1.1. The QATO Foundation is data controller for the processing of your personal data:
The QATO Foundation
Business reg. (CVR) no.: 34643326
Tel.: +45 28 35 44 55
2.1. The QATO Foundation may process your personal data for the following purposes:
2.2. The QATO Foundation only processes general personal data about you to fulfil the above-mentioned purposes. Which personal data we need to process depends on your application, interaction with us and whether we grant your application. The QATO Foundation may, for example, process information about your name, email address, address, telephone number, occupation or educational background (CV), other information contained in the application and your account details.
2.3. If you wish to apply for funding from the QATO Foundation, we encourage you to only provide personal data relevant to the application and to refrain from disclosing any sensitive information or information about criminal offences. If you provide information about others, please do not state their names or contact information. Information provided in connection with your application, will be processed by the QATO Foundation’s board and administration. Applications for the QATO Foundation’s grant (“QATO Fondens Legat”) will also be processed by a selection committee from the University of Copenhagen (in which case, the University of Copenhagen will be data processor, cf. Clause 3 below).
3.1. In certain cases, the QATO Foundation will disclose your personal data to independent data controllers, if we are subject to a duty to do so. These recipient categories are:
3.2. Your personal data will also be disclosed to the QATO Foundation’s data processors. Such disclosure is subject to data processing agreements, and the data processor may not use the data for other purposes than to perform the processing for us. These data processor categories are:
4.1. In connection with the processing of your personal data for the purposes described in this Policy, your personal data may be transferred to data processors (as set out in Clause 3 above) located in countries outside the EU/EEA. When making such transfers, we will always take reasonable steps to ensure that your personal data are processed confidentially. If your personal data are transferred to countries outside the EU/EEA, such transfer will take place on the following legal basis:
a. The country has been approved by the European Commission as having an adequate level of security
b. If the country has not been approved by the European Commission as having an adequate level of security, we will transfer the data as follows:
5.1. Unsuccessful applications will be deleted six months after rejection. Successful applications will be stored for five years after being granted, after which time they will be deleted. However, the data may be processed and stored for longer in an anonymised form, just as we will store data that are not personally identifiable for longer.
8.1. We have implemented security measures to ensure that our internal procedures comply with the security standards adopted and any applicable legal requirements. We endeavour to protect the quality and integrity of your personal data. We have adopted internal information security rules that contain instructions and measures that protect your personal data against destruction, loss, alteration, unauthorised disclosure or unauthorised access to or knowledge of the data.
9.2. You may also complain to:
The Danish Data Protection Agency
Borgergade 28, 5. sal
DK-1300 Copenhagen K
Tel.: +45 33 19 32 00