Privacy policy

Latest update: 14 December 2018

In this Privacy Policy we describe how Copenhagen Airports A/S, Roskilde Airport (RKE) processes your personal data. The Policy supplements, but does not substitute, any other policies or terms and conditions laid down with respect to the use of individual services provided by RKE.

It is essential to RKE that you feel secure about our processing of the personal data that we obtain about you when you are at the airport or use one of our services.

The Policy supplement the general Privacy Policy for Copenhagen Airports A/S (CPH), which is available on CPH.dk.

You can also read our Cookie Policy here: CPH.dk/cookie-policy

If you are the holder of a CPH ID card, this following Privacy Policy applies.

Data controller

Your personal data are processed by Copenhagen Airports A/S, Box 74, Lufthavnsboulevarden 6, DK-2770 Kastrup, Denmark, as data controller.

Data protection officer

RKE has appointed a data protection officer (DPO), and you are welcome to contact our DPO with any questions or other queries you may have about our processing of personal data. You can contact our DPO at privacy@cph.dk.

Mandatory information

Information marked * is mandatory. If you do not disclose such information, the consequence is that RKE will not be able to provide the services you request.

Your rights

You are, of course, entitled to request access to, rectification or erasure of any personal data about you that RKE processes. You also have the right to object to the processing of your personal data and to have the processing of your personal data restricted. If you are not satisfied with the way we process your personal data, you naturally also have the right to file a complaint with the Danish Data Protection Agency.

In particular, you have an unconditional right to object to processing of your personal data for direct marketing purposes. If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent will not affect the lawfulness of processing of data before your withdrawal. You have the right to receive the personal data you have provided in a structured, commonly used, machine-readable format (data portability).

These rights may be subject to conditions or restrictions. Accordingly, you may not have the right to data portability in a given case – it depends on the specific circumstances of the processing activities.

Privacy policy updates

We will make changes to this Privacy Policy as required. You can see this by checking the date at the bottom of the page. In case of significant changes to the Privacy Policy we will inform you directly about the changes and the consequences hereof.

By clicking the icons below, you can see the processing of personal data that applies to the various parts of RKE.

1. CHECK-IN PROCESS
 

RKE collects personal data in connection with the check-in process in RKE.

1.1.1 The general data collected by RKE is following:

  • Name*
  • Date of birth*
  • Gender*
  • PNR*
  • Nationality*
  • Origin/destination*
  • Title*
  • UNMR (information about unaccompanied minors)*
  • Company name
  • Weapon type & number (if relevant)

1.1.2 The sensitive data collected by RKE can be:

  • Request for special meals (eg. kosher, no pork etc.)*
  • PRM (Information about disability or special needs)*

1.2 Purpose

The purpose of the processing is to check you in as a passenger in in accordance with the requirements on RKE to ensure the identity of the travelers.

1.3 Legal basis

RKE is subject to a wide range of legal requirements for the implementation of security measures. The legal basis for processing is therefore Article 6.1.C of the General Data Protection Regulation, since processing of personal data is necessary to meet RKE's obligations. The sensitive personal data are processed pursuant to Article 9.2.B, as it follows from the Commission's PRM Regulation (1107/2006) that passengers with special needs shall be assisted.

1.4 Third party recipients

In special cases, RKE may, when necessary, share data with Danish authorities. In exceptional circumstances, data may be disclosed to private third parties, such as insurance companies, in connection with claims.

1.5 Deletion

Data about passengers is processed in 3 months in accordance with the requirements in the Danish aviation legislation.

2. HANDLING
 

The RKE collects personal data in connection with on the handling of arriving and departing flights.

1.1.1 The general data collected by RKE is following:

  • Flight No.*
  • Date of birth*
  • Name*
  • Gender*
  • Country*
  • Nationality*
  • Origin/destination*
  • Passport information*
  • Pasport No.*

1.1.2 The sensitive data collected by RKE can be:

  • Request for special meals (eg. kosher, no pork etc.)*
  • PRM (Information about disability or special needs)*

1.2 Purpose

The purpose of the processing is to meet handling requests from aircraft operators.

1.3 Legal basis

RKE is subject to a wide range of legal requirements for the implementation of security measures. RKE's legal basis for processing is therefore Article 6.1.C of the General Data Protection Regulation, since processing of personal data is necessary to meet RKE's obligations. The sensitive personal data are processed pursuant to Article 9.2.B, as it follows from the Commission's PRM Regulation (1107/2006) that passengers with special needs shall be assisted.

1.4 Third party recipients

Data collected in the handling process is upon request transferred to:

  • Danish authorities, including The Danish Transport, Construction and Housing Authority and the Police.

1.5 Deletion

Data is deleted 3 months after collection in accordance with the Danish aviation legislation. The data required to comply with RKE's obligations under the Danish Accounting Act will be retained for 5 years plus the current financial year.

3. CCTV MONITORING & SECURITY
 

For RKE, security is important and in order to meet the security requirements that RKE is subject to, RKE processes a number of data about you when you use and move in RKE.

