Privacy policy for Reviewers of grant applications

The data controller is: TrygFonden smba (TryghedsGruppen smba), CVR-nr. 10430410, Hummeltoftevej 49, 2830 Virum.

The data we process about our external reviewers and the members of the Advisory Research Committee of TrygFonden is information about name, job title, place of employment and email address. For external reviewers we also process data about h-index and country of residence. Additionally, we process data about the reviewed grant applications, assessments, and data necessary for payment of fees, such as CPR number and salary number (for Danish reviewers) and IBAN, swift, date of birth and address (for foreign reviewers). 

The purpose of the processing is to be able to request assistance from the reviewers and to pay the reviewers for their assistance. 

The legal basis for the processing of personal data is both our legitimate interest in being able to request assistance from the reviewers  (pursuant to Article 6(1)(b) of the GDPR), performance of the contract with the reviewer (pursuant to Article 6(1)(f) of the GDPR) and compliance with our legal obligation under the Danish Accounting Act (bogføringsloven) (pursuant to Article 6(1)(c) of the GDPR).

The data we process about external reviewers is collected from publicly available sources.

We have implemented technical and organizational security measures regarding the personal data we process. These measures aim to prevent data alteration, loss or unauthorized access. They include features such as firewalls, web security, regular server updates, security protocols for workstations and network equipment, as well as protection against viruses and unwanted programs. Additionally, we have authorization and access restrictions to ensure that only relevant employees can access personal data. These employees are also bound by confidentiality agreements and receive instructions about handling of personal data.

We only disclose or transfer personal data to third parties in accordance with legal requirements and for the purposes described in this privacy policy. 

We engage external vendors for IT operations, services, and web development. If these vendors have access to our personal data, they are bound by confidentiality agreements and/or by data processing agreements.

We process data solely for the purposes specified in this privacy policy.

Data about an external reviewer is kept until we receive notice that the reviewer no longer wishes to conduct reviews for us. 

Data about a member of the Advisory Research Committee of TrygFonden is kept until he/she is no longer a member. 

Data related to payment of fees is kept according to applicable rules in force and is deleted after the current year of payment plus five years.

Within the limitations set by data protection laws and regulations the data subject has the following rights:

• Right to access to personal data.
• Right to rectify inaccurate or incomplete personal data.
• Right to request deletion of personal data.
• Right to limit the processing of personal data.
• Right to data portability
• Right to object to the processing of personal data: 
  Where our processing of personal data is based on legitimate interests, as specified above, the data subject has the right to object based on reasons related to their particular situation. If an objection is raised, we may no longer process the personal data, unless we can demonstrate compelling legitimate reasons for the processing – legitimate reasons that take precedence over the data subject’s interests, rights, and freedom, or if the processing is necessary for us in order to establish, exercise or defend legal claims.

For further information about these rights please confer the Danish Data Protection Agency’s guidance on data subjects’ rights available on datatilsynet.dk. 

If you wish to exercise your rights, please contact TryghedsGruppen (see contact details below). 

You also have the right to lodge a complaint with the Danish Data Protection Agency if you have any objections to the way in which we process your personal data. You can find the Danish Data Protection Agency’s contact information on datatilsynet.dk.

For questions regarding our processing of personal data, please contact:

TrygFonden smba (TryghedsGruppen smba)
CVR no. 10430410
Hummeltoftevej 49, DK-2830 Virum
Phone: +45 45 26 08 26
E-mail: info@tryghedsgruppen.dk.