Privacy policy
It is the policy of Business Academy Copenhagen to provide all registered individuals - whether students, course participants, applicants, employees, partners, or other interested parties who contact Business Academy Copenhagen — with respectful and proper treatment.
We are therefore committed to safeguarding the personal data entrusted to us and to processing it in accordance with applicable legislation.
This means that we store your information securely and confidentially, and that we protect it from being accidentally destroyed, lost, or degraded, from unauthorised access, misuse, or any other processing that is contrary to applicable law.
Below, you can read more about how we process personal data, the rights you have as a data subject—such as the right to access, object, rectify, and delete your data—and how you can give or withdraw your consent.
In the following, we describe the processing of personal data carried out by Business Academy Copenhagen (“we”, “us”), along with the other information we are required to proactively provide to data subjects under Regulation (EU) 2016/679 (“General Data Protection Regulation Act”, “GDPR”), Articles 13 and 14.
The description is divided into categories (e.g. students or employees), as the types of personal data we process and the legal basis for doing so vary. If you are unsure which category you fall under, you are welcome to contact us at gdpr@kea.dk / persondata@cphbusiness.dk
Contact
You can always contact Business Academy Copenhagen if you have questions:
gdpr@kea.dk / persondata@cphbusiness.dk
You can also contact our DPO (Data Protection Officer):
Mail: gdpr@efif.dk
Phone: 89 36 32 80
Address: Sønderhøj 28, 8260 Viby
New Data controller
As of the establishment of Business Academy Copenhagen on 1 July 2025, data about you as a student is processed by Business Academy Copenhagen, which is the data controller from this date onwards.
As the continuing institution for Copenhagen Business Academy and Copenhagen School of Design and Technology, Business Academy Copenhagen will have both historical data about you from the original institution as well as any data about you after 1 July 2025.
The data is processed in accordance with Danish and European law, and your rights as a data subject are otherwise unchanged.
From 1 July 2025, you will be covered by the personal data policy for Business Academy Copenhagen and its technical and organizational security measures.
If you have any questions or concerns, you are very welcome to contact us.
Cookies
You can read more about which cookies we use on our website and how you can accept or decline the use of these in our cookie policy.
Privacy policyfor full-time students
Business Academy Copenhagen (EK)
Nansensgade 19
1366 København K
Phone: +45 46 46 00 46 / +45 36 15 45 00
Mail: kea@kea.dk / persondata@cphbusiness.dk
CVR no.: 4536 0644
Business Academy Copenhagen processes your personal data to carry out its duties as a public authority (public educational institution) in accordance with the Act on Academies for higher education.
General personal data is processed under Article 6(1)(e) of the General Data Protection Regulation (GDPR).
Health information and other sensitive data are processed under Article 9(2)(g) of the GDPR.
CPR number (Danish national ID) is processed under Article 87 of the GDPR in conjunction with Section 11(1) of the Danish Data Protection Act.
Business Academy Copenhagen uses CCTV surveillance at its locations for the purposes of theft prevention, crime detection and investigation, identifying unauthorised access, and ensuring that the premises are used appropriately and in accordance with Business Academy Copenhagen’s rules of conduct. General personal data in the form of video recordings and information about potentially criminal behaviour is collected.
Surveillance is carried out under Article 6(1)(c) (legal obligation under the Danish TV Surveillance Act) and Article 6(1)(e) (public interest) of the GDPR for general personal data, and Section 8(3) of the Danish Data Protection Act for potentially criminal matters. Recordings may be handed over to the police in connection with investigations, cf. Section 8(2)(2) of the Danish Data Protection Act. Video recordings are handled by a data processor called Lyngby Låse & Alarm I/S.
The legal basis for processing personal data related to newsletters is Article 6(1)(a) of the GDPR – a specific consent given upon subscription. The definition of consent is found in Article 4(11) of the GDPR.
If you are studying while serving a sentence, the legal basis for processing information about criminal matters (such as place of incarceration and associated educational advisor, if disclosed, from which it can be inferred that the individual is under the Danish Prison and Probation Service) is Section 8(3) of the Danish Data Protection Act, based on legitimate interest in fulfilling obligations towards the Prison and Probation Service.
Business Academy Copenhagen collects the following personal data about you:
- CPR number (Civil registration number/national ID)
- Civil registration information
- Contact details, including any chosen nickname if you have name or address protection
- Grades and other exam records
- Health information in connection with special case processing (e.g. exemptions, leave, or SPS (Strengthened pedagogical curriculum) applications)
- Gender
- Nationality
- Study activity, exam registrations, absence records
- Internship location and period, tasks during the internship, and any statements from the internship provider
- Assignment submissions and consent for lending assignments
- Information about student grants (SU) and/or other public benefits
- Participation in councils and boards, including talent programmes
- Portrait photo for student ID card
- Responses to evaluations and surveys about your study programme
- Complaints and decisions
- Library loans and usage
- Exemption and disciplinary cases
- Preference profiles for group formation
- System and application data, including system usage logs
- System data from access control
- Video recordings / CCTV surveillance
- Video recordings / recordings of selected teaching sessions for online students (not covered by Business Academy Copenhagen’s CCTV policy)
Specifically for international applicants/students:
- Passport
- Payment information
- Payslips and employment contracts in connection with SU eligibility for EU citizens (migrant workers)
Specifically for students applying for exchange programmes:
- CPR number (Civil registration number)
- Name and contact details
- Enrolment information
- Desired institution
- Any organisations managing the exchange programme
If you have subscribed to newsletters from Business Academy Copenhagen, the following data is processed:
- Name
- Contact details you provided
- Open and click rates (analysed only at an aggregate level, not per individual)
Exam grades and the data (name and CPR number) necessary to reissue diplomas are stored for 30 years in accordance with the Ministerial Order on Examinations in Professionally Oriented Higher Education, Section 55(2).
Information related to individual case processing (e.g. complaints or disciplinary actions) is stored according to applicable rules on archiving and disposal, cf. the Executive Order on the Preservation and Disposal of Records at universities, academies, university Colleges, and upper Secondary Education Institutions.
Study progress data is stored in Business Academy Copenhagen’s administrative system, ESAS, for up to 7 years.
CCTV recordings from Business Academy Copenhagen locations are stored for a maximum of 30 days unless retention is necessary for investigating criminal or disciplinary matters.
Information about financial transactions with Business Academy Copenhagen is stored for 5 years in accordance with the Danish Bookkeeping Act, Section 12.
Newsletter subscription data is stored as long as you remain subscribed. Additionally, we delete subscriptions annually for users who have not opened a newsletter within the past 12 months.
As an educational institution, Business Academy Copenhagen is obligated to share personal data with various public authorities.
Information about students is shared with the Danish Agency for Higher Education and Science, the Danish Agency for Education and Quality, the Danish National Archives, the Ministry of Higher Education and Science, and Statistics Denmark. Additionally, student data may be shared with other educational institutions in the event of a transfer.
For students, name, Business Academy Copenhagen email address, programme, and class will appear in Business Academy Copenhagen’s internal email and intranet systems and will therefore be accessible to both staff and students at Business Academy Copenhagen. Students with name protection in the Danish Civil Registration System will be registered under a fictitious name (pseudonymised). The individual student will be contacted and asked to specify a preferred nickname. Furthermore, information about students’ preferences (roles) in group work is used for group formation in certain programmes.
