eID-gateway: Notification on the collection of personal data (DK Connector)
We give you this notice to inform you about your rights in regards to our processing of your personal data when using the eID-gateway. The Danish Agency for Digitisation serves as data controller in regards of the processing of personal data in the eID-gateway.
The purpose of processing personal data
We process your personal data with the following purposes:
- We process your personal data with the purpose of running the national eID-gateway.
The purpose of the eID-gateway is to recognize electronic identification means for natural and legal persons, covered by a notified electronic identification scheme in another member state.
The legal basis for the processing of your personal data
The legal basis for the processing of your personal data is as follows:
Categories of personal data
We process the following categories of personal data:
- Date of birth
- Birth name
- Birth place
- National ID-number (EU personal identifier)
- e-mail address
- case data and case history
- Documentary evidence (photo of passport)
- CPR-number (Personal identification number)
Categories of recipients /who will receive your personal data
We transmit or entrust your personal data to the following recipients:
- We entrust your personal data to the Agency for Digitisation’s data processors, NNIT A/S, who assist with running and administering our IT-systems.
- The Agency for Digitisation transmit your personal data to the service provider, you should wish to use.
Where your personal data comes from
We receive your personal data from the other member states’ ID-provider(s), i.e. where the national ID you are using, comes from.
Personal data and storage
We store your personal data in the following situations:
- When you are using the eID-Gateway, a log will be created. We store this log for 18 months. After 18 months, your personal data will be deleted automatically.
- When you are using the eID-Gateway to make a connection between your eID and your CPR-number, we store your personal data, including your CPR-number for 5 years.
According to the General Data Protection Regulation, you have rights in relation to our processing of your personal data.
If you wish to exercise these rights, please contact us.
Right to access by the data subject
You have the right to be granted insight into the data we process about you, as well as some additional information.
Right to rectification
You have the right to have incorrect information corrected.
Right to erasure
Under certain circumstances, you have the right to have your information erased before our general deadline for erasure comes into effect.
Right to restriction of processing
Under certain circumstances, you have the right to have the processing of your personal data restricted. If you possess this right, , we will only process your information in the future – except for storage – with your consent. We will however, always process data in regards to the purposes of enforcing or defending legal claims, the protection of a person, or crucial matters of public interest.
Right to object
Under certain circumstances, you have the right to object to our otherwise legal processing of your personal data.
Right to data portability
Under certain circumstances, you will have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have this personal data transferred from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency’s instruction on the data subject’s rights. You find the instruction on the Danish Data Protection Agency’s website.
The Danish Agency of Digitisation contact information
The Danish Agency for Digitisation serves as data controller for the processing of the personal data, that we have received. Please find our contact information below.
Phone: 3392 5200
The Data Protection Officer´s contact information
The Ministry of Finance has appointed a Data Protection Officer, who advises on the data protection rules within the Ministry of Finance. The purpose of the Data Protection Officer is to support the Ministry of Finance’s compliance with the rules on the processing of personal data.
The Data Protection Officer can guide you on your rights regarding the processing of your personal data, within the Ministry of Finance. If you want to contact the Data Protection Office via e-mail, we kindly ask you not to attach your personal identification number or other personal sensitive data/confidential data.
Att.: Data Protection Officer
1301 København K
Complain to the Danish Data Protection Agency
Complaints regarding our way of processing your personal data can be directed to the Danish Data Protection Agency. You find the Danish Data Protection Agency’s contact information on here: www.datatilsynet.dk/english