Privacy Policy for the Danish Institute of Arbitration
Company Reg. No. 13542937
1. Objective
The objective with this site is to document that the Danish Institute of Arbitration (DIA) meets the Privacy Policy requirements.
The DIA processes personal data in a limited extent and the DIA primarily uses industrial IT-solutions for the management.
The processing of personal data will be documented below as well as the technical and organisational safety measures established in connection with the processing.
The DIA wishes to ensure that the data subjects’ rights under the General Data Protection Regulation are met and that the DIA processes personal data only if there is consent of the data subject or a collection of the data is otherwise permitted by law etc.
2. Data Protection Advisor
The DIA’s processing of personal data is carried out as a support function for the core activities, which, according to the Statutes of the DIA is to promote arbitration and mediation in accordance with the Board-adopted rules by means of arbitral tribunals and mediators appointed by the DIA for each individual case, of which the processing of personal data constitutes a relatively limited amount.
In view of the risks associated with the processing, the sensitivity, and the amount of personal data processed, the DIA assesses it does not need a designated Data Protection Officer.
3. Personal Data Controller Contact Information
Steffen Pihlblad, Secretary General
The Danish Institute of Arbitration
Midtermolen 1, 5th floor
DK-2100 Copenhagen Ø
Direct phone number (+45) 7026 5013
Mobile (+45) 2163 6698
4. Procedures for Requests from Data Subjects
The Data Subjects’ most important rights under the General Data Protection Regulation are:
- The right to receive information about the processing of their personal information (obligation of disclosure).
- The right to access
- The right to rectification
- The right to erasure
- The right to object to the use of personal data for direct marketing.
- The right to object to automated individual decision-making, including profiling
- The right to data portability
Requests regarding the above-mentioned rights are handled manually upon requests to the Secretary General.
5. Overview of the Danish Institute of Arbitration’s Processing Activities
The DIA processes personal data in accordance with the guidelines below, the DIA’s various rules, the Danish accounting legislation and other relevant legislation.
It is noted that the DIA’s handling of any dispute to be settled by the DIA’s set of rules necessitates an agreement between the involved parties.
CASE MANGEMENT
The case management deals with the settlement of commercial disputes between commercial companies, but also natural persons. The case management is based on the DIA set of rules, its Statutes and the Danish Arbitration Act or another lex arbitri.
Categories of data subjects
- Arbitrators
- Experts
- Mediators
- Parties
- Representatives of the Parties (Counsel)
- Suppliers
- Clients
Categories of personal data
Sensitive personal data, including:
- Race
- Ethnic origin
- Political, religious or philosophical conviction
- Membership of a union
- Genetic data
- Biometric data for unambiguous identification
- Health information
- Sexual relationship or orientation
- Criminal sentences and crime offenses
General personal data, including:
- Social problems of a substantial character
- Other purely private matters
- Economy
- Tax
- Debt
- Sick leave
- Working conditions
- Family relations
- Private residential
- Car
- Exam papers
- Job application
- CV
- Date of employment
- Job position
- Working area
- Working phone
- Name
- Address
- Day of birth
- Identification Data
- Information on payment of fees of arbitration tribunals, experts, mediators and party representatives.
- Processing of information received from the involved actors in mediation and arbitration cases and any other cases.
The recipients of personal data, including parties in any third countries and international organizations
- SKAT, the Danish Customs and Tax Administration
- Banks
- The parties
- Representatives of the Parties (Counsel)
- Arbitrators
- Experts
- Mediators
- The National Courts
The DIA’s cases may include data from all over the world depending on the geographical origin of the parties and arbitrators.
Data processors
- IT Relation
- UNIK
- Danske Bank
Deadlines for erasure & storage
Information about parties, parties’ representatives, arbitrators and experts is stored for up to 20 years after the end of the proceedings. This is justified by the DIA’s sets of rules, including the rules of impartiality and independence, ding the specific rules for incompatibility and archiving.
