Data protection

Data Protection Notice

Table of contents

  1. Aarhusregionens’ ambition concerning your privacy
  2. Application of data protection legislation
  3. Scope and your acceptance
  4. What personal data we process
  5. Aarhusregionen as data controller
  6. Why we process your personal data 
  7. How we collect your personal data
  8. Automatic data collection tools
  9. How we share your personal data
  10. Your rights 
  11. Access and rectification
  12. Data security and retention
  13. Aarhusregionen as a data processor
  14. A. Subcontractors and export of personal data
  15. Changes to this Policy
  16. How to contact us

Overview of definitions and abbreviations

“Users”: E.g. Marketing collaboration partners, customers, consumers, tourists visiting our platforms, contact persons and software users among our partners incl. persons representing new partners that approach us via Aarhusregionens’ platforms and third party social networks, jobseekers etc.

“Platforms”: Websites, Newsletter database system, Image and Video database system, Tourist attractions database system.

“Third party social networks”: Youtube, Instagram, Facebook, Twitter, Pinterest, LinkedIN, Podio

“Marketing activities”: E.g. Newsletters, marketing campaigns, events, workshops, fairs etc.

“Personal data”: Personal data is information that can identify you as a person, e.g. an email address, street address or phone number.

“Data controller”: Legal entity determining the purpose and means of processing your data.

“Data processor”: Legal entity processing data on behalf of our partners based on their instructions.

1. Aarhusregionen’s ambition concerning your privacy

Aarhusregionen is handling personal data about you which is why we chose to inform you about our Privacy Policy.

Aarhusregionen’ Privacy Policy outlines your rights to privacy and our commitment to safeguarding your personal data. Aarhusregionens’ ambition is to be fully transparent in our privacy practices and the choices you can make regarding your personal data that is processed by Aarhusregionen.

2. Application of data protection legislation

Aarhusregionen promotes the Aarhus region nationally as well as internationally including resources from local businesses, institutions and other parties with relations and an interest in tourism as much as possible.

Aarhusregionens‘ head office is located in Aarhus. All Aarhusregionen’s entities, are located in the Aarhus-area, and are therefore subject to European data protection- and privacy regulations and directives. Our privacy policies and guidelines respect and comply with applicable privacy legislation in the countries in which we operate. We also work continuously on adapting to the new General Data Protection Regulation and EU/US Privacy Shield framework for data transfers to the US. All major decisions regarding privacy in Aarhusregionen are made at a corporate level.

This Statement is available on our aarhusregionen.com website.

3. Scope and your acceptance

This Privacy Policy applies to all business processes in Aarhusregionen and to all Aarhusregionens platforms and third party social networks.

The Privacy Policy provides information about data processing carried out by Aarhusregionen both as data controller and data processor.

Processing your personal data is necessary for us to serve you and our partners. By providing us with your personal data, you accept the practices and terms described in this Privacy Policy. Please do not use Aarhusregionens platforms or third party social networks - or provide your personal data - if you do not agree.

4. What personal data we process

The type of data that Aarhusregionen might process about you may be:

(a) Our users contact details such as: Name, address, telephone number and e-mail.

(b) IP address.

(c) Employment information about you and the company you are employed at, such as: Job title, position including preferences and interests – only in professional context.

(d) Personal data you provide us with due to our marketing collaboration.

(e) Personal data you provide us with due to seeking a job at Aarhusregionen.

(f) Feed-back, comments or questions provided by you while using Aarhusregionen platforms or third party social networks.

(g) Content you have uploaded on Aarhusregionens platforms or third party social networks.

(h) Unique user information such as: Login ID, username, password and security question.

(i) Financial information, e.g. credit card information, bank account number.

(j) Personal data you provide us with answering surveys.

(k) Tracking information as provided by your web browser such as browser type, language and the address of the website from which you arrived.

(l) Clickstream behavior such as which links you click on and when.

(m) Other personal data contained in your profile on third party social networks.

We may also in some cases compare a collected IP address with a geographic map service to derive your general location. If you make a post, comment or similar on any public forum or Aarhusregionen platforms or third party social networks, such information can be read and used by anyone with access to our platforms and third party social networks and used for purposes over which neither Aarhusregionen nor you have control. Aarhusregionen is not responsible for any information you submit to such forums.

We may also while planning specific events with collaboration partners ask for personal data such as: Passport number, expiry date, date of birth, sex, home address, diets, allergies, spouse etc.

