In connection with your submissions in the Danish Financial Supervisory Authority’s OAM system, we must inform you that we process your personal data. This follows from Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation ). The Danish Financial Supervisory Authority is the data controller for the processing of the personal data we receive about you.
We must provide you with the following information:
1. We are the data controller – how to contact us
2. Contact details of the Data Protection Officer
3. The purposes and legal basis for processing your personal data
4. Categories of personal data
5. Recipients or categories of recipients
6. Statutory notification of personal data
7. Storage of your personal data
8. Your rights
9. Complaint to the Danish Data Protection Agency
Information about our processing of your personal data, etc.
1. We are the data controller – how to contact us
The Danish Financial Supervisory Authority is the data controller for the processing of the personal data we have received about you.
You can contact the Danish Financial Supervisory Authority in the following ways:
- Email: Finanstilsynet@ftnet.dk
- Phone: +45 33 55 82 82
- Letter: Finanstilsynet, Strandgade 29, 1401 Copenhagen K
2. Contact details of the Data Protection Officer
If you have questions about our processing of your data, you are always welcome to contact our Data Protection Officer.
You can contact our Data Protection Officer in the following ways:
- Email: dpo@em.dk
- Phone: +45 33 92 33 50
- Letter: Ministry of Industry, Business and Financial Affairs, attn. Data Protection Officer, Slots-holmsgade 10-12, 1216 Copenhagen K
3. The purposes and legal basis for processing your personal data
We process your personal data for the following purposes:
- The Danish Financial Supervisory Authority processes your personal data to ensure compliance with the rules on reporting transactions by persons discharging managerial responsibilities.
The legal basis for our processing of your personal data is:
- Section 211(2)(5) of the Danish Capital Markets Act. According to this provision, the Danish Financial Supervisory Authority supervises compliance with Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse (the Market Abuse Regulation) and rules issued pursuant thereto. The rules on transactions by persons discharging managerial responsibilities are set out in Article 19 of the Market Abuse Regulation and in delegated regulations issued pursuant thereto.
The legal basis for our processing of your national identification number/CPR number is:
- Section 11(1) of the Danish Data Protection Act.
4. Categories of personal data
We process the following categories of personal data about you:
- General personal data, including: name, position/title, telephone number, address, and any relationship as a closely associated person to the person discharging managerial responsibilities, as well as transactions with a market value exceeding EUR 50,000 within a calendar year.
- Possible confidential information: national identification number/CPR number. If we process information about your identification number/CPR number, it is for the purpose of unique identification.
5. Recipients or categories of recipients
As a rule, we do not disclose your personal data to others. However, we may disclose your personal data if it is necessary for the performance of our regular duties. Data may also be disclosed if necessary for other authorities to perform their tasks, or in accordance with the rules on access to documents under the Danish Public Information Act and the Danish Public Administration Act.
6. Statutory notification of person data
A person discharging managerial responsibilities at an issuer of financial instruments, e.g. a company whose shares are admitted to trading, and a person closely associated with such a person must notify the issuer and the Danish Financial Supervisory Authority when they carry out transactions in financial instruments relating to that issuer. This follows from Article 19(1) of the Market Abuse Regulation.
The notification must be made promptly and no later than three business days after the transaction, cf. Article 19(1) second subparagraph, of the Market Abuse Regulation. The obligation to notify the issuer and the Danish Financial Supervisory Authority applies once the person discharging managerial responsibilities or a person closely associated with such a person has carried out transactions amounting to a total of EUR 50,000 within a calendar year. This follows from Article 19(1) third subparagraph, of the Market Abuse Regulation and Section 1 of the Executive Order on the threshold for reporting transactions by persons discharging managerial responsibilities.
A violation of Article 19(1) of the Market Abuse Regulation may, under certain circumstances, be punishable by a fine, cf. Section 249(1) of the Danish Capital Markets Act.
7. Storage of your personal data
We store and process your personal data in the Danish Financial Supervisory Authority’s OAM system for as long as necessary for the purpose for which we use the data, to fulfill our obligations as a public authority, and to comply with applicable legislation, including the Archives Act. When the purpose of the processing no longer exists, and we have fulfilled our obligations as a public authority, a copy of the data from the system will be transferred to the Danish National Archives in accordance with the Danish Archives Act.
Furthermore, your personal data may also be transferred to our electronic case and document management system if your submission gives rise to further case processing. We store your personal data in our electronic case and document management system for as long as necessary in relation to the processing of the case, or as long as necessary for the purpose for which we use the data, or until a statutory deadline expires. Information about you in the Danish Financial Supervisory Authority’s electronic case and document management system is transferred in accordance with the Danish Archives Act to the Danish National Archives after the end of the journal period in which the case containing the information is closed. After a journal period is closed, the Danish Financial Supervisory Authority will, for a period, still have access to retrieve the information in a historical version of the journal period. The historical version of the journal will be deleted no later than 15 years after the end of the journal period in which the case was closed.
8. Your rights
Under the General Data Protection Regulation, you have a number of rights in relation to the Danish Financial Supervisory Authority’s processing of your personal data.
If you wish to exercise your rights, you must contact the Danish Financial Supervisory Authority.
Right of access
You have the right to access the information we process about you, as well as a range of additional information.
Right to rectification
You have the right to have incorrect personal data corrected. You also have the right to have your data updated or supplemented with additional information if this would make your personal data more complete or up to date.
Right to erasure
In certain cases, you have the right to have your personal data erased.
Right to restriction of processing
In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to restriction, we may in the future only process the information – apart from storage – with your consent, or for the establishment, exercise, or defense of legal claims, or to protect a person or important public interests.
Right to object
In certain cases, you have the right to object to our otherwise lawful processing of your personal data.
You can read more about your rights in the Danish Data Protection Agency’s guidance on the rights of data subjects at www.datatilsynet.dk/english.
9. Compliant to the Danish Data Protection Agency
You have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find the Danish Data Protection Agency’s contact details at www.datatilsynet.dk/english