Arbitral Awards are stored without time limits in physical form (on paper).
Technical and organisational security measures
Processing of personal data in connection with the case management is done in accordance with the Danish Institute of Arbitration’s different set of rules and with the statutory provisions on how long data is to be stored and when data is to be communicated to public authorities.
Personal data is collected in the DIA’s case-processing system. The storage of the data is done on intranet platform, which is access-protected and hosted by on external servers. Reference is made to the concluded data-agreements with the DIA’s it-suppliers.
Case documents with personal data is also stored in physical form for up to 10 years at the DIA’s premises.
PERSONNEL ADMINISTRATION
The DIA has a general staff administration.
Categories of data subjects
Data about the following categories of registered persons is processed:
- Employees
- Applicants
- Former employees
- Relatives
- Board members and members of the Council of Representatives
- Committee members
Categories of personal data
Data regarding applicants and employment relationship for the use of the DIA’s administration, including:
- Position and place of employment, salary, information relevant to salaries, staff papers, education and sick leave
- Membership of a union
- Health information
- Criminal offenses
The recipients of personal data
Public authorities, including:
- SKAT, the Danish Customs and Tax Administration
- VIRK.dk
- ATP Livslang Pension (Lifelong Pension)
- Banks
- Private pension funds
- Salary bureau – Danløn
- Insurance – Mølholm, Europæiske Rejseforsikring, RSG (Ryan Specialty Group)
Data processors
- IT Relation
- UNIK
- Danløn
- Mølholm
- Danske Bank
Deadlines for deletion & storage
Information about former employees shall be deleted within 6 years after the end of the accounting period for which the personnel matters have been completed.
Information about applicants shall be deleted within 1 year after completion of the processing of the application, if the application does not lead to a recruitment.
Technical and organisational security measures
Processing of personal data in connection with HR work is done by consent and in accordance with the law’s provisions on how long data is to be stored and when data is to be communicated to public authorities.
The personal data are stored in the DIA’s case management system ADVOSYS and the payment system. The data is stored on external servers via a intranet platform. Reference is made to the concluded data agreements with the DIA’s it-suppliers.
Physical material is stored in cabinets.
OTHER AREAS
The basis for processing
The Danish Institute of Arbitration performs marketing activities and offers courses, particularly concerning arbitration and mediation. In addition, the Danish Institute of Arbitration collects information for use for statistical purposes, which is published in an annual report.
Categories of data subjects
- Arbitrators
- Experts
- Mediators
- Suppliers
- Parties
- Party representative (Counsels)
- IT partners
- Suppliers
- Event Agencies
- arbitral institutions around the world
- Clients
Categories of personal data
- Identification Data
- Information regarding remuneration for courses / events
The recipients of personal data
- SKAT, the Danish Customs and Tax Administration
- Banks
- Organisations around the world
- Event Agencies
Data processors
- IT Relation
- UNIK
- Danske Bank
Erasure
Data is stored for up to 20 years.
Technical and organisational
Processing of personal data for the above purposes aredone in the DIA’s case management systemhosted on an intranet platform on an external server.. Reference is made to the concluded data-agreements with the DIA’s it-suppliers.
6. Risk assessment and notification to the Danish Data Protection Agency
As a starting point, any breach of personal data security will be notified to the Danish Data Protection Agency (“Datatilsynet”), unless the personal data breach is unlikely to result in a risk to the rights of the data subjects. persons.
A risk to a natural person’s rights includes among others: discrimination, identity theft or fraud, financial loss, damage to the repuration, loss of confidentiality of data subject to professional secrecy or any other significant economic or social disadvantage for the data subject.
The DIA conducts ongoing risk assessments of the processing of personal information, including an assessment of the factors confidentiality, integrity and availability.
Revision History
This present Privacy Policy has been prepared for approval by the Board of the Danish Institute of Arbitration and its Council of Representatives on 30 May 2018.