Business Academy Copenhagen exchanges personal data with the job centre you are affiliated with if you are unemployed. This includes all data on the AR237 form: educational background, occupational group, employment status, receipt of benefits, unemployment insurance fund membership, information about unemployment, hours spent on job-related education, and admission decision status.
When a student initiates the forwarding of an internship contract to a host company, we share the relevant information. No other data is shared without consent.
Preference profiles (roles) created for group formation will be shared with other participants in the same class/programme to facilitate group composition.
Business Academy Copenhagen’s systems are synchronised with the Office.com platform, meaning that profile data entered by the student in the Office platform—regardless of type—will be accessible to other students and staff at Business Academy Copenhagen.
In several of Business Academy Copenhagen’s systems, users can choose to synchronise/link their profile and associated data with external systems and services such as LinkedIn, Facebook, Google+, and similar. If a user chooses to synchronise/link their data with other services, the resulting sharing of profile data is initiated by the user and is therefore their own responsibility.
In certain cases, data is entrusted to Business Academy Copenhagen’s data processors, who process data according to Business Academy Copenhagen’s instructions. These data processors may include providers of IT services such as email, Learning Management Systems, student administration systems, CCTV, or production platforms.
Video recordings are handed over to the police if requested for the purpose of criminal investigations. The transfer is made via encrypted USB.
Information about newsletter subscriptions is not shared. Business Academy Copenhagen always uses an approved data processor for newsletters, who supports Business Academy Copenhagen in carrying out the task and processes personal data under Business Academy Copenhagen’s instructions.
You have the following rights as a data subject:
- Right of access to personal data related to you.
- Right to rectification – correction or deletion of inaccurate or incomplete personal data.
- Right to object to the processing of personal data on legal grounds.
- Right to erasure. However, this right is subject to several limitations to allow Business Academy Copenhagen to fulfil its obligations as a public educational institution.
- Right to restriction of processing. In certain cases, you have the right to restrict the processing of your personal data. If you exercise this right, we may only process the data – apart from storage – with your consent, or for the establishment, exercise, or defence of legal claims, or to protect another person or important public interests.
If you wish to exercise your rights to access, deletion, or rectification, you must submit a request via Digital Post so that Business Academy Copenhagen can verify your identity.
If you are unsure how to proceed or do not have a Danish CPR number, you can write to gdpr@ek.dk. Business Academy Copenhagen generally has one month to respond to your request. In special cases, this deadline may be extended by up to two months if necessary due to the complexity and scope of the request.
Business Academy Copenhagen may choose to reject a request if it is deemed manifestly unfounded (e.g. if the data subject has no relation to Business Academy Copenhagen) or charge a fee if the request is considered excessive.
Business Academy Copenhagen’s decision can be brought before the Danish Data Protection Agency – read more in the section Who can I complain to?
If you have questions about Business Academy Copenhagen’s privacy policy, your rights as a data subject, or how personal data is processed, you can contact Business Academy Copenhagen via email: gdpr@ek.dk
Business Academy Copenhagen has appointed the Joint Date Protection Officer (DPO Function) at EFIF as its DPO. The DPO advises Business Academy Copenhagen on data protection legislation and regulations.
You can contact the DPO via email: gdpr@efif.dk or phone: +45 89 36 32 80.
If you believe that Business Academy Copenhagen’s processing of your personal data violates applicable regulations, you can submit a complaint to: gdpr@ek.dk. Business Academy Copenhagen will then initiate an investigation to ensure your complaint is thoroughly reviewed and that you receive a response.
You can also complain to the Danish Data Protection Agency if you believe Business Academy Copenhagen is not processing your data correctly or if you believe your rights have been violated.
More information about your complaint options is available on the agency’s website.
Danish Data Protection Agency
Carl Jacobsens Vej 35
2500 Valby
Phone: +45 33 19 32 00
Email: dt@datatilsynet.dk
Website: www.datatilsynet.dk
Privacy policyfor part-time students and course participants
Business Academy Copenhagen (EK)
Nansensgade 19
1366 København K
Phone: +45 46 46 00 46 / +45 36 15 45 00
Mail: kea@kea.dk / persondata@cphbusiness.dk
CVR no.: 4536 0644
Business Academy Copenhagen processes your personal data to fulfil its responsibilities as a public authority (a public educational institution) in accordance with the Act on Academies for higher education.
General personal data is processed under Article 6(1)(e) of the General Data Protection Regulation (GDPR).
For students enrolled in courses offered as income-generating activities (self-funded or employer-funded), general personal data is also processed under Article 6(1)(b) of the GDPR (performance of a contract).
Health-related and other sensitive data is processed under Article 9(2)(g) of the GDPR.
Civil registration numbers (CPR numbers) are processed under Article 87 of the GDPR in conjunction with Section 11(1) of the Danish Data Protection Act.
Business Academy Copenhagen uses CCTV surveillance at its locations for theft prevention, detection and investigation of criminal activity, identifying unauthorised access, and ensuring that premises are used appropriately and in accordance with Business Academy Copenhagen’s rules of conduct. General personal data is collected in the form of video recordings and information about potentially criminal behaviour. Surveillance is carried out under Article 6(1)(c) (legal obligation under the Danish TV Surveillance Act) and Article 6(1)(e) (public interest) of the GDPR, and Section 8(3) of the Danish Data Protection Act for potentially criminal matters. Recordings may be handed over to the police for investigation purposes under Section 8(2)(2) of the Danish Data Protection Act. Video surveillance is managed by a data processor called Lyngby Låse & Alarm I/S.
The legal basis for processing personal data related to newsletters is Article 6(1)(a) of the GDPR – specific consent given upon subscription. The definition of consent is found in Article 4(11) of the GDPR.
If you are studying while serving a sentence, the legal basis for processing data related to criminal matters (e.g. place of incarceration and associated educational advisor, if disclosed) is Section 8(3) of the Danish Data Protection Act, based on a legitimate interest in fulfilling obligations to the Danish Prison and Probation Service.
Business Academy Copenhagen collects the following personal data about you:
- CPR number (national ID)
- Civil registration data
- Contact details, including any chosen nickname if you have name or address protection
- Grades and other exam records
- Health information in connection with special case processing (e.g. exemptions, leave, or applications for special educational support – SPS)
- Gender
- Nationality
- Study activity, exam registrations, absence records and reasons
- Information on SVU or other public benefits
- Responses to evaluations and surveys about your study programme
- Complaints and decisions
- Library loans and usage
- Exemption and disciplinary cases
- Preference profiles for group formation
- System and application data, including logs of system usage
- System data from access control
- Video recordings / CCTV surveillance
- Video recordings / recordings of selected teaching sessions for online students (not covered by the CCTV policy)
- CV
- Application to the Transition Fund
Specifically for continuing education students whose employer pays for the course:
- Employer contact details for invoicing purposes
Specifically for continuing education students who are unemployed:
- Information about unemployment status, unemployment insurance fund (A-kasse), and the municipal job centre you are affiliated with.
Exam grades and the data (name and CPR number) necessary to reissue diplomas or certificates are retained for 30 years in accordance with the Ministerial Order on Examinations in Professionally Oriented Higher Education, Section 55(2).
Data related to individual case processing (e.g. complaints or disciplinary actions) is retained in accordance with applicable rules on archiving and disposal, cf. the Executive Order on the Preservation and Disposal of Records at universities, business academies, university colleges, and upper secondary education institutions.
