Privacy policy

The protection of personal data is a high priority at Sønderborg Lufthavn A/S (hereinafter “Sønderborg Airport”). Therefore, we have drawn up a policy on how Sønderborg Airport processes your personal data.

Sønderborg Airport is hereinafter referred to as “we” or “us”.

Sønderborg Airport is the data controller

Sønderborg Airport

CRN (CVR): 41044861

Lufthavnsvej 1

DK-6400 Sønderborg

Telephone: +45 7442 2130

Email: post@sonderborg-lufthavn.dk

Sønderborg Airport is the data controller. If you wish to exercise your rights – as described below – or have any questions, please contact Sønderborg Airport by phone on +45 7442 2130 or by email at post@sonderborg-lufthavn.dk.

 

Our processing activities
Below, you can read more about the type of data we process for which purposes and on which basis, depending on the purpose:

The purposes of processing
Sønderborg Airport collects and processes your personal data for the purpose of:

• Job recruitment
• Video surveillance
• Services in case of special needs
• Issuance of guest passes
• Issuance of ID cards
• Events organised by Sønderborg Airport

Hereinafter, the GDPR is referred to as the “Regulation” and the Danish Data Protection Act as the “Act”.

Purpose
The purpose of our processing data is to fill vacancies or future vacancies.

Data subjects
We process information on job applicants and any references you may provide.

Categories of personal data
We process general personal data submitted by you, including name, address, telephone number and email address, as well as other information in the application, such as CV, references, transcripts, photos and other attachments.

As a rule, we do not need to process confidential or sensitive personal data (e.g. civil registration number or health information), which is why we request that this information is not sent to us.

Legal basis for processing
We process your personal data on the basis of Article 6(1)(f) of the Regulation, because we have a legitimate interest in assessing you as a candidate and filling the post with a suitable candidate.

We may also process personal data about you on the basis of Article 6(1)(a) if you have given your consent to our obtaining references or to our contacting you in the future with a view to possible future employment. Prior to these types of processing, we will always obtain your consent.

In the event that we receive personal data entrusted to us by an applicant on their own initiative, these are deemed to have been received with the applicant’s consent, cf. section 12(3) of the Danish Data Protection Act.

We may also process the data on the basis of Article 6(1)(b) of the Regulation, as the processing is necessary for us to be able to conclude an employment contract with you.

Storage period
We process your data until the recruitment process is completed.

In any case, we will delete your data within six months after receiving your application, unless we specifically find that there are special circumstances that require a shorter or longer retention period, or in case you have consented to our keeping them for a longer period, e.g. in connection with the filling of other or future vacancies.

If you are hired, your data will be transferred to our personnel system.

Recipients
We treat all your personal data confidentially, so only the employees involved in the recruitment process have access to your data.

We do not disclose your personal data to third parties, but we may in certain cases entrust them to our business partners in connection with the recruitment process. In such cases, we will ensure that the necessary agreements are concluded to ensure i.a. that the personal data is processed safely and securely in accordance with the obligations arising from the GDPR.

As a general rule, we do not transfer or transmit personal data to countries outside the EU/EEA. In the event of a transfer or a handover to countries outside the EU/EEA, this will be done on the basis of the European Commission’s standard data protection clauses, also known as EU standard contracts.

Where your personal data originates from
In addition to the data you enter yourself, we may search for relevant published information on the internet, including LinkedIn and Facebook, as part of the selection process.

Purpose
The purpose of our video surveillance is partly founded in crime prevention and protection concerns.

Data subjects
We process data regarding people who move within our designated video surveillance areas. This includes our terminal building, administration and forecourt.

Categories of personal data
We process ordinary personal data in the form of image and video recordings and number plates. In the event of an incident, confidential personal data in the form of information on criminal offences may be processed.

Legal basis for processing
Our processing of personal data from video surveillance is necessary for us to pursue a legitimate interest in preventing crime at our premises, as set out in Article 6(1)(f) of the Regulation, section 8(2) of the Data Protection Act and Article 10 of the Regulation.