Aarhusregionen will not post any photo, comment, testimonials or similar made by you without your prior consent.

5. Aarhusregionen as data controller

Aarhusregionen control personal data that we collect in the context of you being:

(a) employed by a partner that has or may have a business relation to Aarhusregionen.

(b) a user who declares that you want to receive information from Aarhusregionen based on your own or your employer’s interests.

(c) a jobseeker

When you represent a partner or user of Aarhusregionen, your rights are the same as if you were a private person only representing yourself.

6. Why we process your personal data

To manage our user relations in general and to meet our user commitments, Aarhusregionen requires some information about you or you being a user of our platforms and third party social networks. Our aims with this are:

(a) Provide offers on marketing collaboration, marketing activities, digital marketing services such as marketing activities on third party social networks, and data reports on insight travel knowledge that users have requested.

(b) Inform about and present our marketing collaboration and digital/data services that are closely related to the services and marketing collaboration with you as a user.

(c) Perform deliveries in accordance with a partner/or customer agreement.

(d) Offer support to users of our platforms.

(e) Improve the quality of our marketing campaigns and platforms.

(f) Communicate and improve information that is relevant for our users in general.

(g) Process orders, invoicing, payments and other financial follow up.

(h) Payment of programs and services purchased through Aarhusregionens platforms.

(i) To manage access to our platforms.

(j) To manage information about you if you are a jobseeker.

If you are a jobseeker we gather information in order to:1) analyze your skills and background and 2) evaluate your potential as a future Aarhusregionen employee. The basis for Aarhusregionen processing your personal data when being a jobseeker is based on your voluntary consent. Your consent may be given freely on Aarhusregionens website when applicable.

Processing according to the above listed purposes (a to j) is necessary for us to manage our user relations. Therefore Aarhusregionen do not, as additional ground ask for your consent to process your personal data. We do not consider that the processing disadvantages you in any way.

Booking systems delivered by Nordic Travel and Djurspakken are integrated as part of the portals on Aarhusregionens platforms. Nordic Travel and Djurspakken are independent companies, and Aarhusregionen cannot be made responsible for the use of the booking system or any consequences of such use. Reference is made to Nordic Travel and Djurspakken’s disclaimers.

7. How we collect your personal data

In general, Aarhusregionen collects data directly from you or the company where you are employed. We will also, with your consent, use cookies and other tracking technology when you use Aarhusregionen platforms in order to optimize your experience of these.

In some cases, we may also collect information about you from other legitimate sources if you have given your consent that the party collecting the personal data may share this with others. These sources may be third party data aggregators, Aarhusregionen marketing partners, public sources or third party social networks.

8. Automatic data collection tools

Aarhusregionen uses a variety of technologies to collect information about your movements on the web as well as interest and preferences you freely have made available.

Cookies
Cookies are small text files that contain a string of characters and uniquely identify a browser. They are sent to a computer by website operators or third parties. Most browsers are initially set up to accept cookies. You may be, however, able to change your browser settings to cause your browser to refuse third-party cookies or to indicate when a third-party cookie is being sent. If you would like to know more about our cookie policy, please have a look on: www.aarhusregionen.com

Marketing Tools
Aarhusregionen uses digital marketing software and digital re-marketing services that employs cookies or data in order to recognize a return visitor as a unique user. The cookies placed by this software are readable only by the vendor of the software, and cookies cannot access, read or modify any other data on your computer. We do link the information we store in cookies to any personally identifiable information you submit while on our platforms or third party social networks.

Tracking tools
Aarhusregionen uses tracking tools which allows us to see information on user platforms activities including, but not limited to page views, source and time spent on our platforms. The information is depersonalized and is displayed as statistical overview, meaning it cannot be tracked back to individuals. This will help to protect your privacy.

9. How we share your personal data

As Aarhusregionen consists of many different business entities, there is a great likelihood that a partner or customer will conduct business with more than one business unit. It is important for us that we provide the best possible partner/user experience when collaborating with Aarhusregionen. In order to maintain a complete overview and insight into which partners and users have relations with the various business entities, we will therefore share your data among our local business entities. The aim of this is to ensure that you can access the relevant information on time and that you are not contacted more often than is necessary for you or for Aarhusregionen.

Aarhusregionen does only share your personal data with third parties who intend to use the data for marketing purposes if you have given your consent.

