Privacy policy

Latest update: 30 August 2020

In this Privacy Policy we describe how Copenhagen Airports A/S (CPH) processes your personal data. The Policy supplements, but does not substitute, any other policies or terms and conditions laid down with respect to the use of individual services provided by CPH.

It is essential to CPH that you feel secure about our processing of the personal data that we obtain about you when you are at the airport, sign up for or use one of our services, among other things.

You can also read our cookie policy here: CPH.dk/en/cookie-policy

If you are the holder of a CPH ID card, or are crew or visitor, the following Privacy Policy applies.

Data controller

Your personal data are processed by Copenhagen Airports A/S, Box 74, Lufthavnsboulevarden 6, DK-2770 Kastrup, Denmark as data controller.

Data Protection Officer

CPH has appointed a data protection officer (DPO), and you are welcome to contact our DPO with any questions or other queries you may have about our processing of personal data.

Please use the contact form and choose “Personal Data” and the subcategory “Contact Data Protection Officer”.

Mandatory information

Information marked * is mandatory. If you do not disclose such information, the consequence is that CPH will not be able to provide the services you request.

Your CPH Profile

If you have created a CPH Profile, you can access your personal data, including contact information, purchases, bookings etc. via your profile on CPH.dk. We encourage you to regularly update your information, including email address and other contact information.

Your rights

If CPH is processing your personal data you have certain rights.

These rights may be subject to special conditions or restrictions. For example, you may not have the right to request deletion, access or data portability in a given case. This depends on the specific circumstances of the processing activities.

Please see below to find out more about the specific rights and how to exercise them.

Withdrawal of consent
 

If processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent will not affect the lawfulness of processing of data before your withdrawal.

If you have given consent to receive a newsletter etc., you can withdraw your consent by clicking “Unsubscribe” or “Unsubscribe newsletter” in the footer of the received newsletters.

Contact us

If you would like our help to withdraw a consent, please use the contact form and choose “Personal Data” and the subcategory “Other”. Please note which consent you wish to withdraw.

Request for deletion
 

You have the right to request deletion of your data which is being processed by CPH.

Please note that generally CPH cannot meet request for deletion of a number of processed data types, which CPH processes as an airport operator. This includes CCTV and boarding card validation etc.

The reason for this is:

  • public security in Copenhagen Airport
  • to prevent, investigate, detect or prosecute criminal offences
  • to safeguarding against and to prevent threats to public security in Copenhagen Airport

Your rights following the General Data Protection Regulation Chapter III, including article 15 regarding deletion, restricted following § 22 (2), litra 3 and 4 in The Danish Data Protection Act.

We ask you to provide specific reasons for your interest in deletion, which will be taken into account when processing your request. 

Additionally, for certain types of data CPH only processes pseudonymous personal data and we cannot directly link the information to individuals without further information from you. Therefore, we will not be able to offer to delete this information, without additional information from you. Find out more in the separate sections of our privacy policy.

Please be aware that to a large extent the processing of personal data is necessary for CPH to be able to provide products and services that you require at the airport.

Contact us

If you wish for us to delete your data, please use the contact form and choose “Personal Data” and the subcategory “Deletion”. Please note which data you wish should be deleted.

Request for access
 

You have the right to request access to the personal data concerning you which CPH is processing.

However, the right to access requires that CPH can identify data as linked to you. In certain processes we process data in pseudonymized form, where data in itself cannot be linked to individuals without additional information provided by the specific individual.

Your rights following the General Data Protection Regulation Chapter III, including article 15 regarding access, are restricted following § 22 (2), litra 3 and 4 in The Danish Data Protection Act.
This means you do not have the right to access data from CCTV monitoring or images of scanned baggage, due to:

  • public security reasons in Copenhagen Airport
  • the prevention, investigation, detection or prosecution of criminal offences
  • the safeguarding against and the prevention of threats to public security in Copenhagen Airport

We ask you to provide specific reasons for your interest in access to the processed data.

Contact us

Please use the contact form and choose “Personal Data” and the subcategory “Access”. Please note which data you wish access to.

Objection to processing
 

You also have the right to object to the processing of your personal data and to have the processing of your personal data restricted.

In particular, you have an unconditional right to object to processing of your personal data for direct marketing purposes.

Contact us

Please use the contact form and choose “Personal Data” and the subcategory “Other”. Please not which data processing you object to and the reason for this.

Complaint
 

You have the right to complain about CPH’s processing of your personal data.

Contact us

Please use the contact form and choose “Personal Data” and the subcategory “Complain/objection”.

Complaint

If you are not satisfied with the way we process your personal data, you also have the right to file a complaint with the Danish Data Protection Agency.

Rectification
 

You have the right to request for rectification of your personal data, if you believe that the processed data is not correct.

You are encouraged to keep your data updated, to ensure that CPH always processes correct and updated data.

Contact us

Please use the contact form and choose “Personal Data” and the subcategory “Other”. Please note which data you wish to be rectified. 