Study records are stored in Business Academy Copenhagen student administration system, Esas, for up to 7 years.
CCTV footage from Business Academy Copenhagen locations is stored for a maximum of 30 days, unless retention is necessary for the investigation of criminal or disciplinary matters.
Financial transaction data of any kind with Business Academy Copenhagen is stored for 5 years in accordance with Section 12 of the Danish Bookkeeping Act.
Newsletter subscription data is retained until you unsubscribe. Additionally, we delete subscriptions for users who have not opened a newsletter within 12 months.
As an educational institution, Business Academy Copenhagen is required to share personal data with various public authorities. Information about students is shared with the Danish Agency for Higher Education and Science, the National Agency for Education and Quality, the Danish National Archives, the Ministry of Higher Education and Science, and Statistics Denmark. Additionally, student data may be shared with other educational institutions in the event of a transfer.
Business Academy Copenhagen may share personal data with subcontractors who deliver teaching on behalf of the Academy. This includes outcomes of case processing related to admissions, applications, and the status of applications for SVU (State Educational Support for Adults) and the Transition Fund. Information about study progress, absence from teaching or exams, number of exam attempts, and non-payment resulting in exclusion from teaching or exams may also be shared.
If you are unemployed, Business Academy Copenhagen exchanges personal data with your affiliated job centre. This includes all data on the AR237 form: educational background, occupational group, employment status, receipt of benefits, unemployment insurance fund membership, unemployment details, hours spent on job-related education, and admission decision status.
For students, name, Business Academy Copenhagen email address, programme, and class will appear in Business Academy Copenhagen’s internal email and intranet systems, and will be accessible to both staff and students. Students with name protection in the Civil Registration System are registered under a pseudonym. These students will be contacted and asked to provide a preferred alias.
Preference profiles (roles) created for group formation will be shared with other participants in the same class/programme to facilitate group assignments.
Business Academy Copenhagen systems are synchronised with the Office.com platform, meaning that any profile data entered by the student in the Office platform—regardless of type—will be visible to other students and staff at Business Academy Copenhagen.
In several of Business Academy Copenhagen’s systems, users may choose to synchronise/link their profile and associated data with external services such as LinkedIn, Facebook, Google+, etc. If a user chooses to do so, the resulting data sharing is initiated by the user and is therefore their own responsibility.
In some cases, data is shared with Business Academy Copenhagen’s data processors, who process data under Business Academy Copenhagen’s instructions. These may include providers of IT services such as email, learning management systems, student administration systems, CCTV, or content production platforms.
Video recordings may be handed over to the police upon request for the investigation of criminal matters. Such transfers are made via encrypted USB.
Newsletter subscription data is not shared. Business Academy Copenhagen uses an approved data processor for newsletters, who supports the Academy in delivering the service and processes personal data under Business Academy Copenhagen’s instructions.
For courses offered by third parties, your data as a course participant will be shared with those providers, and Business Academy Copenhagen will also receive information about your participation from them.
For courses provided to unemployed individuals, data is exchanged with job centres and, in some cases, the Ministry of Employment.
For students who are self-paying, data may be shared with the Danish Debt Collection Agency.
For students who are not citizens of an EU country, data is exchanged with the Ministry of Immigration and Integration.
If Business Academy Copenhagen receives a request from law enforcement authorities for the release of data, we are obligated to comply.
Special note on academy courses offered in collaboration with International Business Academy Kolding (IBA Kolding)
Business Academy Copenhagen and IBA Kolding collaborate on the delivery of several academy-level courses. To facilitate this collaboration, data about enrolled course participants is regularly exchanged between Business Academy Copenhagen and IBA Kolding. This data exchange is encrypted.
Business Academy Copenhagen also sends grade statistics to IBA Kolding for the purpose of statistical analysis. These are not personal-level data.
For the academy course in pensions, special rules apply. According to the Executive Order on Competency Requirements and Good Repute for Employees in Insurance Companies and Intermediaries, a register must be kept of employees who fail the exam. Only specially approved exam providers may maintain such a register. IBA Kolding is approved for this purpose, and Business Academy Copenhagen therefore shares information with IBA Kolding about participants who fail the exam and the number of attempts used.
You have the following rights as a data subject:
- Right of access to personal data related to you.
- Right to rectification – correction or deletion of inaccurate or incomplete personal data.
- Right to object to the processing of personal data on legal grounds.
- Right to erasure. However, this right is subject to several limitations to allow Business Academy Copenhagen to fulfil its obligations as a public educational institution.
- Right to restriction of processing. In certain cases, you have the right to restrict the processing of your personal data. If you exercise this right, we may only process the data – apart from storage – with your consent, or for the establishment, exercise, or defence of legal claims, or to protect another person or important public interests.
If you wish to exercise your rights to access, deletion, or rectification, you must submit a request via Digital Post so that Business Academy Copenhagen can verify your identity.
If you are unsure how to proceed or do not have a Danish CPR number, you can write to gdpr@ek.dk. Business Academy Copenhagen generally has one month to respond to your request. In special cases, this deadline may be extended by up to two months if necessary due to the complexity and scope of the request.
Business Academy Copenhagen may choose to reject a request if it is deemed manifestly unfounded (e.g. if the data subject has no relation to Business Academy Copenhagen) or charge a fee if the request is considered excessive.
Business Academy Copenhagen’s decision can be brought before the Danish Data Protection Agency – read more in the section Who can I complain to?
If you have questions about Business Academy Copenhagen’s privacy policy, your rights as a data subject, or how personal data is processed, you can contact Business Academy Copenhagen via email: gdpr@ek.dk
Business Academy Copenhagen has appointed the Joint Date Protection Officer (DPO Function) at EFIF as its DPO. The DPO advises Business Academy Copenhagen on data protection legislation and regulations.
You can contact the DPO via email: gdpr@efif.dk or phone: +45 89 36 32 80.
If you believe that Business Academy Copenhagen’s processing of your personal data violates applicable regulations, you can submit a complaint to: gdpr@ek.dk. Business Academy Copenhagen will then initiate an investigation to ensure your complaint is thoroughly reviewed and that you receive a response.
You can also complain to the Danish Data Protection Agency if you believe Business Academy Copenhagen is not processing your data correctly or if you believe your rights have been violated.
More information about your complaint options is available on the agency’s website.
Danish Data Protection Agency
Carl Jacobsens Vej 35
2500 Valby
Phone: +45 33 19 32 00
Email: dt@datatilsynet.dk
Website: www.datatilsynet.dk
Privacy policyfor employees
Business Academy Copenhagen (EK)
Nansensgade 19
1366 København K
Phone: +45 46 46 00 46 / +45 36 15 45 00
Mail: kea@kea.dk / persondata@cphbusiness.dk
CVR no.: 4536 0644
Business Academy Copenhagen processes your personal data to fulfil the obligations we have as a public employer (public educational institution) under your employment contract, the applicable collective agreements, and other employment legislation. Additionally, we process your data to carry out our duties under the Act on Academies of professional higher education.
This includes processing your data to ensure correct salary payments and necessary personnel administration, such as managing sick leave and disciplinary matters.
We also process your data to manage work scheduling and ensure appropriate skills development.
Furthermore, we process your data in connection with your subscription to newsletters and other communications.
