Disse brugervilk\u00e5r (herefter “Brugervilk\u00e5rene”) g\u00e6lder ved din brug af digital post-l\u00f8sningen ‘mit.dk’ og de dertilh\u00f8rende ydelser, tjenester og produkter, samt mit.dk hjemmesiden og mit.dk mobil- og tabletapplikationen (herefter “mit.dk”). Ydelserne udbydes og leveres af Netcompany A\/S, CVR-nr.: 14814833, (herefter “Netcompany”) eller af det offentlige eller tredjeparter (se afsnit 3 nedenfor om “Till\u00e6gstjenester”).<\/p>\n
You accept that your use of mit.dk is governed by these Terms by you acceptance of these terms when you create your mit.dk profile. If you accept these Terms on behalf of a Business Operator (as defined below), your accept means that you warrant that you have the necessary authority to be able to perform the action on behalf of the Business Operator.<\/p>\nDu kan benytte mit.dk som privatperson (herefter “Privatperson”) eller p\u00e5 vegne af en privat juridisk person som f.eks. en virksomhed, organisation eller lignende (herefter “Erhvervsdrivende”). I forbindelse med brugen af mit.dk p\u00e5 vegne af en Erhvervsdrivende eller som led i dit arbejde for en Erhvervsdrivende, g\u00e6lder der yderligere betingelser som anf\u00f8rt i Brugervilk\u00e5rene.
\nDu skal v\u00e6re 13 \u00e5r eller derover og v\u00e6re i besiddelse af et elektronisk id (MitID) for at kunne bruge mit.dk. Hvis du er under 18 \u00e5r, skal dine for\u00e6ldre\/din v\u00e6rge give lov til, at du opretter dig som bruger. De skal ikke g\u00f8re noget aktivt andet end at fort\u00e6lle dig, at du gerne m\u00e5 bruge mit.dk.\nNetcompany g\u00f8r opm\u00e6rksom p\u00e5, at der kan g\u00e6lde s\u00e6rlige vilk\u00e5r alt efter om du er en Privatperson (som voksen), en Privatperson (som barn) eller en Erhvervsdrivende. Hvis dette er tilf\u00e6ldet, vil det v\u00e6re angivet i Brugervilk\u00e5rene.
\nThe Terms also comprise a reference to Netcompany\u2019s
\nprivacy policy and cookie policy.\n
There are two integral appendices to these Terms: Appendix A comprise the data processing agreement governing your use of mit.dk as a Private Individual. Appendix B comprise the data processing agreement governing the use of mit.dk as a Business Operator.<\/p>\n\t
mit.dk giver dig adgang til dine digitale breve, meddelelser mv. (herefter “Digital Post” eller “Digitale Post”), som du modtager fra i) offentlige myndigheder, herunder bl.a. regioner, kommuner eller andre akt\u00f8rer, der har en ret til at sende som, eller p\u00e5 vegne af, en offentlig enhed (herefter “Offentlige Afsendere”) og ii) de virksomheder, organisationer mv. som Netcompany har en aftale med, og som du modtager Digital Post fra (herefter “Private Afsendere”) (Offentlige Afsendere og Private Afsendere herefter samlet ben\u00e6vnt som en “Afsender”). Herudover f\u00e5r du adgang til din arkiverede Digitale Post, muligheden for at kunne kommunikere direkte og sikkert med en Afsender:, samt de \u00f8vrige funktioner og services p\u00e5 mit.dk, som Netcompany til enhver tid m\u00e5tte tilbyde. Netcompany forbeholder sig retten til at i visse tilf\u00e6lde kunne begr\u00e6nse adgangen til \u00f8vrige funktioner og services, hvis dette kan begrundes i overholdelse af lovgivning, samfundsetiske \u00e5rsager og tekniske \u00e5rsager.<\/p>\n
You can also access the Digital Post you receive from Public Sector Senders through other public user interfaces as an alternative to and\/or a supplement to mit.dk. Through a public user interface, the citizen can read Digital Post from Public Sector Senders like for instance Borger.dk.<\/p>\n
Using mit.dk is voluntary, and you can always access your public mail through the public user interfaces like for instance Borger.dk. However, you can only use Netcompany's Supplementary Services (see section 3 below) and read mail from Private Sector Senders if you use mit.dk.<\/p>\n
