Privacy and Cookie Policy

1. Introduction

1.1 - This Data Protection and Privacy Policy (the “Policy”) describes how Aarhus Havn (“us”,”we” or ”our”) when acting in the role of a controller, collects and processes yourpersonal data relating to the purchase of services, membership, products, or your useof our website,

1.2 - The Policy is prepared and made available to comply with the General Data ProtectionRegulation (2016/679 of 27 April 2016) (the ”GDPR”) and the rules included herein oninformation to be provided to you.

2. Collecting personal data with cookies

2.1 - By visiting and using our website(s), personal data collected with cookies will be processed. Information about this processing can be accessed here: https://www.portofaarhus.dk/en/privacy-cookie-policy/

3. Types of personal data processed

3.1 - We process personal data about you when this is necessary and in accordance with theapplicable legislation. Depending on the specific circumstances, the processedpersonal data include the following types of personal data:
a) address
b) email
c) name
d) IP addresses
e) telephone number
f) invoicing and bookkeeping data and documentation
g) Customer number

3.2 -

3.4.1 When you travel around the port area – Video surveillance, access cards and number plates.

As part of access controls and video surveillance at the Port of Aarhus A/S, we collect and store personal information about persons who travel around the facility. This applies to both persons with permanent access to the port area and Port Centre, including persons who are employed by the Port’s tenants or other partners, and persons who temporarily have access.Persons with permanent access to the port are issued an access card and/or use a private Brobizz or number plate. (The Port of Aarhus does not provide Brobizz). The following personal information is stored in connection with the issuing of access cards/use ofa private Brobizz og acces through gates by car or other registered vehicle: Name, photo, company name, tel. no., e-mail address, reg. no., access rights, and date of issue. Traffic is continuously logged through the use of access cards/Brobizz/number plate.

Access controls are necessary in order to ensure that only persons with lawful groundsto be in the port/Port Centre can gain access.

In connection with video surveillance around the port, it is possible that recordings willbe made of persons’ conduct and movements.In connection with the access cards provided by the port, conduct and movements willbe logged for each individual card.In connection with the use of number plate registered at Port of Aarhus A/S, conduct and movements will be logged when travel around the port area.Video surveillance, access cards and registered number plates are required in order tocomply with ISPS port security requirements.

The grounds for the processing above is Article 6(1), point c) or d) GDPR

3.4.2 When you are a customer of the Port of Aarhus A/S

When you order a service from us or receive an offer from us: We collect information on your name, what company you represent, your tel. no., payment method, information on the services you are ordering, and the time and method of delivery. The aim of this processing is for us to be able to deliver the offered or agreed services, and to otherwise fulfil the contract we have concluded with you/the company you represent, including our ability to manage your rights to lodge a complaint.

The grounds for the processing above is Article 6(1), point f) GDPR

3.4.3 When you visit our website

We automatically collect information on you and your use of the Port of Aarhus A/S website when you visit it, provided you have accepted cookies. This information includes your IP address, what type of browser you are using, what pages you visit, what links you activate, and generally how you navigate on our website and how you use it. The aimof this is to improve user experience and the functionality of the website, and to be able to record how long visitors spend on the website and show you relevant information.

The grounds for the processing above is Article 6(1), point e) GDPR.

3.4.4 When you communicate with Port of Aarhus A/S

3.4.4 When you communicate with Port of Aarhus A/SIf you have questions or otherwise communicate with us, we collect information on your name, e-mail, tel. no. what company you represent, and your question. The aim of this processing is to answer questions or to be able to otherwise communicate with youin order to render the service you require.

The grounds for the processing above is Article 6(1), point e) GDPR.

‍
3.4.5 When you subscribe to our newsletter, press releases etc.

We collect information on your name, e-mail address, tel. no., what company you represent, your industry, your consent, and your interests and preferences if you choose toprovide this information. The aim of this processing is to be able to send you newsletters and otherwise pursue our legitimate interest in sending you marketing.

The grounds for the processing above is Article 6(1), point e) GDPR.

3.3 - If we need to collect more personal data than specified above, we will inform you byupdating this Policy.

4. Purposes of processing the personal data

4.1 - We will only process your personal data if we have a legitimate purpose and in thatcase in accordance with the rules of the GDPR. The personal data we collect about youis processed for the following purposes:

a) To communicate and exchange data with public authorities when required by law.
b) To provide service messages and information.
c) To provide support and service messages, including responding to questions and complaints and sending updates about our products and services.
d) To respond to inquiries or complaints.
e) To send newsletters by e-mail.
f) To store personal data to comply with applicable legislation requirements such as bookkeeping acts.
g) To improve our products, services, or website.
h) To deliver products or services.
i) To prevent fraudulent behavior or misuse of our products, services and website, including the processing of personal data for the purpose of legal actions.

