The Danish EPA's Authorisation System for the Use of Pesticides - MAB

If you have any questions regarding our processing of your data, please feel free to contact our data protection officer.

You can contact our Data Protection Officer in the following ways:

By e-mail: dpo@mfvm.dk

By telephone: + 45 72 54 40 00

By letter: Tolderlundsvej 5, 5000 Odense, Denmark, att: Data Protection Officer

We process your personal data for the following purposes:

The Environmental Protection Agency processes your personal data for the purpose of accepting or rejecting links between authorisations and the company. The basis in law for our processing of your personal data ensues from:

Your personal data will in this connection be subject to the necessary processing, including, for example, record-keeping pursuant to the Danish Act on Public Access to Documents in Public Files (offentlighedsloven). Your data will furthermore be stored in accordance with the Danish Archives Act (arkivloven).

The Environmental Protection Agency processes your personal data data under the authority of the Chemical Act, the Environmental Protection Act and Statutory Order no. 2280 of 29. December 2020.

Hence, the processing takes place under the authority of the General Data Protection Regulation, Article 6(1), point (c) (legal obligations) and" point (e) (the exercise of official authority)".

We process data on criminal offences on the basis of section 8(1) of the Data Protection Act, in that the processing is necessary for performing the tasks of the Agency.

The Environmental Protection Agency processes any sensitive personal data provided by you under the authority of the General Data Protection Regulation, Article 9(2), point (f) (the processing of sensitive data is necessary for the establishment, exercise or defence of a legal claim"). The Environmental Protection Agency is obliged, inter alia, to keep a record of your personal data in accordance with the rules of the Danish Act on Public Access to Documents in Public Files.

[1] Act no 115 of 26. January 2017

[2] Act no. 1218 of 25. November 2019

The Environmental Protection Agency processes the data contained in your application. This includes the following data in particular:

• Your name

• Your address

• Your CPR number (central national register) or eID number

• If you have an eID number, you also provide information about your e-mail and address

• Information about your place of education: its name, address, graduation date of your education as well as if you passed your education.

• Reasons for that you have professional qualifications to obtain an authorization

• Other relevant documentation

• Completion in the R1 course held by the Danish Environmental Protection Agency

• Participation in the digital test to update your G1 authorisation

• Name of attorney

If you obtain an authorisation, we will keep you authorisation number on file. If you supplied a physical application we will file your application.

In addition to the information you have provided, we collect your education data for the authorisation types S1, S2 and F1 from the Agency for IT and Learning. Going forward we will receive data regarding tests you have passed relating to the authorisations types S1 and S2 directly from the schools. In regard to the authorisation type S3, the data will be sent directly to the MAB system from the e-learning system, upon completion of the e-learning course. In regard to the authorisation types G1, G2, G3, G4 and R2, we collect data from the relevant course providers.

The Danish Environmental Protection Agency will store information regarding your authrisation in the Danish Environmental Protection Agency’s Authorisation System for the use of Pesticides (MAB). The information supplied in MAB such as name, CVR number, authorisation number and expiration dates are publically available for use for inspection of authorisations. The Danish Environmental Protection Agency utilises your CVR number to request information regarding completion of qualifications from the Agency for IT and Learning, schools or relevant course providers. The Danish Environmental Protection Agency will pass on your CPR number to EU/EEA Member States upon request. The Danish Environmental Protection Agency will moreover entrust your personal data to the Agency's data processors, e.g. Statens IT (the Agency for Governmental IT Services in Denmark), IT providers (eg. Knowledge Cube A/S) and Aarhus Business College.

In addition to the data reported by you to the Environmental Protection Agency, we receive personal data about you from the following sources:

• CVR-register

• Agency for IT and Learning

• Course providers

• Schools

• CPR-register

The Danish Environmental Protection Agency will keep your personal data on file for 30 years. We reserve the right to keep your personal data on file for longer, if an on-going pollution is detected within the 30-year period.

Your data until the data are filed or discarded is pursuant to the rules of the Danish Archives Act, see Consolidated Act no. 1201 of 28 September 2016, or as long as they are needed for the purpose for which they were collected. When there is no longer a legal or administrative need, the data will be discarded (erased).

When the Danish Environmental Protection Agency receives the required documentation, an automated decision is made as to whether you can obtain an authorisation or not. The authorisation is issued without human intervention, and is therefore an automated decision under article 22 of the General Data Protection Regulation. The decision to grant an authorisation are decided with legal basis in the Statutory Order no 980 of 22. June 2020 and can be completed after the regulation’s article 22(2), point b, as the decision will be legally binding.

Authorisations are issued, if the requirements set out in the Statutory Order no 980 of 22. June 2020 are fulfilled. If you have not provided sufficient documentation, e.g. a spraying certificate, your application will be rejected. In this case you will receive a notification setting out the justification for the rejection.

Pursuant to the General Data Protection Regulation, you have several rights in relation to our processing of data concerning you. If you wish to exercise your rights, you must contact us.

Right of access

You have the right to obtain access to the data we process concerning you, together with a number of other data.

Right to rectification (correction)

You have the right to have incorrect data concerning you rectified.

Right to erasure

In special cases, you have the right to have data concerning you erased before the time of our ordinary general erasure.

Right to restriction of processing

In certain cases, you have the right to restrict the extent to which we process your personal data. If you have the right to restrict processing, we will henceforth only process information with your consent – with the exception of storage – or if a legal claim can be established, exercised or defended, or to protect a person or important public interests.

Right to object

In certain cases, you have the right to object to our processing of your personal data.

Right to transmit data (data portability)

In certain cases, you are entitled to receive your personal data in a structured, commonly used and machine-readable format, and to have this personal data transmitted from one data controller to another without hindrance.

You can read more about your rights in the Danish Data Protection Agency's guidance on rights of data subjects, available at www.datatilsynet.dk.

You have the right to complain to the Danish Data Protection Agency if you are not satisfied with the way in which we process your personal data. The contact details of the Danish Data Protection Agency are available at www.datatilsynet.dk.