Data protection and processing of data at IDA
(updated 25 March 2022)
IDA takes the protection of your personal data very seriously and we continuously seek to maintain a balance between the development of the association, the network capabilities of our members and the protection of each member's right to privacy. We hope you will spend some time getting to know our practices – and if you have any further questions, please feel free to contact our Data Protection Officer at dpo@ida.dk.
As a member of IDA and/or in the use of IDA's services, you entrust us with your information. This page is intended to help you understand what data we collect, why we collect it, and what we use it for and what rights you have. This is important information, so we hope you will take the time to read the content. Keep in mind that you can find settings for managing your information and adjust your preferences on https://mit.ida.dk.
When you are a member of IDA, you also enter into IDA's Law and Statutes, the fundamental rules for IDA, and which all members accept upon entering into membership.
When using our services, you should familiarize yourself with how we use this information and how you can make your own choices.
You can use our services in many different ways – you can be a member of the association, use our websites or apps, sign up for newsletters, attend our events, communicate with others in our forums or communicate with us electronically or by phone. When you share information with us, e.g. in connection with the above, we can make our services even better – by presenting you with more relevant information from IDA such as career advice, events, analyses, news and presenting you with more relevant offers from our partners.
GDPR for elected representatives
IDA has created guides for when you’ve been elected as a representative for IDA members, so you always know how to handle your colleagues' personal data. If you have any further questions, you are of course welcome to contact IDA.
- Guide for public trustees (in Danish)
- Guide for private trustees (in Danish)
Transparency and free choice
As human beings, we naturally have different views on how our personal data is used. Our goal in IDA is to be very clear about what information we collect, so you can make informed choices about how it can be used.
Therefore, on https://mit.ida.dk/en you have the opportunity to update your profile and in the long term we will keep adding more features enabling you to make additional adjustments on how your information may be used. We are constantly working to make https://mit.ida.dk/en more relevant and give you more control over your personal data.
You can also have your browser block all cookies, including cookies associated with our services, or specify when a cookie is stored by us. However, it is important to remember that many of our services may not work optimally if you disable cookies.
IDA primarily processes personal data on our own servers in a co-location data center in Denmark, but we also use Cloud services. For example, our employees use Exchange Online e-mail from Microsoft, where the datacenters are located in Ireland.
Regarding the General Data Protection Regulation
Under Articles 13 and 14 of the GDPR, we are required to provide you with a range of information when we receive information from you, as well as information about you from others.
The information we need to provide you is as follows:
- We are the controller - how do you contact us?
- Contact details of the Data Protection Officer
- The purposes and legal basis for the processing of your personal data
- Categories of personal data
- Recipients or categories of recipients
- Transfer to recipients in third countries, including international organisations
- Where your personal data comes from
- Storing your personal data
- Automatic decisions, including profiling
- The right to withdraw consent
- Your rights
- Lodge a complaint with the Danish Data Protection Authority
We are the data controller – how can you contact us?
IDA is the data controller for the processing of the personal data that we have received about you.
The Danish Society of Engineers, IDA
Kalvebod Brygge 31-33
1780 Copenhagen V
CVR-nummer 21465216
Tel: 33 18 48 48
Write to us: https://english.ida.dk/contact-ida
The contact details of the data protection officer
If you have any questions about our processing of your information, you are always welcome to contact our Data Protection Officer by email at dpo@ida.dk
Purposes, legal basis and legitimate interests in the processing of your personal data
We process your personal data for the following:
- To communicate with you, e.g. service statements regarding your participation in our courses and events.
- Legal grounds: GDPR Art.6(1)(f) "legitimate interest"
- Legal grounds: GDPR Art.6(1)(f) "legitimate interest"
- In order for you to use our services, including apps, receive our newsletters, our courses, participate in our more than 3,000 annual events, participate in our approximately 40 technical networks and more.
- Legal grounds: GDPR Art.6(1)(b) "necessary for the performance of contract"
- Legal grounds: GDPR Art.6(1)(b) "necessary for the performance of contract"
- To improve our services, including by collecting pseudonymous or anonymous information about which browser and device type you use, which pages are most popular and other statistical information.