When you receive Digital Mail through mit.dk, you will not also receive the same mail as ordinary (physical) mail, unless otherwise agreed with your Private Senders. Receiving Digital Post on mit.dk has the same legal effect as if you were receiving the Digital Post as ordinary (physical) mail, which means that you have received the letter, the communication and the like once your Digital Post is received on mit.dk. The effect is that invoices or other documents, such as for instance payment, acceptance and\/or complaint deadlines, etc., apply from the moment they become available to you on mit.dk, just as if you had received it in your ordinary (physical) mailbox.<\/p>\n
Accordingly, it is important, and your own responsibility, to check regularly for new Digital Post on mit.dk. However, this does not apply, if you are a child.<\/p>\n
If you do not log on to mit.dk for 60 consecutive months, Netcompany reserves the right to deactivate your access to mit.dk. In case of death or if you leave Denmark permanently (meaning when your home address is no longer in Denmark), Netcompany also reserves the right to deactivate your access to mit.dk after 15 months from the time of the death, or the permanent departure from Denmark without further information.<\/p>\n
By your request to kundeservice@mit.dk , mit.dk will, for a period of 12 months from the deactivation of your profile, send your Digital Post received from Private Sector Senders to you digitally and securely.<\/p>\n
If you and a Private Sector Sender have agreed that Digital Post from said Private Sector Sender must only be sent to you through mit.dk, you are then responsible for settling how to communicate going forward directly with the Private Sector Sender.<\/p>\n
You can create a new profile on mit.dk at any time.<\/p>\n
You can delete Digital Post and documents in your digital mailbox on mit.dk at any time. However, please note that Digital Post cannot be restored or recreated.<\/p>\n
It is not possible to deregister for receipt of Digital Post from Public Sector Senders through mit.dk. Please go to borger.dk if you want to be exempt from Digital Post from Public Sector Senders.<\/p>\n
You cannot deregister from receiving future Digital Post from individual Private Sector Senders on mit.dk. You can therefore only deregister by directly contacting the Private Sector Sender from which you do no longer wish to receive Digital Post. Please note, however, that it will not exempt you from obligations or agreements (if any) that you may have with Private Sector Senders if you deregister from receipt of Digital Post from these on mit.dk.<\/p>\n
You are responsible for checking mit.dk on a regular basis for new Digital Post and for making sure that mit.dk has your correct and current e-mail address and your telephone number, so you receive the correct service announcements and notifications about new Digital Post.<\/p>\n
It is also your responsibility to keep your login information secret from people other than yourself. If you suspect irregularities or misuse of your login information, you have to change your login information immediately and notify mit.dk.<\/p>\n
It is not permissible as a user of mit.dk to set up unofficial systems or tools for automatic retrieving data from the platform, e.g., to automatic forward sent messages to external systems, including (but not limited to) e-mail servers.<\/p>\nIt is also your responsibility to make sure that your use of mit.dk is in compliance with applicable Danish law. Among other things, this means that filing, sending and uploads on mit.dk must not infringe third party rights, and that the material in question must not be illegal or otherwise contrary to these Terms or applicable Danish law.
