Midttrafik’s Privacy Policy

It is important for Midttrafik to be able to protect your personal information. That’s why we want to be as transparent as possible about how information is processed, on what basis and what you can do as a citizen.

It is therefore our responsibility to inform you of your rights in connection with our processing of your personal information.

This privacy policy explains how you as the data subject have special rights in relation to the processing of your personal information. However, there are certain limitations to these rights, as in many cases Midttrafik processes information as part of the exercise of the official authority vested in it as a public body.

Who are we?

From 1 January 2007, the transport company Midttrafik has administered public transport in the Central Denmark Region.

The regional bus services are commissioned and paid for by the Central Denmark Region, while the 18 municipalities in the region commission and pay for the bus services within their municipal boundaries.

Midttrafik is the result of a merger of the former Århus Sporveje Trafikselskab, part of Viborg Amts Fælleskommunale Trafikselskab (VAFT), part of Vejle Amts Trafikselskab (VAT), the former counties of Ringkøbing and Aarhus and the municipalities in the two abolished counties.

As a result of the structural reform, the public transport network was organised into transport authorities.

Your rights

As a data subject registered at Midttrafik, you have a number of rights that we can help you to exercise. The rights include a:

Right of access: You have a right of access to the personal information that we process about you.
Right to rectification: You can contact us and have the personal information about you rectified.
Right of erasure: In some cases, you are entitled to have the personal information held about you by Midttrafik permanently erased.
Right to restriction of processing: You are entitled to restricted processing of your personal information, so that, for example, Midttrafik can only process it for a limited period of time.
Right to data portability: You are entitled to receive the personal information held about you in a structured, commonly used and machine-readable format. You are also entitled to have this personal information transferred from one Data Controller to another without hindrance. However, please be aware that this right does not apply to the processing of personal information that falls under the exercise of official authority vested in Midttrafik.
Right to object: In special situations, you are entitled to object to the otherwise lawful processing of your personal information.
Right to not be the subject of a decision that is based solely on automatic processing, including profiling: You are entitled not to be subject to a decision based solely on automatic processing that has legal repercussions or significantly affects you in a similar way. In addition, you are entitled to ensure that selected personal information about you is not subject to automatic processing – such as information about work, your financial situation, health, interests, conduct etc.

Contact Midttrafik’s Data Protection Officer (DPO)

To find out more about your rights or the application of these, you may contact the organisation’s Data Protection Officer (DPO) with the following information:

DPO Danmark ApS

Rosengården 4, st. th.

1174 København K

E-mail: dpo-midttrafik@dpo-danmark.dk

Tel.: +45 7734 4600

www.dpo-danmark.dk/dpo

When and how do we collect your information?

Information about citizens/customers is obtained as part of Midttrafik performance of its tasks as a transport company and municipal community. A range of information is therefore collected, such as when you use Midttrafik’s transport services.

What type of information about you is collected?

The information processed by Midttrafik is primarily your name, address, telephone number and in certain cases your CPR number. The list below shows which type of information is specifically processed when you use Midttrafik’s services.

In addition, information is collected when you use the Midttrafik website to find out how you find information.

What is the information used for?

The information collected is processed for the purpose of the exercise of the official authority vested in Midttrafik as the provider of transport services.

In addition, information is processed to enable Midttrafik to provide the best possible service as a transport company, including:

Cookies

Midttrafik uses cookies as necessary to make its website usable and to enable basic functions such as page navigation. The website would not function properly without them. Other cookies for marketing and statistics etc. are not standard but subject to your consent, which you can withdraw at any time.

When you as a citizen visit Midttrafik’s website, cookies are used for statistical purposes. They collect information about how you use the website.

What is the legal basis?

Midttrafik’s processing of ordinary personal information is generally authorised under under the provisions of Article 6(1)(c) of the General Data Protection Regulation, Article 6(1)(e) of the General Data Protection, as well as Article 5 of the General Data Protection. It states here that processing is lawful if the information is processed in order to comply with the legal obligations of the Data Controller, or as part of the exercise of official authority. The latter applies for by far the majority of the data processing performed by Midttrafik.

Midttrafik’s processing of customers’ CPR numbers is authorised under the provisions of Section 11(1) of the Danish Data Protection Act. Midttrafik’s processing of sensitive data about customers, for example whether they use aids which are related to a disability or other health information such as an illness is authorised under the provisions of Article 9(2)(f) and (g) of the General Data Protection Regulation, cf. Article 6(1)(c) and (e) of the General Data Protection Regulation.

For cookies, the legal basis will be Article 6 (1) (a) of the Data Protection Regulation, regarding consent.

Are there other recipients of this information?

Midttrafik will in some cases be required to transfer information to other public authorities. However, the transfer will be limited to being only the personal information that is processed as part of the exercise of public administration.

Security

When we receive your information at Midttrafik, we take the necessary measures to ensure that it is processed securely. We have implemented a number of technical and organisational safeguards that provide protection against accidental or illegal destruction as well as against loss or deterioration of information. In addition, measures have been taken to ensure that your information is not disclosed to any unauthorised person, misused or in any other way processes in violation of the data protection law.

Data Controller

Midttrafik is the Data Controller for the processing of your information. This applies to all personal information processed in connection with our role as a public authority and in connection with the transport company’s services, such as transportation and ticket purchases. If you wish to contact Midttrafik in connection with our role as Data Controller, you can do so using the contact details below:

Midttrafik
Søren Nymarks Vej 3
DK-8270 Højbjerg
Tel.: +45 87 40 82 00

Contact form

Complaints

If you wish to complain about Midttrafik’s processing of your personal information, we recommend that you send your complaint to us.
However, you also have the option of sending your complaint directly to the Data Protection Authority. You will find the contact details for the Data Protection Authority at www.datatilsynet.dk