About
The police process the personal data that you yourself give to us, e.g. if you report a criminal offence, or data that we collect from you, e.g. if you as a witness or as a person under judicial investigation give evidence.
We may also collect data on you from other authorities, individuals and companies, e.g. for use in a specific criminal case.
The police may, in accordance with law no. 410 of 27 April 2017 on the processing of personal data by law enforcement authorities, legally process data on you when it is necessary to prevent, investigate, detect or prosecute criminal offences.
Furthermore, we may process data on you when it is necessary to execute criminal law sanctions, including to protect against and prevent threats to the public safety.
Pursuant to the rules in the Law Enforcement Act, the police may process data on you without us having prior knowledge of whether an offence is a criminal offence or not, e.g. in connection with our law enforcement (e.g. when a fight stops or the police asks a party planner to turn down the volume of the music).
We may also process data on you when we undertake coercive measures - such as through visitation and arrest - at demonstrations, large sports events, and disturbances.
Furthermore, the police may, in accordance with the rules set forth in the European Union's Data Protection Regulation 2016/679 and the law on supplementary provisions for the European Union’s Data Protection Regulation (the Data Protection Act), legally process data on you when it is necessary for compliance with a legal obligation incumbent on us or when it is necessary to perform a task carried out in the public interest.
Pursuant to the rules set forth in the European Union's Data Protection Regulation as well as the Data Protection Act, we may, inter alia, process data on you when you submit a request for access, complain about the police or in some other way seek our assistance.
Common to the Law Enforcement Act, the European Union’s Data Protection Regulation and the Data Protection Act is that the police may only process data on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for the purpose of clearly identifying a natural person and data concerning the health, sex life or sexual orientation of a natural person when it is strictly necessary with regard to the above-mentioned purposes. These data are called special categories of data.
The police's core mission is to prevent, investigate, detect and prosecute criminal offences.
When you are a suspect, are under judicial investigation or convicted of a crime
If you are a suspect, are under judicial investigation or convicted of a crime, the police will create a case in the police's case management system POLSAS for the purpose of dealing with and documenting the case. The police will register your identification data in the case as well as other data that are relevant and necessary in order to handle the case. This might include sensitive personal data as well as data on criminal offences.
The legal basis for the police’s processing of your personal data is the Police Act, under which the police are tasked with bringing criminal offences to an end as well as investigating and prosecuting criminal offences. Your personal data are stored for as long as the police deem it necessary in order to fulfil their obligations as a public authority and in order to comply with applicable legislation, including the Danish Open Administration Act and the archival legislation. The Danish Open Administration Act imposes on the public authorities an obligation to document proceedings, and the archival legislation imposes on the police an obligation to retain personal data so that they may be transferred to the Danish National Archives.
If you have been accused or convicted of a crime, you will also be registered in the Danish Central Crime Register (Kriminalregisteret), which, inter alia, serves as an internal work register for the police and is the basis for criminal records and other messages used in criminal justice, both for private use and for use by other authorities.
The Danish National Police are in charge of processing personal data in the Danish Central Crime Register, which is separately regulated in the criminal register ordinance. In annexes 1 and 2 of the ordinance, you can see which data are registered in the section for rulings and the section for investigations, respectively.
In chapters 4–7, the ordinance regulates when the police are allowed to transfer information from the Danish Central Crime Register to private and public authorities. In chapter 3, the ordinance regulates when a registered person is allowed access to the information that is registered for that person in the register. Finally, in chapters 11 and 12, the ordinance regulates when the information in the Danish Central Crime Register are deleted.
The National Photo Register, the Central Fingerprint Register and the Central DNA Profile Register
If you have been charged with a crime, the police may, depending on the circumstances, also take your photograph, your fingerprint or extract a spit or blood sample (for the purpose of creating a DNA profile).
The police will register your photograph in the National Photo Register, your fingerprints in the Central Fingerprint Register and your DNA profile in the Central DNA Profile Register. The Danish National Police are in charge of processing personal data in the registers, which all serve as internal work tools for the police with regard to the identification of leads and persons.
