What personal data we collect, where we collect it, the purposes thereof, and the legal basis for the processing of your personal data
When you visit VisitDenmark’s websites, we collect data about your use of the website, including, for example, the type of browser you are using, the search terms you use on the website, your IP address, including your network location, technical data about your equipment, your browser behavior, and other information about your computer. We collect this data using cookies and other similar technologies. You can read more about the use of cookies in our Cookie Policy.
The purpose is to optimize the user experience and function of the website, including the compilation of statistics. This processing is necessary in order to perform a task which constitutes the exercise of public authority, imposed upon VisitDenmark pursuant to Act no. 648 of 15 June 2010 on VisitDenmark, see Article 6(1)(e) of the General Data Protection Regulation.
When you contact us via our contact information on our website, we can process data about your name, e-mail address and the data you otherwise choose to send to us in connection with your enquiry.
The purpose is to reply to your enquiry. The processing is necessary in order to perform a task which constitutes the exercise of authority by a public body, imposed upon VisitDenmark pursuant to Act no. 648 of 15 June 2010 on VisitDenmark, see Article 6(1)(e) of the General Data Protection Regulation.
Facebook Pixel
VisitDenmark uses third-party cookies (Facebook pixels) to adapt our content and target marketing on Facebook and Instagram towards you and other advertising groups, as well as to analyze the effect of advertising based on interactions with our website. By clicking "Accept all" cookies, you consent to VisitDenmark's use of Facebook pixels.
When you accept marketingcookies on VisitDenmark's website, you consent to VisitDenmark's use of Facebook Pixel. Facebook Pixel is used to create a lookalike audience based on interaction with our website. A lookalike audience is a target group that is formed on the basis of data about current customers, in order to target people who can become the ideal customer. You can read more about lookalike audience at Facebook here.
VisitDenmark is the joint data controller with Facebook for the processing of your personal data when you consent to our use of Facebook Pixel. We only use data that comes from your interaction with our website. Facebook stores your data, which VisitDenmark then no longer has access to. You can read more about Facebook Pixel here.
EU-U.S. The Data Privacy Framework forms the basis for the adequacy decision the EU Commission has adopted regarding the transfer of personal data to the USA. The agreement stipulates a number of legal obligations that the organizations certified under the scheme must comply with, and thus ensures a sufficient level of protection in connection with the transfer of personal data from the EU to the USA. The list of certified organizations, which is continuously updated, can be found here.
Because Facebook is certified under the scheme, VisitDenmark can transfer personal data to Facebook without having to provide a transfer basis cf. GDPR article 46. Not all of Facebook's sub-data processors appear on the list, and your personal data may therefore be processed of unsafe organizations outside the EU. We refer to Facebook's privacy policy for further information here.
The purpose of the processing is, as part of VisitDenmark's exercise of public authority, to market Denmark as a travel destination, cf. GDPR art. 6(1)(e), as well as to be able to document that you have given consent, cf. GDPR article 6(1)(a). You can always revoke your consent for VisitDenmark's processing of your personal data by opting out of cookies in the cookie overview, which you will find in our cookie policy in the bottom left corner of the website.
Recipients of personal data
Your personal data may be transferred to suppliers, partners, contracting parties or other third parties who process data on behalf of VisitDenmark. These companies are data processors and are under our instructions, and they process data for which we are the data controller. They may not use the data for other purposes than the fulfilment of the agreement with us, and they are bound by confidentiality regarding this data. We have concluded a data processing agreement with all of our data processors that meets the requirements of Article 28 of the General Data Protection Regulation. This requires that these data processors carry out adequate technical and organizational measures so that the processing complies with the requirements of the regulation and ensures the protection of your rights.
Your personal data may also be transferred to public authorities if required by law or if it is necessary in order to perform the task assigned to VisitDenmark.
In some cases, we transfer personal data outside the EU/EEA to recipients who do not necessarily have the same level of protection on the processing of personal data as that within the EU/EEA countries. In such cases, we will inform you of the necessary or adequate guarantees and where you can find or obtain them.
We use external partners for, among other things, technical operation, website improvements, website hosting, and targeted marketing. These companies are data processors and are under our instructions, and they process data for which we are the data controller.
Two of these data processors, Google Analytics w/Google LLC and Google Tag Manager w/Google LLC, are established in the USA. The necessary guarantees for transfer of data to the USA are ensured through the EU Commission's standard contractual provisions (SCC).
Storage of your personal data
We delete your personal data when we no longer have an objective purpose for storing and processing this data.
Special laws, for example in the archival legislation, the Danish Act on Limitations and the Danish Bookkeeping Act, may grant us a right or impose a duty upon us to store your personal data for a longer period of time. We also reserve the right to store your personal data for a longer period than stated below if we assess that it will be necessary to determine, assert, or defend a legal claim.
Data collected in connection with your use of VisitDenmark’s website will be deleted when we no longer have an objective purpose for storing and processing this data.
Data collected in connection with general enquiries will be deleted on a running basis as they are replied to, unless we have a legal obligation to save the enquiry.
Your rights
The General Data Protection Regulation grants you a number of rights in relation to our processing of data about you. In order to establish transparency regarding the processing of this data, we inform you below about your rights.
You can read more about your rights in the Danish Data Protection Agency’s guide on the rights of data subjects, which you can find at www.datatilsynet.dk.
Right of access
You are at all times entitled to request information from us about, among other things, the personal data we have registered about you, the purpose of the registration, the categories of personal data, recipients of the personal data, and the origin of this personal data.
You have the right to obtain a copy of the personal data we process about you. If you would like a copy of your personal data, send a written request to dpo@visitdenmark.com. You may be asked to provide proof that you are the person you claim to be.
Right to rectification
You have the right to rectify incorrect personal data we have relating to you. If you become aware of errors in the personal data we have registered about you, you are encouraged to contact us in writing so that the personal data can be rectified.
Right to erasure
In certain cases, you have the right to erasure by us of all or parts of your personal data prior to the time of our standard general deletion. This applies, for example, if you withdraw your consent and we do not have another legal basis to continue the processing. To the extent that continued processing of your data is necessary, e.g. for our compliance with legal obligations, including the Danish Public Administration Act or the Danish Archive Act, or in order to establish, assert or defend legal claims, we are not obliged to delete your personal data.
Right to restriction of processing
In certain cases, you have the right to restrict the processing of your personal data to mere storage, e.g. if you believe that the data we process about you is not correct.
If you have the right to restrict the processing, we may only process your data – apart from storage – with your consent, or for the purpose of establishing, asserting or defending a legal claim, or to protect a person or important societal interests.
Right to object
In some cases, you have the right to object to our otherwise legal processing of your personal data. You also have the right to object to the processing of your data for direct marketing purposes including profiling.
Right to data portability
In some cases, you have the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable format, and to have this personal data transferred to another data controller.
Right to withdraw consent
You have the right to withdraw consent that you have granted to us for a given processing of your personal data. If you wish to withdraw your consent, please contact us at dpo@visitdenmark.com.
Right to complain
You have the right to submit a complaint to the Danish Data Protection Agency, Borgergade 28, 5, 1300 Copenhagen K, Denmark, regarding VisitDenmark’s processing of your personal data. A complaint can be submitted by e-mail to dt@datatilsynet.dk or by telephoning +45 33 19 32 00.