\nThis, however, does not apply if you are a child.\n
There may be cases where Netcompany will have to make your Digital Post unavailable for a short time or permanently. Examples of this could be that Netcompany is legally obligated to do so in cases where Digital Post to you has been shared by mistake, where personal data might have been compromised, or in other similar cases. Accordingly, Netcompany reserves the right to make your Digital Post on mit.dk unavailable to you in exceptional cases.<\/p>\n\t
mit.dk giver dig muligheden for at tilg\u00e5 og benytte en lang r\u00e6kke forskellige tjenester udover mit.dks standardfunktioner (herefter en “Till\u00e6gstjeneste”). Till\u00e6gstjenesterne som du v\u00e6lger at bruge, vil enten v\u00e6re leveret og administreret af Netcompany, det offentlige, eller af en tredjepart.<\/p>\n
Whether a Supplementary Service is available to you in mit.dk depends on whether the Sender wishes to use a Supplementary Service and if the Sender has an agreement with Netcompany and the Provider on the use of the Supplementary Service.<\/p>\n
Netcompany notes that additional terms and conditions may apply depending on the service in question and on the supplier and administrator of the digital service concerned. It is a requirement that you accept the terms from the provider of the Additional Service in order to use the Additional Service.<\/p>\n
If you choose to use Supplementary Services, you also give your consent to Netcompany to disclose the necessary personal data to the third party so that the Supplementary Service can work for you.<\/p>\n
The content shown when you use a Supplementary Service might be controlled by a third party and might be beyond the control of Netcompany, and therefore Netcompany cannot be held responsible for the content of said service. It is important to note in this respect that third parties are not Netcompany's subcontractors but rather independent service providers, and therefore you are responsible for ensuring that you are familiar and comply with the terms and conditions of the third party as well as applicable laws.<\/p>\n
You can opt out of one or more Supplementary Services at any time by not using the Supplementary Service in question on mit.dk.<\/p>\n\t
For at g\u00f8re din brugeroplevelse endnu bedre har Netcompany ogs\u00e5 lavet en mobil- og tablet applikation, mit.dk-app’en (herefter “App’en”). V\u00e6r opm\u00e6rksom p\u00e5, at n\u00e5r der i disse Brugervilk\u00e5r henvises til “mit.dk” henvises der ogs\u00e5 til “App’en”.<\/p>\n
Brugen af App’en kan indeholde en r\u00e6kke yderligere funktioner og udvidelse af standardfunktionerne. Der kan derfor v\u00e6re yderligere vilk\u00e5r, der er g\u00e6ldende n\u00e5r App’en bruges.<\/p>\n
Det er en foruds\u00e6tning for din brug af App\u00b4en, at du har en profil p\u00e5 mit.dk, f\u00f8rend du kan bruge App’en. Du skal v\u00e6re opm\u00e6rksom p\u00e5, at det ikke n\u00f8dvendigvis er alle funktioner p\u00e5 mit.dk, der kan udf\u00f8res i App’en, og nogle funktioner kr\u00e6ver derfor, at du logger p\u00e5 mit.dk i en internet-browser eller omvendt.<\/p>\n
Du kan i App’en benytte dig af biometrisk login) ved at tilknytte din biometriske profil til din mit.dk profil i App’en. Du kan kun tilknytte enhedens registrerede biometri til \u00e9n brugerprofil i App’en, og det kr\u00e6ver, at din enhed ligeledes underst\u00f8tter dette.<\/p>\n
Please note that others can misuse your profile if they have access to the biometric settings on your device; for instance if they add their own fingerprint. You must therefore make sure that only your biometric profile is registered on your device. You should never use biometric authorisation on devices over which you do not have full control; for instance a borrowed phone, acquired or shared devices, or devices with known security flaws.<\/p>\n
You can stop using biometric login by removing the setting from your mit.dk profile, by deactivating biometric login on your device, or by otherwise removing this functionality.<\/p>\n
Hvis du mister din enhed med App’en installeret, er det vigtigt, at du logger ind p\u00e5 mit.dk fra en anden enhed (f.eks. via browser p\u00e5 en PC) og fjerner den mistede enhed fra din mit.dk profil. P\u00e5 den m\u00e5de mindskes risikoen for, at din mit.dk profil, App’en eller enheden, bliver misbrugt.<\/p>\n