These Terms and Conditions shall be governed by and construed in accordance with Danish law (Forvaltningsloven and Offentlighedsloven). Access to personal information will be handled by Aarhusregionen in compliance with Danish Law. 

10. Your rights

Right to opt-out of marketing communications
You have the right to opt-out of receiving marketing communications from Aarhusregionen and can do so by following the instructions for opt-out in the relevant marketing communication

Please note that even if you opt-out from receiving marketing communications, you may still receive administrative communications from Aarhusregionen.

11. Access and rectification

You have the right to request a copy of your personal data. You may send us a request for this on: info@visitaarhus.com.
You also have the right to request that Aarhusregionen correct any inaccuracies in your personal data.

12. Data security and retention

How we keep your personal data secure
Aarhusregionen takes your personal data seriously. Aarhusregionen is committed to prevent unauthorized access, disclosure or other deviant processing of your data. Further, Aarhusregionen is committed to ensure proper use of the information, to maintain data integrity and to secure data availability. As part of our commitment, we utilize reasonable and appropriate physical, technical, and administrative procedures and measures to safeguard the information we collect and process. Aarhusregionen has implemented a number of security measures, which secure your personal data.

Please note that these protections do not apply to the personal data that you choose to share in public areas such as third party social networks.

How long we store your personal data
Aarhusregionen will only retain your personal data for as long as necessary for the stated purpose, while also taking into account our need to answer queries or resolve problems and to comply with legal requirements under applicable laws.

This means that we may retain your personal data for a reasonable period after your last interaction with us. When the personal data that we collect is no longer required in this way, we destroy or delete it in a secure manner. We may process data for statistical purposes, but in such cases, data will be anonymized.

13. Aarhusregionen as a data processor

Aarhusregionen provides many different services to our partners. These services involves processing of the partners’ data and may include processing of personal data. The purposes of this processing is determined by our partners and not by Aarhusregionen. The partner is then the data controller for the data subject’s data. Aarhusregionen do in such cases act as data processor and process the data on behalf of and according to instructions given by the partner. When acting as data processor, Aarhusregionen is in accordance with the requirements applicable to data protection legislation always committed to enter into a data processing agreement (DPA) with the partner.

  • The partner is the owner of or otherwise has the right to transfer the data to Aarhusregionen for processing and that he has the responsibility for the accuracy, integrity, content, reliability and legality of the personal data
  • It is the partners duty as data controller to notify, to the extent required by applicable law, the relevant supervisory authorities and/or the data subject in the event of any breach or unauthorized disclosure of personal data

When acting as data processor, Aarhusregionen is responsible for providing technical and organizational security measures in order to safeguard your privacy on behalf of our partner - the data controller.

As data processor, Aarhusregionen will not process personal data in any other manner or for any other purpose than as authorized in the agreement with the data controller.

Data subjects having questions, comments, claims or any other issues regarding their personal data that Aarhusregionen is data processor for, must submit these to the data controller. As data processor, Aarhusregionen will not give any data subjects access to their personal data without instructions given by the data controller to do so. If governmental authorities or the police request disclosure of personal data, Aarhusregionen will promptly notify the data controller and we will disclose such data only to comply with applicable laws or a court order.

Aarhusregionen will provide non-public information about internal systems and routines for data processing to collaboration partners upon request. This may be contingent upon a non-disclosure agreement.

13 A. Subcontractors and export of personal data

In some cases, Aarhusregionen will use subcontractors to process personal data, and we may export your or our partners data outside the EU. These subcontractors are typically vendors of cloud services or other IT hosting services. When using subcontractors, Aarhusregionen as data processor will always enter into a data processing agreement (DPA) in order to safeguard your privacy rights and/or to fulfil our obligations towards our partners.

14. Changes to this Policy

According to applicable law Aarhusregionen modify our Privacy Policy regularly. The updated version will always be available on our aarhusregionen.com website. We encourage you to review the Policy regularly.

15. How to contact us

We value your opinion. If you have any comments or questions about our Privacy Policy, any unresolved privacy or data use concerns that we have not addressed satisfactorily, or concerning a possible breach of your privacy, please send them to info@visitaarhus.com. We will handle your requests or complaints confidentially. Our representative will contact you to address your concerns and outline the options regarding how these may be resolved. We aim to ensure that complaints are resolved in a timely and appropriate manner.