The photograph, the fingerprints or the DNA profile will be recorded or extracted in connection with a specific case that is registered in POLSAS. Aside from the identification data, the registers therefore also contain a reference to the case that has lead to the recording or extraction of the data.
The police's access to record your photograph, your fingerprints or extract a spit or blood sample is regulated in the Administration of Justice Act, chapter 72 (as well as 75 with regard to the recording of a photograph).
In accordance with the rules set forth in the Administration of Justice Act, the police will delete personal photographs if the photographee has been acquitted or the prosecution has been abandoned. Furthermore, the police will at the latest delete personal photographs after 2 years following the photographee’s death, and at least 12 years following the recording of the personal photographs in the National Photo Register.
The information in the Central DNA Profile Register are deleted in accordance with the rules set forth in section 3 of the act concerning the creating of a central DNA profile register, according to which the data in the register’s person section must immediately be deleted, when:
- the charge has been dropped due to being unfounded,
- 10 years have passed since acquittal, in dubio pro reo or nolle prosequi without conditions,
- the registered person has turned 80 years of age,
- the data have been provided on the basis of a body search, which the court refuses to acknowledge,
- the data have been provided on the basis of a body search, which the court or the police themselves afterwards find unwarranted, or
- other exceptional reasons warrant it.
Furthermore, the data about a registered person must at the latest be deleted two years after that person's death.
It is expected that an ordinance on the processing of data in the Central Fingerprint Register will be issued at some point, wherein rules governing deletion will be determined that correspond to the deletion rules governing the processing of data in the Central DNA Profile Register.
As far as the Central Fingerprint Register is concerned, the Danish National Police are currently implementing the rules governing immediate deletion after an unfounded charge and 10 years following acquittal, in dubio pro reo or nolle prosequi. The other deletion rules are already in effect, and deletion is carried out in accordance with these rules.
When you are a witness, a victim or a person reporting
When you have been witness to a crime, reported a crime or been the victim of a crime, your identification data will be registered in POLSAS in connection to that or those specific cases that you have been a witness to, that you have reported or that you have been a victim of.
Your data are registered for the purpose of letting the police process the case and prosecute the crime.
Other registers which the police use for investigations
Even though you are not connected to a specific criminal case as a person under investigation, a witness, a victim or a reporter, your data may be registered in the police’s other registers, whose purpose it is to support the police’s tasks and investigation.
The Danish National Police are therefore data controllers for the Cental Driving Licence Register (Kørekortregisteret), the Central Passport Register (Pasregisteret) and the Central Register for Motor Vehicles (CRM).
You are registered with your identification data in the Central Driving Licence Register and the Central Passport Register if you have a driving licence or a passport issued by the Danish authorities in accordance with the rules set forth in the ordinance on driving licences and the ordinance on passports etc.
The data in the Central Driving Licence Register are at the latest deleted two years after the death of the owner of the driving licence.
The data in the Central Passport Register are deleted two years after the expiration of the passport or at the latest two years after the death of the owner of the passport. However, the data about passports that are wanted are not deleted before the passports are found, unless it after a specific assessment for investigative reasons is deemed to be prudent to delete the data sooner.
You are registered with your identification data in CRM if you own a vehicle. The police collect data in CRM from SKAT's motor vehicle register in accordance with the rules of the act concerning the registration of vehicles.
Furthermore, the police collect data in CRM from the police’s own Register for Wanted Vehicles, which contains data on whether a vehicle or a vehicle’s number plate(s) is stolen and wanted, and whether the vehicle has been blocked if it needs to be confiscated etc.
The police also carry out many other tasks that are naturally connected to the police's activities. In this regard, The Danish National Police are data controllers for a number of registers where the police process personal data in order to solve administrative tasks, such as the issuing of permissions or security clearance.
For instance, the Danish National Police are data controllers for the Police’s Weapon Register, whose purpose it is to support the police’s administration of cases pursuant to the Danish Weapons Act and Hunting Act regarding applications for the issuing of weapon permits etc. The Danish National Police and the police may use data in the Weapon Register to support the police’s investigations and to supervise and monitor the issued permits.
