Personal Data

What happens when your personal data is processed by UCL University College.

UCL University College (UCL) protects your personal data og process information about you in accordance with EU's General Data Protection Regulation and Danish law governing the protection of data.

UCL University College is the data protection authority (DPA) with regard to your personal data

The DPA for the processing of your personal data is:

UCL University College, CVR number: 30859480 

Phone: +45 63 18 30 00. Mail: ucl@ucl.dk 

What is Personal Data?

Personal data is any kind of information which directly or indirectly can be attributed to one person. It may, for example, be information about your name, address, CPR number, etc.

The processing of personal data comprises all handling of personal data, i.e.: the collection, recording, systematisation, storage, transmission, linking and erasure of data.

What is the source of such information?

Typically, it will be information that you yourself have given to UCL in connection with an application for employment, admission to a degree course, or some other course of study. In addition, there will be relevant information collected about you as long as you are an employee, a degree student or on a course.

We may also process information about you which we have received from private individuals, authorities, and companies, such as information from the examination scores database in connection with admission to course of study.

Why does UCL process your personal data?

We process personal data as part of what we are obliged to do as an educational institution, a public employer and a public authority.

This means that we process necessary information connected with the terms of your employment, your degree course, or a course you are following.

Principles governing UCL's processing of personal data

Lawful and fair 

We treat personal data in a lawful and fair manner and in accordance with your rights. 

Specific purposes

We collect personal information only for specific, explicit, lawful purposes. Personal information will only be used for the purposes it was originally collected to serve.

Transparency

When we collect personal data from you or from other sources, we ensure that you have the information you are entitled to according to current legislation. You are always entitled to be informed about what personal information we have collected about you.

Minimal data 

We only collect such personal data as is adequate for, relevant to - and restricted to - what is necessary for the purpose for which it was collected.

Precision 

The personal data we process must be necessary, accurate and updated.

Temporary 

Personal information will only be processed in a personally identifiable format for as long as is necessary to achieve the purpose for which it was collected and processed.

Confidentiality 

We guarantee confidentiality by ensuring that all employees are aware of the guidelines governing the confidential treatment of personal data, and by regularly training employees in the handling of personal data.

Your rights

According to the Danish Data Protection Act, you have the right:

  • To be informed, if anyone collects, stores, uses or discloses your personal data.
  • To have access to information about what personal data has been collected about you and how it is used.  
  • To have corrected any information about yourself that may be wrong.  
  • To have your personal information deleted under certain circumstances, before the normal period for erasure expires.  
  • To have the processing of your information limited in certain special cases.  
  • To object against the way your personal data is processed, and against your personal data being used for direct marketing, for example, by profiling.  
  • To be given an overview of the data collected about you, and in certain cases to have the data moved to another DPA (right of data portability).      
    To be informed directly, if anything should happen to your information, e.g. a breach of data                         

Storage and erasure

The information which UCL collects and processes about you will be processed and stored in our internal IT systems, for example, personnel administration systems, student administration systems and document management systems.

We will erase your personal data when it no longer serves an administrative purpose.

The specific date for erasure depends on how long it is necessary to store the data to fulfil the purpose for which it was collected.

UCL Data Protection Officer

UCL has appointed a Data Protection Officer (DPO), who is the Data Protection Officer for the entire organisation.  

You may contact UCL's DPO if you have questions about UCL's processing of your personal data, or want more information about your rights.

Contact information for UCL's data protection Officer:

Lars Udengaard 
Mail: DPO@ucl.dk

NB! When you send an ordinary mail, is it not encrypted. If your mail contains sensitive personal data, information about your social security number, information about your private relationships, or other information which should be protected, you should send it encrypted and not as ordinary mail.

Postal Address:

UCL University College 
Niels Bohrs Alle 1 
5230 Odense M 

Attn: Lars Udengaard 

Complaints to the Danish Data Protection Agency

You have a right to complain to the Danish Data Protection Agency if you are dissatisfied with the way we treat your personal information. You can find out how to complain at www.datatilsynet.dk.

Personal Data Legislation

There are several kinds of legislation regulating the treatment of personal data.

This legislation is intended to protect people's basic rights and freedom in connection with the processing of their personal data.

General regulations about the processing of personal data may be found in the EU Data Protection Regulation and the Danish Data Protection Act:

EU: The General Data Protection Regulation, (EU) 679/2016

Danish Data Protection Act, Act No. 502/2018.