Our processing of personal data also complies with section 3(1) of the Danish TV Surveillance Act, in that we provide information on video surveillance where this has been implemented.

Storage period
Video surveillance footage from the airport terminal building and administration is stored for 72 hours in accordance with EASA guidance. Video surveillance of the airport forecourt is live and thus not stored.

Recipients
Personal data is disclosed to the police if a security incident requiring investigation, such as theft, is identified.

Where your personal data originates from
Your information comes from our on-site cameras.

Purpose
As an airport, we receive notification from airlines of arriving passengers in need of PRM assistance. In this context, we facilitate assistance to passengers who need special assistance in connection with flights. In order to provide this service, it is necessary for us to process information about you that we receive from airlines.

Data subjects
We process data about people who use our special flight assistance service.

Categories of personal data
We process general personal data in the form of full names. In order to identify your needs, your flight assistance requirements are classified according to a number of categories that we receive from airlines. From some of the categories, sensitive personal data may be derived, in particular health data such as a specific physical limitations.

Legal basis for processing
Our processing basis for general personal data about you is Article 6(1)(c) of the Data Protection Regulation, while sensitive data in the form of health data is processed on the basis of Article 9(2)(f) of the Regulation, as the processing of your personal data is necessary to comply with our legal obligations under the EU PRM Regulation.

Storage period
The data is kept for 5 days, after which it is anonymised.

Recipients
As a rule, we do not disclose your personal data, as the information is only relevant in connection with our service to you.

Where your personal data originates from
We receive your details from the airline you booked your flight with.

Purpose
In order to be able to move around the site, e.g. in connection with tours or the performance of a consultancy task, it may be necessary to obtain a guest pass. In this instance, we need a range of information to prove who has access to the facilities.

Data subjects
We process data on persons who are issued a guest pass to move around our premises.

Categories of personal data
The issuance of guest passes requires the collection of general personal data such as your full name and telephone number and date of birth. When issuing guest passes, photo identification is presented, but information from the identification is not processed in the sense covered by data protection legislation.

Legal basis for processing
The issuing of guest passes requires the collection of general personal data such as your full name and your telephone number, based on Article 6(1)(f) of the Regulation, as the processing is necessary for us to pursue a legitimate interest in being able to document who has access to our facilities.

Storage period
Data is stored for 12 months and is then automatically deleted. We also assess whether there are special circumstances that require a shorter or longer storage period.

Recipients
As a general rule, we do not disclose your personal data in connection with the issuance of guest passes, as the data is collected for the sole purpose of issuing guest passes to our locations.

Where your personal data originates from
We receive your personal data from you in an electronic form when issuing the guest pass.

Purpose
We process personal data in order to issue ID cards to people who need to move around the site for travel, work, training or information/education purposes. The purpose of issuing ID cards is to ensure the integrity and security of our sites by verifying the identity of the person concerned.

Data subjects
We process information about our ID card holders who are issued an ID card to move around our premises. These persons may be passengers, authorised escorts, crew, emergency services, contractors, etc.

Categories of personal data
Issuing ID cards requires the collection of general personal data such as your full name, email, phone number, place of work, job title and a photo.

We also process confidential personal data as we collect information from your passport and/or driving licence, which includes your civil registration number, and as we obtain your criminal record from the police and thereby any information on criminal offences.

Legal basis for processing
The processing of your personal data in connection with the issuing of ID cards is based on Article 6(1)(f) of the Regulation, as the processing is necessary for us to pursue a legitimate interest in ensuring the integrity and security of our premises.

In terms of confidential personal data, your passport and/or driving licence, and thus your civil registration number, are processed to verify your identity on the basis of Section 11(2)(3) of the Data Protection Act, as the processing is essential to ensure unambiguous identification of you. In addition, information on possible criminal offences is processed on the basis of Article 8(2) of the Data Protection Act, in accordance with Article 10 of the Regulation.