System data is processed to ensure that Business Academy Copenhagen’s’ IT systems are used in accordance with current policies and applicable law, such as Section 32 of the Public Administration Act.
Ordinary personal data is processed under Article 6(1)(b), (c), and (e) of the General Data Protection Regulation (GDPR).
Health data and other sensitive data are processed under Article 9(2)(b) and (f) of the GDPR.
Both ordinary and sensitive data may also be processed under Sections 12(1) and (2) of the Danish General Data Protection Act.
Photos may be published on Business Academy Copenhagen’s website if consent has been given or another agreement has been made, pursuant to Article 6(1)(a) or (b) of the GDPR. Consent can be withdrawn at any time, but this does not affect the legality of processing based on consent before its withdrawal.
Civil registration numbers (CPR numbers) are processed under Article 87 of the GDPR and Section 11(1) of the Danish Data Protection Act.
Business Academy Copenhagen uses CCTV surveillance at its locations for theft prevention, crime detection, unauthorised access prevention, and to ensure that premises are used appropriately and in accordance with Business Academy Copenhagen’s rules of conduct.
CCTV surveillance involves the collection of ordinary personal data in the form of video recordings and data on potentially criminal behaviour.
This surveillance is based on Article 6(1)(c) (legal obligation under the Danish TV Surveillance Act) and (e) (public interest) of the GDPR for ordinary data, and Section 8(3) of the Danish Data Protection Act for potentially criminal data. Recordings may be handed over to the police for investigations, pursuant to Section 8(2)(2) of the Danish Data Protection Act. Video recordings are handled by a data processor called Lyngby Låse & Alarm I/S.
You may request a copy of Business Academy Copenhagen’s CCTV policy by contacting us.
The legal basis for processing personal data related to newsletters is Article 6(1)(a) of the GDPR, i.e., your explicit consent upon subscription. The definition of consent is found in Article 4(11) of the GDPR.
Business Academy Copenhagen collects the following personal data about you:
- Contact details
- Nationality
- Educational background
- Employment history, including ATP statements (an ATP pension is a supplement to the state pension)
- Information submitted during the recruitment process
- Salary (current and previous, including adjustments)
- Tax deductions and withholding rate
- CPR number
- Bank details (if no NemKonto is registered. Nemkonto is an ordinary bank account used by public authorities or private companies to make payments into
- Registration of weekly working hours
- Pension details
- Disciplinary cases and employment-related sanctions
- Competency records (e.g., performance reviews, lecturer qualifications, salary discussions, language skills, certifications)
- Trade union membership (in case of labour disputes or union representative elections)
- Health data (e.g., maternity leave, long-term illness)
- Absence, holidays, working hours, parental leave, and other types of leave
- Employee benefits
- System and application data, including system usage logs
- Evaluation and performance review results
- Photos and video recordings / CCTV
- Access control system data
- Expense and travel reimbursements
- Childbirth/baptism certificates (for care days or leave entitlements)
- Emergency contact details
- Logging and monitoring your activity in Business Academt Copenhagen’s IT systems
Employee data is retained throughout employment and for up to 5 years after the end of the termination year, pursuant to Section 4 of the Danish Limitation Act.
Financial data is retained for up to 5 years after the end of the termination year, pursuant to Section 12 of the Danish Bookkeeping Act.
Video recordings of lectures are deleted after 4.5 years, in accordance with Business Academy Copenhagen’s agreement on recording and publishing of lectures.
CCTV recordings from Business Academy Copenhagen’s locations are stored for a maximum of 30 days unless retention is necessary for investigating criminal or disciplinary matters.
Logging in case management systems is not deleted.
Data on work-related injuries may be retained for up to 30 years, pursuant to Chapter 3 of the Danish Limitation Act.
Your intranet employee profile will be deactivated upon termination of your contract and deleted entirely after five years. Your public website profile will be deleted immediately upon termination of your contract. The content you have contributed to the intranet as part of your work will be retained, and your name will appear as the author for up to five years after termination of your contract.
Business Academy Copenhagen shares employee data with the Danish tax authorities, pension providers, and other relevant public authorities, such as municipalities in cases of reimbursement related to long-term illness.
In connection with applications for lecturer qualifications, data is shared with an assessment committee and the Ministry of Higher Education and Science. For employees, name, work email, education or area of work, job title, job description, workplace, and possibly work mobile number will appear on Business Academy Copenhagen’s website and thus be publicly accessible. Photos are also published if the employee has given consent. Employees may submit a justified request to have their contact information removed from the website.
Business Academy Copenhagen’s systems are synchronised with the Office.com platform, meaning that profile data entered by the employee in the Office platform – regardless of type – will be accessible to Business Academy Copenhagen students and staff.
In several of Business Academy Copenhagen’s systems, users may choose to synchronise/link their profile and associated data with external systems and services such as LinkedIn, Facebook, Google+, and similar. If a user chooses to synchronise/link their data with other services, the resulting sharing of profile data is initiated by the user and is therefore the user’s own responsibility.
In certain cases, data is transferred to Business Academy Copenhagen’s data processors, who process the data on behalf of and under the instructions of Business Academy Copenhagen. These data processors may include providers of IT services such as email, learning management systems, student administration systems, CCTV, or production platforms.
Video recordings may be handed over to the police if requested for the purpose of criminal investigations. Such transfers are made via encrypted USB.
Data related to newsletter subscriptions is not shared. Business Academy Copenhagen uses an approved data processor for newsletters, who supports Business Academy Copenhagen in carrying out this task and processes the data under Business Academy Copenhagen’s instructions.
You have the following rights as a data subject:
- Right of access to personal data related to you.
- Right to rectification – correction or deletion of inaccurate or incomplete personal data.
- Right to object to the processing of personal data on legal grounds.
- Right to erasure. However, this right is subject to several limitations to allow Business Academy Copenhagen to fulfil its obligations as a public educational institution.
- Right to restriction of processing. In certain cases, you have the right to restrict the processing of your personal data. If you exercise this right, we may only process the data – apart from storage – with your consent, or for the establishment, exercise, or defence of legal claims, or to protect another person or important public interests.
If you wish to exercise your rights to access, deletion, or rectification, you must submit a request via Digital Post so that Business Academy Copenhagen can verify your identity.
If you are unsure how to proceed or do not have a Danish CPR number, you can write to gdpr@ek.dk. Business Academy Copenhagen generally has one month to respond to your request. In special cases, this deadline may be extended by up to two months if necessary due to the complexity and scope of the request.
Business Academy Copenhagen may choose to reject a request if it is deemed manifestly unfounded (e.g. if the data subject has no relation to Business Academy Copenhagen) or charge a fee if the request is considered excessive.
Business Academy Copenhagen’s decision can be brought before the Danish Data Protection Agency – read more in the section Who can I complain to?
If you have questions about Business Academy Copenhagen’s privacy policy, your rights as a data subject, or how personal data is processed, you can contact Business Academy Copenhagen via email: gdpr@ek.dk
Business Academy Copenhagen has appointed the Joint Date Protection Officer (DPO Function) at EFIF as its DPO. The DPO advises Business Academy Copenhagen on data protection legislation and regulations.
You can contact the DPO via email: gdpr@efif.dk or phone: +45 89 36 32 80.
If you believe that Business Academy Copenhagen’s processing of your personal data violates applicable regulations, you can submit a complaint to: gdpr@ek.dk. Business Academy Copenhagen will then initiate an investigation to ensure your complaint is thoroughly reviewed and that you receive a response.