Another example is the Central Rights Register, which the Danish National Police are also data controllers for. The purpose of the Rights Register is to monitor the people who have a job or a permit that requires the police’s prior acceptance. The police are therefore, e.g. pursuant to the rules set forth in the weapon ordinance and the catering legislation, obligated to investigate a person's personal situation if said person applies for a hunting permit or an authorisation to be a doorman. The Rights Register is linked to the Central Criminal Register, and in that way the police are able to determine whether the person continues to meet the demands to have the job or the permit that requires the police’s acceptance.
The police’s processing of your data in these registers presupposes that you or someone else one on your behalf have contacted the police in order to submit the application etc.
Together with the the Danish Central Crime Register, the Driving Licence Register, the Passport Register, CRM, the Police’s Weapon Register and the Central Rights Register constitute "the police's central systems". In order to get an overview of the central systems, the police have created the Police's Index Register, in which the police store and define the personal data and company data that are registered in the central systems and POLSAS. The Index Register is also updated through the Ministry for Economic Affairs and the Interior's CPR register, which contains data on the individuals registered in Denmark.
ANPG
The Danish National Police are also data controllers for the system Automatic Number Plate Recognition (ANPG), whose purpose it is to collect pictures of number plates from cameras. The pictures are processed along with data on the vehicles in order to prevent, investigate, detect and prosecute criminal offences.
Aside from pictures of number plates, ANPG also processes data on the number plate, the time of the recording and the vehicle’s position at the time of the recording.
ANPG is separately regulated in the ordinance on the police's use of automatic number plate recognition (the ANPH ordinance). In chapter 4, the ordinance regulates when data are deleted in ANPH.
PED
The Danish National Police are data controllers for the Police’s Investigation Support Database (PED), whose purpose it is to provide support in solving the police’s tasks within the areas that are subject to systematic police monitoring.
The police process data on the following individuals in PED:
- individuals who have been convicted of, accused of or are suspected of having committed or will commit a criminal offence,
- informants, police agents and individuals who are subject to witness protection measures, and
- individuals who on the basis of family, cohabitation or other social relations have a special connection to individuals mentioned in points 1 or 2.
PED is separately regulated in the ordinance on the police’s processing of personal data in the Police’s Investigation Support Database (the PED ordinance). Chapter 5 of the PED ordinance states when data in PED are deleted.
POL-INTEL
The Danish National Police are data controllers for POL-INTEL, which is used to conduct cross-cutting information analysis in order to support the police’s responsibilities.
The expression ‘cross-cutting information analysis’ covers analyses, including the collating of data within the police’s registers or across several registers.
The police conduct, inter alia, cross-cutting information analyses when it is necessary in order to prevent, investigate and detect criminal offences, in order to support the police’s preparedness and in order to complete border and immigration control.
POL-INTEL gives the police access to analyse data across POLSAS, the Criminal Register, CRM, the Index Register, the National Photo Register and ANPG.
The police’s access to conduct cross-cutting information analyses is regulated by section 2a of the police act and the ordinance on the police's processing of information in connection with cross-cutting information analyses.
Chapter 4 of the ordinance states when data in POL-INTEL are deleted.
The police regularly transfer personal data to the Prosecution Service, the courts, the Department of Prisons and Probation, the Ministry of Justice and other relevant authorities.
Transfers take place when it is necessary in order to perform normal tasks, including if it is demanded by law that we transfer data.
We also transfer personal data to the police’s data processors, who assist the operation and administration of our IT systems. Finally, we transfer data in individual cases to private operators and foreign organisations and authorities.
The Law Enforcement Act, the European Union's Data Protection Regulation and Data Protection Act give you (the registered) a number of rights. Your rights are stated in chapters 4–7 of the Law Enforcement Act, chapter 22 and 3 of the European Union’s Data Protection Regulation and chapter 6 of the Data Protection Act.
The following section describes your rights in general terms. If you desire more detailed information about your rights, please read the legislative texts or contact the Data Protection Unit (Databeskyttelsesenheden).
