The Danish Gambling Authority processes information about individuals and businesses. On this page you can find more about personal data, how the Danish Gambling Authority processes personal data, and your rights.
What is personal data?
Personal data is any information that directly or indirectly relates to an identifiable natural person. This may e.g. be information such as name, address, the Danish Civil Registration Number (CPR), finances, family circumstances, etc. Personal data may also be data about companies, for example single-person companies or shareholders in a company.
Personal data processing means any processing of personal data. Processing includes collection, recording, structuring, storage, disclosure, combination, and erasure.
We are the data controller of your personal data - how to contact us
The Danish Gambling Authority is data controller of the processing of the personal data about you that we have received. Our contact information is available here:
Englandsgade 25, 6. sal
5000 Odense C
The Danish Gambling Authority’s Data Protection Officer (DPO)
The Ministry of Taxation has appointed a group-wide data protection officer, who is responsible for guiding the Danish Gambling Authority in the processing of personal data and ensuring that the Danish Gambling Authority complies with relevant rules in the field of data protection.
The Data Protection Officer is also the point of contact for citizens and companies regarding the processing of personal data. You can contact the Danish Gambling Authority’s Data Protection Officer if you have questions about the Danish Gambling Authority's processing of personal data or want more information about your rights.
Udviklings- og Forenklingsstyrelsen
Osvald Helmuths Vej 4
Attention to: The Data Protection Officer
Where does the personal data come from?
The Danish Gambling Authority processes personal data that you have submitted to the Danish Gambling Authority. For example, this can be information that you have submitted in connection with your registration in ROFUS or in connection with an application for authorisation as manager or staff. The Danish Gambling Authority can also process data about you that we receive from other individuals, authorities, and companies, for example as part of a statutory reporting obligation.
The purpose and legal basis of the Danish Gambling Authority’s processing of personal data
The Danish Gambling Authority is responsible for ensuring a properly regulated gambling market in Denmark. Our core tasks set out in the gambling legislation are to protect players, including young persons or other vulnerable persons, from being exploited through gambling by ensuring that gambling is offered in a fair, responsible, and transparent manner. The Danish Gambling Authority manages the register of self-excluded players (ROFUS) that aims to remedy problem gambling.
The Danish Gambling Authority processes personal data as part of the tasks given to us as a public authority. The processing of personal data is based on article 6(1)(e) of the General Data Protection Regulation.
If we receive sensitive personal data, this is processed under article 9(2)(f) of the General Data Protection Regulation.
If you have sent data on criminal offences, our processing of data is based on article 8(1) and (2)(3) of the General Data Protection Regulation.
Processing of data on civil registration numbers is done for the purpose of a precise identification, cf. article 11(1) of the General Data Protection Regulation.
Categories of personal data
The Danish Gambling Authority process the following categories of personal data:
- Identification data
- Financial and vocational data
- Family circumstances
- Patterns of movement and location
- Staff matters (not sensitive)
If we receive sensitive personal data and process this, it may be the following categories of data:
- Health data
- Political orientation
- Trade-union membership
In addition to this, the Danish Gambling Authority also process data on criminal convictions and offences.
Recipients or categories of recipients
The Danish Gambling Authority often discloses personal data to other public authorities as a part of our general tasks. The Danish Gambling Authority may also have a duty of disclosure according to law. For example, information is disclosed to Skattestyrelsen, the police, the courts, and other relevant authorities.
The Danish Gambling Authority rarely discloses personal data to private organisations such as licence holders and foreign authorities.
Disclosure to recipients in third countries, including international organisations
The Danish Gambling Authority rarely discloses personal data to recipients outside the EU and EEA.
Storage of personal data
We store personal data for as long as it is necessary to process your enquiry. In this connection, we consider the complexity of the enquiry when we determine for how long the personal data must be stored.
Automatic assessment and profiling
The Danish Gambling Authority does not make use of automatic decision-making and profiling.
You have various rights when the Danish Gambling Authority processes personal data about you. You can read more about the rights below. If you wish to exercise your rights, please contact us.
Right of notification
You have the right to be notified when the Danish Gambling Authority collects and processes personal data about you. You have the right to be informed about the purpose and the legal basis for the processing.
The Danish Gambling Authority’s obligation to inform you may be exempted in certain situations. This applies, e.g. if you are already familiar with the information, or your interest in obtaining the data should give way for private or public interests.
Right to access
You are in principle entitled to access the Danish Gambling Authority's processing of your personal data. This means that you have the right to have confirmed whether we process your personal data as well as other information.
Right to rectification (correction)
You are entitled to have inaccurate personal data concerning yourself rectified.
Right to erasure
In special cases, you have the right to have personal data about you erased before the time of our general deletion.
Right to restrict processing
In certain cases, you may have the right to have the processing of your personal data restricted. If you are entitled to restriction of processing, we will only be able to process data - except for storage - with your consent. Moreover, we will only process data for the purpose of an establishment, exercise or defense of a legal claim, or for the purpose of protecting the rights of another natural or legal person or important public interests.
Right to object
In some cases, you may have the right to object to our otherwise legitimate processing of your personal data.
Right to transmit information (data portability)
In certain cases, you may have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit such personal data from one data controller to another without hindrance.
Storage and erasure
The data that the Danish Gambling Authority collects and processes about you will be processed and stored in the Danish Gambling Authority's IT systems.
We will erase your personal information when they no longer serve a purpose. The actual time of erasure depends on how long the storage of the information is required.
Complaint to the Danish Data Protection Agency
You are entitled to file a complaint to the Danish Data Protection Agency if you are dissatisfied with the way the Danish Gambling Authority processes your personal data.
The Danish Data Protection Agency is a central independent authority, which supervises compliance with regulations on personal data in Denmark. You will find contact information of the Danish Data Protection Agency at www.datatilsynet.dk.
Rules and regulations
There are several Act and regulations regulating the processing of personal data. The purpose of the rules is to ensure the protection of the fundamental rights and freedoms of natural persons in the processing of their personal data.
General rules on processing of personal data are set out in the General Data Protection Regulation and the Danish Data Protection Act.