Data protection and processing of personal data at IDA


Welcome to IDA, the Danish Society of Engineers Data protection and processing of personal data at IDA - (updated March 8 2019)

Read more about how IDA processes your personal data to improve the Society and provide better services for visitors and members.
IDA takes protection of your personal data very seriously, and we continuously try to maintain a balance between developing the Society, improving members' networking opportunities, and protecting the individual's right to privacy. We hope that you will spend some time on getting to know our work, and if you have any questions, you are welcome to contact our data protection officer at dpo@ida.dk.

As a member of IDA and/or when using IDA services, you entrust your data with us. This page will help you understand what data we collect, why we collect it, what we use it for and what rights you have. This information is important, so we hope that you will take the time to read it. Remember that you can find settings for administration of your data and adjust your preferences on https://mit.ida.dk.

As a member of IDA, you are subject to the Law and Statutes of the Danish Society of Engineers, IDA, on the basis of which IDA acts, and which all members accept when becoming a member of IDA. See them here: https: //ida.dk/om-ida/organisation/idas-politiske-opbygning/idas-love-og-vedtaegter/

When using our services, you should know how we use data, and how you yourself can help decide how we use it. 

You can use our services in many different ways: you can be a member of the Society, use our website or apps, sign up for newsletters, participate in our events, communicate with others in our forums or communicate with us electronically or via the phone. When you share data with us, for example in connection with the above, we can make our services even better by presenting you with more relevant information from IDA such as career counselling, events, analyses and news, and we can introduce you to more relevant offers from our partners.

Transparency and free choice

As people, we all have different opinions on how our personal data should be used. Our goal at IDA is to be absolutely clear about what data we collect, so you can make an informed decision on how your data can be used.

On https://mit.ida.dk, you can update your profile and we have plans for a function that allows you to adjust your settings for how your data can be used. We are constantly striving to make https://mit.ida.dk more relevant and to give you control of your personal data.

You can also make your browser block all cookies, also cookies linked to our services, or indicate when a cookie has been saved by us. However, it is important to remember that many of our services may not work optimally if you deactivate cookies.

IDA primarily processes personal data on our own servers in a co-location data centre in Denmark, but we also use cloud services. For instance, our employees use Microsoft Exchange Online email, where data centres are located in Ireland.

About the General Data Protection Regulation

According to Articles 13 and 14 of the General Data Protection Regulation, we must provide certain information when receiving data from you as well as data about you from third parties. The information we must provide for you:

1. We are the data controller – how can you contact us?
2. The contact details of the data protection officer
3. The purposes and legal basis for the processing your personal data
4. The categories of personal data
5. The recipients or categories of recipients
6. Transfer to recipients in third countries, including international organisations
7. Where your personal data comes from
8. Storage of your personal data
9. Automated decision-making, including profiling
10. The right to withdraw consent
11. Your rights
12. Complaints to the Danish Data Protection Agency

We are the data controller – how can you contact us?

IDA is the data controller for processing the personal data that we have received about you. 
The Danish Society of Engineers, IDA
Kalvebod Brygge 31-33
1780 Copenhagen V, Denmark
CVR number (business registration number): 21465216
Tel.: +45 33 18 48 48
Write us on: https://english.ida.dk/contact-ida

The contact details of the data protection officer 

If you have any questions as to how we process your data, you are welcome to contact our data protection officer via email at dpo@ida.dk

The purposes, legal basis and legitimate interests for processing your personal data

We process your personal data for the following:

  •  To communicate with you, for example in connection with service announcements about your participation in our courses and events.
    • Authority: Article 6(1)(f) of the GPDR regarding "legitimate interest"

  • To be able to use our services, including apps, receive newsletters, attend courses, participate in our more than 3,000 annual events, participate in our almost 40 specialist networks and much more.
    •  Authority: Article 6(1)(b) of the GDPR regarding "necessary for the performance of a contract"

  • To improve our services, among other things through collection of pseudonymous or anonymous data on the browser and type of device you are using, the most popular pages and other statistical data.
    • Authority: Article 6(1)(f) of the GPDR regarding "legitimate interest"

  • For those of our services that support GPS, we process this data locally on your device if you allow it.
    • Authority: Article 6(1)(a) of the GPDR regarding "consent"

  • To be able to provide you with the service requested and better services. This includes matching the most relevant IDA events for you on the basis of your interests, and more complicated things such as whether you would benefit from our career counselling, the offers you find most relevant, and the most relevant measures for our members within specific industries and sectors.
    • Authority: Article 6(1)(f) of the GPDR regarding "legitimate interest"

  • As a participant in our events or on our courses, we process your data to register your participation, including to disclose necessary information to the organiser of the specific event. For many events, we also draw up a list of participants to facilitate networking between the participants, this is stated specifically for the individual events.
    • Authority: Article 6(1)(f) of the GPDR regarding "legitimate interest"

  • As a member, you can also choose to be visible in, and have access to, our member register with name, education and employment data, so that you can search for other members who have also given their consent.
    • Authority: Article 9(2)(a) of the GDPR regarding "explicit consent"

  • As a member, we process your data to be able to provide all the services to which you are entitled, including career counselling, legal counselling and assistance, preparation of salary statistics to help you in salary negotiations, membership discounts through our benefits programme, the Ingeniøren newsletter and some of Denmark's best and most competitive insurance schemes through IDA Insurance. For more information, go to https://ida.dk/bliv-medlem/medlemsfordele/
    • Authority: Article 6(1)(b) of the GDPR regarding "necessary for the performance of a contract" and Article 6(1)(f) of the GDPR regarding "legitimate interest"