Af sikkerhedsm\u00e6ssige \u00e5rsager b\u00f8r du ikke benytte App\u00b4en p\u00e5 en telefon, der er blevet s\u00e5kaldt “jailbreaket” eller “rooted”, dvs. hvor telefonens styresystem er blevet omg\u00e5et. Vi g\u00f8r opm\u00e6rksom p\u00e5, at du selv er ansvarlig for administration af adgang til profilen i mit.dk<\/p>\n\t
To authenticate your use and access to your Digital Post on mit.dk, mit.dk uses MitID as a login solution.<\/p>\n
Netcompany is not liable for neither direct nor indirect losses resulting from (i) your use of mit.dk, (ii) the content (including errors) of Digital Post, (iii) delays or errors in sending and receiving Digital Post, (iv) your use of third party services offered on mit.dk, or (v) unauthorised use of mit.dk; for instance because you have allowed someone else to log in to your digital mailbox, or you have not notified Netcompany about the misuse of your login.<\/p>\n
Netcompany er desuden ikke – hverken direkte eller indirekte – ansvarlig for driften af mit.dk (herunder oppetid), tab af data samt IT-fejl og skade p\u00e5 fysisk eller digitalt udstyr.<\/p>\n
Netcompany can change the Terms of use with one month\u2019s notice with immediate effect thereafter.<\/p>\n
Netcompany can at any time change the Terms of use without notice and with immediate effect, if the changes are not unfavorable for you, if it is for security reasons or if the changes only affect Business Operators.<\/p>\n
In the event of a change to the Terms of use, Netcompany will notify you. The notification will inform you of when the new terms will come into force.<\/p>\n
De til enhver tid g\u00e6ldende vilk\u00e5r vil altid kunne findes p\u00e5 mit.dk’s hjemmeside.<\/p>\n
You can always choose to delete your profile because of possible changes.<\/p>\n
Any material on mit.dk, including, but not limited to, source codes, names, designs, logos, software, trademarks, graphics, texts, icons, images, etc., belong to Netcompany and\/or one of Netcompany's business partners and is protected by intellectual property rights and therefore cannot be used without written approval from Netcompany.<\/p>\n
Apart from what is explicitly stated in these Terms, Netcompany is not assigning or granting any intellectual property rights to you.<\/p>\n
Du f\u00e5r en verdensomsp\u00e6ndende, ikke-eksklusiv, personlig og uoverdragelig brugsret til at bruge mit.dk, herunder App’en, p\u00e5 enhver browser eller smartphone, du har adgang til, inden for rammerne af Brugervilk\u00e5rene, den relevante g\u00e6ldende lovgivning og almindelig god skik.<\/p>\n
For Business Operators, the right of use is limited to the legal entity having entered into the agreement with Netcompany, as well as the employees having to use mit.dk during the course of their work in general for the legal entity.<\/p>\n
Du m\u00e5 ikke distribuere mit.dk eller g\u00f8re den tilg\u00e6ngelig for andre f.eks. over et netv\u00e6rk. Du m\u00e5 heller ikke udleje, lease, udl\u00e5ne, viderelicensere eller s\u00e6lge mit.dk. Du m\u00e5 heller ikke fors\u00f8ge at foretage reverse engineering eller udlede vores kildekode, modificere, eller skabe afledte v\u00e6rker af mit.dk, medmindre g\u00e6ldende lovgivning tillader dette, eller p\u00e5 en anden m\u00e5de g\u00f8re noget, der kunne skade, begr\u00e6nse, forsinke, \u00f8del\u00e6gge mv. Netcompany, App’en, Afsenderne, det offentlige, din eller andres Digital Post eller mit.dk i \u00f8vrigt.<\/p>\n
Enhver overtr\u00e6delse af Brugervilk\u00e5rene eller \u00f8vrig svigagtig, skadelig eller uetisk adf\u00e6rd fra din side, eller fra \u00e9n som du giver adgang til mit.dk p\u00e5 dine vegne, giver Netcompany ret til at oph\u00e6ve din adgang til mit.dk, herunder App’en, Till\u00e6gstjenesterne mv. Dette kan eksempelvis v\u00e6re hvis du fors\u00f8ger p\u00e5 hacking eller foretager et DDoS angreb.<\/p>\n
If Netcompany terminates your access to mit.dk, you will no longer be able to access your digital mailbox in mit.dk.<\/p>\n
If you and a Private Sector Sender have agreed that Digital Post from said Private Sector Sender must only be sent to you through mit.dk, you are then responsible for settling how to communicate going forward directly with the Private Sector Sender. Netcompany does not assume any liability in this respect.<\/p>\n