You have, in a number of instances, the right to be notified about the police's processing of data on you. If it is necessary in order for you to defend your interests, we must notify you, inter alia, about the following:
- the legal basis for and the purpose of the data processing,
- the time period where the personal data are processed or according to which criteria the data are processed,
- the categories of data recipients,
Our duty to give you the data might be suspended, limited or waived if your interest in obtaining the data should yield to the consideration of private or public interests.
You may also request access to data on you which the police process, and in that regard you generally have the right to receive confirmation that we are processing data on you.
If data on you is being processed, we in principle must give you access to the data as well as a statement, namely notifying you about:
- the purpose of and the legal basis for the processing,
- categories of personal data, and if possible, where the data originate from,
- data recipients,
- how long your data will be stored or the criteria used to determine how long the data are stored,
- your right to request of the police a correction or deletion of personal data or a restriction of the use of data on you.
The police may refuse a request for data access if your interest in receiving a statement should yield to private or public interests. We may also decide whether the right to access is suspended or limited. This includes the right to object to a processing.
You are entitled to a written decision if your request for data access is refused. You are also entitled to a written decision if your request for correction, deletion or restriction of the processing of data is refused. In principle, we must give you a reason for the refusal. However, there may be cases where the police cannot give a statement on whether data on you is being processed.
We must point out that there are special rules governing some of the police’s IT systems. For instance, the ordinance on the the Danish Central Crime Register includes special rules about your access to the data on you that are being processed in the Danish Central Crime Register, just as the ordinance contains specific rules on when the data are deleted.
You have the right to object to the police's processing of data on you and may demand that the data are deleted.
Such requests and objections should be directed to the Danish National Police or the relevant police districts. If you are unsure of which police district is relevant in your case, you can send your request or objection to the Danish National Police.
You may complain about the police's decisions to the Danish Data Protection Agency, and you may request that the Danish Data Protection Agency look into whether the processing of data is legal.
The Danish Data Protection Agency may be reached per email on: dt@datatilsynet.dk. The Danish Data Protection Agency's address is: Borgergade 28, 5., 1300 København K.
The Danish Data Protection Agency is the independent authority that supervises compliance with the rules set forth in the Law Enforcement Act, the European Union’s Data Protection Regulation and Data Protection Act. Among other things, the Danish Data Protection Agency mentors and advises authorities in the processing of personal data. The Danish Data Protection Agency also handle complaints about the authorities’ processing of personal data.
The Danish Data Protection Agency may also exercise your rights if the police have made a decision to waive, suspend, limit or refuse your rights given in chapters 4–6 of the Law Enforcement Act.
The Danish National Police have designated JuliaThorsøe Ballaschk as the data protection officer for the processing of personal data done by the Danish police within the scope of the Law Enforcement Act.
The Danish National Police have designated Vibeke Dyssemark Thomsen as the data protection officer for the processing of personal data done by the Danish police within the scope of the European Union’s Data Protection Regulation and Data Protection Act.
The data protection officers are tasked with, inter alia, ensuring that the country's 12 police districts and The Danish National Police comply with the rules on how personal data should be processed legally and safely. The data protection officers are also tasked with advising and informing the relevant sections of the police about the rules governing data protection.
The data protection officers may provide you with further information about the rules governing data protection. The data protection officers may also mentor you about your rights in relation to the police's processing of personal data, including which section of the police you should contact if you wish to exercise your rights.
You can read more about the data protection officers' tasks in section 31 of the Law Enforcement Act and article 39 in the European Union’s Data Protection RegulationThe data protection officers are a part of the Danish National Police's Data Protection Unit, which can be reached per email on pol-databeskyttelse@politi.dk or by ordinary letter to the address: Polititorvet 14, 1780 København V. The Data Protection Unit can also be reached per phone on: (+45) 3314 8888.
Email and digital mail
The Danish National Police can send and receive secure digital mail via borger.dk and via the email address pol-databeskyttelse@politi.dk.
Sending a regular email will not be encrypted. The Danish National Police therefore request that you use regular postal mail if you wish to send in information which you believe should be protected, such as information on a criminal offence, and if you cannot send or receive secure digital mail.
