Go to content

Privacy Policy

1. Introduction

1.1 - This Data Protection and Privacy Policy (the “Policy”) describes how Aarhus Havn (“us”,
”we” or ”our”) when acting in the role of a controller, collects and processes your
personal data relating to the purchase of services, membership, products, or your use
of our website,
1.2 - The Policy is prepared and made available to comply with the General Data Protection
Regulation (2016/679 of 27 April 2016) (the ”GDPR”) and the rules included herein on
information to be provided to you.


2. Collecting personal data with cookies

2.1 - By visiting and using our website(s), personal data collected with cookies will be
processed. Information about this processing can be accessed here:
https://www.portofaarhus.dk/en/privacy-cookie-policy/


3. Types of personal data processed

3.1 - We process personal data about you when this is necessary and in accordance with the
applicable legislation. Depending on the specific circumstances, the processed
personal data include the following types of personal data:


a) address
b) email
c) name
d) IP addresses
e) telephone number


3.2 -

3.4.1 When you travel around the port area – Video surveillance and access cards
As part of access controls and video surveillance at the Port of Aarhus, we collect and
store personal information about persons who travel around the facility. This applies
to both persons with permanent access to the port area and Port Centre, including
persons who are employed by the Port’s tenants or other partners, and persons who
temporarily have access.
Persons with permanent access to the port are issued an access card or use a private
Brobizz. (The Port of Aarhus does not provide Brobizz). The following personal
information is stored in connection with the issuing of access cards/use of a private
Brobizz: Name, photo, company name, tel. no., e-mail address, reg. no., access rights,
and date of issue. Traffic is continuously logged through the use of access cards/
Brobizz.


Access controls are necessary in order to ensure that only persons with lawful grounds
to be in the port/Port Centre can gain access.
In connection with video surveillance around the port, it is possible that recordings will
be made of persons’ conduct and movements.
In connection with the access cards provided by the port, conduct and movements will be logged for each individual card.
Video surveillance and access cards are required in order to comply with ISPS port
security requirements.

The grounds for the processing above is Article 6(1), point c) or d) GDPR


3.4.2 When you are a customer of the Port of Aarhus

When you order a service from us or receive an offer from us: We collect information
on your name, what company you represent, your tel. no., payment method,
information on the services you are ordering, and the time and method of delivery. The
aim of this processing is for us to be able to deliver the offered or agreed services, and
to otherwise fulfil the contract we have concluded with you/the company you
represent, including our ability to manage your rights to lodge a complaint.


The grounds for the processing above is Article 6(1), point e) GDPR.


3.4.3 When you visit our website

We automatically collect information on you and your use of the Port of Aarhus
website when you visit it, provided you have accepted cookies. This information
includes your IP address, what type of browser you are using, what pages you visit,
what links you activate, and generally how you navigate on our website and how you
use it. The aim of this is to improve user experience and the functionality of the
website, and to be able to record how long visitors spend on the website and show you
relevant information.


The grounds for the processing above is Article 6(1), point e) GDPR.


3.4.4 When you communicate with us

If you have questions or otherwise communicate with us, we collect information on
your name, e-mail, tel. no. what company you represent, and your question. The aim of
this processing is to answer questions or to be able to otherwise communicate with
you in order to render the service you require.
The grounds for the processing above is Article 6(1), point e) GDPR.
3.4.5 When you subscribe to our newsletter, press releases or RePORTagen
We collect information on your name, e-mail address, tel. no. what company you
represent, your industry, your consent, and your interests and preferences if you
choose to provide this information. The aim of this processing is to be able to send you
newsletters and otherwise pursue our legitimate interest in sending you marketing.
The grounds for the processing above is Article 6(1), point e) GDPR.


3.3 - If we need to collect more personal data than specified above, we will inform you by
updating this Policy.


4. Purposes of processing the personal data

4.1 - We will only process your personal data if we have a legitimate purpose and in that
case in accordance with the rules of the GDPR. The personal data we collect about you
is processed for the following purposes:


a) To communicate and exchange data with public authorities when required by law.
b) To provide service messages and information.
c) To provide support and service messages, including responding to questions and
complaints and sending updates about our products and services.
d) To respond to inquiries or complaints.
e) To send newsletters by e-mail.
f) To store personal data to comply with applicable legislation requirements such as
bookkeeping acts.
g) To improve our products, services, or website.


4.2 - In addition to the above, we also process for the following purpose(s): Video
surveillance and access cards are required in order to comply with ISPS port security
requirements.


5. Legal basis for processing personal data

5.1 - We only process your personal data when we have a legal basis to do so in accordance
with the GDPR. Depending on the specific circumstances, the processing of personal
data is done on the following legal basis:

a) The processing is necessary for the performance of a task carried out in the public
interest or in the exercise of official authority vested to us in accordance with
GDPR, Article 6(1)(e).


6. Disclosure and transfer of personal data

6.1 - We only transfer personal data to other entities when it is legally permitted or
required.