- Legal grounds: GDPR Art.6(1)(f) "legitimate interest"
- Legal grounds: GDPR Art.6(1)(f) "legitimate interest"
- For those of our services that support GPS, we process this information locally on your device if you wish.
- Legal grounds: GDPR Art.6(1)(a) "consent"
- Legal grounds: GDPR Art.6(1)(a) "consent"
- In order to provide you with the desired service and better services. From matching which IDA events are most relevant to you, based on your profile selections, to more complicated things, e.g. whether you as a member might benefit from our career advice, which offers you find most relevant, and what actions might be most relevant to our members in specific industries and sectors.
- Legal grounds: GDPR Art.6(1)(f) "legitimate interest"
- Legal grounds: GDPR Art.6(1)(f) "legitimate interest"
- As a participant in our events or courses, we process your information to facilitate the event you sign up for, including passing on necessary information to the organizer of the specific event. For many events, lists of participants are also made available to facilitate networking between participants, this is specifically stated for each individual events.
- Legal grounds: GDPR Art.6(1)(f) "legitimate interest"
- Legal grounds: GDPR Art.6(1)(f) "legitimate interest"
- As a member, you also have the option to appear on and access our membership register with name, education and employment information, so that you can search among the other members who have also given their consent.
- Legal grounds: GDPR Art.9(2)(a) "explicit consent"
- Legal grounds: GDPR Art.9(2)(a) "explicit consent"
- As a member, we process information about you in order to provide all the services you as a member are entitled to, including career advice, legal advice and help, preparation of salary statistics that can help you in relation to salary negotiation, member discounts through our benefit programs, deliver the newsletter Ingeniøren to you and make sure that you can get some of Denmark's best and most competitive insurances in IDA Insurance. Read more at https://ida.dk/bliv-medlem/medlemsfordele/
- Legal grounds: GDPR Art.6(1)(b) "necessary for the performance of contract" and GDPR Art.6(1)(f) "legitimate interest"
- Legal grounds: GDPR Art.6(1)(b) "necessary for the performance of contract" and GDPR Art.6(1)(f) "legitimate interest"
- As a member, we collect information from the The Central Person Register (CPR) if we have your consent to process your National Identification Number as a unique identifier in order to update your new address, name, death and other changes in CPR.
- Legal grounds: GDPR Art.6(1)(a) "consent" and GDPR Art.6(1)(c) "legal obligation" cf. GDPR Article 5(1)(d) "be correct and, if necessary, up-to-date"
- Legal grounds: GDPR Art.6(1)(a) "consent" and GDPR Art.6(1)(c) "legal obligation" cf. GDPR Article 5(1)(d) "be correct and, if necessary, up-to-date"
- As a member, we pass on information about your membership fee to the Danish Tax Agency in order for you to receive tax deductions for this.
- Legal grounds: GDPR Art.6(1)(f) "legitimate interest"
- Legal grounds: GDPR Art.6(1)(f) "legitimate interest"
- To conduct administrative processes such as invoicing for what you buy from us and keep documentation of it as required by law.
- Legal grounds: GDPR Art.6(1)(f) "legitimate interest" and GDPR Art.6(1)(c) "legal obligation", cf. Section 10 of the Bookkeeping Act.
- Legal grounds: GDPR Art.6(1)(f) "legitimate interest" and GDPR Art.6(1)(c) "legal obligation", cf. Section 10 of the Bookkeeping Act.
- To ensure our information security systems.
- Legal grounds: GDPR Art.6(1)(c) "legal obligation", cf. GDPR Art. 5(1)(f) and GDPR Art. 32.
Categories of personal data
We process the following categories of personal data about you:
- General personal data:
- Contact details
- Job position and place of employment
- Interests
- Device and session information (e.g. IP address, session time, cookies, browser type, date and time)
- Special categories of personal data:
- Your membership of IDA (trade union affiliation)
- Health information in relation to any cases you receive our legal assistance with.
