About data protection

When Sønderborg Municipality processes your information, we have great focus on ensuring that the information is processed securely and does not come to the knowledge of unauthorized persons.

In order for Sønderborg Municipality to provide good municipal service, we need to process personal data. This applies to information about both citizens, companies, employees and business partners.

We must process all personal data in accordance with good data processing practice and in compliance with the principles of:

• Legality, fairness and transparency
• Purpose limitation
• Data minimization
• Accuracy
• Storage restriction
• Integrity and confidentiality
• Accountability

What information does Sønderborg Municipality collect about me?

In connection with the processing of cases or tasks as part of the exercise of public authority, we need to obtain information about you. We only collect the information that is necessary in relation to processing the case or task for which the information was collected.

If you are employed or receive remuneration from us, we process your personal data to ensure the correct payment of salary / fees and other employment law matters.

A personal information is any information that can lead back to a specific natural person.

There are three categories of personal data according to the GDPR:

1. General personal data – e.g. name, gender, address, telephone number, email address and CPR number, financial circumstances, etc
2. Information regarding criminal convictions and offenses
3. Special categories of personal data (sensitive) – Race and ethnic origin, political beliefs, religious beliefs, philosophical beliefs, trade union affiliation, genetic data, biometric data, health conditions and sexual orientation.

We use some of the information we have about you for management information and statistics. We do this so that we e.g. can see and follow the development of how many people in Sønderborg Municipality receive cash assistance, sick leave, home help or other benefits from the municipality.

We may also use your information to develop tools that can support case processing. 

When we use your information for these purposes, we cannot see that it is about you (your information is pseudonymised). It has no influence on the service or help you receive from the municipality that we use your information for these purposes (management information and statistics).

Where does Sønderborg Municipality get my personal data?

In connection with the processing of your case, it will in many cases be necessary to obtain information about you. During these treatments, we endeavor not to obtain more information than is necessary to process your case.

We can obtain some information ourselves from other public authorities or joint registers, this could be income information, TAX, BBR etc.

We ask you for other information when you e.g. apply for a benefit or service.

We can also obtain information from other business partners, e.g. doctor, healthcare, etc.

You always have the right to know from where we obtain information about you in connection with your case processing in the municipality.

The individual subject areas must inform you of this in connection with e.g. an application for a service or provision.

How long is my personal data stored?

When we collect personal information about you and store it in connection with our processing, there are different guidelines for how long we store your information. It varies, depending on whether it is e.g. a case in the Jobcentret, a construction case or a job application.

Within certain professional areas, we must hand over your files and information to the National Archives before we can delete them. This is regulated by the Archives Act.

The period of time for storing personal data will vary according to the type of case and the circumstances of the case, but as a general rule you can assume that we will store your personal data for 5 years after your case has been concluded.
The period for storing personal data can sometimes be longer than 5 years if it is a matter that is subject to a longer limitation period in the Limitation Act.
Conversely, we sometimes store your personal data for less than 5 years if we assess that your personal data no longer has administrative or legal relevance.

If you are employed or have a position in Sønderborg Municipality, we store your personal information throughout your employment period or during the period in which you have a position and up to 10 years after your resignation.

When the storage obligation expires and any archiving requirement is met, your information will be deleted, after which the municipality will no longer have access to it.

You can get precise information about how long we store your information by contacting the individual areas in the municipality.

Who receives my personal data?

data processors
If we use data processors, we entrust your personal data to them, as they process personal data on our behalf.

Document inspection
If we receive a request for access to documents in a case in which your personal data is included, we must normally pass on the information, unless the information is confidential.

How is my personal data handled in self-service solutions?

As a starting point, we use the joint public login solution Borger.dk, where you use your MitID as a key to log in to self-service solutions and forms.
However, you may also come across forms or self-service solutions that do not require such high security. Here you can typically register with a self-selected username and password.

Personal data in SMS services

Sønderborg Municipality uses several SMS services in communication with citizens. These include, among other things, services that provide notifications about the emptying of waste containers, etc

Sønderborg Municipality reserves the right to use the existing SMS services as part of crisis communication in order to quickly and efficiently reach affected citizens with vital information.

How is personal data used for TV surveillance in Sønderborg Municipality?

When you stay on Sønderborg Municipality's premises, at citizen service areas and at entrances, you may risk being recorded by the municipality's TV surveillance.

The rules in the Data Protection Regulation and the Data Protection Act apply to any form of processing of personal data in connection with TV surveillance.

Image recordings from TV surveillance are deleted no later than 30 days after the recording. Recordings that contain information about potentially criminal matters are deleted when they have been handed over to the police.

In certain cases, it may be necessary to store recordings for a longer period of time, e.g. if the recording is to be used as documentation in a concrete dispute. In these cases, you will be notified separately.
The TV recordings will not be passed on or shown to anyone other than the police, unless you have given your express consent to this, or if the passing on is required by law.

What rights do I have regarding data protection?

