The Danish Gambling Authority processes information about individuals and businesses. On this page you can find more about personal data, how the Danish Gambling Authority processes personal data, and your rights.
What is personal data?
Personal data is any information that directly or indirectly relates to an identifiable natural person. This may e.g., be information such as name, address, the Danish Civil Registration Number (CPR), finances, family circumstances, etc. Personal data may also be data about companies, for example single-person companies or shareholders in a company.
Personal data processing means any processing of personal data. Processing includes collection, recording, structuring, storage, disclosure, combination, and erasure.
We are the data controller of your personal data - how to contact us
The Danish Gambling Authority is data controller of the processing of the personal data about you that we have received.
Our contact information is available here:
Englandsgade 25, 6. sal
5000 Odense C
CVR (Central Business Register): 34730415
The Danish Gambling Authority’s Data Protection Officer (DPO)
The Ministry of Taxation has appointed a group-wide data protection officer, who is responsible for guiding the Danish Gambling Authority in the processing of personal data and ensuring that the Danish Gambling Authority complies with relevant rules in the field of data protection.
The Data Protection Officer is also the point of contact for citizens and companies regarding the processing of personal data. You can contact the Danish Gambling Authority’s Data Protection Officer if you have questions about the Danish Gambling Authority's processing of personal data or want more information about your rights.
Write to the Data Protection Officer here:
Udviklings- og Forenklingsstyrelsen (IT and Development Agency)
Osvald Helmuths Vej 4
Att.: Data Protection Officer
Where does the personal data come from?
The Danish Gambling Authority processes personal data that you have submitted to the Danish Gambling Authority. For example, this can be information that you have submitted in connection with your registration in ROFUS. The Danish Gambling Authority can also process data about you that we receive from other individuals and companies.
The purpose and legal basis of the Danish Gambling Authority’s processing of personal data
The Danish Gambling Authority is responsible for ensuring a properly regulated gambling market in Denmark. Our core tasks set out in the gambling legislation are to protect players, including young persons or other vulnerable persons, from being exploited through gambling. We do this by ensuring that gambling is offered in a fair, responsible, and transparent manner. The Danish Gambling Authority manages the register of self-excluded players (ROFUS), which is a service for people who want to exclude themselves from gambling.
The Danish Gambling Authority processes personal data about individuals and businesses which is sent to us for the purpose of operating ROFUS. The Danish Gambling Authority processes personal data as part of the tasks given to us as a public authority. The processing of personal data is based on article 6(1)(e) of the General Data Protection Regulation.
The legal basis for processing your personal data appears in:
- Section 10(1) and (2) of the Executive Order on land-based casinos
- Section 18(1 and (2) of the Executive Order on online betting
- Section 24(1) and (2) of the Executive Order on online casino
If we receive sensitive personal data, this is processed under article 9(2)(f) of the General Data Protection Regulation.
If you have sent data on criminal offences, our processing of data is based on article 8(1) and (2)(3) of the General Data Protection Regulation.
Processing of data on civil registration numbers is done for the purpose of a precise identification, cf. article 11(1) of the General Data Protection Regulation.
Categories of personal data
The Danish Gambling Authority process the following categories of personal data:
- Identification data
- Financial and vocational data
- Family circumstances
- Patterns of movement and location
- Staff matters (not sensitive)
If we receive sensitive personal data and process this, it may be the following categories of data:
- Health data
- Political orientation
- Trade-union membership
In addition to this, the Danish Gambling Authority also process data on criminal convictions and offences.
Recipients or categories of recipients
The Danish Gambling Authority discloses personal data to other public authorities as part of our general tasks. The Danish Gambling Authority may be obligated by law to disclose data. For example, data is disclosed to the Danish Tax Agency, the police, the courts, and other relevant authorities. Your registration with ROFUS will only be disclosed to other public authorities in rare cases and only if it is necessary in a specific case.
The Danish Gambling Authority discloses your personal data from ROFUS to the operators at which you hold an account, but only in the instances where you attempt to log in or in the instances where the gambling operators attempts to send you marketing material. The Danish Gambling Authority will also disclose your personal data to gambling operators at which you do not have an account if you attempt to create an account with a gambling operator during your self-exclusion period.
Finally, the Danish Gambling Authority may disclose data on persons registered with ROFUS to our data controllers.
Apart from these instances, the Danish Gambling Authority never disclose your registration with ROFUS to individuals or private businesses.
Disclosure to recipients in third countries, including international organisations
The Danish Gambling Authority rarely discloses personal data to recipients outside the EU and EEA. Data will only be disclosed to the gambling operators at which you do not hold an account if you attempt to create a new account with the gambling operator during your self-exclusion period. Data will also be disclosed if you attempt to log into an existing account and before the gambling operator wants to send direct marketing material to you.
Storage of personal data
We store your personal data as long as you are registered with ROFUS. The Danish Gambling Authority’s data controllers store the data and delete them in accordance with a procedure made by the Danish Gambling Authority.
Automatic assessment and profiling
The Danish Gambling Authority does not make use of automatic decision-making and profiling.
You have various rights when the Danish Gambling Authority processes personal data about you. You can read more about the rights below. If you wish to exercise your rights, please contact us.
Right of notification
You have the right to be notified when the Danish Gambling Authority collects and processes personal data about you. You have the right to be informed about the purpose and the legal basis for the processing.
The Danish Gambling Authority’s obligation to inform you may be exempted in certain situations. This applies, e.g., if you are already familiar with the information, or your interest in obtaining the data should give way for private or public interests.
Right to access
You are in principle entitled to access the Danish Gambling Authority's processing of your personal data. This means that you have the right to have confirmed whether we process your personal data as well as other information.
Right to rectification (correction)
You are entitled to have inaccurate personal data concerning yourself rectified.
Right to erasure
In special cases, you have the right to have personal data about you erased before the time of our general deletion.
However, a registration with ROFUS is binding. This means that a registration cannot be deleted before the exclusion period ends or the minimum registration period is completed.
Right to restrict processing
In certain cases, you may have the right to have the processing of your personal data restricted. If you are entitled to restriction of processing, we will only be able to process data - except for storage - with your consent. Moreover, we will only process data for the purpose of an establishment, exercise or defense of a legal claim, or for the purpose of protecting the rights of another natural or legal person or important public interests.
Right to object
In some cases, you may have the right to object to our otherwise legitimate processing of your personal data.
Right to transmit information (data portability)
In certain cases, you may have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit such personal data from one data controller to another without hindrance.
Storage and erasure
The data that the Danish Gambling Authority collects and processes about you will be processed and stored in the Danish Gambling Authority's IT systems. The Danish Gambling Authority stores your personal data as long as you are registered with ROFUS. The Danish Gambling Authority’s data processors stores the data and delete it in accordance with a procedure prepared by the Danish Gambling Authority.
You can read more about your rights on the Data Protection Agency’s website: www.datatilsynet.dk.
Complaint to the Danish Data Protection Agency
You are entitled to file a complaint to the Danish Data Protection Agency if you are dissatisfied with the way the Danish Gambling Authority processes your personal data. The Danish Data Protection Agency is a central independent authority, which supervises compliance with regulations on personal data in Denmark. You will find contact information of the Danish Data Protection Agency on www.datatilsynet.dk.
Rules and regulations
There are several Act and regulations regulating the processing of personal data. The purpose of the rules is to ensure the protection of the fundamental rights and freedoms of natural persons in the processing of their personal data.
General rules on processing of personal data are set out in the General Data Protection Regulation and the Danish Data Protection Act.