You can also complain to the Danish Data Protection Agency if you believe Business Academy Copenhagen is not processing your data correctly or if you believe your rights have been violated.
More information about your complaint options is available on the agency’s website.
Danish Data Protection Agency
Carl Jacobsens Vej 35
2500 Valby
Phone: +45 33 19 32 00
Email: dt@datatilsynet.dk
Website: www.datatilsynet.dk
Privacy policyfor alumni
Business Academy Copenhagen (EK)
Nansensgade 19
1366 København K
Phone: +45 46 46 00 46 / +45 36 15 45 00
Mail: kea@kea.dk / persondata@cphbusiness.dk
CVR no.: 4536 0644
Business Academy Copenhagen processes your personal data in order to carry out the tasks we are required to perform as a public authority (public educational institution) in accordance with the Act on Academies for higher education.
The processing of your data in Business Academy Copenhagen’s alumni network is carried out to organise professional and social events for Business Academy Copenhagen graduates and to ensure that graduates can easily contact each other.
Joining the alumni network is voluntary. By joining, you make your LinkedIn profile visible to other members of the network. You may leave the alumni network at any time, and you can do so directly via the LinkedIn platform. After leaving, your profile will only be visible to others if you have chosen to make it so.
General personal data is processed based on Article 6(1)(a) of the General Data Protection Regulation (GDPR), which means that your consent is required. Joining Business Academy Copenhagen’s alumni network on LinkedIn is considered as giving consent. Similarly, leaving the network is considered a withdrawal of consent.
Business Academy Copenhagen conducts CCTV surveillance of its premises for the purposes of theft prevention, crime deterrence and investigation, detection of unauthorised access, and ensuring that the premises are used appropriately and in accordance with Business Academy Copenhagen’s rules of conduct. In connection with CCTV surveillance, general personal data in the form of video recordings and information about potentially criminal behaviour is collected.
The legal basis for this processing is Article 6(1)(c) (legal obligation under the Danish TV Surveillance Act) and Article 6(1)(e) (performance of a task carried out in the public interest) of the GDPR for general personal data, and Section 8(3) of the Danish Data Protection Act for potentially criminal matters.
Recordings may be handed over to the police in connection with investigations, cf. Section 8(2)(2) of the Danish Data Protection Act. Video recordings are handled by a data processor called Lyngby Låse & Alarm I/S.
The legal basis for processing personal data related to newsletters is Article 6(1)(a) of the GDPR – specific consent given when subscribing. The definition of consent is found in Article 4(11) of the GDPR.
Business Academy Copenhagen collects the following personal data about you:
- Data for statistical purposes in accordance with Article 5(1)(e) of the GDPR
- Registration of participation in Business Academy Copenhagen alumni events
- Any photo and video recordings / CCTV (when attending events at Business Academy Copenhagen)
If you have subscribed to newsletters from Business Academy Copenhagen, the following data is processed:
- Name
- Contact details provided by you
- Open and click rates
Information about membership in the Business Academy Copenhagen alumni network is retained for as long as the graduate remains a member. The data is deleted upon withdrawal. The graduate decides when to join or leave the alumni network, and thus when registration and deletion occur.
Records of participation in alumni events are deleted no later than 60 days after the event.
Name and email data held by the ticketing system provider are deleted after 5 years in accordance with Section 12 of the Danish Bookkeeping Act.
Video recordings from Business Academy Copenhagen premises are stored for a maximum of 30 days, after which they are deleted unless retention is necessary for the investigation of criminal or disciplinary matters.
No information from the alumni network is shared externally. However, information entered on LinkedIn will be visible to other members of the network, subject to the privacy settings on the LinkedIn platform.
When participating in paid or free events, your participation is registered in a ticketing system operated by an external data processor, who processes your data under the instructions of Business Academy Copenhagen.
Video recordings may be handed over to the police if requested for the purpose of investigating criminal matters. Such transfers are made via encrypted USB.
Information related to newsletter subscriptions is not shared. Business Academy Copenhagen uses an approved data processor for managing newsletters, who supports Business Academy Copenhagen in this task and processes personal data under its instructions.
You have the following rights as a data subject:
- Right of access to personal data related to you.
- Right to rectification – correction or deletion of inaccurate or incomplete personal data.
- Right to object to the processing of personal data on legal grounds.
- Right to erasure. However, this right is subject to several limitations to allow Business Academy Copenhagen to fulfil its obligations as a public educational institution.
- Right to restriction of processing. In certain cases, you have the right to restrict the processing of your personal data. If you exercise this right, we may only process the data – apart from storage – with your consent, or for the establishment, exercise, or defence of legal claims, or to protect another person or important public interests.
If you wish to exercise your rights to access, deletion, or rectification, you must submit a request via Digital Post so that Business Academy Copenhagen can verify your identity.
If you are unsure how to proceed or do not have a Danish CPR number, you can write to gdpr@ek.dk. Business Academy Copenhagen generally has one month to respond to your request. In special cases, this deadline may be extended by up to two months if necessary due to the complexity and scope of the request.
Business Academy Copenhagen may choose to reject a request if it is deemed manifestly unfounded (e.g. if the data subject has no relation to Business Academy Copenhagen) or charge a fee if the request is considered excessive.
Business Academy Copenhagen’s decision can be brought before the Danish Data Protection Agency – read more in the section Who can I complain to?
If you have questions about Business Academy Copenhagen’s privacy policy, your rights as a data subject, or how personal data is processed, you can contact Business Academy Copenhagen via email: gdpr@ek.dk
Business Academy Copenhagen has appointed the Joint Date Protection Officer (DPO Function) at EFIF as its DPO. The DPO advises Business Academy Copenhagen on data protection legislation and regulations.
You can contact the DPO via email: gdpr@efif.dk or phone: +45 89 36 32 80.
If you believe that Business Academy Copenhagen’s processing of your personal data violates applicable regulations, you can submit a complaint to: gdpr@ek.dk. Business Academy Copenhagen will then initiate an investigation to ensure your complaint is thoroughly reviewed and that you receive a response.
You can also complain to the Danish Data Protection Agency if you believe Business Academy Copenhagen is not processing your data correctly or if you believe your rights have been violated.
More information about your complaint options is available on the agency’s website.
Danish Data Protection Agency
Carl Jacobsens Vej 35
2500 Valby
Phone: +45 33 19 32 00
Email: dt@datatilsynet.dk
Website: www.datatilsynet.dk
Privacy policyfor applicants
Business Academy Copenhagen (EK)
Nansensgade 19
1366 København K
Phone: +45 46 46 00 46 / +45 36 15 45 00
Mail: kea@kea.dk / persondata@cphbusiness.dk
CVR no.: 4536 0644
Business Academy Copenhagen processes your personal data to carry out its duties as a public authority (public educational institution) in accordance with the Act on Academies for higher education.
General personal data is processed under Article 6(1)(e) of the General Data Protection Regulation (GDPR).
Health and other sensitive data are processed under Article 9(2)(g) of the GDPR.
The CPR number (Civil registration/Danish national ID) is processed under Article 87 of the GDPR in conjunction with Section 11(1) of the Danish Data Protection Act.
Business Academy Copenhagen uses CCTV surveillance at its locations for the purposes of theft prevention, crime detection and investigation, identifying unauthorised access, and ensuring that the premises are used appropriately and in accordance with Business Academy Copenhagen’s rules of conduct.