When Sønderborg Municipality processes your personal information, you have a number of rights under the Data Protection Ordinance, which you can use at any time:

Right to view information (right of access)
You have the right to gain insight into the information that we process about you, as well as a range of additional information. We may have a lot of information about you. Your request may therefore take a long time to answer if we have to search for the information in all our systems. If you therefore have the opportunity to specify which information you want insight into, we will be able to process your request more quickly.

In some cases, you are not entitled to access. It can, for example, be if the information you seek insight into will reveal contractual relationships, trade secrets or the like. You can also be refused access if the information is part of a police investigation or similar.

Right to rectification (correction)
You have the right to have incorrect information about yourself corrected.
As the municipality will in many cases be limited by law in correcting information about you, the correction takes place by adding a journal note or similar to your case with your comments and/or corrective information.

Right to delete
In special cases, you have the right to have information about you deleted before the time for our general general deletion occurs - you should, however, be aware that as a public authority we can only grant a request for deletion to a very limited extent, as we are subject to strict documentation requirements in relation to being able to document the basis on which a decision or decision has been taken.
The right to have your personal data deleted does not therefore apply in cases where the continued processing of the personal data is necessary for us to carry out our task as a public authority.
 

Right to limitation of treatment
In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we may in future only process the information - apart from storage - with your consent, or for the purpose of establishing, asserting or defending legal claims, or to protect a person or important public interests.
 

Right to objection
In certain cases, you have the right to object to our otherwise lawful processing of your personal data, however, the right to object does not apply if the processing of your personal data is necessary to comply with a legal obligation incumbent on Sønderborg Municipality.
 

Right to transmit information (data portability)
In certain cases, you have the right to receive your personal information in a structured, commonly used and machine-readable format and to have this personal information transferred from one data controller to another without hindrance.

You can do so when the following two conditions are met:
1. Your personal data is processed automatically and is based on a consent or necessary to fulfill a contract.
2. You yourself have given us the personal data that is processed.

However, the right does not apply if your personal data is necessary to solve tasks in the interest of society, or we use it for the exercise of public authority.
You can read more about your rights at The Danish Data Protection Authority's website on the rights of data subjects.

Your consent
You can revoke your consent at any time (if the processing of your personal data is based on consent).
Withdrawal of your consent does not affect the legality of the processing that took place before the withdrawal of consent.
When you give your consent, you will be told where to go in order to withdraw your consent.

Read more about your rights in The Danish Data Protection Agency's guidelines on the data subjects' rights

Does the municipality have a duty to provide information?

The municipality has a duty to inform you when we start collecting your personal data or as soon as possible thereafter – regardless of whether the information comes directly from you or someone else.

As a rule, we do not have to give you the information if you are already familiar with it. However, there are exceptions, which you can read more about The Data Protection Act.

How secure is my shared personal data with Sønderborg Municipality? 

Sønderborg Municipality maintains security against natural as well as technical and man-made threats and vulnerabilities, so that the citizens' and employees' safety and working conditions as well as Sønderborg Municipality's image are secured as best as possible.

We secure personal data, confidential information and critical data, regardless of whether they are in digital or paper form. We aim to maintain a security level that reflects best practice based on the ISO 27001/2 standards for information security.

Sønderborg Municipality has drawn up safety rules and procedures for our employees, which are aimed partly at protecting employees from injuries caused by employees, and partly at protecting employees from unfounded suspicions of security breaches.

We ensure that our employees have thorough knowledge of relevant safety instructions and procedures.

We check the employees' compliance with information security and the security measures implemented by the municipality.

ønderborg Municipality's information security level complies with the legislation in force at all times and complies with current security practices in the municipal sector.
The municipality uses a common method for risk analysis, risk assessment, registration, measurement, assessment and follow-up on information security and carries out regular audits and evaluations of security.

What is a Data Protection Officer (DPO)?

In its function, the data protection advisor is an impartial body that does not refer to the administration. The adviser assists in collaboration with the municipality's lawyers with advice and guidance for the specialist areas on legal, good and secure handling of personal data.

It is the task of the data protection adviser to ensure that the municipality complies with the data protection ordinance and law.

You can read more about the role of the data protection adviser on the Danish Data Protection Agency's website.

You can contact the data protection adviser if you are in doubt about whether the municipality handles your personal information correctly or if you have questions about how Sønderborg Municipality handles personal information.

If you wish to complain about the municipality's processing of your personal information, you must contact Datatilsynet.

What can the data protection advisor NOT help me with?

• The data protection advisor cannot help you with the professional case management or the decisions made by the areas.
• The data protection advisor cannot provide guidance on rules or practice in the field.
• The data protection adviser cannot make a decision as to whether mistakes have been made in connection with the processing of the case, the performance of practical help, etc.
• The data protection advisor cannot change a decision made by the municipality.
• The data protection adviser cannot assist in formulating complaints about the municipality to relevant complaint bodies.
• If you need help to understand a decision, to complain about the municipality's case handling or help to complain about a decision, you can contact the department that handled the case.