Privacy policy

External privacy policy for Østsjællands Museer (from March 10, 2025)

Østsjællands Museer is the data controller for the processing of the personal data that we receive about you via the website. You will find our contact details below:

Østsjællands Museer
Rådhusvej 2
CVR no.: 46 15 12 16
Phone: (+45) 56 50 28 06 (phone hours 9-12)
E-mail address: museum@oesm.dk

This website uses cookies
Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary to ensure the provision of the service you have explicitly requested to use. For all other types of cookies, we must obtain your consent. Consent is obtained via Cookiebot, which pops up as a window the first time a user visits Østsjællands Museer's website. In Cookiebot, you can see which cookies are used and for what, and you can access the cookie policies of our partners. It is possible via this window to choose the level of data that may be collected.

You can change or withdraw your consent from the Cookie Declaration on our website at any time.

What we use cookies for (if you have consented)
We use cookies to personalize our content and ads, to show you social media features and to analyze our website traffic. We also share information about your use of our website with our social media partners, advertising partners and analytics partners.

We only disclose email addresses to the newsletter system for specific newsletter subscriptions.

First-party cookies on Østsjællands Museer's website collect information about IP addresses and user behavior, while third-party cookies set by the partners (shown by Cookiebot) collect similar information and compare it with information about demographics and gender.

Our partners may combine this data with other information you have provided to them or that they have collected from your use of their services, such as Google.

Legal basis for the use of cookies
Østsjællands Museer uses Cookiebot to comply with the General Data Protection Regulation (GDPR), which is the European regulation on the protection of personal data. Cookiebot ensures that informed consent is obtained for the use of cookies on the website. The GDPR regulates the handling of personal data, including data collected via cookies, and requires consent for the processing of user data. In order to comply with both GDPR and the Danish Cookie Order, the museum collects consent before cookies are used, with the exception of necessary functional cookies. This ensures that all data is processed legally and in accordance with data protection regulations.

Collection of personal data when purchasing via the website
Purchases via Østsjællands Museer's website are made via ebillet a/s (CVR: 15279044), which is why Østsjællands Museer has entered into a data processing agreement with ebillet.

The Data Processing Agreement provides a framework for the processing of personal data - no sensitive personal data is collected in the purchase process.

Legal basis for the data processing agreement
The agreement is designed to ensure the parties' compliance with Article 28(3) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), which sets specific requirements for the content of a data processing agreement.

According to the agreement, the data processor shall implement all measures required under Article 32 of the General Data Protection Regulation, which states, inter alia, that appropriate technical and organizational measures shall be implemented to ensure a level of security appropriate to the risks, taking into account the current level, implementation costs and the nature, scope, context and purposes of the processing concerned and the risks of varying likelihood and severity for the rights and freedoms of natural persons.

If you apply for a job at Østsjællands Museer
If you apply for a job at Østsjællands Museer, the application and the personal data provided will be treated confidentially. The personal data will be used to contact you for an interview, possible further process or rejection. Østsjællands Museer does not collect additional information, including references, without specific prior agreement with the applicant.

Internally, only a hiring committee will have access to read your application and see information about your person. In accordance with the General Data Protection Regulation (GDPR) and the Danish Data Protection Act (Act no. 502 of May 23, 2018) on the retention of personal data, we only store applications and information contained therein until six months after the end of the recruitment process, unless consent is given for longer storage.

When entering into employment, Østsjællands Museer processes personal data in accordance with the General Data Protection Regulation (GDPR), which is the European regulation on the protection of personal data:

• Performance of a contract (Article 6(1)(b)): Processing of personal data may be necessary for the performance of an employment contract, for example to administer pay, working conditions and other aspects of employment.
• Legal obligation (Article 6(1)(c)): An employer can collect and process personal data if it is necessary to comply with a legal obligation. For example, this could be in relation to tax obligations, health and safety requirements or employment contract rules.
• Legitimate interests (Article 6(1)(f)): The processing of personal data can also be based on the legitimate interests of the controller if those interests are not overridden by the rights and freedoms of the data subject. For example, it may be necessary for an employer to process data in the context of employment contracts or to prevent fraud.

Obtaining a child certificate
Østsjællands Museer obtains a child certificate when entering into employment with a legal basis in the Danish Criminal Code § 78 b - Child certificate and Executive Order no. 1091 of October 3, 2017 on child certificates. The legal basis clarifies when and how child certificates can be used in employment relationships. It is relevant when people will be working with children under the age of 15, and the employer must ensure that the applicant does not have a relevant criminal conviction for circumstances that may pose a risk to children.

The legal basis for obtaining and processing the child certificate is also contained in the above GDPR section on legal obligation (Article 6(1)(c)): If the obtaining of the child certificate is necessary to comply with a law (e.g. requirements of the Criminal Code or the Child Certificate Ordinance).

The child certificate is a sensitive piece of information that is stored under the rules for secure storage of sensitive personal data under GDPR. Only management has access to the child certificate, which is stored digitally and deleted five years after the end of employment.

Your rights
Under the General Data Protection Regulation, you have a number of rights in relation to our processing of information about you.

If you want to exercise your rights, please contact us:

Østsjællands Museer
Rådhusvej 2
CVR no.: 46 15 12 16
Phone: (+45) 56 50 28 06 (phone hours 9-12)
E-mail address: museum@oesm.dk

Right to see information (right of access)
You have the right to access the information we process about you and a number of additional information.

Right to rectification (correction)
You have the right to have incorrect information about yourself corrected.

Right to erasure
In special cases, you have the right to have data about you erased before the time of our general general erasure occurs.

Right to restriction of processing
You have the right to have the processing of your personal data restricted in certain cases. If you have the right to have the processing restricted, we may in future only process the data - except for storage - with your consent, or for the establishment, exercise or defense of legal claims or to protect a person or important public interests.

Right to object
In certain cases, you have the right to object to our or lawful processing of your personal data. You can also object to the processing of your data for direct marketing purposes.

Right to transmit data (data portability)
In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have this personal data transferred from one controller to another without hindrance.

You can read more about your rights in the Danish Data Protection Agency's guide on data subjects' rights, which you can find at www.datatilsynet.dk.

Complaint to the Danish Data Protection Agency
You have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find the Danish Data Protection Agency's contact details at www.datatilsynet.dk.

Document information
This is the 1st version of Østsjællands Museer's personal data policy written March 10, 2025. The document is updated regularly in the event of significant changes in legislation and data processing.