Pursuant to section 11 of Act no. 580 of 1 June 2014 on the commercial activities of research institutions and collaboration with the Foundation, AU makes secretariat assistance available to the Foundation. AU is responsible for maintaining and updating registers of board members, convening and holding meetings, as well as the administration of scholarship applications and grants. AU’s ESDH system is used to store personal data that is necessary to provide administrative support for the Foundation. Read more about processing of personal data at AU here.

The Foundation is responsible for its own processing of personal data, and AU is the data controller for the processing of personal data AU performs as part of its administrative support. Both parties disclose personal data about scholarship applicants, scholarship recipients and members of the board to the other party in connection with meeting the objects of the Foundation.

The Foundation collects your personal data when you or others contact the Foundation and submit your personal data in connection with applications and/or nominations for scholarships and/or Foundation funding. Please note that collection of certain personal data is required in order for you to apply for scholarships or grants from the Foundation. If you choose not to submit the compulsory personal data, you may not be able to apply for the desired scholarship and/or Foundation funding. If you submit personal data about people other than yourself (e.g. in connection with nomination for grants in the form of an award), please first obtain the consent of the person in question before submitting the information to the Foundation.

The Foundation collects and uses the personal data for the following purposes:

• Processing applications and possible distribution of funding
• Follow-up on grants of funding for statistical purposes and impact measurement

The type of personal data collected by the Foundation is ordinary personal data, including name, email address, telephone number, student registration number and place of study, account number and confidential information in the form of civil. reg. no.

The legal basis for collection and use of your personal data by the Foundation is EU Regulation No. 2016/679 on the protection of natural persons with regard to the processing of personal data (abbreviated here: 'GDPR').

• Article 6.1(b) of the GDPR, according to which application for a scholarship/funding is deemed necessary prior to entering into a contract for the distribution of a scholarship and/or funding 
• Article 6.1(c) of the GDPR, according to which we may have a legal obligation to process personal data in connection with reporting to public authorities such as the Danish Customs and Tax Administration.
• Article 6.1(f) of the GDPR, according to which the processing of your personal data may be necessary for the purposes of the legitimate interests pursued by the Foundation. 

In connection with meeting the above purposes, your personal data may be disclosed to external parties with whom we enter into an agreement on the administration of the Foundation, or if this is required in accordance with relevant legislation. If distributions from the Foundation are in the form of an award, AU may publish identifying data about you (not CPR number) on its websites or on social media. The Foundation will not sell your data to any third parties.

The Foundation collects personal data in connection with your duties as a member of the board of the Foundation in accordance with this policy.

The Foundation collects and processes only the personal data about you that is deemed to be necessary for the administration of your affiliation with the Foundation on the basis of your agreement on the board position, or which we are obligated to process pursuant to relevant legislation.

The Foundation collects and uses the personal data for the following purposes:

• Planning and administration of board work and meetings
• To meet legal and statutory obligations
• Other business purposes 

In connection with your affiliation with the Foundation, the following types of information may be registered about you: ordinary personal data, including name, address/address of work, telephone numbers, email address/email address at work, age, gender, picture, title, position, etc., as well as confidential personal data in the form of your civil. reg. no.

The legal basis for collection and use of your personal data by the Foundation is EU Regulation No. 2016/679 on the protection of natural persons with regard to the processing of personal data (abbreviated 'GDPR').

• Article 6.1(b) of the GDPR, according to which an application and/or appointment to the board is a contractual issue, 
• Article 6.1(c) of the GDPR, according to which we may have a legal obligation to process personal data in connection with reporting to public authorities such as the Danish Business Authority.
• Article 6.1(f) of the GDPT, according to which the processing of your personal data may be necessary for the purposes of the legitimate interests pursued by the Foundation. 

In connection with meeting the above purposes, your personal data may be disclosed to external parties with whom the Foundation enters into an agreement on the administration of the Foundation, or if this is required in accordance with relevant legislation. The Foundation will not sell your data to any third parties.

The Foundation will only store your data for as long as we are required to store your personal data to comply with legal requirements, including the Danish Bookkeeping Act (bogføringsloven) and the Danish Archives Act (arkivloven).

You have the following rights when we process your personal data:

• §  Right of access - you have the right to see your personal that is processed by the Foundation and to receive various information concerning the processing.
• §  Right to rectification - you have the right to have inaccurate/incorrect personal data about you corrected.
• §  Right to erasure or the “right to be forgotten”.
• §  Right to restriction of processing.
• §  Right to data portability - in some cases, you have the right to receive your personal data and to request that the personal data be transferred from one data controller to another.
• §  Right of objection - you have the right to object to the otherwise lawful processing of your personal data.
• §  Right not to be subject to an automatic decision based solely on automated processing, including profiling.

If you wish to exercise some of your rights or complain about the processing of your personal data, you are welcome to contact the Foundation at graduateschoolhealth@au.dk or AU's Data Protection Officer at dpo@au.dk. You can also submit a complaint to the Danish Data Protection Agency, Carl jacobsens Vej 35, 2500 Valby, email: dt@datatilsynet.dk, website: www.datatilsynet.dk.