Safe logo

Privacy policy at Products.eu

The privacy policy was last updated on 29 September 2022.

1. Processing of personal data by the
Danish Safety Technology Authority

The Danish Safety Technology Authority processes personal data as part of our work as a public authority. The processing takes place in accordance with applicable law.

The Danish Safety Technology Authority is the authority for a number of areas, including product safety. The Danish Safety Technology Authority facilitates www.products.eu and the SAFE platform which are tools in the authority’s work with product safety. We process your personal data when you use the website and the SAFE platform.

The Danish Safety Technology Authority is the Data Controller in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act. This means that the Danish Safety Technology Authority is responsible for ensuring that the information that the authority receives from you or about you in connection with a case or other enquiry is processed in accordance with applicable rules.

We are required, pursuant to the Public Records Act, to journalise enquiries relevant to our case processing.

Below, the Danish Safety Technology Authority indicates how it processes your personal data. The first section is general and applies to all processing of personal data by the Danish Safety Technology Authority. Following this, there is a section on specific case processing.

Our contact info can be found below.

The Danish Safety Technology Authority
Esbjerg Brygge 30
6700 Esbjerg
CVR (company reg.) no.: 27403123
Telephone: 33 73 20 00
Email: sik@sik.dk

2. Contact the Data Protection Officer

If you have questions about how we process your data, you are always welcome to contact us directly or our Data Protection Officer.

The Ministry of Industry, Business and Financial Affairs has appointed Ronnie Sunil Sodhi as Data Protection Officer for the Danish Safety Technology Authority. The task of the Data Protection Officer is, inter alia, to inform and advise the Danish Safety Technology Authority and the employees who process personal data about their duties with respect to the GDPR and the Data Protection Act.

Furthermore, the task of the Data Protection Officer is to monitor that the seven agencies and departments of the Ministry of Industry, Business and Financial Affairs are in compliance with the GDPR and to ensure compliance with the rules on the legal and secure processing of personal data.

The Data Protection Officer can provide you with more information about the rules on data protection. The Data Protection Officer can provide guidance about your rights in relation to the processing of personal data at the Danish Safety Technology Authority.

You can contact our Data Protection Officer in the following ways:

  • By email: dpo@em.dk
  • By phone: 33 92 33 50
  • By letter: The Ministry of Industry, Business and Financial Affairs,
    ATTN.: ”Data Protection Officer”, Slotsholmsgade 10-12, 1216 Copenhagen K

Please note that if you want to send secure digital email, it must be sent to the main email of the Ministry of Industry, Business and Financial Affairs, which will then forward it to dpo@em.dk

3. Storage of your personal data

The Danish Safety Technology Authority primarily processes your personal data in our email system, our case processing systems, on our website, www.products.eu and the SAFE platform.

The main system used for collection your personal data on www.products.eu is the SAFE platform which is hosted on Microsoft Azure cloud platform (https://azure.microsoft.com/).

The Danish Safety Technology Authority is responsible for collecting, using, and distributing data. This means that all customer information will remain in our possession, and Microsoft will only use it to perform agreed services. In addition, we have control over where the data is located, who has access to it, and under what conditions (https://www.microsoft.com/da-dk/trust-center/privacy).

Currently, we cannot say how long we will keep your personal data. However, we can tell you that we emphasize the professional requirements of the authority for storage of data when determining how long your data will be kept. Data about you will be kept as long as necessary in order to fulfil our duties as a public authority and to remain compliant with applicable legislation, including the Danish Archives Act.

4. Access to your personal data

The employees at the Danish Safety Technology Authority have access to your personal data to the extent necessary for processing your case as part of the authority's administrative tasks.

The employees at the Danish Safety Technology Authority have signed non-disclosure agreements when hired, in order to ensure the confidentiality of your data.

5. Third country data transfers

The SAFE-platform uses the following services that includes third country data transfers:

  • Microsoft Azure
  • Sendgrid


Microsoft Azure is the Data Processor for the majority of the processing of data on products.eu and the SAFE-platform. Subject to directions from the Danish Safety Technology Authority, they have access, as necessary, in order to operate the SAFE platform.


Using Microsoft Azure as data processors there is a risk of third country data transfers. Microsoft’s Headquarter is placed in the US, but they have data centers in: Australia, Brazil, Canada, Chile, Finland, France, Germany, India, Ireland, Japan, Korea, Luxembourg, Malaysia, Netherlands, Hong Kong SAR, Singapore, South Africa, United Kingdom, USA and Austria. (https://privacy.microsoft.com/da-dk/privacystatement (19-09-2022))


SendGrid is used to send notifications to users registered e-mail addresses. SendGrid do not process any other personal data.


