Personal Data and Privacy Policy

This privacy policy describes, how the Danish Maritime Authorities (DMA) collects and process personal data, in accordance with the handling of our public assignments.

We process personal data, which you yourself gives us, or which we receive or collect from others. These aspects of the processing will always be done in accordance with applicable regulations. The DMA is conscious about the respect for privacy and confidence, when we process your personal data. 

We are the data controller – how do you contact us?

DMA is the data controller for the personal data, which we process in regards to case handling or inquiries, and we are responsible for the processing of the data in accordance with applicable regulations, such as the GDPR. Our contact information are as follows:

The Danish Maritime Authority
Caspar Brands Plads 9
4220 Korsør
Denmark

CVR: 29831610

Mail: sfs@dma.dk
Phone: +45 72196000

Personal data are any kind of information, which either directly or indirectly can be linked to a specific person. For instance first- and last name, private address, e-mail address or personal identification number.

The DMA processes the information you give us in regards to case handling or an inquiry. In addition, we can obtain information from other authorities, companies, citizens or others, if the information is relevant and necessary for the handling of the case or an inquiry.

The DMA primarily processes your personal data for the purpose of carrying out official tasks that follow from legal obligations, cf. the General Data Protection Regulation (GDPR) article 6(1)(c) and (e) as well as article 9(2)(f) and (g).

When the DMA processes health information about you, it typically does so in accordance with the GDPR, article 9(2)(g).

The processing of your personal identification number is typically done for the purpose of unique identification, cf. the Danish Data Protection Act (DDP) section 11, paragraph 2.

When the DMA processes information about your criminal conditions, it typically does so in accordance with the DDP, section 8, paragraph 1 and paragraph 2, no. 3.

At the DMA, your personal data is primarily processed in the agency’s IT systems, such as the case processing system and in the joint government systems.

In some cases, your personal data can be processed through the use of artificial intelligence (AI) in the agency’s or the Ministry of Industry, Business and Financial Affairs’ own AI-tools. The last mentioned tool is operated by the department in the Ministry.

The mentioned tools are only an aid in our tasks and the DMA never makes automatic decisions when using AI-tools. The processing is carried out in accordance with the GDPR and other legislation, as well as in accordance with the guidelines for the use of the tools, prepared by the agency itself and the Ministry of Industry, Business and Financial Affairs.

Employees in the DMA can access your personal data to the extent necessary for the processing of a case or inquiry or in regards to the agency’s performance of tasks as a public authority – including control tasks.

Our employees are subject to a duty of confidentiality both during and after their employment, to ensure the confidentiality of your personal data. Furthermore, all employees who work with your personal data have completed a course in data protection and factual management.

The Agency of Governmental IT Services are data processor for the majority of the DMA’s processing of your personal data. Common for the Agency of Governmental IT Services and other data processors is, that they do not have access to your personal data, unless we give them instructions and thereby grant them access. These instructions however are only given, if it is necessary to carry out the agency’s tasks as a public authority.

For AI-tools, the department of the Ministry of Industry, Business and Financial Affairs, is the data processor, and they are subject to the same restrictions as the other data processors in our sphere of control.

Your personal data is stored for as long as necessary to fulfill the DMA’s obligations as a public authority, and to comply with applicable legislation, including the GDPR, article 5.

Storage is secure and confidential in IT systems with controlled and limited access, and is stored on servers in secure premises.

The DMA always aim to protect your confidentiality and to secure the data against unauthorized access, modification, disclosure or destruction.

The DMA is subject to the rules of the Danish Archives Act, regarding the storage and delivery of archives to the National Archives. The data will always be submitted to the National Archives in anonymized form.

We disclose your personal data, when it is necessary for the agency’s general performance of its duties, e.g. in connection with party hearings or the processing of your case or inquiry. We also disclose data if it is necessary in order to ensure, that other authorities can carry out their duties as a public authority, e.g. if a hospital needs your medical information in the event of an occupational injury.

The DMA is also obliged to disclose your personal data, if this is required by law. For instance in connection with a police investigation.

In connection with the processing of a request for access to documents, we may disclose your information in pursuit of the Danish Public Administration Act, the Public Access Act or the Environmental Information Act, unless the data can be exempted pursuant to the aforementioned acts.

In some specific cases, we may transfer your data to a third country, outside of the EU. This will always be done in accordance with the GDPR, chapter V. For instance, we may transfer your data, if a public authority in a third country is processing a case of personal injury or property damage incurred during work at sea, and apply for the data in order for them to process the matter.

