Atriumboks smal

GDPR - rights and responsibility

On this page you can read about your responsibility as a student working with personal data at ITU and get information on what kind of data ITU collects, receives or stores about you.

As a student at ITU, we process your personal data in accordance with the GDPR. If you are interested in knowing more about the information, ITU collects, receives and stores about you, you can consult itu.dk where you can read up on our privacy policy.

Students that process personal data in connection with schoolwork at ITU, including writing papers and carrying out projects, are in most cases considered “private processors”. Therefore, as a rule, such activities falls outside the scope of the GDPR.

However, please remember that personal data is something that we (mostly) borrow from other people and that it can be abused. We therefore ask that you take good care of your own personal data as well as those relating to your fellow student and any other third party – also when using personal data in your papers or projects.

Below you’ll find some valuable knowledge and practical guidelines to consider when you process personal data as a student at ITU.

WHAT IS PERSONAL DATA?
Personal data is any kind of information concerning an identified or identifiable natural person and may include:

Name, address, phone number, e-mail etc. (regular personal data)
Information about racial or ethnic origin, political, religious and philosophical beliefs, trade union membership, genetic or health status, sexual orientation and biometric data (sensitive personal data)
CPR numbers are considered regular personal data but also confidential information. As a rule, you should therefore be more careful when processing these than other regular personal data

PRACTICAL GUIDELINES
“Processing” of personal data” should be interpreted broadly and covers, inter alia, the collection, registration, storage, disclosure and analysis of personal data. 

If you process personal data (by gaining access or collecting) e.g. in a project, assignment, master's thesis etc., we recommend you to consider the following 4 main areas:

Collecting
When you collect personal data to be used in a project etc., it is always advisable to obtain a consent from the individuals that the data relates to.

Storing
Personal data should be handled in a safe manner. This means that you must store it in a way that is not available to the public, e.g. at unsecured places.

Sharing
As a rule, you are only allowed to share personal data if you have a legal basis (e.g. consent) to do so. If the sharing of personal data is part of the project, you must be certain that the people with whom you share the data will handle the data in a safe manner. If it is possible to anonymise the personal data before sharing it, we strongly recommend that you do so.

Deleting
Delete all personal data when it is no longer necessary for you to keep it. In that regard, please remember that you may not hold on to the data on a “nice-to-have” basis.


By accepting a nomination to a partner university, you accept that ITU will transfer your full name, e-mail, and possibly nationality for the purpose of nominating you to exchange with the partner. 

ITU has no instructional authority towards partner universities, which is why the receiving institution is independently responsible for the received personal data. This means, that the personal data – among other things - will be stored as long as required by the partner universities. 

The European Commission operates with a concept of secure vs. insecure third countries*
If you accept nomination to a partner university in a country outside the EU/EAA, you accept that your name, email and possibly your nationality may be transferred to an insecure third country.

The risk of transferring personal data to an insecure third country can, among other things, consist in the fact that the country in question does not necessarily have rules on data security which ensure that information does not come to the knowledge of unauthorized persons. The risk could also mean that the country in question cannot control governmental access in their country.

*Read about the legislation and definitions here

 


Useful resource
ITU is unfortunately not able to help students with legal counselling, because students constitute a contracting party independent of ITU. Questions regarding GDPR should therefore be directed to the Danish Data Protection Agency.