Privacy policy

Last updated: May 15th, 2025

At GenomeDK, Aarhus University, we are committed to protecting your privacy and handling your personal data with transparency and care. This Privacy Policy outlines how we collect, use, and safeguard your information in compliance with the General Data Protection Regulation (GDPR).

Our privacy policy relates to our processing of personal data when we are data controllers. This is the case when we process your information necessary to providing our services.

Data controller

GenomeDK is managed by the Aarhus Genome Data Center at Aarhus University, Denmark. For any inquiries regarding your personal data, please contact us at support@genome.au.dk

The relevant personal data law rules that currently apply to our processing of personal data are set out in the General Data Protection Regulation (Regulation No. 2016/679 of 27 April 2016) and the Data Protection Act (Act No. 502 of 23 May 2018).

Information we collect

GenomeDK protects and processes users’ personal data through strong security measures including encrypted communication, two-factor authentication, and ISO 27001-certified information management. We comply with GDPR, collect only essential data, never share it with third parties, and provide secure storage, backup, and recovery options to ensure data integrity and privacy.

We collect and process minimal personal data necessary for providing our services:​

  • Full name
  • Email address
  • Affiliation
  • Login attempts (IP address and timestamp)
  • Files accessed (path to the file, timestamp and operation)

This information is used solely to manage your account, for billing purposes, to ensure system security, keep you informed about changes and improvements to our services, and provide support. We do not collect sensitive personal data unless explicitly required and consented to.​

We collect personal data directly from you or from a third party such as public authorities.

Legal basis for processing

Our processing of your personal data is based on:​

  • Performance of a contract: To provide you with access to GenomeDK services.
  • Compliance with legal obligations: To meet regulatory requirements.
  • Legitimate interests: To maintain system security and improve our services.​

We process your personal data to provide our technical services, for invoicing, to control and maintain the quality of our services and in some cases for mandatory financial audit.

Data retention

Your personal data is retained only as long as necessary to fulfill the purposes outlined in this policy or as required by law. Upon account termination, your data will be deleted or anonymized within a reasonable timeframe, unless retention is mandated by legal obligations.​

Data sharing

We do not share your personal data with third parties, except:​

  • when required by law or regulatory authorities,
  • with your explicit consent,
  • with service providers acting on our behalf (data processors)

Your rights

Under GDPR, you generally have the right to:

  • Right of access: You are entitled to access data that we process about you and some contextual information.
  • Right of rectification: You are entitled to have incorrect data about you corrected
  • Right of erasure: In special circumstances you are entitled to have data about you erased before the time of our generally scheduled erasure.
  • Right of restriction of processing: You are in certain circumstances entitled to restriction of processing of your personal data.
  • Right to data portability: You are in certain circumstances entitled to receive personal data in a structured, commonly used and machine-readable format and to transmit those data to another controller.
  • Right to object You are in certain circumstances entitled to object to our otherwise lawful processing of your personal data.
  • Right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.​

You can read more about your rights in the Danish Data Protection Agency’s guidance on the rights of the registered, which you can find at www.datatilsynet.dk.

To exercise these rights, please contact us at support@genome.au.dk.

Changes to this policy

We may update this privacy policy periodically. Any changes will be posted on our website. We encourage you to review this policy regularly.​

Contact us

You can contact us if you wish to exercise your rights as described above under section 6, if you wish to complain, or if you have any other questions regarding our privacy policy.

For questions or concerns about this privacy policy or your personal data, please contact support@genome.au.dk.