When, as a webmaster, you publish personal data about others on a website, you are considered as the data controller. This means that you are responsible for assessing whether the information should be publicly available on a website.
It may help to familiarise yourself with how data is classified at AU, so that you know what data you need to be especially careful with. Information about the different types of data.
You are generally allowed to display contact information for AU employees (also researchers), for example, but you must ALWAYS have consent to publish contact information about students. Read more about consent.
However, whether you can publish personal data on a website will always depend on a specific assessment of the data and the purpose for displaying the data. For example, a valid purpose is to give easy access to contact employees by displaying their name, email and telephone number.
Note, however, that an employee may subsequently ask you to delete their personal data. If you upload data about an employee manually, for example without using PURE, you must always keep track of exactly where you have uploaded the personal data.
Therefore, always ask yourself:
Both the assessment of a valid purpose and/or valid consent will always be based on a individual assessment that you must make as the data controller.
The website may not contain lists of conference participants, workshop participants etc, if you have not obtained the individual participant’s consent to publish personal data such as name. You need to look through all the websites you are responsible for - both old/archieved and new sites, and remove lists of participants if you do not have consent from the participants.
If the list of participants is going to be published on the website to serve a specific purpose, when you create the event registration form, you must remember to ask for the participants’ consent to let their names appear on the list. Remember to write specifically how long the list will be available on the website.
It is important to know what kind of files you are uploading/have uploaded on your website. Start by assessing the type of data in the file. Read more about classification of data. The file may contain data that should not be made public because this would be in contravention of the law or go against AU’s interests.
Common to all files containing personal data is that they must be deleted from the website when publication of the file is no longer required in relation to the specific purpose. Therefore, you should consider how long minutes of meetings, for example, should be available. In this connection, you should also be aware that older files may contain information about former employees, and that such files require consent.
When deleting files, remember to delete the link to the file as well as the uploaded file. A guide is available here (only in Danish). Please note that several sites may contain links to the same file.
Collecting personal data of employees and external persons (incl. students)
If you collect personal data using a Powermail form on the website, you must do the following:
Additionally, if you are collecting personal data of external persons (incl. students)
If you are collecting personal data of external persons (incl. students) via powermail forms, you must also collect a consent.
When you create a list of persons, the list must serve a specific purpose, for example to provide easy access to employees’ contact information.
If the list is an extract from PURE, it does not require additional consent to have the list on the website.
However, consent must be obtained before you can publish other types of lists with personal data, e.g. list of students and others who are not employed at AU, on the website.
YouTube channel owners control the rights to the content displayed on the site. We encourage you to reach out to them directly if you find a video that you'd like to display and/or reference. When displaying a YouTube video in a broadcast or webcast, please provide both an in-screen and verbal attribution by showing the username or real name of the applicable content owner.
Clicking on a YouTube username will take you to the main page of the user's channel. From there, you can use YouTube's on-site messaging system to contact the channel owner, as long as you are logged in to your own Google account. Simply click on the 'About' tab, then select 'Send Message' and fill out the electronic form.