In connection with CCTV surveillance, general personal data in the form of video recordings and information about potentially criminal behaviour is collected.
Surveillance is carried out under Article 6(1)(c) (legal obligation under the Danish TV Surveillance Act) and Article 6(1)(e) (public interest) of the GDPR for general personal data, and Section 8(3) of the Danish Data Protection Act for potentially criminal matters. Recordings may be handed over to the police in connection with investigations, cf. Section 8(2)(2) of the Danish Data Protection Act. Video recordings are handled by a data processor called Lyngby Låse & Alarm I/S.
Business Academy Copenhagen collects the following personal data about you:
- CPR number (Civil registration number/national ID)
- Civil registration information
- Contact details
- Diploma(s) or similar documentation from qualifying education
- Work experience (if provided)
- References (if provided)
- Any video recordings from participation in Business Academy Copenhagen open house events
- Any video recordings / CCTV surveillance
Specifically for applicants seeking re-enrolment or re-admission:
- Health information (if provided)
- Social circumstances (if provided)
Specifically for international applicants/students:
- Passport
- Payment information (if applicable)
- Payslips and employment contracts in connection with SU eligibility for EU citizens (migrant workers)
Specifically for course participants and students under the Danish Prison and Probation Service:
- Information about place of incarceration and associated educational advisor
If you have subscribed to newsletters from Business Academy Copenhagen, the following data is processed:
- Name
- Contact details you provided
- Open and click rates
Applicants admitted to a Business Academy Copenhagen programme are registered in the student administration system and become students at the start of their studies. See the privacy policy for full-time students or for part-time students and course participants regarding data deletion.
For applicants who are not admitted, the rejection and necessary documentation are stored in Business Academy Copenhagen’s case management system for up to 12 months, after which the data is deleted.
Video recordings from Business Academy Copenhagen locations are stored for a maximum of 30 days unless retention is necessary for investigating criminal or disciplinary matters.
As part of the application process, Business Academy Copenhagen uses systems provided by, among others, the Ministry of Higher Education and Science, which is the governing authority and legislator for the application and admission process. As part of this process, data may be exchanged during the various stages of admission. Additionally, data is reported to Statistics Denmark as required by law. No other personal data about applicants is shared. Any statistics on application or admission numbers are anonymised.
In certain cases, data is entrusted to Business Academy Copenhagen’s data processors, who process data according to Business Academy Copenhagen’s instructions. These may include providers of IT services such as email, Learning Management Systems, student administration systems, CCTV, or production platforms.
Video recordings are handed over to the police if requested for the purpose of criminal investigations. The transfer is made via encrypted USB.
For participation in courses offered by third parties, your information as a course participant is shared with those providers, and we also receive information about your participation from them.
For courses offered to unemployed individuals, data is exchanged with municipal authorities (job centres) and, in some cases, with the Ministry of Employment.
For students who are self-financing their education, data may be shared with the Danish Debt Collection Agency.
For students who are not citizens of an EU country, data is exchanged with the Ministry of Immigration and Integration.
Special note on academy courses offered in collaboration with International Business Academy Kolding (IBA Kolding)
Business Academy Copenhagen and IBA Kolding collaborate on offering a number of academy courses. To facilitate this collaboration, data about enrolled course participants is continuously exchanged between Business Academy Copenhagen and IBA Kolding. This data exchange is encrypted.
Business Academy Copenhgen also sends grade statistics to IBA Kolding for the purpose of statistical analysis. This does not involve personal-level data.
You have the following rights as a data subject:
- Right of access to personal data related to you.
- Right to rectification – correction or deletion of inaccurate or incomplete personal data.
- Right to object to the processing of personal data on legal grounds.
- Right to erasure. However, this right is subject to several limitations to allow Business Academy Copenhagen to fulfil its obligations as a public educational institution.
- Right to restriction of processing. In certain cases, you have the right to restrict the processing of your personal data. If you exercise this right, we may only process the data – apart from storage – with your consent, or for the establishment, exercise, or defence of legal claims, or to protect another person or important public interests.
If you wish to exercise your rights to access, deletion, or rectification, you must submit a request via Digital Post so that Business Academy Copenhagen can verify your identity.
If you are unsure how to proceed or do not have a Danish CPR number, you can write to gdpr@ek.dk. Business Academy Copenhagen generally has one month to respond to your request. In special cases, this deadline may be extended by up to two months if necessary due to the complexity and scope of the request.
Business Academy Copenhagen may choose to reject a request if it is deemed manifestly unfounded (e.g. if the data subject has no relation to Business Academy Copenhagen) or charge a fee if the request is considered excessive.
Business Academy Copenhagen’s decision can be brought before the Danish Data Protection Agency – read more in the section Who can I complain to?
If you have questions about Business Academy Copenhagen’s privacy policy, your rights as a data subject, or how personal data is processed, you can contact Business Academy Copenhagen via email: gdpr@ek.dk
Business Academy Copenhagen has appointed the Joint Date Protection Officer (DPO Function) at EFIF as its DPO. The DPO advises Business Academy Copenhagen on data protection legislation and regulations.
You can contact the DPO via email: gdpr@efif.dk or phone: +45 89 36 32 80.
If you believe that Business Academy Copenhagen’s processing of your personal data violates applicable regulations, you can submit a complaint to: gdpr@ek.dk. Business Academy Copenhagen will then initiate an investigation to ensure your complaint is thoroughly reviewed and that you receive a response.
You can also complain to the Danish Data Protection Agency if you believe Business Academy Copenhagen is not processing your data correctly or if you believe your rights have been violated.
More information about your complaint options is available on the agency’s website.
Danish Data Protection Agency
Carl Jacobsens Vej 35
2500 Valby
Phone: +45 33 19 32 00
Email: dt@datatilsynet.dk
Website: www.datatilsynet.dk
Privacy policyfor job applicants
Business Academy Copenhagen (EK)
Nansensgade 19
1366 København K
Phone: +45 46 46 00 46 / +45 36 15 45 00
Mail: kea@kea.dk / persondata@cphbusiness.dk
CVR no.: 4536 0644
Business Academy Copenhagen processes your personal data in order to fulfil its duties as a public authority (a public educational institution) in accordance with the Act on Academies for higher education.
We process your data to assess your application in relation to the position you have applied for. We also process your data to invite you for an interview and, if applicable, to conduct a personality test.
Before a potential offer of employment, Business Academy Copenhagen may collect references from your previous employers, based on your verbal or written consent.
General personal data is processed under Article 6(1)(b) and (e) of the General Data Protection Regulation (GDPR).
Health-related or other sensitive data is only processed if you provide it yourself, or if the position exceptionally requires health-related information, in which case it is processed under Article 9(2)(a) of the GDPR, meaning with your explicit consent.
If a criminal record certificate is required as part of the recruitment process, it will be obtained with your explicit consent in accordance with Section 8(3) of the Danish Data Protection Act.
Consent to the processing of personal data can be withdrawn at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
Business Academy Copenhagen uses CCTV surveillance at its locations for theft prevention, detection and investigation of criminal activity, identifying unauthorised access, and ensuring that premises are used appropriately and in accordance with Business Academy Copenhagen’s rules of conduct.
In connection with CCTV surveillance, Business Academy Copenhagen collects general personal data in the form of video recordings and information about potentially criminal behaviour.
