Privacy Policy, Secure Communication, Data Protection, and Cookies

Cookies

We use cookies to measure traffic and gather statistics on the use of our websites. This helps us improve the experience for users of our portal and campaign sites. While IP addresses are considered personal information, you remain anonymous as a user on our websites. IP addresses are used solely for statistics and are not shared with others. We do not automatically register information that identifies you, nor do we combine cookie data with information from other sources.

You can adjust your cookie consent at any time using the link at the bottom of the page.

Further Details

Annex 1 to the Privacy Policy, Data Protection, and Cookies provides detailed information on the following:

1. We are the data controller
2. Contact details for our Data Protection Officer (DPO)
3. Legal basis for data processing
4. Categories of personal data processed
5. Recipients or categories of recipients
6. Retention of your personal data
7. Use of data processors
8. Social media
9. Your rights
10. Consent
11. Have you been in contact with NFA?
12. If you participated in a research project at NFA
13. If you apply for a job with NFA

Privacy Policy on the Processing of Personal Data at the National Research Centre for the Working Environment (NFA) – Last Updated June 28, 2021

NFA processes personal data as part of our research projects and daily administrative tasks. The purpose of this privacy policy is to describe how we collect, process, and protect your personal data.

The National Research Centre for the Working Environment (NFA) is a sector research institution under the Ministry of Employment.

NFA Aims to Conduct Research at the Highest International Level to:

• Provide advisory services within our core areas
• Disseminate research-based knowledge to workplaces, authorities, social partners, and health and safety consultants
• Participate in the education and training of researchers and university students in our core areas
• Perform regulatory tasks
• Conduct development work with a clear societal purpose

1: We Are the Data Controller – How to Contact Us

NFA is the data controller for processing personal data about you in connection with your contact with us or when we process personal data as part of a research project.

If you have questions about our data processing or your rights, please contact us at:

The National Research Centre for the Working Environment
Lersø Parkallé 105, 2100 Copenhagen Ø
CVR No: 15413700
Phone: +45 39 16 52 00
Email: nfa@nfa.dk

2: Contact Information for the Data Protection Officer

As a registered individual, you also have the option to contact our Group Data Protection Officer (DPO) directly with questions about how we process your data:

Ministry of Employment Group DPO:
Email: dpo@bm.dk
Phone: +45 50 91 77 68 (Tuesday 9 am - 12 pm, Wednesday 1 pm - 4 pm)

You also have the right to file a complaint with the Danish Data Protection Agency:
Phone: +45 33 19 32 00
Email: dt@datatilsynet.dk

3: Legal Basis for Data Processing

We process your personal data as part of our public administration work, when you contact us or participate in a research project. The legal basis for processing your data is found in Article 6(1)(e) of the GDPR, concerning the use of general personal data, and in Article 9(2)(a), (b), and (f), concerning the use of sensitive personal data.

4: Categories of Personal Data

In connection with NFA’s website, newsletters, dissemination meetings, etc., we only process general personal data such as name, address, email address, and phone number. This information is collected via a contact form, a registration form, or an email to NFA’s main mailbox. No personal data is automatically collected through NFA’s website.

5: Recipients or Categories of Recipients

Job applications sent to NFA’s main mailbox are forwarded to the central HR department of the Ministry of Employment and subsequently deleted from NFA’s system.

Newsletter subscriptions are managed by Peytz’s newsletter system, with data stored in data centres located in Denmark, Belgium, Ireland, and Germany.

6: Retention of Your Personal Data

Newsletter subscriptions are retained until you unsubscribe through our website.

Other personal data submitted via NFA’s website is deleted after processing.

7: Use of Data Processors

NFA employs data processors for certain tasks in accordance with data processing agreements to ensure that data is processed in line with NFA’s instructions and GDPR. Data processors do not use data for their own purposes and delete or return the data once their task is complete.

8: Social Media

There is joint and several liability between a company and social media for data processing. If you wish to complain about NFA's data processing on a social media platform, please contact us.

When you “like” a post, the social media platform may place a cookie on your device for marketing, statistics, and analysis purposes. Some of this data is shared with NFA to tailor our posts.

9: Your Rights

Regarding NFA's processing of your personal data, you have the following rights:

Access – You have the right to know what information we hold about you at any time.

Rectification – You may ask us to correct any inaccurate or misleading information.

Restriction – If we amend your information, we will cease to use it until the correction is complete. In some cases, you may also ask us to stop using your information.

Deletion – You generally have the right to be deleted from our records, but as a public authority, we may not be able to delete certain information due to legal requirements.

Objection – You may object to our use of your data if you believe there is no justification.

Data Portability – You generally have the right to receive a copy of your data in a machine-readable format to provide to another data controller.

10: Consent

You have the right to withdraw your consent at any time. This does not affect the lawfulness of data processing conducted prior to your withdrawal.

You may also request that we delete any data and information about you; however, if you have participated in a research project, your right to deletion may be limited under Article 17(3) of the GDPR.