Data portability
 

You have the right to receive the personal data you have provided in a structured, commonly used, machine-readable format (data portability).

Contact us

Please use the contact form and choose “Personal Data” and the subcategory “Other”. Please note which data you wish to receive in a structured, commonly used, machine-readable format. 

Processing time

CPH aims to process your request as soon as possible and no later than within one month.

If it is not possible to respond to your request within the deadline, we will inform you of the expected time of response.

Data collected from other sources

When we collect data from other sources than yourself, such source(s) may be:

  1. Online sources, such as publicly accessible social media.

Transfer to third countries

The information we collect will preferably and whenever possible be processed and stored within the European Economic Area ("EEA"). However, in certain situations, information is processed in third countries outside the EEA. For transfers to third countries, which are considered unsafe, we have taken adequate measures, for example by ensuring that the recipient is bound by EU model clauses, in order to protect personal data.scheme, regarding transfers to USA. You can obtain a copy of these precautions by contacting our DPO, cf. section above.

Privacy policy updates

We will make changes to this Privacy Policy as required. You can see this by checking the date at the bottom of the page. In case of significant changes to the Privacy Policy we will inform you directly about the changes and the consequences hereof.

By clicking the subjects below, you can see the processing of personal data that applies to the various parts of CPH.

1. CUSTOMER AND PURCHASE DATA

1.1 Newsletters, competitions and surveys
 

As a user of CPH you can subscribe to our newsletters, participate in our competitions and possibly answer surveys.

1.1.1 Personal data processed may be the following:

  • Name, address, e-mail address and telephone no.*
  • Any information you provide that is necessary for CPH to administrate competitions or send newsletters
  • Survey replies

1.1.2 Purpose

The purpose of processing data is for CPH to send newsletters, administrate competitions and receive replies on surveys.

Your data are also processed for marketing purposes, including improvement of our knowledge of you (profiling) in order to send you relevant marketing material such as offers, campaigns and competiongs among other things.

1.1.3 Basis of processing

Data are solely used subject to your consent in accordance with Article 6(1)(a) of the GDPR. Naturally you have the right to withdraw your consent at any time.

Your data are for marketing purposes also processed on the basis of Article 6(1)(f) of the GDPR (necessary for the following legitimate interests: marketing purposes).

1.1.4 Recipients

Relevant information can, when necessary in connection with competitions, be disclosed to business partners such as shops, restaurants, airlines etc.

Data may be disclosed to social media or other third parties with regard to our marketing.

1.1.5 Erasure

Information processed in connection with newsletters will be processed until you may unsubscribe.

Information processed in connection with competitions, are processed until the winner(s) is/are found and will be deleted hereafter, unless special conditions for the specific competition apply.

Information processed in connection with surveys, will be deleted or anonymized no later than 1 year after collection.

1.2 Parking
 

CPH collects data on you in connection with your use of CPH’s car parks. The below information is a supplement to the general terms and conditions applicable to CPH Parking, which are available here.

1.2.1 The personal data processed in CPH Parking are the following:

  • Name*
  • E-mail address*
  • Telephone no.*
  • Country and postcode*
  • Licence plate no.*
  • Parking location, parking period and booking no.*
  • Advantage membership no.
  • Brobizz no.
  • Payment method, including credit card information*
  • Disability badge no.
  • Information about your car for administrative purposes, e.g. collection and servicing of car, including brand, colour and model.

1.2.2 Purpose

The purpose of processing data is to perform/manage your agreement on/purchase of parking at CPH and for statistical purposes.

Your data are also processed for marketing purposes, including improvement of our knowledge of you (profiling) in order to send you relevant marketing material such as offers, campaigns and competitions among other things.

1.2.3 Basis of processing

Data processed in connection with the ordering of parking at CPH are processed on the basis of Article 6(1)(b) of the GDPR, as such data are necessary for the conclusion and performance of the agreement with you on purchase of parking at CPH and for the establishment or defence of any legal claims.

Your data are for marketing purposes also processed on the basis of Article 6(1)(f) of the GDPR (necessary for the following legitimate interests: marketing purposes).

1.2.4 Recipients

CPH will disclose to CPH's business partners personal data collected in connection with your ordering of parking only when necessary, including if you have ordered valet parking or extra services, such as servicing or cleaning of your car. In case of non-payment, CPH may disclose information to our debt-collecting agency.

In certain instances, CPH will disclose personal data collected in connection with your relation to CPH. Data may be disclosed to social media or other third parties with regard to our marketing.

1.2.5 Erasure

Data collected in connection with your online booking of parking at CPH will be deleted after 1 year. Data is stored to give you access to your historic booking data in your user profile, in order for objections to invoices, bookkeeping purposes etc.

Images taken in connection with automated Licens Plate Recognition when entering and exiting the car park, as well as We Park You Fly (Valet Parking), will be deleted no later than 30 days after end parking.

