1. The Cambridge Institute’s personal data policy
The sections below describe how we collect, process and store personal information. Our clear goal is to be transparent with regards to the way we handle personal data and to protect information in accordance with the relevant legislation.
2. What personal data do we keep and why?
We only keep information that is necessary to comply with legislation and provide our course participants with services (contract fulfilment) including course attendance, invoicing, sending relevant course information and documentation and sending participant information to municipalities, cf. the Danish Public Information Act and municipal rules for subsidies and contracts with municipalities.
This information is:
- Name and surname
- Date of birth / CPR no.
- Email address
- Phone number
We do not keep any sensitive personal information.
3. How do we collect information?
The collection of personal data is done in one of the following ways:
- Via the website, where you enter personal data in an online form.
- By telephone contact; your data is transferred to the administration programme by the Cambridge Institute’s staff.
- Via email contact; your data is transferred to the administration programme by the Cambridge Institute’s staff.
4. How long do we keep information?
We store your data in accordance with the relevant law.
In line with the Accounting Act §10, we store the personal data for 5 years, calculated from the end of the relevant financial year in which the course was completed.
5. Who has access to the information?
Only trusted employees who have a professional reason have access to all or part of the stored personal data. These are:
- Administrative staff who are responsible for enrolments, room booking and invoicing for the Cambridge Institute’s courses.
- The Cambridge Institute’s administrative staff who are responsible for accounting regarding subsidies, bookkeeping and communication with the authorities.
- The Cambridge Institute’s teachers who are informed about names and other limited relevant information regarding the formation of attendance lists, meeting minutes and meeting cards.
6. Disclosure of information
In order to process payments, we only disclose information that is essential for completing the payment and identifying the payer. Information about the payer’s ID, course ID and amount is passed on to A/S Scannet, who we use for payment gateway services.
At the same time, we forward information to the public authorities, cf. the relevant legislation. Name and contact information may be forwarded to the municipality, cf. the Danish Public Information Act.
CPR numbers are forwarded to the municipality in accordance with the rules for inter-municipal reimbursement.
A solemn declaration can be forwarded to the municipality, cf. the municipal rules for payment of supplementary grants (reduced payments for participants).
7. Data Storage and Data Processors
All data collected in digital form is stored at the Cambridge Institute.
Only trusted employees and technical partners with whom a data processing agreement has been made have limited access to data and only to the extent necessary for providing a good service.
Any personal data that is received via e-mail is stored on Office 365 Cloud, which is covered by Microsoft’s current guarantee for data security.
8. Cookies and log files
- The pages have been visited and when.
- The visitor’s IP address.
- Location in the country and which country visitors come from.
- The language used by the visitor’s computer.
- The browser and OS used by visitors.
- The keywords visitors have used to generate content.
- The page visitors have just come from (external and internal links).
- The links visitors have clicked on.
Visitors on our website indicate their acceptance of these statistics cookies. If you turn cookies off in your browser, you will still be able to use our website.
Instructions on how to delete or block cookies are usually found in your browser’s help file.
If you use one of our IT services that require a login, your actions will be registered in our log files. This registration is in accordance with current legal requirements regarding the registration of activities in IT systems in order to prevent misuse and hacking. These digital trails are stored for a maximum of 5 years in accordance with the agreement with our data processors.
9. Your rights
In accordance with the applicable legislation, everyone is guaranteed the following rights:
- The right to access your personal data (right of access). You have the right to be informed about what sort of information we are processing as well as any printouts or copies of the collected information that may have been made.
- The right to have incorrect personal information corrected (right of rectification). If you believe that any information we have is incorrect, inaccurate or inadequate, you may request the information to be corrected.
- The right to have your personal information deleted (the right to be forgotten). If you believe that the information we have is not necessary for the purpose for which they were originally collected, you may request that the information be deleted. Please be aware, however, that we have a duty and the right to store certain personal data in order to comply with the rules of the law.
- The right to move your personal data (data transferability). You have the right to receive information about yourself in a structured, commonly-used and machine-readable format, and you have the right to transfer this information to another company.
- The right to object. You have the right to object to the use of personal data for, amongst others, direct marketing and profiling. However, we do not use profiling, while any marketing will always be preceded by explicit consent.
If you contact us regarding one of the above points (access, rectification, deletion, etc.), within one month, you will be notified about what we intend to do with regards to your inquiry. For example, if you request your information to be corrected or deleted, we will usually check that all the relevant conditions have been met, including whether there is a legal basis for the continued processing of data. If we conclude that the objection is justified, we will comply with the request.
For enrolments, invoicing and bookkeeping, we do not need to obtain consent to process data as its legality (See Article 6, EU Data Act) is derived from the necessity of processing data to be able to fulfil the contract.
However, in order to collect personal data for other purposes, e.g. supplementary information regarding a course or for signing up to receive our newsletter, we may request consent if necessary.
Consent may be in writing or verbal, but we must be able to document that consent has been given. In most cases, this consent will take the form of a ticked box on our website or during the enrolment process, when our IT systems will record the time and form. Consent may also be given via email or other digital communications.
When giving consent, you will be informed about the details, including the purpose and the retraction process.
We ensure that any data is stored safely and discreetly. Our security measures are divided into organisational and technical measures.
The organisational security measures mean that only the Cambridge Institute’s trusted persons with a relevant professional purpose have access to your personal information. This is in connection with course enrolments, course administration, invoicing and communication. In addition, our teachers have limited access to your personal information. This is only information that is relevant for conducting the course (See point 6 above).
Our staff are guided and instructed about data security on an ongoing basis. This includes how to handle and protect information. We also keep track of our data processing activities, which are under the control of the Danish Data Protection Agency.
The technical security measures are linked to our use of IT systems for the registration and administration of group and participant data. Our data is securely located and has the required level of protection. All communication (for example, enrolments and payment) that occurs on our website is protected by authenticated security certificates with a 256-bit encryption key. A backup of the data is performed on a daily basis.
Our internal IT systems (PCs, etc.) are further protected with passwords, updated antivirus programmes and a firewall, while any physical material is locked in a secure location. In the event of destruction or repair of IT equipment, every effort is made to ensure that information can not be accessed by unauthorised persons.
12. Complaints and contact information
cambridgeinstitute.dk is owned and operated by Studieskolen in Copenhagen. Any complaints about the way in which the Cambridge Institute processes personal data, objections or questions concerning the Personal Data Policy should be addressed to the Data Manager:
Studieskolen in Copenhagen
Borgergade 12, 1300 Copenhagen K
33 18 79 00