Privacy policy

Business Academy Copenhagen processes your personal data to carry out its duties as a public authority (public educational institution) in accordance with the Act on Academies for higher education.

General personal data is processed under Article 6(1)(e) of the General Data Protection Regulation (GDPR).

Health information and other sensitive data are processed under Article 9(2)(g) of the GDPR.

CPR number (Danish national ID) is processed under Article 87 of the GDPR in conjunction with Section 11(1) of the Danish Data Protection Act.

Business Academy Copenhagen uses CCTV surveillance at its locations for the purposes of theft prevention, crime detection and investigation, identifying unauthorised access, and ensuring that the premises are used appropriately and in accordance with Business Academy Copenhagen’s rules of conduct. General personal data in the form of video recordings and information about potentially criminal behaviour is collected.

Surveillance is carried out under Article 6(1)(c) (legal obligation under the Danish TV Surveillance Act) and Article 6(1)(e) (public interest) of the GDPR for general personal data, and Section 8(3) of the Danish Data Protection Act for potentially criminal matters. Recordings may be handed over to the police in connection with investigations, cf. Section 8(2)(2) of the Danish Data Protection Act. Video recordings are handled by a data processor called Lyngby Låse & Alarm I/S.

The legal basis for processing personal data related to newsletters is Article 6(1)(a) of the GDPR – a specific consent given upon subscription. The definition of consent is found in Article 4(11) of the GDPR.

If you are studying while serving a sentence, the legal basis for processing information about criminal matters (such as place of incarceration and associated educational advisor, if disclosed, from which it can be inferred that the individual is under the Danish Prison and Probation Service) is Section 8(3) of the Danish Data Protection Act, based on legitimate interest in fulfilling obligations towards the Prison and Probation Service.

• CPR number (Civil registration number/national ID)
• Civil registration information
• Contact details, including any chosen nickname if you have name or address protection
• Grades and other exam records
• Health information in connection with special case processing (e.g. exemptions, leave, or SPS (Strengthened pedagogical curriculum) applications)
• Gender
• Nationality
• Study activity, exam registrations, absence records
• Internship location and period, tasks during the internship, and any statements from the internship provider
• Assignment submissions and consent for lending assignments
• Information about student grants (SU) and/or other public benefits
• Participation in councils and boards, including talent programmes
• Portrait photo for student ID card
• Responses to evaluations and surveys about your study programme
• Complaints and decisions
• Library loans and usage
• Exemption and disciplinary cases
• Preference profiles for group formation
• System and application data, including system usage logs
• System data from access control
• Video recordings / CCTV surveillance
• Video recordings / recordings of selected teaching sessions for online students (not covered by Cphbusiness’ CCTV policy)

Specifically for international applicants/students:

• Passport
• Payment information
• Payslips and employment contracts in connection with SU eligibility for EU citizens (migrant workers)

Specifically for students applying for exchange programmes:

• CPR number (Civil registration number)
• Name and contact details
• Enrolment information
• Desired institution
• Any organisations managing the exchange programme

If you have subscribed to newsletters from Business Academy Copenhagen, the following data Is processed:

• Name
• Contact details you provided
• Open and click rates (analysed only at an aggregate level, not per individual)

For students who have given consent to share their exam paper via the Library:

When you give consent to share your exam paper via the Library, we anonymize your paper and use it for up to 5 years. After that, it will be deleted.

As part of this process, the following information is collected about you:

• An anonymized version of the exam paper
• Your consent to share the exam paper

• Exam grades and the data (name and CPR number) necessary to reissue diplomas are stored for 30 years in accordance with the Ministerial Order on Examinations in Professionally Oriented Higher Education, Section 55(2).

• Information related to individual case processing (e.g. complaints or disciplinary actions) is stored according to applicable rules on archiving and disposal, cf. the Executive Order on the Preservation and Disposal of Records at universities, academies, university Colleges, and upper Secondary Education Institutions.

• Study progress data is stored in Business Academy Copenhagen’s administrative system, esas, for up to 7 years.

• CCTV recordings from Business Academy Copenhagen locations are stored for a maximum of 30 days unless retention is necessary for investigating criminal or disciplinary matters.

• Information about financial transactions with Cphbusiness is stored for 5 years in accordance with the Danish Bookkeeping Act, Section 12.

• Newsletter subscription data is stored as long as you remain subscribed. Additionally, we delete subscriptions annually for users who have not opened a newsletter within the past 12 months.