  • As a member, we collect data from the Danish national register (the Central Office of Civil Registration (the CPR Office)) if we have your consent to process your civil registration number as a unique identification to ensure that your data is up-to-date regarding address, name, death and changes to your civil registration number.
    • Authority: Article 6(1)(a) of the GDPR regarding "consent" and Article 6(1)(c) of the GDPR regarding "legal obligation", see Article 5(1)(d) regarding "correct and kept up to date"

  • As a member, we disclose data about your membership fee to the Danish Tax Agency for the purpose of your tax allowance.
    • Authority: Article 6(1)(f) of the GPDR regarding "legitimate interest"

  • To carry out administrative processes such as invoicing your purchases with us and storing documentation for your purchases as required by law.
    • Authority: Article 6(1)(f) of the GPDR regarding "legitimate interest" and Article 6(1)(c) of the GDPR regarding "legal obligation", see section 10 of the Bookkeeping Act.T

  • To secure our information security systems.
    o Authority: Article 6(1)(c) of the GDPR regarding "legal obligation", see Article 5(1)(f) and Article 32 of the GDPR.


The categories of personal data

We process the following categories of personal data on you:

General personal data:

  • Contact details
  • Title and place of employment
  • Interests
  • Device and session data (for example, IP address, session ID, cookies, browser type, date and time)

Specific personal data:

  • Your IDA membership (trade union affiliation)
  • Data concerning health in connection with any cases in which you receive our legal assistance.

The recipients or categories of recipients

We disclose or transmit your personal data to the following recipients:

To partners as necessary in order to provide the services you have ordered, for example so you can receive our trade magazine Ingeniøren.

  • To IDA Insurance as necessary on the basis of your explicit consent if you want to take out insurance through IDA Insurance.
  •  To other participants in social events via the list of participants to the extent that this is stated in the enrolment form for the event.
  •  For legal reasons

We disclose personal data if, in good faith, we believe that this is necessary in order to:

  • Comply with relevant laws, provisions, legal proceedings or valid requests from public authorities.
  • Enforce current service conditions, including investigation of potential violations.
  • Register, prevent, or in any other ways guard against problems concerning fraud or security, or technical problems.
  • Indemnify IDA, our members or the public's rights, property or safety as required by or permitted by legislation.

Transfer data to recipients in third countries, including international organisations

In some cases, we will transfer some of your personal data to recipients outside the EU and the EEA.
These are:

  • Google LLC, which is located in the US, for the services that use Google integration.
  • LinkedIn Corp, which is located in the US, for the services that use LinkedIn integration.
  •  Facebook Inc., which is located in the US, for the services that use Facebook integration.

Note that the European Commission has made a decision regarding the adequate level of data protection, as companies are subject to the Privacy Shield framework. For more information: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

Where your personal data comes from

  • You.
  •  The Danish national register (the Central Office of Civil Registration (the CPR Office)), if we have your consent to process your civil registration number as a unique identification.
    Storage of your personal data

We are currently not able to say how long we will store your personal data. However, we can inform you that we will consider whether you are a member, a non-member or a previous member as well as whether it is still necessary to store your personal data for processing purposes when determining how long your data will be stored.

For example, if you are no longer a member, our system will automatically anonymise/erase your data five years after the last activity, provided there has been no other contact requiring continued storage of your personal data.

Automated decision-making, including profiling

We use automated decision-making, including profiling, to provide our members and users with the service requested and better services. This includes matching the most relevant IDA events for you on the basis of your interests, and more complicated things such as whether you would benefit from our career counselling, the offers you find most relevant, and the most relevant measures for our members within specific industries and sectors.


The right to withdraw consent

You have the right to withdraw your consent at any time. You can do this by contacting us using the contact details above and at the bottom of every newsletter and on your profile page on https://mit.ida.dk. 

Withdrawing your consent will not affect the lawfulness of our processing of your data based on your previous consent and up to the time of withdrawal. Withdrawing your consent will therefore only take effect from this date.

Your rights

According to the General Data Protection Regulation, you have a number of rights regarding our processing of your personal data: 

Please contact us to exercise your rights. 

Right to access data (right of access)
You have the right to access your data that we process, as well as a number of additional data.

Right to rectification (correction)
You have the right to have inaccurate data concerning you rectified. 

Right to erasure
In exceptional circumstances, you have the right to have your personal data erased before the time of our general erasure process. 

Right to restriction of processing
In some cases, you have the right to have our processing of your personal data restricted. If you are entitled to restriction of processing, we may – with the exception of storage – only process your data with your consent, or to establish, exercise or defend legal claims or to protect the rights of another person or for reasons of important public interest. 

Right to object
In some cases, you have the right to object to our processing or lawful processing of your personal data. You can also object to processing of your personal data for direct marketing purposes. 

Right to transmit data (data portability)
In some cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format, and you have the right to transmit those data from one data controller to another without hindrance.

You can read more about your rights in the Danish Data Protection Agency guidelines on the data subject's rights on www.datatilsynet.dk. 

You have the right to lodge a complaint with the Danish Data Protection Agency if you are not satisfied with the way in which we process your personal data. You can find the contact details of the Danish Data Protection Agency on www.datatilsynet.dk.

You are also welcome to contact our data protection officer directly on dpo@ida.dk if you are not satisfied with how we process your personal data or you have questions or suggestions to improve our processing.