11: Have You Been in Contact with the NFA?

Email to NFA’s Main Inbox

If you send an email to NFA’s main inbox, your inquiry will be answered, and any personal data included will then be deleted. If your inquiry falls under the duty to record (journalisation requirement), you will be directly informed via email.

Secure Communication

You can communicate securely with NFA via digital post or secure email. If you need to communicate securely with us—for instance, if you need to send us sensitive personal information—you may use digital post or send a secure email.

Send Digital Post

If you are employed by a company or public institution, you can contact us from the company’s digital mailbox on virk.dk. As a private individual, you can use Digital Post via borger.dk or e-Boks.

Send Secure Email

You can also send NFA a secure email encrypted with NemID to the address: nfa@nfa.dk.

This can be done via a standard email program or a specialised system, if you are employed by a company or public authority. If you use an email program, it must be configured for secure email, and you need to use NFA’s IT certificate to encrypt the email.

To obtain NFA’s IT certificate, visit medarbejdersignatur.dk and search for the email address nfa@nfa.dk.

If you have sent a physical letter, it will be answered accordingly.

If your inquiry falls under the duty to record, you will be directly informed of this.

Record-Keeping

As a public authority, we are required to retain documents according to the Archives Act. As a rule, your information will be deleted after 10 years.

NFA’s record-keeping system is provided by an external IT provider approved by Statens IT (the Danish State’s IT department), with a data processing agreement between Statens IT and the IT provider.

Visits

If you have physically visited NFA and been issued a guest pass, we register your name and mobile number. Once the guest pass is returned, your information will be deleted.

The purpose of registration is to ensure proper and secure management of research data, documents, and private objects stored on the premises.

Events at NFA

If you registered for an event at NFA and filled out a registration form, all personal data provided in connection with the registration will be deleted once the event is completed, unless there is follow-up required, such as sending materials after the meeting or inviting the same participants to a follow-up meeting.

Social Media – Facebook, LinkedIn, and Twitter

NFA maintains an organisational account on Facebook, LinkedIn, and Twitter; see more under item 8.

12: If You Participated in a Research Project at NFA

Research is a core task at NFA (see above).

Research projects are initiated by a research team focusing on an occupational health area, which might include exposure to hazardous substances, lifting, work positions, and more.

For each project, it is determined how data will be collected, such as through interviews with a participant group or, if necessary, through biological samples from participants.

It may be necessary to share the collected data with others, such as laboratories. Data will always be pseudonymised before it is transferred to others, meaning only non-identifiable data needed for analysis is shared. NFA always establishes a data processing agreement with any partner assisting with analyses or other tasks.

This agreement ensures that data processing is conducted solely according to NFA’s instructions and under adequate protection. Once the data processor has completed the task, the transferred data is either deleted or returned to NFA. NFA will only transfer data outside the EU/EEA or other safe third countries in rare cases, and only with the approval of the Danish Data Protection Agency.

When NFA uses biological material containing human tissue, the research project must be approved by the Research Ethics Committee.

The processing of sensitive personal information is carried out under the legal basis of Article 9, Paragraph 2(j) of the GDPR, allowing data processing for scientific or historical research purposes.

Research findings are typically published in NFA’s Work Environment magasine or a recognised scientific journal to disseminate knowledge on improving work environments and secure funding for future research projects. In certain cases, scientific journals may request documentation in the form of access to collected data. NFA can only comply with such requests with the approval of the Danish Data Protection Agency, as per Section 10, Paragraph 3 of the Danish Data Protection Act.

The funds that support the research project may, of course, have a say in the project’s organisation, but they have no influence over the project’s results. This ensures there are no conflicts of interest or ethical issues associated with conducting the research project.

NFA will never transfer data from one research project to another. The legal basis used to collect data for a research project will never authorise the data's transfer to a new project.

If collected data is used in a new research project, it will only be 100% anonymised data and results obtained in the previous project that are published and archived.

Data collected for a research project is typically stored for five years. If the project is not completed, an extension for data storage can be granted for two additional periods of 12 months each. When a project is completed, a full report is sent to the National Archives, and once receipt is confirmed, all data is deleted.

13: If You Apply for a Job at NFA

The Ministry of Employment manages all HR tasks for NFA, as NFA falls under this ministry.

When you apply for an open position at NFA, we will register your name, address, email, telephone number, education, work experience, and other information contained in your application, CV, and any attached documents. The Ministry of Employment is the data controller for processing this information.

The purpose of collecting this data is to evaluate and contact candidates interested in and qualified for positions within the Ministry of Employment. However, information on gender and birthdate is used solely for statistical purposes.

The recruiting manager and those involved in the recruitment process, possibly including a union representative, will have access to your information. Additionally, the Ministry of Employment’s HR department will always have access to your data.

Your data is automatically deleted six months after you submit your application.

If you send an unsolicited application directly to NFA via email, it will be forwarded to the Ministry of Employment’s HR department, and your email will then be deleted from NFA’s records.