Surveillance is carried out under Article 6(1)(c) (legal obligation under the Danish TV Surveillance Act) and Article 6(1)(e) (public interest) of the GDPR for general personal data, and Section 8(3) of the Danish Data Protection Act for potentially criminal matters. Recordings may be handed over to the police for investigation purposes under Section 8(2)(2) of the Danish Data Protection Act. Video surveillance is managed by a data processor called Lyngby Låse & Alarm I/S.
Business Academy Copenhagen collects the following personal data about you:
- Name, address, contact details, and CV
- Application
- Diplomas/transcripts
- Information about specific skills (e.g. language proficiency, certifications)
- References / referees
- Any personality test conducted as part of the recruitment process
- Video recordings / CCTV footage
Applicant data is deleted no later than 12 months after the conclusion of the recruitment process.
Applicants who are hired will be subject to the employee privacy policy regarding data retention.
CCTV footage from Business Academy Copenhagen locations is stored for up to 30 days, after which it is deleted unless retention is necessary for the investigation of criminal or disciplinary matters.
Applicant data may be shared with external test providers or recruitment partners if a personality test is part of the recruitment process.
Data may also be shared with municipal authorities, such as a job centre, if involved in the recruitment.
With the applicant’s consent, data may be shared when collecting references from referees listed in the application or CV, or provided during the recruitment process.
In some cases, data is shared with Business Academy Copenhagen’s data processors, who process data on behalf of and under instructions from Business Academy Copenhagen. These may include providers of IT services such as email, learning management systems, student administration systems, CCTV, or content production platforms.
Video recordings may be handed over to the police upon request for the investigation of criminal matters. Such transfers are made via encrypted USB.
You have the following rights as a data subject:
- Right of access to personal data related to you.
- Right to rectification – correction or deletion of inaccurate or incomplete personal data.
- Right to object to the processing of personal data on legal grounds.
- Right to erasure. However, this right is subject to several limitations to allow Business Academy Copenhagen to fulfil its obligations as a public educational institution.
- Right to restriction of processing. In certain cases, you have the right to restrict the processing of your personal data. If you exercise this right, we may only process the data – apart from storage – with your consent, or for the establishment, exercise, or defence of legal claims, or to protect another person or important public interests.
If you wish to exercise your rights to access, deletion, or rectification, you must submit a request via Digital Post so that Business Academy Copenhagen can verify your identity.
If you are unsure how to proceed or do not have a Danish CPR number, you can write to gdpr@ek.dk. Business Academy Copenhagen generally has one month to respond to your request. In special cases, this deadline may be extended by up to two months if necessary due to the complexity and scope of the request.
Business Academy Copenhagen may choose to reject a request if it is deemed manifestly unfounded (e.g. if the data subject has no relation to Business Academy Copenhagen) or charge a fee if the request is considered excessive.
Business Academy Copenhagen’s decision can be brought before the Danish Data Protection Agency – read more in the section Who can I complain to?
If you have questions about Business Academy Copenhagen’s privacy policy, your rights as a data subject, or how personal data is processed, you can contact Business Academy Copenhagen via email: gdpr@ek.dk
Business Academy Copenhagen has appointed the Joint Date Protection Officer (DPO Function) at EFIF as its DPO. The DPO advises Business Academy Copenhagen on data protection legislation and regulations.
You can contact the DPO via email: gdpr@efif.dk or phone: +45 89 36 32 80.
If you believe that Business Academy Copenhagen’s processing of your personal data violates applicable regulations, you can submit a complaint to: gdpr@ek.dk. Business Academy Copenhagen will then initiate an investigation to ensure your complaint is thoroughly reviewed and that you receive a response.
You can also complain to the Danish Data Protection Agency if you believe Business Academy Copenhagen is not processing your data correctly or if you believe your rights have been violated.
More information about your complaint options is available on the agency’s website.
Danish Data Protection Agency
Carl Jacobsens Vej 35
2500 Valby
Phone: +45 33 19 32 00
Email: dt@datatilsynet.dk
Website: www.datatilsynet.dk
Privacy policyfor external parties
Business Academy Copenhagen (EK)
Nansensgade 19
1366 København K
Phone: +45 46 46 00 46 / +45 36 15 45 00
Mail: kea@kea.dk / persondata@cphbusiness.dk
CVR no.: 4536 0644
Business Academy Copenhagen processes your personal data in order to carry out its duties as a public authority (a public educational institution) in accordance with the Act on Academies of higher education.
The purpose of processing your data as an external party depends on the nature of your interaction with Business Academy Copenhagen — for example, whether you are visiting our website or receiving a service such as a newsletter or participating in a conference.
General personal data is processed under Article 6(1)(e) of the General Data Protection Regulation (GDPR).
Business Academy Copenhagen also uses CCTV surveillance at its locations for the purposes of theft prevention, detection and investigation of criminal activity, identifying unauthorised access, and ensuring that Business Academy Copenhagen’s premises are used appropriately and in accordance with its rules of conduct.
Business Academy Copenhagen collects general personal data in the form of video recordings and information about potentially criminal behaviour.
Surveillance is carried out under Article 6(1)(c) (legal obligation under the Danish TV Surveillance Act) and Article 6(1)(e) (public interest) of the GDPR for general personal data, and Section 8(3) of the Danish Data Protection Act for potentially criminal matters. Recordings may be handed over to the police for investigation purposes under Section 8(2)(2) of the Danish Data Protection Act. Video surveillance is managed by a data processor called Lyngby Låse & Alarm I/S.
Business Academy Copenhagen collects the following personal data about you:
- Name, title, and contact information
- CPR number (Civil registration number, if an honorarium is paid)
- CVR number (The Central Business Register, only personal data for sole proprietorships)
- The company you represent
- Any recordings of presentations in connection with teaching
- System and application data, including logs of network usage
- System data from access control
- Video recordings / CCTV footage
Specifically for internship companies:
- Information about the internship supervisor and, if applicable, the internship coordinator, including name and job title
- Information about the intern and the internship arrangement
If you are subscribed to newsletters from Business Academy Copenhagen, we process:
- Name
- Contact details provided by you
- Open and click rates
If you attend a conference or public event at Business Academy Copenhagen, we collect:
- Name and contact details
- Information about the event you are attending
- If the event requires payment: your payment details
- If the event is streamed: audio and video recordings of you
If you are a supplier to Business Academy Copenhagen, we process:
- Name, title, and contact details
- The company you represent
- Our correspondence with you and our transaction history
If you are to receive an honorarium:
- CPR number (Civil registration number) or
- CVR number (The Central Business Registration, personal data for sole proprietorships)
Information related to honoraria for external suppliers is retained for 5 years in accordance with Section 12 of the Danish Bookkeeping Act, after which it is deleted.
For employees in internship companies, personal data is deleted once Business Academy Copenhagen confirms that the internship supervisor or coordinator is no longer employed at the company.
Video recordings of teaching presentations are deleted after 4.5 years, in accordance with Business Academy Copenhagen’s Agreement on Recording and Publishing of Recorded Teaching.
CCTV footage from Business Academy Copenhagen’s locations is stored for a maximum of 30 days, unless retention is necessary for the investigation of criminal or disciplinary matters.
As a general rule, data about external parties, including suppliers, is not shared. However, disclosure may occur due to legal obligations, such as requests for access under the Access to Public Administration Files Act.
