Personal Data Policy

Personal Data Policy

February 23 2024 · Version 2.0

1. Why did we create this privacy policy?  

At ARoS Aarhus Art Museum (”ARoS”), we prioritize privacy and data security. This privacy policy applies to our processing of personal data and sets out guidelines for [insert nickname]'s way of processing your personal data and provides you with the information that you are entitled to receive under applicable data protection legislation. You should read the privacy policy before providing your personal data to ARoS.

2. Data controller and contact information  

The data controller of your personal data is:  
ARoS Aarhus Kunstmuseum
Adress: Aros Allé 2, 8000, Aarhus C
CVR no.: 39 79 99 28
E-mail: info@aros.dk
Phone number: + 45 8730 6600

3. From where do we collect personal data about you?

ARoS may potentially collect and process personal data about you from the following sources:  

  • Directly from you 
  • Video surveillance 
  • From other visitors 

4. Purpose, types of personal data, legal basis and deletion  

ARoS's processing of personal data will depend on your purchases, your interaction, consents given, and behavior. Therefore, you should start by reading the column "Which people are covered?" to clarify whether the processing activity, the purposes in question, types of personal data, legal bases and deletion deadlines are relevant to you: 

Processing activity

Cookies, pixels and social plug-ins

Cookies, pixels and social plug-ins

Which people are covered?  
Website visitors who have provided consent via the cookie banner.

For what purposes is the personal data used?
Marketing, statistics, preferences and features. 
You can read more about the purposes via the cookie banner.  

What types of personal data are used? User ID, geographical location, interests, IP address, operating system, browser type, device type, behavior on the website, MAC address, click behavior, interaction with ads, completed data upon purchase, and search history. 

What is the legal basis for the processing? The processing of personal data in relation to necessary cookies takes place on the basis of an contract to be able to use the functions of the website (Article 6(1)(b) of the GDPR).  

 
The processing of personal data in relation to statistical and preference cookies takes place as a result of our legitimate interest in offering you the best possible products and services (Article 6(1)(f) of the GDPR).  

The processing of personal data in relation to marketing cookies, including on the basis of your preferences, takes place on the basis of your prior consent (Article 6(1)(a) of the GDPR).  

In addition, we always obtain a valid cookie consent in accordance with the Executive Order on Cookies before cookies are placed via your terminal equipment. 

When will the personal data be deleted? 
See the cookie banner where the deletion periods (expiration periods) are indicated. You can open the cookie banner by clicking on this link.

Video surveillance

Video surveillance

Which people are covered?  
Visitors and suppliers. 
 

For what purposes is the personal data used? 
Create security, to prevent crime and secure evidence for use in police investigations.

What types of personal data are used? 
Pictures of your whereabouts and, in some cases, criminal information in the event of theft or other crimes.  

What is the legal basis for the processing? 
Pursue our legitimate interest in creating security, preventing crime, and securing evidence for use in police investigations (Article 6(1)(f) of the GDPR and section 8(3) of the Danish Data Protection Act). 

When will the personal data be deleted? 
30 days from the moment of recording 

Creating a user profile.

Creating a user profile

Which people are covered?  
Users.  

For what purposes is the personal data used? 
Creating a profile for the purpose of purchasing / registering annual passes and entrance tickets as well as to obtain benefits.  

What types of personal data are used? 
Code, name, address, date of birth, picture, discounts, email, and purchase.  

What is the legal basis for the processing? 
Enter into and comply with a contract (Article 6(1)(b) of the GDPR). 

When will the personal data be deleted? 
1 year after the user is deleted.