1.1.1 The general data collected by RKE is following:

  • Scanning of boarding card/pass in connection with security check*
  • Tv-survaillance of the airport areas*

1.2 Purpose

The data is processed to meet til requirements to airport security, validation of passengers via bording card/pass, statistics on the users of RKE, incl. passenger traffic in the RKE and eventual preparation of incident reports and handling of special transports. In order to fulfill these obligations, RKE uses television surveillance on the airport area.

1.3 Legal basis

RKE is subject to a wide range of legal requirements for the implementation of security measures. RKE's legal basis for processing is therefore Article 6.1.C of the General Data Protection Regulation, since processing of personal data is necessary to meet RKE's obligations.

1.4 Third party recipients

In special cases, RKE may, when necessary, share data with Danish authorities. In exceptional circumstances, data may be disclosed to private third parties, such as insurance companies, in connection with claims. In this regard, only data about the particular affected individual is disclosed, so other persons who may appear from the recordings will be blurred.

1.5 Deletion

Registration of scanned boarding cards/passes is deleted after 3 months.

Recordings are deleted after 15 days. In special cases, in case of a specific case, recordings may be stored for an extended period of time.

1.6 Restriction of your rights

In relation to CCTV monitoring within CPH’s area, your rights following GDPR Chapter III are restricted, by Article 23(1)(c) and (d) of the GDPR. Therefore you do not have the right to access the CCTV monitoring, due to:

  • public security reasons in Copenhagen Airport, Roskilde
  • the prevention, investigation, detection or prosecution of criminal offences
  • safeguarding against and the prevention of threats to public security in Copenhagen Airport, Roskilde

Access to processed data in connection with scanned boarding cards requires that you provide CPH with additional information that will enable us to identify you, cf. Article 11.2 of the GDPR; (i) date and approx. time for scanning boarding card, (ii) booking number and (iii) your initials. CPH only processes information from the boarding card as well as the date and time, but not your first and last name, and therefore can not identify you from the registered data.

4. INVOICING & FLIGT PLANS
 

In connection with RKE invoicing for the use of the airport, including handling and check-in, RKE processes personal data. RKE also receives flight plans to document all flights and prepare a daily traffic overview.

1.1 The processed personal data are:

  • Name, address, e-mail, telephone*
  • Company details*
  • Flight registration No.*
  • Crew*
  • Origin/destination*
  • ETD/ETA date*

1.2 Purpose

The data is processed in order to invoice companies and individuals, who uses RKE services. Further data regarding arriving and departing fligths (incl. crew) is processed with the purpose of documenting traffic to and from RKE and to prepare a daily traffic overview.

1.3 Legal basis

Data for invoicing is processed pursuant to Article 6.1.B of the General Data Protection Regulation, since processing of personal data is necessary for the agreement with RKE regarding use of the airport services. Data concerning flight plans are processed pursuant to 6.1.C, due to Danish aviation regulation and pursuant rules, stating that daily traffic reports must be prepared.

1.4 Third party recipients

Daily traffic reports are disclosed to Danish authorities, including Customs and Tax and Police. The reports do not include personal data.

1.5 Deletion

Data collected for invoicing is deleted in accordance with the Danish Accounting Act's, after 5 years plus the current financial year. Documentation of airplanes in RKE is stored for up to four months after collection, after which they are deleted.

5. ROSKILDE AIRPORT FLIGHT TRACKER (ENVIRONMENTAL INQUIRIES)
 

RKE regularly handles different types of environmental inquiries, including especially complaints about noise. In that regard, CPH has published information about the planes flying around RKE via an online portal to make it easier to identify the plane, a specific complaint is about. In connection with working on the portal, CPH has supposed that this included processing of personal data. Information about an unspecified plane’s route can be found on Roskilde Airport Flight Tracker, where the plane’s registration number will not be public. Accordingly, based on a specific complaint, only CPH can connect the information to a specific plane.

5.1 The processed personal data are:

  • Plane registration no. (no longer public information)*
  • Information in a flight plan, including altitude and destination*
  • Location data via radar*

5.2 Purpose

The purpose of the processing is to deal with complaints regarding air traffic, including complaints about noise and in this regard to be able to assign the complaint to a specific plane.

5.3 Legal basis

Information processed in connection with complaints about air traffic are processed pursuant to Article 6.1.C of the General Data Protection Regulation, due to Danish aviation regulation and pursuant rules and Article 6.1.E, as processing is necessary for the performance of a task carried out in the public interest. The public interest is to provide information to the public about a public activity, including making it possible to complain about flights. The public interest is also that CPH can answer and manage complaints about air traffic in the RKE, as well as accurately determine which aircraft a specific complaint is about.

5.4 Recipients

To the extent that CPH is required to do so, relevant data may be disclosed to relevant public authorities, including the Transport, Construction and Housing Authority and Roskilde Municipality.

5.5 Erasure

Information in Roskilde Airport Flight Tracker are available for the public for the previous 2 months.
In the non-public part of the system information is stored for maximum 12 months from date of collection.

Data processed in connection with environmental inquiries, will be deleted or anonymized no later than 5 years after closure.