5. Legal basis for processing personal data

5.1 - We only process your personal data when we have a legal basis to do so in accordancewith the GDPR. Depending on the specific circumstances, the processing of personaldata is done on the following legal basis:

a) The processing is necessary for the performance of a task carried out in the publicinterest or in the exercise of official authority vested to us in accordance withGDPR, Article 6(1)(e).
b) The legal basis for the processing of such personal data is consent, in accordancewith GDPR, Article 6(1)(a). You can withdraw your consent at any time bycontacting us via the contact details provided at the end of this Policy. If youwithdraw your consent, the personal data processed will be deleted, unless it canor must be processed in order to comply with legal obligations.
c) The processing is necessary for the performance of a contract to which the datasubject is a party in accordance with GDPR, Article 6(1)(b), the first indent.
d) The processing is necessary for the purposes of the legitimate interests wheresuch interests are not overridden by the interests or fundamental rights andfreedoms of the data subject which require protection of personal data inaccordance with GDPR, Article 6(1)(f).
e) The processing is necessary to comply with applicable legislation in accordancewith GDPR, Article 6(1)(c).

6. Disclosure and transfer of personal data

6.1 - We only transfer personal data to other entities when it is legally permitted or required.

6.2 - We transfer personal data to the following recipients from the EU/EEA:

a) Authorities
b) Processors
c) Collaborators
d) Suppliers

6.3 - From time to time we use external entities as suppliers to assist us in delivering ourservices. The external suppliers will not receive or process personal data unless applicable law allows for such transfer and processing.

Where the external parties are acting in the role of processors, the processing is always based on a data processing agreement in accordance with the requirements under GDPR.

Where the external parties are acting in the role of controllers, the processing of personal data is based on such external parties’ data privacy policy and the relevant legal bases which the external parties are obligated to inform about unless theapplicable legislation allows otherwise

6.4 - We do not transfer personal data to countries or international organisations outside the EU/EEA unless it is necessary on your specific request.

7. Erasure and retention of personal data

7.1 - We ensure that the personal data is deleted when it is no longer necessary for the processing purposes described above. However, we retain your personal data to the extent that we are legally obligated, as is the case with for example accounting and bookkeeping materials and records. If you have any questions about our retention of your personal data, you may contact us by using the email mentioned in the last section of this Policy.

‍

8. Data subject rights

8.1 - As a data subject under GDPR, you have a number of rights.

8.1.1 You have the right to request access to the personal data we process about you, the purposes we process the personal data, and whether we disclose or transfer your personal data to others.

8.1.2 You have the right to have incorrect information rectified.

8.1.3 You have the right to have certain personal data deleted.

8.1.4 You may have the right to restriction of our processing of your personal data.

8.1.5 You may have the right to object to our processing of your personal data based on reasons and circumstances that pertain to your particular situation.

8.1.6 You have the right not to be subject to a decision based solely on automated means, without human interference unless the decision (1) is necessary for entering into, or performance of a contract between you and the Organization, (2) is authorised by law, or (3) is based on your explicit consent.

8.1.7 If the processing of your personal data is based on your consent, you are entitled to withdraw such consent at any time. Withdrawal of your consent will not affect the lawfulness of the processing carried out prior to your withdrawal.

8.1.8 You are entitled to receive personal data which you have provided to us in a structured, commonly used, and machine-readable format (data portability).

8.1.9 You can always lodge a complaint with the data protection authority.

8.2 - Your rights may be subject to conditions or restrictions. Accordingly, there is no certainty that you will be entitled to for example data portability in the specific situation; it will depend on the circumstances of the processing.

8.3 - More information about data subject rights can be found in the guidelines of the national data protection authorities.

8.4 - Please use you the contact details below if you want to use your rights.

8.5 - We try to meet your wishes about our processing of personal data, but you can always file a complaint to the data protection authorities.

9. Changes to this Policy

9.1 - We reserve the right to update and amend this Policy. If we do, we correct the date and the version at the top of this Policy. If we make significant changes, we will provide notification by way of a visible notice, for example on our website or by direct message.

10. Contact

10.1 - You may contact us at the below specified email if you:

a) disagree with our processing or consider our processing of your personal data infringes on the law,
b) have questions or comments to this Policy, or
c) want to invoke one or more of your rights as a data subject described in this Policy.

If you have questions or comments to this Policy or if you would like to invoke one or more data subject rights, please contact us at:
E-mail: port@portofaarhus.dk
Phone: +45 86133266

‍If you have any questions or comment sabout this Privacy Policy or if you would like to make use of one or more of your rights, you can contact Port of Aarhus A/S:

Maria Frederiksen, HR Partner by E-mail: port@portofaarhus.dk or Phone: +45 86133266

Contact information for DPO at Port of Aarhus:
Lawyer Lise Moth Timm, Advokatpartnerselskabet Kirk Larsen & Ascanius
Dalgasgade 21, 2.,- 7400 Herning
E-mail: lmt@kirklarsen.dk
Phone: +45 70226660.