Register processing of personal data in which AU is data processor

Here, you can register your processing of personal data to Aarhus University's record, where AU is data processor.

Guide

Here you can find a written guide on how to register the processing of personal data via the notification form.

Instructions

Here you can find a copy of the instructions you receive after registration.

1. Introduction

In order to have the processing of personal data registered in the AU record, you must provide us with information about you, the processing and the data controller.

Please note that:

• It is your responsibility to ensure that the information is correct and in accordance with the actual circumstances.

• In some cases, you will have to elaborate on the information you give us. This will be stated on the form.

• Your registration is only submitted once you have completed all parts of the registration form and clicked 'submit'. You will then receive a copy of the registration at the email address you provided on the form.

• The data processing will not be registered until you have been assigned a serial number and received a confirmation letter.

• The confirmation letter is only documentation that your processing has been included in the AU record. It is not an authorisation.

2. Contact Person

1. AU ID of contact person (AUXXXXXX)*

2. Name of contact person*

3. AU email address of contact person*

4. Faculty/unit*

5. Department/school/centre*

6. Internal file no./reference (e.g. local project number or Statistics Denmark project number)

3. Data controller

Here, provide information about the data controller on whose behalf Aarhus University is conducting the processing.

7. Contact person for the data controller*

8. Information about the data controller*

9. Contact information for the data controller

4. Processing

Provide information about how and for what purpose AU will process personal data for the data controller.

10. State a subject*

11. Explain what processing AU will perform on behalf of the data controller*

12. Enter the start date for the processing of personal data*

13. Enter when you expect to terminate the processing of personal data*

14. State what will happen to the personal data once you have stopped processing it*

Personal data will be returned to the data controller

Personal data will be erased

Personal data will be made anonymous

Personal data will be filed at the Danish National Archives

Personal data will be forwarded from the data controller to AU

6. Data processing agreement and sub-data processors

Data processing agreement

Provide information about the data processor agreement and whether you are using a sub-data processor.

16. Has a data processing agreement been set up?*

Yes (state the agreement number in question 16a or submit a copy in question 16b)

No, it is being prepared (the agreement must be submitted to fortegnelse@au.dk)

No, drafting has not yet begun, but will be initiated as soon as possible (the agreement must be submitted to fortegnelse@au.dk)

16a Enter the agreement number or go to 16b to submit a copy of the agreement.

16b. Submit a copy of the agreement

Sub-processors

Please state whether you will use a sub-data processor in connection with the delivery of the data processing service. For example, you may have to collect data on behalf of the data controller and, to do so, you may need to use a survey provider. The survey provider is your data processor and therefore a sub-data processor to the data controller.

17. Will you use a sub-data processor?*

Yes (fill in questions 17a-d)

No (go to tab 7)

17a. Information about the sub-data processor

17b. Has an agreement been entered into with the sub-data processor?

Yes (state the agreement number in question 17c or submit a copy in question 17d)

It is under preparation

No, drafting has not yet begun, but will be initiated as soon as possible.

17c. Enter the agreement number or go to 17d to submit a copy of the agreement.

17d. Submit a copy of the agreement

7. Transfer

State whether the data processing involves a transfer to a third country or an international organisation, i.e. a transfer of information to someone outside the EU/EEA or an international organisation. For example, if your sub-data processor is based in a third country.

18. Does the processing involve the transfer of personal data?*

Yes (elaborate in questions 18a and 18b)

No (proceed to tab 8)

18a. Who will the data be transferred to?

18b. State the basis on which the transfer is based

Adequacy decision

EU standard contractual clauses (SCC)

Explicit consent for the transfer

Transmission is necessary in order to ensure important public interests

Transfer is from a register that is intended to inform the public

8. Security of processing

The measures you should take to protect personal data depend on the type of data in question, the numbers involved, and who you process data about. Example:
• Technical measures, such as storing data on a secure server, encryption and pseudonymisation.
• Organisational measures, such as rights management and training.

19. What measures have you taken/are you planning to take to protect the personal data?*

I am not a robot*

Don't fill this field!