Storage period
We keep the data as long as we have a legitimate need to process it, in this case until your ID card expires or is deactivated. We also assess whether there are special circumstances that require a shorter or longer retention period.

Recipients

We disclose your personal data to the police in connection with the issuance of ID cards, as we are required to provide your name, civil registration number, etc. in order to request that your criminal record is disclosed to us.

Where your personal data originates from
In addition to the personal data we receive from you, we receive information from the police about possible criminal offences via your criminal record.

Purpose
We collect and process your personal data in order to manage the organisation of various courses, including the management of participants, the sending of invitations and lists of participants, as well as the facilitation and running of courses.

Data subjects
We process information about people who attend our events.

Categories of personal data
We process general personal data, including information on name, title, organisation, telephone number and email address.

Legal basis for processing
When you are invited to a professional event at Sønderborg Airport, we do so on the basis of our common legitimate interest as defined in Article 6(1)(f) of the Regulation. At any point, you have the option of declining additional invitations by responding to the invitation by email with the text “unsubscribe”.

If you choose to participate in the event, the processing is necessary for us to be able to fulfil a contract/agreement with you for participation in the event, in accordance with Article 6(1)(b) of the Regulation.

Storage period
We keep the data for as long as we have a legitimate need for the processing. We also assess whether there are special circumstances that require a shorter or longer storage period.

Recipients
As a general rule, we do not disclose your personal data. We may share the list of participants with the other participants who have registered for the event. The list of participants will only contain personal data such as name, email address, organisation and job title.
If you do not want your personal data to appear on the list of participants, please contact us.

As a general rule, we do not transfer or transmit personal data to countries outside the EU/EEA. In the event of a transfer or a disclosure to countries outside the EU/EEA, this will be done on the basis of the European Commission’s standard data protection clauses, also known as EU standard contracts.

Where your personal data originates from
Your personal data originates either from you or your workplace.

There are a number of independent actors at the airport, including airlines, ground handlers, and other service providers. Each of these are an independent data controller, and Sønderborg Airport is not responsible for any processing of personal data by these independent operators. We recommend that you familiarise yourself with the processing of personal data by the various operators by contacting them.

Your right to be informed
You have the right to insight into what personal data we have recorded about you.

The right to rectification of data
You have the right to request that your personal data be corrected if it is inaccurate, including the right to complete incomplete information.

The right to erasure of data
In certain cases, you have the right to have personal data that we process about you erased.

If you ask us to delete personal data relating to, for example, an ongoing job application, you should know that we will not be able to process the application. The same applies if you withdraw your consent.

Right to restrict processing of data
You have the right to request that we restrict the processing of your personal data. Sønderborg Airport does not automatically process personal data in connection with the processing of applications (profiling).

The right to object to our processing of data
You have the right to object to our processing of your personal data based on our legitimate interests. We will not continue to use your personal data unless we can demonstrate a legitimate reason for their use that overrides your interests and rights and/or is based on legal requirements.

You also have the right to object to our processing of your personal data carried out on the basis of the balancing of interests rule.

The right to data portability
You can also contact us if you want to know about your data portability options.

The right to withdraw your consent
If you have consented to data processing, you can withdraw your consent at any time by contacting Sønderborg Airport.

If you choose to withdraw your consent, this does not affect the legality of our processing of your personal data based on your previous informed consent and up to the date that consent is withdrawn. Therefore, if you withdraw your consent, it will only take effect from that point onward.

If you wish to complain about our processing of personal data, please contact us at post@sonderborg-lufthavn.dk. You also have the right to complain to the Danish Data Protection Agency regarding your rights and our processing of personal data about you. For more information on how to complain to the Data Protection Agency, please visit the agency’s website at https://datatilsynet.dk/generelt-om-databeskyttelse/klage-til-datatilsynet.

We take good care of your personal data and we may therefore need to update this data protection policy.

This Privacy policy was last updated in February 2023.