6.2 - We transfer personal data to the following recipients from the EU/EEA:

a) Authorities
b) Processors


6.3 - We only ever share your personal data with third parties where we are obliged to do so
by law or in order to render the services we offer via the port website.


Your information may be transferred to external partners who process information on
our behalf. These companies are data processors for the port and process personal
data according to our instructions. These data processors may not use this information
for any purposes other than executing their contract with the Port of Aarhus, and are
required to observe confidentiality regarding this information. We have concluded
written data processing agreements with all processors who process personal data on
behalf of the Port of Aarhus.


The Port of Aarhus uses https://piwik.pro/ to collect statistics relating to user behaviour
on our website.


6.4 - We do not transfer personal data to countries or international organisations outside
the EU/EEA unless it is necessary on your specific request.


7. Erasure and retention of personal data


7.1 -

10.2.1 When you travel around the port area – Video surveillance and access cards
In connection with video surveillance around the port, it is possible that recordings will
be made of persons’ conduct and movements. All recordings are stored for up to 30
days, after which time they are erased unless there are reasonable grounds for
keeping them for longer. Recordings are reviewed in the event of accidents, and in case
of concrete suspicions of unlawful or disloyal conduct.


In connection with access cards, persons’ conduct and movements will be logged using
access cards. Logs are stored for up to 3 months, after which time they are erased
unless there are reasonable grounds to keep them for longer. Logs are reviewed in the
event of accidents, and in case of concrete suspicions of unlawful or disloyal conduct.


For inactive cards that are not returned, logs are erased after max. 6 months.


10.2.2 When you are a customer of the Port of Aarhus
Personal data relating to a customer relationship or collaboration, cf. Danish
Accounting Act (Regnskabsloven), is erased no later than 5 years after the customer
relationship or collaboration has ended and any balances have been settled.


10.2.3 When you visit our website
Information collected on your use of our website, cf. Sec. 2.3, is erased no later than 36
months after you last visited our website.


10.2.4 When you communicate with us
Information collected in connection with your communication with us, your enquiries
and requests for information from us are erased once they are no longer necessary for
the respective processing of your message.


10.2.5 When you subscribe to our newsletter, press releases or RePORTagen
Information collected when you subscribe to our newsletter is erased as soon as you
withdraw your consent to the newsletter. However, information may be kept for a
longer period of time if we have a legitimate need to do so.


8. Data subject rights

8.1 - As a data subject under GDPR, you have a number of rights.

8.1.1 You have the right to request access to the personal data we process about you,
the purposes we process the personal data, and whether we disclose or transfer
your personal data to others.

8.1.2 You have the right to have incorrect information rectified.

8.1.3 You have the right to have certain personal data deleted.

8.1.4 You may have the right to restriction of our processing of your personal data.

8.1.5 You may have the right to object to our processing of your personal data based
on reasons and circumstances that pertain to your particular situation.

8.1.6 You have the right not to be subject to a decision based solely on automated
means, without human interference unless the decision (1) is necessary for
entering into, or performance of a contract between you and the Organization,
(2) is authorised by law, or (3) is based on your explicit consent.

8.1.7 If the processing of your personal data is based on your consent, you are
entitled to withdraw such consent at any time. Withdrawal of your consent will
not affect the lawfulness of the processing carried out prior to your withdrawal.

8.1.8 You are entitled to receive personal data which you have provided to us in a
structured, commonly used, and machine-readable format (data portability).

8.1.9 You can always lodge a complaint with the data protection authority.


8.2 - Your rights may be subject to conditions or restrictions. Accordingly, there is no
certainty that you will be entitled to for example data portability in the specific
situation; it will depend on the circumstances of the processing.


8.3 - More information about data subject rights can be found in the guidelines of the
national data protection authorities.


8.4 - Please use you the contact details below if you want to use your rights.


8.5 - We try to meet your wishes about our processing of personal data, but you can always
file a complaint to the data protection authorities.


9. Changes to this Policy


9.1 - We reserve the right to update and amend this Policy. If we do, we correct the date and
the version at the top of this Policy. If we make significant changes, we will provide
notification by way of a visible notice, for example on our website or by direct
message.


10. Contact


10.1 - You may contact us at the below specified email if you:

a) disagree with our processing or consider our processing of your personal data
infringes on the law,


b) have questions or comments to this Policy, or
c) want to invoke one or more of your rights as a data subject described in this Policy.


If you have questions or comments to this Policy or if you would like to invoke one or
more data subject rights, please contact us at If you have any questions or comments
about this Privacy Policy or if you would like to make use of one or more of your
rights, you can contact the Port of Aarhus:


E-mail: [email protected]
Phone: +45 86133266.


Contact information for DPO at Port of Aarhus:
Lawyer Karen Kaalund, Advokatpartnerselskabet Kirk, Larsen & Ascanius
H.C. Andersens Blvd. 45,
1553 København V
www.kirklarsen.dk


E-mail: [email protected]
Phone: +45 76115420.

Cookie policy