You can contact Netcompany by using the contact information in section 5.9 below in order to receive a copy of your Digital Post if Netcompany has terminated your access to mit.dk.<\/p>\n
Du m\u00e5 ikke videregive Fortrolig Information til tredjemand. Ved “Fortrolig Information” forst\u00e5s alle oplysninger af teknisk, forretningsm\u00e6ssig, infrastrukturm\u00e6ssig eller anden art vedr\u00f8rende mit.dk, bortset fra oplysninger, (i) som er eller vil blive gjort offentligt tilg\u00e6ngelige p\u00e5 anden vis end ved misligholdelse af disse Brugervilk\u00e5r, (ii) som du er forpligtet til at videregive i henhold til g\u00e6ldende lov, eller (iii) som du kan dokumentere er skabt af dig.<\/p>\n
The Senders process and use your personal data in accordance with the Senders\u2019 privacy policies, and Netcompany is not liable for the Senders\u2019 processing of personal data.<\/p>\n
Any dispute in relation to issues governed by these Terms shall be decided according to Danish law unless otherwise provided by mandatory rules on consumer protection.<\/p>\n
In relation to Business Operators, disputes (if any) shall be decided according to Danish law before the Copenhagen City Court.<\/p>\n
You can contact Netcompany\u2019s customer services by:<\/p>\n
Vores kundeservice kan kontaktes p\u00e5 telefon eller e-mail mandag til fredag kl. 08:00 – kl. 20:00, i weekender kl. 10:00 – 16:00 og helligdage kl. 10:00 – 15:00. Yderligere information kan tilg\u00e5s p\u00e5 mit.dks hjemmeside under fanen Need help<\/a>.<\/p>\n\t In mit.dk you can see all your Digital Post from Public Senders (meaning public authorities) as well as post from a range of Private Senders (meaning the companies, organizations etc., which mit.dk has signed an agreement with, and which you receive Digital Post from). Furthermore, you have access to your archived Digital Post and the option to communicate directly and secure with a Public or Private Sender.<\/p>\n Denne databehandleraftale (herefter “Aftalen”) vedr\u00f8rer den behandling af personoplysninger, som Netcompany A\/S (herefter “mit.dk”) foretager som databehandler p\u00e5 vegne af dig som dataansvarlig (herefter “dig”, “din” eller “du”) i forbindelse med levering af services til dig gennem mit.dk, n\u00e5r du handler som Privatperson.<\/p>\n You are data controller for the content of Digital Post, which is delivered to your post solution at mit.dk. Furthermore, you are data controller for the retaining and sending of new Digital Post as well as the showing of Digital Post to and from Public Senders.<\/p>\n Aftalen er udformet med henblik p\u00e5 efterlevelsen af databeskyttelsesforordningens (herefter “GDPR”) artikel 28, stk. 3, og fasts\u00e6tter mit.dk’s rettigheder og forpligtelser, n\u00e5r mit.dk behandler personoplysninger p\u00e5 vegne af dig.<\/p>\n You accept that the use of mit.dk is subject to the Agreement by your accept of the Terms and Conditions in connection with your creation of your profile at mit.dk.<\/p>\n Mit.dk processes all personal data based on your instruction in relation to the provision of mit.dk as described in the Terms and Conditions to mit.dk. The only exception to this is if the processing is required under EU or Member State law to which mit.dk is subject. In such situations mit.dk shall inform you of such legal requirement prior to processing unless such notification is prohibited in consideration of important grounds of public interest.<\/p>\n Mit.dk's processing of personal data on behalf of you in relation to the provision of mit.dk takes places by mit.dk:<\/p>\n Dette afsnit indeholder n\u00e6rmere oplysninger om mit.dk’s behandling af personoplysninger p\u00e5 dine vegne, herunder om behandlingens form\u00e5l og karakter, typen af personoplysninger, kategorierne af registrerede og varighed af behandlingen.<\/p>\n The purpose of the processing is to enable storage of your Digital Post in your post solution at mit.dk as well as enable sending of Digital Post from you to private companies, organisations etc., through mit.dk.<\/p>\n Furthermore, the purpose is to be able to show (transmit) personal data in relation to the showing of Digital Post to and from public authorities.<\/p>\n The Digital Post which you are shown, receive, store, or send through mit.dk can contain all types of personal data determined by the sender or yourself, as the character of the data will depend on the content of the post.