Recipients or categories of recipients
We disclose or entrust your personal data to the following recipients:
- To partners as necessary to provide the services you have ordered, e.g. so that you as a member can receive the member's magazine Ingeniøren.
- To IDA Insurance if necessary on the basis of your explicit consent, if you wish to take out insurance in IDA Insurance.
- To other participants in social events via the participant list, to the extent that it appears in the privacy policy for the event.
- For legal reasons we disclose personal data if we believe in good faith that it is necessary to:
- Comply with applicable laws, regulations, legal proceedings or valid requests from public authorities.
- Enforce applicable terms of service, including investigating potential violations.
- Detect, prevent, or otherwise protect against fraud, security, or technical issues.
- Indemnify IDA, our members or the rights, property or safety of the public, as required or permitted by law.
Transfer to recipients in third countries, including international organisations
In some cases, we will transfer some of your personal data to recipients outside the EU and EEA.
These are:
- Google LLC, located in the US, for services that use Google integration.
- LinkedIn Corp., located in the United States, for services that use LinkedIn integration.
- Facebook, Inc., located in the United States, for services that use Facebook integration.
- Zoom Video Communications, Inc., based in the United States, for participation in webinars and events using Zoom.
The transfer basis shall be standard provisions on data protection in accordance with the GDPR Article 46(2)(c) to (d).
In connection with special situations, we may also need to transfer your personal data to recipients in third countries or international organisations. This can happen, for example, if you are posted to a third country and we must look after your interests in dialogue with your employer or union representative. In these cases, we will often obtain your consent in accordance with GDPR Article 49(1)(a), but based on a specific assessment, there may also be the use of other legal basis from GDPR Chapter V.
Where your personal data comes from
- You.
- The Central Person Register (CPR) if we have your consent to process your National Identification Number as unique identification.
- Your employer or elected representative, e.g. in connection with case management.
Storing your personal data
We store information about you and your membership of IDA, as long as you are a member and until six years after your membership has ended.
If you use our legal advice your case will be stored 10 years after the latest activity on your case.
Personal data in relation to our bookkeeping is stored for up to six years, cf. the Danish Bookkeeping Act.
Automatic decisions, including profiling
We use automatic decisions, including profiling to provide our members and users with the desired service and better services.
From matching which IDA events are most relevant to you, based on your expressions of interest, to more complicated things, such as whether you as a member might benefit from our career advice, which offers you find most relevant, and what actions might be most relevant to our members in specific industries and sectors.
The right to withdraw consent
You have the right to withdraw your consent at any time. You can do this by contacting us on the contact information listed above as well as at the bottom of any newsletter and on your profile page at https://mit.ida.dk/en.
If you choose to withdraw your consent, it does not affect the legality of our processing of your personal data on the basis of your previously announced consent and up to the time of withdrawal. Therefore, if you withdraw your consent, it will only take effect from that point on.
Your rights
Under the GDPR, you have a number of rights in relation to our processing of information about you.
If you wish to exercise your rights, please contact us.
Right to view information (right of access)
You have the right to access the information we process about you, as well as a number of additional information.
Right of correction
You have the right to have incorrect information about yourself corrected.
Right to be forgotten
In special cases, you have the right to have information about you deleted, prior to the time our general deletion occurs.
Right to restriction of
In some cases, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we may only process the data – other than storage – with your consent, or for the purpose of establishing, asserting or defending legal claims, or to protect a person or important public interest.
Right to object
In some cases, you have the right to object to our or lawful processing of your personal data. You may also object to the processing of your information for direct marketing.
Right to transmit information (data portability)
In some cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format, as well as to have that personal data transferred from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Authority’s guidance on the rights of data subjects, which you can find at https://www.datatilsynet.dk/english.
Complaint to the Danish Data Protection Authority
You have the right to lodge a complaint with the Danish Data Protection Authority if you are dissatisfied with the way we process your personal data. You can find the Danish Data Protection Agency's contact information at https://www.datatilsynet.dk/english.
You are also welcome to contact our Data Protection Officer directly at dpo@ida.dk if you are dissatisfied with our processing of your personal data or have any questions or suggestions for improvements to the processing in general.
Updated June 2023