As an educational institution, Business Academy Copenhagen is obligated to share personal data with various public authorities.

Information about students is shared with the Danish Agency for Higher Education and Science, the Danish Agency for Education and Quality, the Danish National Archives, the Ministry of Higher Education and Science, and Statistics Denmark. Additionally, student data may be shared with other educational institutions in the event of a transfer.

For students, name, Business Academy Copenhagen email address, programme, and class will appear in Business Academy Copenhagen’s internal email and intranet systems and will therefore be accessible to both staff and students at Business Academy Copenhagen. Students with name protection in the Danish Civil Registration System will be registered under a fictitious name (pseudonymised). The individual student will be contacted and asked to specify a preferred nickname. Furthermore, information about students’ preferences (roles) in group work is used for group formation in certain programmes.

Business Academy Copenhagen exchanges personal data with the job centre you are affiliated with if you are unemployed. This includes all data on the AR237 form: educational background, occupational group, employment status, receipt of benefits, unemployment insurance fund membership, information about unemployment, hours spent on job-related education, and admission decision status.

When a student initiates the forwarding of an internship contract to a host company, we share the relevant information. No other data is shared without consent.

Preference profiles (roles) created for group formation will be shared with other participants in the same class/programme to facilitate group composition.

Business Academy Copenhagen’s systems are synchronised with the Office.com platform, meaning that profile data entered by the student in the Office platform—regardless of type—will be accessible to other students and staff at Business Academy Copenhagen.
In several of Cphbusiness’ systems, users can choose to synchronise/link their profile and associated data with external systems and services such as LinkedIn, Facebook, Google+, and similar. If a user chooses to synchronise/link their data with other services, the resulting sharing of profile data is initiated by the user and is therefore their own responsibility.

In certain cases, data is entrusted to Business Academy Copenhagen’s data processors, who process data according to Business Academy Copenhagen’s instructions. These data processors may include providers of IT services such as email, Learning Management Systems, student administration systems, CCTV, or production platforms.

Video recordings are handed over to the police if requested for the purpose of criminal investigations. The transfer is made via encrypted USB.

Information about newsletter subscriptions is not shared. Business Academy Copenhagen always uses an approved data processor for newsletters, who supports Business Academy Copenhagen in carrying out the task and processes personal data under Business Academy Copenhagen’s instructions.

You have the following rights as a data subject:

• Right of access to personal data related to you.
• Right to rectification – correction or deletion of inaccurate or incomplete personal data.
• Right to object to the processing of personal data on legal grounds.
• Right to erasure. However, this right is subject to several limitations to allow Business Academy Copenhagen to fulfil its obligations as a public educational institution.
• Right to restriction of processing. In certain cases, you have the right to restrict the processing of your personal data. If you exercise this right, we may only process the data – apart from storage – with your consent, or for the establishment, exercise, or defence of legal claims, or to protect another person or important public interests.

If you wish to exercise your rights to access, deletion, or rectification, you must submit a request via Digital Post so that Business Academy Copenhagen can verify your identity. If you are unsure how to proceed or do not have a Danish CPR number, you can write to gdpr@ek.dk. Business Academy Copenhagen generally has one month to respond to your request. In special cases, this deadline may be extended by up to two months if necessary due to the complexity and scope of the request.

Business Academy Copenhagen may choose to reject a request if it is deemed manifestly unfounded (e.g. if the data subject has no relation to Business Academy Copenhagen) or charge a fee if the request is considered excessive.

Business Academy Copenhagen’s decision can be brought before the Danish Data Protection Agency – see the section below.

Specifically for students who have given consent to share their exam papers via the Library:

You can withdraw your consent to share your exam paper via the Library.

Login here to withdraw your consent: https://anmodningerogsamtykke.cphbusiness.dk/Home/ChooseLogin

If you have questions about Business Academy Copenhagen’s privacy policy, your rights as a data subject, or how personal data is processed, you can contact Cphbusiness via email: gdpr@ek.dk

Business Academy Copenhagen has appointed the Joint Date Protection Officer (DPO Function) at EFIF as its DPO. The DPO advises Business Academy Copenhagen on data protection legislation and regulations. You can contact the DPO via email: gdpr@efif.dk or phone: +45 89 36 32 80

If you believe that Business Academy Copenhagen’s processing of your personal data violates applicable regulations, you can submit a complaint to: gdpr@ekek.dk. Business Academy Copenhagen will then initiate an investigation to ensure your complaint is thoroughly reviewed and that you receive a response.