<\/p>\n The Digital Post can contain both 1) ordinary personal data (such as name, address, telephone number, etc.), 2) sensitive personal data (such as data concerning health, and information about trade union membership) and 3) information about criminal offences (such as criminal records or a fine notice).<\/p>\n The Digital Post which you are shown, receive, store, or send through mit.dk can contain personal data about other persons than you. The Digital Post can thus contain information about persons, which might be mentioned in the post you receive or send. This may include your spouse, children, etc.<\/p>\n The processing of personal data in the form of Digital Post lasts until you or mit.dk delete Digital Post in your post solution at mit.dk. Read more in the Terms and Conditions.<\/p>\n Mit.dk m\u00e5 kun give adgang til personoplysninger, som behandles p\u00e5 dine vegne, til personer, som er underlagt mit.dk’s instruktionsbef\u00f8jelser, og som har forpligtet sig til fortrolighed eller er underlagt en passende lovbestemt tavshedspligt, og kun i det n\u00f8dvendige omfang. Listen af personer, som har f\u00e5et tildelt adgang, bliver l\u00f8bende gennemg\u00e5et af mit.dk. P\u00e5 baggrund af denne gennemgang kan adgangen til personoplysninger lukkes, hvis adgangen ikke l\u00e6ngere er n\u00f8dvendig, og personoplysningerne skal herefter ikke l\u00e6ngere v\u00e6re tilg\u00e6ngelige for disse personer.<\/p>\n mit.dk initiates all measures required according to GDPR article 32 about security of processing in relation to processing of personal data.<\/p>\n Mit.dk vurderer de risici, som behandlingen af personoplysninger – i forbindelse med levering af services gennem mit.dk – indeb\u00e6rer for dine rettigheder og gennemf\u00f8rer passende foranstaltninger for at im\u00f8deg\u00e5 disse risici.<\/p>\n mit.dk will notify you in case of any personal data breach that entails a high risk to your rights and freedoms.<\/p>\n Location of the processing<\/p>\n mit.dk has the general authorisation for the engagement of sub-processors, meaning sub-suppliers (including IT and support suppliers), which mit.dk cooperates with for the provision of services to you through mit.dk. Mit.dk shall inform you of any intended changes concerning the addition or replacement of sub-processors 30 days prior to the implementation of the change. If you cannot accept the notified data processor, you have the opportunity to delete your account at mit.dk.<\/p>\n Where mit.dk engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Agreement shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Agreement and the GDPR.<\/p>\n Mit.dk shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Agreement and the GDPR.<\/p>\n Underdatabehandleraftale(r) og eventuelle senere \u00e6ndringer hertil sendes – efter din anmodning herom – i kopi til dig, s\u00e5 du herigennem har mulighed for at sikre dig, at tilsvarende databeskyttelsesforpligtelser som f\u00f8lger af Aftalen er p\u00e5lagt underdatabehandleren. Bestemmelser om kommercielle vilk\u00e5r, som ikke p\u00e5virker det databeskyttelsesretlige indhold af underdatabehandleraftalen, kan du ikke f\u00e5 adgang til at se.<\/p>\n On commencement of the Agreement, the Data Controller authorises the engagement of the following sub-processors:<\/p>\n Personal data is not transferred to third countries or international organisations.<\/p>\n You can at any time delete or download your Digital Post in your post solution at mit.dk.<\/p>\n Mit.dk behandler dine personoplysninger – i form af Digital Post – indtil du sletter Digital Post i din post-l\u00f8sning p\u00e5 mit.dk. L\u00e6s mere herom i Brugervilk\u00e5rene.<\/p>\n mit.dk shall make available to you all information necessary to demonstrate compliance with the obligations laid down in Article 28 and the Agreement and provides you with access to audit reports.<\/p>\n Derudover har du ret til for egen regning at udpege en statsautoriseret revisor, som skal have adgang til mit.dk’s fysiske faciliteter til behandling af personoplysninger samt modtage de n\u00f8dvendige informationer til udf\u00f8relse af unders\u00f8gelsen af, hvorvidt mit.dk overholder sine forpligtelser under Aftalen. Den statsautoriserede revisor skal p\u00e5 mit.dk’s anmodning underskrive en s\u00e6dvanlig fortrolighedserkl\u00e6ring og behandle enhver information indhentet hos eller modtaget direkte fra mit.dk fortroligt, og m\u00e5 alene dele unders\u00f8gelsens konklusioner med dig.<\/p>\n You can contact mit.dk via the following information:<\/p>\n Netcompany A\/S, Strandgade 3, 1401 Copenhagen K, Denmark<\/p>\n Cvr no. 14814833<\/p>\n Telephone number: 70 80 25 80<\/p>\nBilag A – Databehandleraftale for post-l\u00f8sningen mit.dk til privatperson<\/h2>\n
