We process your personal data for the following purposes:
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In this context, your personal information is subject to the necessary case processing, e.g. journaling in accordance with the Public Access to Information Act, just as your information is stored in accordance with the Danish Archive legislation.
Legal basis for processing personal data:
- Chapter 10 in Act 244 of 17/02-2022 on Chemicals or
- Chapter 3 in Act 799 of 09/06-2020 on Products and Market Surveillance
Most personal data is processed on the basis of the General Data Protection Regulation Article 6(1)(e) - exercise of public authority.
If you provide sensitive personal data, we process the data on the basis of Article 6(1)(e) of the General Data Protection Regulation - exercise of public authority, and article 9(2)(f)- processing is necessary for legal claims to be established, asserted or defended.
When we process national identification numbers (CPR-Number), it is for the purpose of lawful unique identification in accordance with the section 11 of the Danish Data Protection Act.
If the processing is necessary for the performance of our tasks, we process information regarding criminal offenses, is it on the basis of section 8 of the Danish Data Protection Act.
We process the followingcategories of personal data:
- Name
- National identification number (CPR-number) (exceptionally)
- Adress
- Business Number (CVR-number)
- Phonenumber
- Economy
- Informations regarding criminal offenses
- Informations regarding sensitive personal data e.g. information about your health, which you have provided yourself
We can disclose personal data to the following recipients:
- The Danish Agricultural Agency, The Danish Tax Agency, The Danish Customs Agency, The Danish Veterinary and Food Administration, The Danish Safety Technology Authority and The Danish Working Environment Authority
- European Commissions Rapid Alert System - RAPEX.
- European Commissions information and communication system about market surveillance - ICSMS.
- Publication of notices and orders in the national publication system for the Danish Chemical Inspection Services.
- On some occasions, personal data can be processed regarding to criminal offenses, as The Danish Chemical Inspection Service has reported or regarding to a statement, if the police has asked for such.
- Reports to the European Commission.
- The Danish Environmental Protection Agency also leaves your personal information in the care of our data processors, e.g. the Agency for Governmental IT Services
We disclose personal information to other authorities only as part of our regulatory tasks – e.g. to grant access to documents according to the Public Access to Information Act and the Environmental Information Act
We do not transfer your personal data to recipients outside of the EU/EEA.
- In some cases we receive your personal data through reports or from other authorities e.g. The Danish Agricultural Agency, The Danish Tax Agency, The Danish Customs Agency, The Police, The Danish Safety Technology Authority or local authorities.
- We can also have obtained your personal data from registers or from the internet.
- You yourself can have provided personal data to us and perhaps provided sensitive personal data, e.g. information about your health.
We cannot currently specify how long we will keep your personal information. However, we can inform you that you information is often covered by the Danish Archives Act, which obliges us to store it until it must be archived or discarded in accordance with the Act. In addition, we only process your information for as long as it is necessary for the purpose of which it was collected. When we no longer have a legal or administrative purpose, the information is deleted in accordance with the Danish Environmental Protection Agency’s policy for deletion of personal information.
Under the Data Protection Regulation, you have rights in relation to our processing of your personal data.
If you want to exercise your rights, you can contact us via Public Digital Post (e-Boks).
If you do not have access to e-Boks, you can contact us via e-mail. If you contact us via e-mail (mst@mst.dk) make sure not to send sensitive personal information, confidential information or information regarding criminal offenses.
In the subject field, please indicate which right you wish to exercise.
Right of access
You are entitled to be informed which data we process about you as well as access to said information.
Right to rectification
You are entitled to have your personal data rectificated.
Right to erasure
In certain cases, you are entitled to have information about you erased before the designated retention period has ended.
Right to restriction
In certain cases, you are entitled to have the processing of your personal data restricted. If you exercise your right to have processing restricted, we may in the future only process information – apart from storage – with your consent, for the purpose of establishing, enforcing or defending legal claims, to protect a person or public interests.
Right to objection
If our processing of your personal data is based on article 6(1)(e) - public interest or exercise of public authority, you are entitled to object to our processing of your personal data of reasons that may relate to your particular situation.
Find more information about your rights as a data subject on the Danish Data Protection Agency’s website.
The Danish Environmental Protection Agency has adopted internal policies and guidelines on information security and data protection, which contain instructions and measures in order to protect your personal data against loss or altering as well as unauthorized publication or access.
The Danish Environmental Protection Agency is obliged to comply with the information security standard ISO 27001 and to implement several technical measures. Organizational and technical measures are continuously adapted based on risk assessments.
To the extent that the Danish Environmental Protection Agency uses external contractors to process personal data, these are subject to written instructions and continuous control.
In the event of a security breach which results in a high risk you for, such as a risk of identity theft, we will notify you of the security breach as soon as possible in order for you to take necessary precautions.
Updated the 18th of March 2022.
We are the data controller – how do you contact us?
The Danish Environmental Protection Agency is responsible for the processing of your personal data. You will find our contact information below.
The Danish Environmental Protection Agency
Tolderlundsvej 5
DK-5000 Odense C
CVR No.: 25798376
Phone: +45 72 54 44 66
E-mail: mst@mst.dk
Contact the Danish Environmental Protection Agency's Data Protection Office
If you have any questions about our processing of your personal data, you are always welcome to contact our Data Protection Officer:
- E-mail: dpo@mim.dk
- Phone: +45 93 59 70 11 (every Wednesday at 10-12 AM (CET))
- Letter: Tolderlundsvej 5, DK-5000 Odense C, att. Data Protection Officer
Complaint to the Danish Data Protection Agency
Complaints of the Environmental Protection Agency's processing of personal data are to be lodged with The Danish Data Protection Agency. You will find the Danish Data Protection Agency's contact information on datatilsynet.dk.