In some cases, data is shared with Business Academy’s data processors, who process data on behalf of and under instructions from Business Academy Copenhagen. These may include providers of IT services such as email, learning management systems, student administration systems, CCTV, or content production platforms.
Video recordings may be handed over to the police upon request for the investigation of criminal matters. Such transfers are made via encrypted USB.
Newsletter subscription data is not shared. Business Academy Copenhagen uses an approved data processor for newsletters, who processes personal data under Business Academy Copenhagen’s instructions.
You have the following rights as a data subject:
- Right of access to personal data related to you.
- Right to rectification – correction or deletion of inaccurate or incomplete personal data.
- Right to object to the processing of personal data on legal grounds.
- Right to erasure. However, this right is subject to several limitations to allow Business Academy Copenhagen to fulfil its obligations as a public educational institution.
- Right to restriction of processing. In certain cases, you have the right to restrict the processing of your personal data. If you exercise this right, we may only process the data – apart from storage – with your consent, or for the establishment, exercise, or defence of legal claims, or to protect another person or important public interests.
If you wish to exercise your rights to access, deletion, or rectification, you must submit a request via Digital Post so that Business Academy Copenhagen can verify your identity.
If you are unsure how to proceed or do not have a Danish CPR number, you can write to gdpr@ek.dk. Business Academy Copenhagen generally has one month to respond to your request. In special cases, this deadline may be extended by up to two months if necessary due to the complexity and scope of the request.
Business Academy Copenhagen may choose to reject a request if it is deemed manifestly unfounded (e.g. if the data subject has no relation to Business Academy Copenhagen) or charge a fee if the request is considered excessive.
Business Academy Copenhagen’s decision can be brought before the Danish Data Protection Agency – read more in the section Who can I complain to?
If you have questions about Business Academy Copenhagen’s privacy policy, your rights as a data subject, or how personal data is processed, you can contact Business Academy Copenhagen via email: gdpr@ek.dk
Business Academy Copenhagen has appointed the Joint Date Protection Officer (DPO Function) at EFIF as its DPO. The DPO advises Business Academy Copenhagen on data protection legislation and regulations.
You can contact the DPO via email: gdpr@efif.dk or phone: +45 89 36 32 80.
If you believe that Business Academy Copenhagen’s processing of your personal data violates applicable regulations, you can submit a complaint to: gdpr@ek.dk. Business Academy Copenhagen will then initiate an investigation to ensure your complaint is thoroughly reviewed and that you receive a response.
You can also complain to the Danish Data Protection Agency if you believe Business Academy Copenhagen is not processing your data correctly or if you believe your rights have been violated.
More information about your complaint options is available on the agency’s website.
Danish Data Protection Agency
Carl Jacobsens Vej 35
2500 Valby
Phone: +45 33 19 32 00
Email: dt@datatilsynet.dk
Website: www.datatilsynet.dk
Privacy policyfor research, development, and statistical use
Business Academy Copenhagen (EK)
Nansensgade 19
1366 København K
Phone: +45 46 46 00 46 / +45 36 15 45 00
Mail: kea@kea.dk / persondata@cphbusiness.dk
CVR no.: 4536 0644
As part of its responsibilities under the Act on Business Academies of professional higher education, Business Academy Copenhagen conducts practice-oriented and applied research and development activities. In this context, Business Academy Copenhagen may process various types of personal data, depending on the nature of the specific research projects.
Data collection often involves interviews and surveys, where data subjects are contacted directly and can decide whether to participate. In such cases, we will inform you of the purpose of the processing, how your data will be used, and for how long it will be retained.
In some cases, Business Academy Copenhagen may process data without direct contact with the individuals concerned. This typically involves extracting data from source systems. These data are subsequently anonymised or pseudonymised before further processing. In such projects, it is not possible to identify individual data subjects.
The legal basis for processing data where individuals decide to participate (e.g. through interviews or surveys) is Article 6(1)(a) of the General Data Protection Regulation (GDPR), which refers to specific consent given in connection with participation in the research or development activity. The definition of consent is found in Article 4(11) of the GDPR.
As part of quality assurance of its educational programmes, Business Academy Copenhagen also uses data-driven statistical analysis and management information, particularly concerning education. This includes analyses of grades over time, student retention/dropout rates, and the volume and types of enquiries received. These analyses support Business Academy Copenhagen’s quality assurance efforts and are not conducted at the individual level.
For projects involving anonymised or pseudonymised personal data, and for data-driven management information, the legal basis for processing is Article 89 of the GDPR, as the processing is carried out for scientific research purposes of significant societal importance and is necessary for the research.
In addition to the data collected directly from you (e.g. through interviews and surveys), only personal data already available in source systems (such as the student administration system, esas) is collected without your consent. This data is processed in anonymised or pseudonymised form.
We retain the data necessary to ensure the reliability and validity of the research for an indefinite period until it is transferred to the Danish National Archives.
Other data are generally deleted once our obligations to the National Archives regarding the specific data have been fulfilled.
Personal data collected in connection with projects is not disclosed. Depending on the nature of the activity, research and development projects may result in the production and communication of knowledge. In some cases, and only with clear agreement from the data subjects, research findings may be published in a way that reveals an individual’s participation. This only occurs where there is a clear agreement with the individual concerned.
For research projects involving anonymised or pseudonymised personal data, the data is not disclosed in an identifiable form. If shared at all, it is only shared in aggregated form.
Data transferto data processors and transfers to non-EU countries
In addition to the disclosure of personal data described under the individual categories of data subjects, Business Academy Copenhagen may, in certain cases, entrust your personal data to data processors who provide IT or other services to us.
As data processors, these companies – unless legally required to process the data – may only process the data in accordance with the instructions we provide and are not permitted to use the data for their own purposes.
Some of these data processors are located in countries outside the EU/EEA or use sub-processors located outside the EU/EEA, including in countries that do not provide the same level of data protection as within the EU/EEA. We only transfer personal data to these processors if they are subject to Binding Corporate Rules or if another appropriate transfer mechanism has been established – most commonly the European Commission’s Standard Contractual Clauses (SCCs).
Where the transfer mechanism is the European Commission’s Standard Contractual Clauses (SCCs), you may request a copy of these contracts by contacting us at gdpr@ek.dk
Updated 1 July 2025
Business Academy Copenhagen’suse of social media
It is possible to follow Business Academy Copenhagen on a range of social media platforms, which the Academy uses for marketing purposes. As a user, you can interact with Business Academy Copenhagen’s profile and with other users via posts and comments on Business Academy Copenhagen’s pages.
When you interact with Business Academy Copenhagen on social media, please be aware that you are sharing personal data about yourself—both through information visible on the platform and through cookies. Business Academy Copenhagen gains access to some of this personal data. As this often involves joint data responsibility with the social media platforms, Business Academy Copenhagen encourages users to limit the amount of personal data they share and to contact the academy through other channels if they have questions or need further information. While Business Academy Copenhagen does respond to messages on social media, all user enquiries that involve case processing are referred to the academy’s official contact email or digital post solutions.
The specific personal data collected by Business Academy Copenhagen depends on what you have registered in your social media profile. Typically, this includes your name, profile photo, IP address, and any text posts you make on the platform. If you have provided additional information on the platform — such as your workplace, nationality, educational background, job title, or similar—this information may also be shared with Business Academy Copenhagen.