You can also complain to the Danish Data Protection Agency if you believe Business Academy Copenhagen is not processing your data correctly or if you believe your rights have been violated. More information about your complaint options is available on the agency’s website:

Danish Data Protection Agency Carl Jacobsens Vej 35 2500 Valby

Phone: +45 33 19 32 00

Email: dt@datatilsynet.dk

Website: www.datatilsynet.dk

A cookie is a small data file stored on your computer, tablet, or mobile phone. A cookie is not a program and cannot contain harmful software or viruses.

Cookies may be necessary for the website to function. They also help us understand your visit to the site so we can continuously optimise and tailor it to your needs and interests. For example, cookies remember what you’ve added to your shopping cart, whether you’ve visited the site before, whether you’re logged in, and your preferred language and currency. We also use cookies to target our ads to you on other websites. Overall, we use cookies as part of our service to display content that is as relevant to you as possible.

You can see which services set cookies and for what purposes under the categories: Necessary, Functional, Statistical, and Marketing.

The duration a cookie is stored on your devices and browsers varies. The lifespan of a cookie is calculated from your last visit to the website. When the cookie expires, it is automatically deleted. The lifespan of all our cookies is listed in our cookie policy, which is updated monthly by Cookie Information.

You can always reject all third-party cookies by changing your browser settings on your computer, tablet, or phone. Where you find these settings depends on the browser you use. Note that if you reject all third-party cookies, some functions and services on the website may not work (as they rely on cookies).

Cookies you have previously accepted can be deleted. How you delete them depends on the browser you use (Chrome, Firefox, Safari, etc.) and the device (mobile, tablet, PC, Mac). It is typically found under Settings – Security and Privacy, but this may vary by browser.

You can change your consent by either deleting cookies from your browser or by changing your original selection.

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

We collect information about your preferences and choices on the website to show you the version of the site that matches your preferences. This includes determining your preferred region and language, displaying videos, and other visual elements such as job searches.

We collect information about how you interact with the website, including how often you visit and which pages you view. This helps us optimise design, usability, and the website’s effectiveness. We also use this information to provide personalised content and conduct market analysis. We use tools like Google Analytics to understand how users interact with our site. Google Analytics sets two types of cookies:

• Persistent cookies that show if the user is returning, where they came from, which search engine was used, keywords, etc.
• Session cookies that show when and how long a user is on the site. These expire after each session when you close your tab or browser.

More information can be found in Google’s privacy policy. Cookies are also set by YouTube (Google) for video statistics and user input on embedded videos on ek.dk and other subsites. More information about these cookies can be found in Google’s privacy policy and our cookie policy from Cookie Information.

Google has documented that data collection via Google Analytics occurs through regional data centres. Google uses the visitor’s IP address to determine the nearest data centre. For visitors accessing a Danish organisation’s website, this likely means connecting to a European server before data is sent to Google in the USA. However, visitors accessing the site from other countries may connect directly to a Google server in the USA if it is closer. This means the IP address may be transferred to the USA before anonymisation. In such cases, Google is assumed to have implemented firewalls that log incoming traffic. These logs can be cross-referenced with data collected for Google Analytics, potentially revealing IP addresses even if not directly collected by Google Analytics. Legal channels, such as mutual legal assistance agreements, may allow public authorities in third countries to identify the physical person behind an IP address via ISPs and law enforcement.

However, registered users are covered by the necessary safeguards provided under the EU-US Data Protection Framework (the data transfer basis between the EU/EEA and the USA as a secure third country).

We collect information about your interests, including which pages and ads you click on and which products or services you show interest in or purchase on this and other websites. This allows us to show you ads that are relevant to you and your interests. To deliver targeted ads on this and other websites, we collaborate with other companies with whom we share this information. If you are logged into services like Google or Facebook during your visit, this data may be linked to your profile and used to target ads and content. This is beyond our control and is solely a matter between you and the third party.

Unclassified cookies are those we are currently working to classify together with the providers of the individual cookies.

If you have any comments or questions regarding our information and/or the processing of your personal data, you are welcome to contact us. The cookie policy is updated monthly by Cookie Information. If you have questions about the cookie policy, you can contact Cookie Information via their website.