s services may use sub-contractors. If this is the case, it will, however, be stated in the data processing agreement for the service in question.
The storage period
Aarhus School of Architecture stores your personal data for as long as necessary to perform the purposes stated above. As a public authority, Aarhus School of Architecture is required to store records for five years pursuant to the Archives Act and the Public Records Act. Similarly, Aarhus School of Architecture is required to store all payment information for five years pursuant to the Financial Statements Act.
There may be cases where Aarhus School of Architecture is compelled to store your personal data for a longer period of time, e.g. in relation to complaints and actions for damages. In such cases, the data will be stored until cases are finally closed.
Pursuant to the General Data Protection Regulation you have certain rights, including the right of insight into your personal data, the right to rectify incorrect data, the right to have data deleted, the right to restrict processing, the right to data portability, the right to object to the processing of personal data, including in connection with automated individual decision-making (‘profiling’).
You also have the right to complain to a competent regulatory authority, including the Danish Data Protection Agency.