SendGrid uses Amazon Web Service, USA, and Snowflake, USA, as sub-processors.


Using SendGrid as data processors there is a risk of third country data transfers.



6. Recipients of your personal data
(disclosure)

We may disclose your personal data if it is in some other way necessary for processing your case. For example, this could be to other public authorities, including other European supervisory authorities and similar which need to contribute to the information in the case. When your personal data is disclosed to other European supervisory authorities, it takes place in the IT system of the EU Commission, called IMI.

In addition, disclosure must take place to the Danish Safety Technology Authority's data processors and sub-processors.

Your personal data can be disclosed to the police if we report a case to the police or if the police requests assistance in investigating one of our cases

Your personal data can also be disclosed to other public authorities, e.g. for use in the inspection or control of an area by another public authority or if the information is necessary for the other public authority to process a case.

In addition, your personal data can be disclosed to the European market monitoring systems, e.g. RAPEX and ICSMS.

If we receive a request pertaining to the right of access to documents in the case that involves your personal data, we normally have to disclose the data, unless the data is confidential.

7. Your rights

Pursuant to the GDPR, you have a number of rights with respect to our processing your data. In particular, the rights are indicated in Articles 13-18 and Articles 20-22.

Below, you can find a more general description of your rights. If you want a more comprehensive description of your rights, you can read the regulation "Guidance on the rights of registered persons" from the Danish Data Protection Agency or contact our Data Protection Officer at dpo@em.dk.

Will the Danish Safety Technology Authority inform me if it processes my personal data?

The Danish Safety Technology Authority must inform you if we process data about you. This applies to when we receive information from you as well as when we receive information from others.

You must be informed of:

  • The Data Controller
  • Contact information for the Data Protection Officer
  • The purpose and legal basis of processing the data
  • Which data will be collected
  • Where the data originates from
  • Who receives the data
  • How long the data will be kept or the criteria that will be used to determine how long the data will be kept
  • Your right to request rectification or erasure of personal data or to limit the use of data about you
  • Your right to file a complaint about the processing of personal data


The Danish Safety Technology Authority may refuse to provide the data if it is impossible or if it would require a disproportionately large effort or in the cases where it is deemed that you must already be familiar with the data.

Can I gain access to the data that the Danish Safety Technology Authority processes about me?

You can request to gain access to the data that the Danish Safety Technology Authority processes about you.

This means that you have the right to see the personal data we have about you and that you have the right to receive the information below concerning how and when we process data about you:

  • The purpose and legal basis of the processing
  • Categories of personal data and, if possible, information on where it originates
  • Recipients of the data
  • How long will the data be kept or the criteria that are used to determine how long the data will be kept
  • Your right to request that the Danish Safety Technology Authority rectifies or erases personal data or
    limits the use of data about you


The Danish Safety Technology Authority can refuse to comply with your request for access if you would also be receiving data that would infringe upon the rights and freedoms of others.

Can I rectify the data that the Danish Safety Technology Authority has about me?

You have the right to rectify incorrect data about you as quickly as possible, and you have the right to add supplementary data if the data is incomplete.

FAQ

Can I have the data that the Danish Safety Technology Authority holds about me erased?

You have the right to have erased data about you as quickly as possible. However, as a general rule, it is not possible to erase data due to administrative law, the Public Records Act and the Archives Act, which apply to public authorities. You cannot have data erased as long as it is necessary for the fulfilment of the purpose of the Danish Safety Technology Authority to process such data or if the erasure would conflict with the Danish Safety Technology Authority's duties or applicable legislation.

Can I limit the data that you process about me?

Under certain circumstances, you have the right for the processing of data about you to be limited, e.g. while an investigation is being carried out to see if the data is correct or if the data is necessary to meet a legal requirement.

Can I request to have my case processed without automatic processing?

You have the right to be subject to a decision that is not only based on automatic processing, including profiling, which has legal effect or similarly has a significant effect on the person in question.

How do I file a complaint about the Danish Safety Technology Authority's processing of my data?

You can file a complaint to the Danish Data Protection Agency about the Danish Safety Technology Authority's processing of your data if you believe that the processing is not in compliance with the GDPR.

The Danish Data Protection Agency can be contacted by email at: dt@datatilsynet.dk. The address of the Danish Data Protection Agency is: Carl Jacobsens Vej 35, 2500 Valby.

The Danish Data Protection Agency is the independent government authority that performs inspections to ensure compliance with the GDPR and the data protection legislation. Among the tasks of the Danish Data Protection Agency is to provide guidance and advice to authorities when they process personal data.

The Danish Data Protection Agency also processes complaints about the processing of personal data on the part of the authorities, and it carries out inspections with authorities and private companies.