Personal data - How we process your data
The Danish Immigration Service and SIRI process personal data in the exercise of our official authority. This site provides information about how we process personal data, which data we are permitted to use and what your rights are.
If you have been in contact with the Immigration Service or SIRI, we have processed your personal data. We may also have processed your personal data if it was necessary in order to exercise our authority.
We process the personal data that you provide in an application, for example if you apply for a residence permit. We also process the personal data of an individual who is sponsoring your application. We may also obtain data about you from other authorities, individuals or firms in order to process your application.
We can also process data about you if you have been in contact with us without having a case that is being processed.
We are permitted to process your personal data if you submit an application to the immigration authorities, such as an application for a residence permit. We are also permitted to process your personal data if doing so is necessary to determine whether you are in Denmark legally and work legally.
We are also permitted to process your data, when it happens as part of considerations about revocation or lapsing of residence permit.
We may only process data about your:
- ethnic origin,
- political, religious or philosophical beliefs,
- trade-union membership,
- genetic data or biometric data collected for the purpose of establishing your identity,
- health information, or
- information about your sex life or sexual orientation
if exercising our authority requires us to do so in order to establish, exercise or defend legal claims. These types of data are known as ‘sensitive personal data’.
The data that we gather and process are processed and stored by the immigration authorities’ computer systems.
We regularly share personal data with other relevant authorities, such as the police, municipal authorities, The State Administration, the Danish Security and Intelligence Service and the Danish Defence Intelligence Service, the public prosecutor, the Immigration Appeals Board, the Refugee Appeals Board, the Ministry of Immigration and Integration, the Danish Parliament, and the Foreign Ministry, in particular the embassies and consulates
Data are shared when it is necessary for us to exercise our official authority, including when we are legally obliged to share data.
In isolated cases we will share data with other public authorities, private-sector organisations and foreign organisations and authorities when it is necessary for us to exercise our official authority.
The EU’s General Data Protection Regulation (GDPR) and the Danish Data Protection Act (databeskyttelsesloven), which replaces the Danish Personal Data Act (persondataloven), take effect on 25 May 2018, and give you (‘the data subject’) certain rights.
Your rights are listed in Articles 12-23 of the GDPR and in section 22-23 of the Danish Data Protection Act.
This section provides a general overview of your rights. If you would like more complete information about your rights, you can read the regulation or the act, or contact our data-protection officer. For more information about how to contact the data-protection officer, please go to the section titled ‘Data-Protection Officer’.
You have the right to be informed that we are processing your personal data.
In order to allow you to exercise your rights, we are required to provide you with certain information, including:
- Why we are processing your personal data and the legal basis that allows us to do so
- The contact details of the data-protection officer
- Categories of recipients of the personal data
Our obligation to provide you with this information may be delayed, restricted or waived in order to safeguard the rights of others or for public-security reasons.
You have the right to access the personal data about you we are processing. This entails a general right to be told whether we are processing your personal data.
If we are processing your personal data, we are normally required to permit you to see your data, and to inform you about the following:
- Why we are processing your personal data and the legal basis that allows us to do so.
- The categories of personal data concerned, and, if possible, where the data were obtained from.
- The recipients or categories of recipients your personal data have been shared with or will be shared with.
- How long the data will be stored, and the criteria used to determine how long they will be stored.
- You right to lodge a complaint to request that your data is rectified or erased, or that processing is restricted.
We can turn down your request to access your data in order to safeguard the rights of others or for public-security reasons. We can also decide to delay or restrict your right to access and your right to object to data processing.
If your request to access your personal data is rejected, you have the right to request a written ruling. In most cases, we will be required to explain why your request was rejected. Sometimes we will not be able to confirm whether we are processing information about you.
You have the right to object to our processing of your personal data. This means that in certain cases you have the right to request that data be deleted or corrected, or that processing be restricted. Requests of this nature can be made to the Immigration Service or SIRI. A link to information about how to contact us is provided below.
If your request to have data corrected or deleted, or that processing be restricted is rejected, you have the right to request a written ruling. In most cases, we will be required to explain why your request was rejected.
You can lodge a complaint with the Data Protection Agency about our processing of your personal data. You can also request the Data Protection Agency to determine whether your personal data are being processed legally.
The Data Protection Agency is an independent state authority responsible for ensuring compliance with the GDPR and the Data Protection Act. The Data Protection Agency’s responsibilities include advising and informing other public authorities about processing personal data. The Data Protection Agency is responsible for investigating complaints about public authorities’ processing of personal data.
If you have questions about how we process your personal data, you can contact our data protection officer who has the following contact information:
Ministry of Immigration and Integration
1216 København K
Att: Databeskyttelsesrådgiver/Data protection officer
The data protection officer can provide you with further information about data protection regulations. The data protection officer can also inform you of your rights if we are processing your personal data, including whom to contact if you would like to exercise your rights.