1. Introduction<\/h3>\n
2. Instruction from you to processing of data in mit.dk<\/h3>\n
\n
3. Information about the processing of personal data in mit.dk<\/h3>\n
The purpose and nature of the processing of personal data in mit.dk<\/h4>\n
Categories of personal data<\/h4>\n
Categories of data subjects<\/h4>\n
The duration of the processing<\/h4>\n
4. Confidentiality<\/h3>\n
5. Security in connection with processing of personal data in mit.dk<\/h3>\n
\n
\n Technical and organizational security precautions<\/strong><\/td>\n<\/tr>\n \n Area:<\/strong><\/td>\n Measure:<\/strong><\/td>\n Description:\u00a0<\/strong><\/td>\n<\/tr>\n \n Access control<\/strong>\n<\/td>\n Passwords<\/td>\n All employees must have an individual password to the required systems and units, e.g., mobile phones, computers etc. Furthermore, all units must be locked when they are left unattended.<\/td>\n<\/tr>\n \n Access from external locations<\/td>\n For at f\u00e5 adgang til mit.dk’s interne systemer, er det p\u00e5kr\u00e6vet, at brugerne logger ind med en intern medarbejderkonto og godkendes via VPN software eller lignende.<\/td>\n<\/tr>\n \n Access from internal server rooms and main networks<\/td>\n External parties are only allow to access internal server rooms if they are accompanied by one of the Data Processor's employees. Only selected employees have access to the rooms.<\/td>\n<\/tr>\n \n Antivirus<\/td>\n Antivirus programs are installed on all computers. Windows servers and Linux servers are updated frequently.<\/td>\n<\/tr>\n \n Anti-spam and anti-phishing<\/td>\n Anti-spam and anti-phishing software is installed on the internal mailsystem.<\/td>\n<\/tr>\n \n Access control<\/td>\n An authorisation system has been implemented in the organisation, which ensures that only relevant employees have access to the various systems. The authorisation system is built on the principle of minimum access.<\/td>\n<\/tr>\n \n Clean desk policy<\/td>\n Physical documents are rarely used, and if used, they are put away when not in use.<\/td>\n<\/tr>\n \n DDoS attack<\/td>\n The Data Processor has DDoS protection integrated against the Data Processor's ISP on the lines of the internet.<\/td>\n<\/tr>\n \n Abolition of physical material<\/td>\n All physical and confidential material is abolished by the use of locked garbage bin and subsequent shredding.<\/td>\n<\/tr>\n \n Encryption<\/td>\n All computers, e-mails and back-ups are encrypted and guidelines are implemented to ensure that data on mobile units is also encrypted.<\/td>\n<\/tr>\n \n Endpoint security<\/td>\n Endpoint security is established through antivirus programs, endpoint detection and response (EDR), frequent system updates, software alarms etc.<\/td>\n<\/tr>\n \n Firewalls<\/td>\n Firewalls are installed to protect against unauthorised access.<\/td>\n<\/tr>\n \n IAM<\/td>\n Identity and access controls are implemented by the use of individual user accounts.<\/td>\n<\/tr>\n \n Information sharing<\/td>\n In relation to data hosted by the Data Processor, data is encrypted and the encryption keys is send separately or in other secure ways with respect to the content of the data. The exchange of data will always take place through secure connections.<\/td>\n<\/tr>\n \n Logging<\/td>\n Information about user identity and user actions are logged.<\/td>\n<\/tr>\n \n Network segmentation<\/td>\n All systems are isolated from each other and all network equipment is provided by large suppliers, including Cisco, and only supplier supported equipment is used.<\/td>\n<\/tr>\n \n Confidentiality agreements<\/td>\n Confidentiality agreements are entered into with all employees, external consultants and other business partners who process personal data on behalf of the Data Processor.