Communication will not be responded to per email if the answer contains classified information and if you cannot receive secure digital post. The Danish National Police may therefore need to know your name and postal address, so that the response can be sent to you with regular postal mail.
The police will register and process data on you if you have received a fine. We register data on you in order to document the case's progress and decision as well as to handle the collection of the fine.
We notify about fines for the violation of the Danish Criminal Code and the rules of the special legislation, where violations can be punished with a fine (e.g. the Danish Road Traffic Act, the law on narcotics as well as the Danish Weapons Act).
The police will in all instances create a case regarding the fine in our case management system POLSAS, and in most instances we register the decision in the Danish Central Crime Register.
The registration and storing of your data in POLSAS are done for the purpose of managing and processing specific criminal cases. In POLSAS we register case and identification data, including name, address and personal identification number.
The purpose of the registration of the data in the Danish Central Crime Register is stated in section 2 of the criminal register ordinance. You can see which type of personal data the police register in the Danish Central Crime Register in annexes 1 and 2 of the criminal register ordinance. Among other things, we register data on personal identification number and decisions in specific criminal cases.
When we notify about fines on the basis of speed measurements done with the help of mobile speed cameras and traffic enforcement cameras, we also register your data in our case management system for automatic traffic control (ATKS). This is done for the purpose of documenting the case’s progress and decision, including who the driver of the vehicle was at the time of the offence. In ATKS we register case and identification data, including name, personal identification number, address and the vehicle’s registration number.
Finally, the police process your data in our fine system and treasury system for the purpose of collecting the fine. In the collection systems we process identification data, case data and account data, including data on any instalment payments.
The Danish National Police have established a passenger list information unit (PNR unit), which is responsible for processing passenger list information (PNR data).
PNR data is personal information held by airline companies about their passengers, which is used when booking flights. PNR data includes names, addresses, contact details, scheduled travel dates, seat information, luggage details, number and names of fellow travellers and information about means of payment. You can view an exhaustive list of what information classifies as PNR data in Appendix 1 of the PNR Act.
The PNR Act
The Danish National Police have set up a dedicated PNR unit. Only the members of staff working in the unit will have access to the PNR data received from the airline companies. Airline companies are obliged to disclose to the Danish National Police PNR unit the PNR data, which they have collected as part of their business activities. The scheme covers all flights related to Denmark.
The purpose of processing PNR data is to prevent, detect, investigate and prosecute terrorist offenses and other serious crime, including murder, human trafficking and illegal trading in drugs and weapons. You can view an exhaustive list of the types of crime, which the processing of PNR data aims to combat, in Appendix 2 of the PNR Act.
The processing of PNR data by the Danish National Police PNR unit is subject to a number of requirements and due process guarantees, which are stipulated in the Danish Law Enforcement Act.
The Law Enforcement Act
Section 10 of the PNR Act states that the Danish National Police PNR unit may process PNR data in the following cases:
- To conduct an advance assessment of passengers prior to their scheduled arrival in, or departure from Denmark. This advance assessment may be conducted to identify persons, which the police, the Danish Customs Agency, the Danish Security and Intelligence Service (PET), the Danish Defence Intelligence Service (FE) or Europol are required to investigate, as such persons may be involved in an act of terrorism or serious crime.
- If PET considers that the information may be relevant to the performance of the service’s tasks relating to the prevention and investigation of violations of Chapter 12 of the Criminal Code regarding treason and other crimes against the State’s independence and security, and Chapter 13 regarding crimes against the state constitution and the supreme state authorities, terrorism etc.
- If FE considers the information to be of significance for the performance of the service’s activities aimed at matters abroad.
- When the PNR unit receives a substantiated request from the police, the Danish Customs Agency, PNR units and competent authorities in other EU Member States, Europol, non-EU countries and international organisations to disclose PNR data in specific cases, where this disclosure is necessary to prevent, detect, investigate and prosecute terrorist offenses and serious crime.
- To analyse PNR data in order to update or set new criteria to be used for advance assessments conducted to identify persons who may be involved in a terrorist act or serious crime.
To the extent that the processing is not regulated by the provisions of the PNR Act, the processing must be conducted in accordance with the Law Enforcement Act and the regulations issued pursuant to it.