The GDPR grants you certain rights. These rights are set out in article 13-18 and article 20-22 in the regulation.

The following section describes your rights in general. If you would like a more detailed description of your rights, you can either read the regulation yourself, read the guide on the rights of data subjects from the Danish Data Protection Authority or contact our Data Protection Officer at dpo@em.dk.

Notification that your personal data is processed by the DMA:

The DMA is obliged to provide you with a number of information, if we process personal data about you. The obligations apply, whether we receive the information from you or if we receive information about you from others, as described in section 2 of this privacy policy.

For further details, see articles 13 and 14 of the regulation.

The right to access the personal data processed about you:

You have the right to obtain and access the data the DMA processes about you, and also to receive a number of information about why and how we process your information.

However, we may refuse to comply with such a request, if you would obtain information through this access, which infringes the rights and freedom of others.

There is also a limitation to the right to access, if we receive personal data in connection with processing that is exclusively for statistical or scientific use. In these cases, article 15 of the regulation on the right to access, does not apply, cf. section 22, subsection 5 of the GDPR.

For further details, see article 15 of the regulation.

The right to rectification of the information we process about you:

You have the right to have incorrect information about you corrected, or to have additional information added about you if the information held by the DMA is incomplete. This may, for example, be supplementary statements, which clarifies the already possessed data.

Here too, there are limitations to the right to rectification, if the information is received in connection with processing that is exclusively for statistical or scientific purposes, cf. section 22, subsection 5 of the GDPR.

For further details, see article 16 of the regulation.

The right to erasure:

As a general rule, the DMA does not have the possibility to erase any of your personal data, as we, as a public authority, are subject to journaling and archiving obligations in accordance with the Public Administration Act, the Public Access Act and the Archives Act, as mentioned earlier in this privacy policy.

However, your personal data will only be stored for the period of time necessary to fulfill the purpose of the processing, cf. article 5(b) and (c) in the GDPR.

In very special cases, you may have the right to have your personal data erased, but an inquiry for this matter will always be subject to an individual assessment by the DMA.

For further details, see article 17 in the regulation.

The right to restrict the processing of your personal data:

In some cases, you are entitled to restrict the processing of your personal data, for example while it is being determined whether the collected data is correct or necessary for the establishment for a legal claim. In both cases, the DMA will make an individual assessment.

If it is assessed that you have the right to restrict processing, we may only process the personal data – with the exception of storage – with your consent, or to protect a person or important public interests, e.g. storage for archiving purposes.

For further details, see article 18 of the regulation.

For the DMA, the highest priority is to protect citizens and businesses, and the agency itself, against unau-thorized access, modifica-tion, disclosure or destruc-tion of their information. We are extremely aware of se-curing your personal data and the necessity of a high level of information security.

To ensure this, the agency’s employees and IT systems are updated with technical resources, e.g. hardware and IT, as well as training of our employees.

You have the right to complain about or processing of your personal data. The complaint can be submitted to the Danish Data Protection Agency and to the courts of law, if you believe that the processing is in breach of the Data Protection Regulation and Act.

The Danish Data Protection Agency’s contact information can be found on their website

The Ministry of Industry, Business and Financial Affairs has appointed a Data Protection Officer (DPO), who is also the DPO for the DMA.

The DPO’s tasks include informing and advising the board and its employees, who process personal data, on the obligations set out in the GDPR. At the same time, the DPO monitors and ensures the DMA’s compliance with the GDPR and the DDP.

The DPO can provide you with more information about the rules for data protection and guide you on your rights in connection with the processing of personal data at the DMA.

The DPO can be contacted at the e-mail address dpo@em.dk. Please note, that if you wish to send by digital mail, it must be send to the Ministry’s main mailbox at em@em.dk, after which your message will be forwarded to dpo@em.dk in a secured system.

The DMA’s use of cookies on our website and in our “SejlSikkert”-app / “SailSafe”-app is described in more detail in our cookie policy.

The DMA’s use of cookies in regards to our “My Maritime”-app is described in our guide for the application My Maritime - App for søfarende | sfs.dk.

All data in regards to the use of the application is stored on a secure system, of which the DMA is in full control.

The DMA has, in collaboration with others, developed apps for use in sailing. These are “SejlSikkert” and “SejlSikkert Alarm”. When using these apps, location data, among other data, is used and stored in accordance with the before mentioned.

You can read more about the scope of the data, that we process when using these apps in our privacy policy for these apps SejlSikkert Alarm | sfs.dk

Contact

Danish Maritime Authority