In accordance with Article 13 and 14 of the General Data Protection Regulation [1], the Danish Environmental Protection Agency is as data controller obligated to inform you, how we treat your personal data.
The following is to inform you how we process the personal data that we collect.
The Danish Environmental Protection Agency is responsible for the processing of your personal data. You will find our contact information below.
The Danish Environmental Protection Agency
Tolderlundsvej 5
DK-5000 Odense C
CVR No.: 25798376
Phone: +45 72 54 44 66
E-mail: mst@mst.dk
If you have any questions about our processing of your personal data, you are always welcome to contact our Data
Protection Officer:
We process your personal data for the following purposes:
In this context, your personal information is subject to the necessary case processing, e.g. journaling in accordance with the Danish Public Access to Information Act (offentlighedsloven), just as your information is stored in accordance with the Danish Archive legislation (arkivloven).
Legal basis for processing personal data:
We process the following categories of personal data:
We process additional personal data including any sensitive personal data that you have provided, on basis of the General Data Protection Regulation article 6 (1)(e) (exercise of public authority) and article 9(2)(f) (processing is necessary for legal claims to be established, asserted or defended).
The Danish Environmental Protection Agency does not disclose personal information to third parties for marketing or
other commercial use.
The Danish Environmental Protection Agency disclose your personal data to the following recipients:
The Danish Environmental Protection Agency does not transfer your personal data to recipients outside of the EU/EEA.
In case you apply for dispensation on behalf of yourself:
In case another party applies for dispensation on your behalf:
We cannot currently specify how long we will keep your personal data. However, we can inform you that your information is often covered by the Danish Archives Act, which obliges us to store it until it must be archived or discarded in accordance with the Act. In addition, we only process your information for as long as it is necessary for the purpose of which it was collected. When we no longer have a legal or administrative purpose, the information is deleted in accordance with the Danish Environmental Protection Agency’s policy for deletion of personal data.
Under the Data Protection Regulation, you have rights in relation to our processing of your personal data.
If you want to exercise your rights, you can contact us via Public Digital Post. If you do not have access to Digital Post, you can contact us via e-mail at mst@mst.dk. If you contact us via e-mail, make sure not to send sensitive personal information, confidential information or information regarding criminal offenses.
In the subject field, please indicate which right you wish to exercise.
You are entitled to be informed which data we process about you as well as access to said information.
You are entitled to have your personal data rectified.
In certain cases, you are entitled to have information about you erased before the designated retention period has ended.
In certain cases, you are entitled to have the processing of your personal data restricted. If you exercise your right to have processing restricted, we may in the future only process information – apart from storage – with your consent, for the purpose of establishing, enforcing or defending legal claims, to protect a person or public interest.
If our processing of your personal data is based on article 6(1)(e) - public interest or exercise of public authority, you are entitled to object to our processing of your personal data on the basis of reasons that may relate to your particular situation.
Find more information about your rights as a data subject on the Danish Data Protection Agency’s website www.datatilsynet.dk/english.
The Danish Environmental Protection Agency has adopted internal policies and guidelines on information security and data protection, which contain instructions and measures in order to protect your personal data against loss or altering as well as unauthorized publication or access.
The Danish Environmental Protection Agency is obliged to comply with the information security standard ISO 27001 and to implement several technical measures. Organizational and technical measures are continuously adapted based on risk assessments.
To the extent that the Danish Environmental Protection Agency uses external contractors to process personal data, these are subject to written instructions and continuous control.
In the event of a security breach which results in a high risk you for, such as a risk of identity theft, we will notify you of the security breach as soon as possible in order for you to take necessary precautions.
Complaints of the Danish Environmental Protection Agency's processing of personal data are to be lodged with The Danish Data Protection Agency. You will find the Danish Data Protection Agency's contact information on www.datatilsynet.dk/english.
[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
[2] Bekendtgørelse af lov om miljøbeskyttelse nr. 48 af 12. januar 2024.