<\/td>\n<\/tr>\n \n Protection against malware<\/td>\n Antivirus software is installed on all computers and all downloaded software is monitored.<\/td>\n<\/tr>\n \n Registration of guests<\/td>\n All guests must wear a visible batch stating that they are guests.<\/td>\n<\/tr>\n \n Secure abolition of equipment<\/td>\n All equipment is wiped of all information before it is disposed of.<\/td>\n<\/tr>\n \n Separation between development, test and production environments<\/td>\n Development, test and production environments are kept separate from each other.<\/td>\n<\/tr>\n \n Revocation of access rights<\/td>\n Access rights are revoked when an employment or business relation has ended, or when an employee moves to another project.<\/td>\n<\/tr>\n \n Data access<\/strong><\/td>\n Back-up<\/td>\n The Data Processor works with a complete back-up solution, which includes a combination of local and external back-up. Data is thus protected in the Data Processor's primary data center while a full copy at the same time is always at the Data Processor's secondary data center.<\/td>\n<\/tr>\n \n Equipment maintenance<\/td>\n All the equipment of the Data Processor is maintained continuously.\n<\/td>\n<\/tr>\n \n Power supply security<\/td>\n Datacentrene har flere l\u00f8sninger implementeret til beskyttelse af str\u00f8mforsyningen, UPS’er og k\u00f8ling. Retningslinjer for str\u00f8mforsyningen til udstyr sammen med den \u00e5rlige test af A\/B-feed sikrer korrekt funktion og ops\u00e6tning. Ved k\u00f8ling anvendes det samme k\u00f8lelement, men er redundant i begge ender af dette.<\/td>\n<\/tr>\n \n Server room<\/td>\n Best practice is used when IT equipment in the server room and at the data centers are inspected.<\/td>\n<\/tr>\n \n Software updates and patching<\/td>\n All computersoftware is updated and patched regularly.<\/td>\n<\/tr>\n \n Code review<\/td>\n All new codes or changes to existing codes is reviewed accordingly and approved by another employee than the encoder.<\/td>\n<\/tr>\n \n Test of code<\/td>\n The developed code is first tested by the encoder, then through peer review, then by testers and along the way static code analysis is performed by SonarQube.<\/td>\n<\/tr>\n \n Staff<\/strong><\/td>\n Awareness<\/td>\n All employees are obligated to yearly read and confirm that they have read the Data Processor's security policy, procedures and privacy policies.<\/td>\n<\/tr>\n \n Criminal records<\/td>\n Clean criminal records are required of the Data Processor's staff in critical positions.<\/td>\n<\/tr>\n \n Physical security<\/strong><\/td>\n Alarm devices<\/td>\n Alarms are installed on all the Data Processor's offices to avoid theft and\/or vandalism.<\/td>\n<\/tr>\n \n Fire<\/td>\n Fire extinguishers are located in all offices of the Data Processor.<\/td>\n<\/tr>\n \n Video surveillance<\/td>\n All entrances to the Data Processor's offices are monitored by video surveillance.<\/td>\n<\/tr>\n \n Policies, procedures and security organisation<\/strong><\/td>\n Legislation<\/td>\n New legislation and practice is followed up on continuously.<\/td>\n<\/tr>\n \n Policies for use of electronic devices<\/td>\n Guidelines are implemented to ensure a secure use of electronic devices and it is required that all employees reads and follow the guidelines in this regard.<\/td>\n<\/tr>\n \n Privacy policies<\/td>\n All employees must read and follow the Privacy Policy of the Data Processor, which includes guidelines for how to process personal data in accordance with applicable data protection legislation.<\/td>\n<\/tr>\n \n Security breaches<\/td>\n The Data Processor has implemented a strict procedure for the handling of security breaches, which all employees are obliged to read and follow.<\/td>\n<\/tr>\n \n Security policy<\/td>\n The security policy is revised yearly and updated accordingly.<\/td>\n<\/tr>\n \n Security organisation<\/td>\n The Data Processor has a security organisation consisting of a security committee, security officers and security managers who meet on a regular basis to discuss general security.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\t \n
\n
\n
6. Use of sub-processors to mit.dk<\/h3>\n
\n
7. Transfers to third countries or international organisations<\/h3>\n
8. Deletion of personal data<\/h3>\n
9. Audits<\/h3>\n
10. Contact information for mit.dk<\/h3>\n