Orientation concerning the General Data Protection Regulation
In accordance with Article 13 and 14 of the General Data Protection Regulation [1], the Danish Environmental Protection Agency is as data controller obligated to inform you, how we treat your personal data.
The following is to inform you how we process the personal data that we collect.
1. We are the data controller – how do you contact us?
The Danish Environmental Protection Agency is responsible for the processing of your personal data. You will find our contact information below.
The Danish Environmental Protection Agency
Tolderlundsvej 5
DK-5000 Odense C
CVR No.: 25798376
Phone: +45 72 54 44 66
E-mail: mst@mst.dk
2. Contact the Danish Environmental Protection Agency's Data Protection Officer
If you have any questions about our processing of your personal data, you are always welcome to contact our Data
Protection Officer:
- E-mail: dpo@mim.dk
- Phone: +45 93 59 70 11 (every Wednesday at 10-12)
- Letter: Tolderlundsvej 5, DK-5000 Odense C, att. Data Protection Officer
3. The purpose of and legal basis for the processing of your personal data
We process your personal data for the following purposes:
- Processing of your application regarding dispensation from the low emission zone rules.
In this context, your personal information is subject to the necessary case processing, e.g. journaling in accordance with the Danish Public Access to Information Act (offentlighedsloven), just as your information is stored in accordance with the Danish Archive legislation (arkivloven).
Legal basis for processing personal data:
- The Danish Environmental Protection Act [2] section 15 c (1).
- Statutory order no. 1514 of 25 June 2021 on delegation of tasks and powers to the Danish Environmental Protection Agency.
- Statutory order no. 1066 of 3 August 2023 on requirements for diesel-powered lorries, buses, vans and passenger cars in municipally determined low emission zones, etc. section 14-20. Hence the personal data is processed on the basis of the General Data Protection Regulation article 6 (1)(e) – exercise of public authority.
- When we process national identification numbers, it is for the purpose of lawful unique identification in accordance with the section 11 of the Danish Data Protection Act.
4. Categories of personal data
We process the following categories of personal data:
- Name
- Address
- Telephone number
- Vehicle registration number and other information regarding your vehicle
- In some cases, information regarding financial circumstances
We process additional personal data including any sensitive personal data that you have provided, on basis of the General Data Protection Regulation article 6 (1)(e) (exercise of public authority) and article 9(2)(f) (processing is necessary for legal claims to be established, asserted or defended).
5. Recipients or categories of recipients
The Danish Environmental Protection Agency does not disclose personal information to third parties for marketing or
other commercial use.
The Danish Environmental Protection Agency disclose your personal data to the following recipients:
- The Danish Environmental Protection Agency disclose personal information to third parties if we are obliged in accordance with other legislation – e.g. to grant access to documents according to the Danish Public Access to Information Act (offentlighedsloven) and the Danish Environmental Information Act (miljøoplysningsloven).
- The Danish Environmental Protection Agency leaves your personal information in the care of our data processors, e.g. the Agency for Governmental IT Services.
- In case a dispensation has been granted, the Danish Environmental Protection Agency will disclose your vehicle registration number to Sund & Bælt Holding A/S. You can read more about Sund & Bælt Holding A/S’s processing of your personal data here.
6. Transfer to recipients in third countries, including international organizations
The Danish Environmental Protection Agency does not transfer your personal data to recipients outside of the EU/EEA.
7. The source of your personal data
In case you apply for dispensation on behalf of yourself:
- We receive your personal data from your application submitted at miljoezoner.dk (hosted by Sund & Bælt Holding A/S) or directly from you, if you have sent your application directly to the Danish Environmental Protection Agency.
In case another party applies for dispensation on your behalf:
- We receive your personal data from the holder of a power of attorney in the application submitted at miljoezoner.dk (hosted by Sund & Bælt Holding A/S) or sent directly to the Danish Environmental Protection Agency.
8. Storage of your personal data
We cannot currently specify how long we will keep your personal data. However, we can inform you that your information is often covered by the Danish Archives Act, which obliges us to store it until it must be archived or discarded in accordance with the Act. In addition, we only process your information for as long as it is necessary for the purpose of which it was collected. When we no longer have a legal or administrative purpose, the information is deleted in accordance with the Danish Environmental Protection Agency’s policy for deletion of personal data.
9. Your rights
Under the Data Protection Regulation, you have rights in relation to our processing of your personal data.
If you want to exercise your rights, you can contact us via Public Digital Post. If you do not have access to Digital Post, you can contact us via e-mail at mst@mst.dk. If you contact us via e-mail, make sure not to send sensitive personal information, confidential information or information regarding criminal offenses.
In the subject field, please indicate which right you wish to exercise.
Right of access
You are entitled to be informed which data we process about you as well as access to said information.
Right to rectification
You are entitled to have your personal data rectified.
Right to erasure
In certain cases, you are entitled to have information about you erased before the designated retention period has ended.
Right to restriction
In certain cases, you are entitled to have the processing of your personal data restricted. If you exercise your right to have processing restricted, we may in the future only process information – apart from storage – with your consent, for the purpose of establishing, enforcing or defending legal claims, to protect a person or public interest.
Right to objection
If our processing of your personal data is based on article 6(1)(e) - public interest or exercise of public authority, you are entitled to object to our processing of your personal data on the basis of reasons that may relate to your particular situation.
Find more information about your rights as a data subject on the Danish Data Protection Agency’s website www.datatilsynet.dk/english.
10. How do we protect your data?
The Danish Environmental Protection Agency has adopted internal policies and guidelines on information security and data protection, which contain instructions and measures in order to protect your personal data against loss or altering as well as unauthorized publication or access.
The Danish Environmental Protection Agency is obliged to comply with the information security standard ISO 27001 and to implement several technical measures. Organizational and technical measures are continuously adapted based on risk assessments.
To the extent that the Danish Environmental Protection Agency uses external contractors to process personal data, these are subject to written instructions and continuous control.
In the event of a security breach which results in a high risk you for, such as a risk of identity theft, we will notify you of the security breach as soon as possible in order for you to take necessary precautions.
11. Complaint to the Danish Data Protection Agency
Complaints of the Danish Environmental Protection Agency's processing of personal data are to be lodged with The Danish Data Protection Agency. You will find the Danish Data Protection Agency's contact information on www.datatilsynet.dk/english.
[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
[2] Bekendtgørelse af lov om miljøbeskyttelse nr. 48 af 12. januar 2024.