To the extent that the Danish National Police PNR unit processes PNR data for the Danish Security and Intelligence Service (PET) and the Danish Defence Intelligence Service (FE) it is, respectively, the law on the Danish Security and Intelligence Service and the law on the Danish Defence Intelligence Service that regulates the processing of personal information, to the extent that the processing is not regulated by the provisions of the PNR Act.
Storage and masking
PNR data from airline companies is stored for a period of 5 years after the airline companies’ disclosure to the PNR unit, after which the information is deleted.
Six months after the disclosure of the PNR data to the PNR unit, information about a passenger’s name (including fellow passengers’ names and the number of travellers travelling together), address, contact details, payment details, bonus programme details, general remarks and any particular advance passenger information (AI) is masked. The information may then be unmasked only if special conditions for this are met. In these cases, the Danish National Police's Data Protection Advisor will be informed of the unmasking, and the Data Protection Advisor will then check whether the conditions for unmasking have been met.
Disclosure of PNR data
The Danish National Police PNR unit may disclose PNR data to the police, the Danish Customs Agency, PET and FE. In addition, the Danish National Police PNR unit may disclose PNR data to PNR units and competent authorities in other EU Member States, Europol, authorities in countries outside the EU and international organisations. The PNR Law stipulates conditions, which must be met, before the Danish National Police PNR unit may disclose PNR data.
Access to PNR information about you
The above section, ‘Access to the information that is processed’ describes your right of access in accordance with Section 15 of the Law Enforcement Act. However, this right of access does not apply to the processing of personal data by the PNR unit, since a ministerial order regarding the PNR unit’s processing of PNR data stipulates an exception to the right of access. This exception is stipulated pursuant to Section 16 (4) of the Law Enforcement Act, since it was judged that considerations of public interest must be presumed to entail a denial of requests for access in general.
However, you have the right to have the Danish Data Protection Agency exercise your rights, if the Danish National Police informs you of their rejection of access to the data, which the Danish National Police PNR unit is processing: cf. Section 40 (1) no. 1 of the Law Enforcement Act. You can email the Danish Data Protection Agency at: dt@datatilsynet.dk. The address of the Danish Data Protection Agency is: Borgergade 28, 5., DK-1300 Copenhagen K
The Danish police participates in international police cooperation in connection with solving our tasks, which entails that the police process data about individuals (personal data). Read more about the personal data the police may use, and what your rights are.
Data in the Schengen Information System (SIS)
SIS is an IT system which was established in connection with the abolition of border control within the EU. The aim of the SIS system is to ensure a high level of security in the area of freedom, security and justice within the EU, including maintaining public order and security as well as the safeguarding of security in the territories of the member states.
SIS contains data about persons who are wanted for arrest, who are missing, who are sought in order to assist in connection with criminal proceedings, who are sought for the purpose of discreet surveillance or specific checks or who are third-country nationals to be denied entry or stay in the Schengen area. SIS also contains data about objects such as vehicles, travel documents or industrial equipment, which is to be seized.
If you are registered in the Schengen Information System you have certain rights. You generally have the right to know whether data about you has been entered in the SIS, as well as the right to access personal data about you, which was entered. You also have the right to have factually inaccurate data rectified and demand the erasure of unlawfully stored data.
Your rights are set out in the SIS II Regulation and in Council Decision 2007/533/JHA of 12 June 2007
If you wish to exercise your rights, please fill out one of the following forms:
Request for access to information registered about you in the Schengen Information System (SIS)
Request to correct or delete information registered about you in the Schengen Information System (SIS)
Please send your completed form to:
Rigspolitiet
Politiområdet, NEC
Polititorvet 14
DK-1780 Copenhagen V
Att.: SIRENE-kontoret
Further information about the Schengen Information System can be found on the website of the Danish Data Protection Agency.
If you wish to submit a complaint concerning the police treatment of personal data related to you, please contact:
The Danish Data Protection Agency
Borgergade 28, 5.
DK-1300 Copenhagen K
Email: dt@datatilsynet.dk