Data required under the rules of the Danish Bookkeeping Act will be stored for 5 years plus current year.

1.3 Click&Collect – Pre-orders
 

When you order goods from CPH.dk/shop, CPH and the current operator of the TAX FREE shop, with whom you are concluding the agreement, process information about you and your purchase. The general terms and conditions applicable to purchasing products at CPH.dk/shop are available here.

1.3.1 The personal data collected and processed in connection with the purchase process are the following:

  • Name*
  • Address*
  • E-mail address*
  • Telephone no.*
  • Information about payment method, including credit card information*
  • Information about purchase or reservation*

1.3.2 Purpose

The purpose of processing personal data is to complete the purchase or ordering of goods at CPH.dk/shop.

Your data are also processed for marketing purposes, including improvement of our knowledge of you (profiling) in order to send you relevant marketing material such as offers, campaigns and competitions among other things.

1.3.3 Basis of processing

The data processed in connection with the ordering or purchase of goods at CPH.dk/shop are processed on the basis of Article 6(1)(b) of the GDPR, as the data are necessary to conclude the agreement with you on the purchase or reservation of your goods.

Your data are for marketing purposes also processed on the basis of Article 6(1)(f) of the GDPR (necessary for the following legitimate interests: marketing purposes).

1.3.4 Recipients

CPH discloses relevant personal data to the current operator of the TAX FREE shop and other business partners to the extent necessary to complete your purchase or reservation.

In certain instances, CPH will disclose personal data collected in connection with your relation to CPH. Data may be disclosed to social media or other third parties with regard to our marketing.

1.3.5 Erasure

Data required under the rules of the Danish Bookkeeping Act, will be stored for 5 years plus current year. 

1.4 CPH Profile
 

CPH collects information about you when you create and use your CPH Profile.

1.4.1 The personal data processed in CPH Advantage is the following:

  • Name*
  • Address*
  • E-mail address*
  • Date of birth*
  • Gender*
  • Telephone no.*
  • Purchase history*
  • Preferences
  • Travel information
  • CPH Profile no.*
  • Information collected via cookies at CPH.dk and via CPH App
  • Licence plate and vehicle information

1.4.2 Purpose

The purpose of processing data is to maintain and develop your CPH Profile, including to send you relevant marketing material, for example in connection with offers, campaigns and competitions.

Your data are also processed for marketing purposes, including improvement of our knowledge of you (profiling) in order to send you relevant marketing material such as offers, campaigns and competitions among other things.

1.4.3 Basis of processing

Data in CPH Profile are used subject to your consent in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR). Naturally you have the right to withdraw your consent at any time.

Your data are also processed for marketing purposes on the basis of Article 6(1)(f) of the GDPR (necessary for the following legitimate interests: marketing purposes).

1.4.4 Recipients

In certain instances, CPH will disclose personal data collected in connection with your relations to CPH Profile. Data may be disclosed to:

  1. suppliers with whom we collaborate, including suppliers of technical support and operation of our services; or
  2. social media or other third parties with regard to our marketing; or
  3. business partners such as shops, restaurants, airlines and our partners located in or outside CPH, in connection with orders, sales or the performance of other services; or
  4. if CPH has been ordered to disclose information in consequence of a court decision or if required under applicable law.

1.4.5 Your rights

You have the right to withdraw your consent at any time. Via your CPH Profile, you may change or withdraw your consent, update your preferences or request for deletion of your CPH Profile.

1.4.6 Erasure

Personal data are stored, as a minimum, for the duration of your active CPH Profile. When your profile is deleted, so are your personal data.

Data required under the rules of the Danish Bookkeeping Act will be stored for 5 years plus current year.

2. ONLINE

2.1 Cookies and WiFi - CPH FREE WIFI
 

CPH collects and uses information about you when you use CPH’s websites, apps and wireless internet CPH FREE WIFI. When doing so, CPH can store cookies on your device (computer, tablet, mobile device or other terminal equipment).

You can read our Cookie Policy here.

The general terms and conditions applicable to using CPH FREE WIFI are available here.

2.1.1 The following data are collected and processed:

  • Information transmitted by your device when you visit our websites, use our services or receive services*
  • Information about your:
    • Device ID (IP and MAC address), referral URL, duration of visit and geographic location and
    • Information about your use of CPH’s websites, apps and services. Such information is also collected via cookies and sometimes beacons, etc.

2.1.2 Purpose

The purpose of collecting data in connection with use of our websites, apps and CPH FREE WIFI is to improve CPH’s websites and target the promotion of offers to you and to prepare anonymous statistics of CPH users, including the physical movement of users around CPH. Read more in specific section below, regarding passenger and waiting time counts.

2.1.3 Basis of processing

Personal data processed in connection with your use of our websites, apps and CPH FREE WIFI are processed on the basis of Article 6(1)(f) of the GDPR, as processing is necessary for the purposes of the following legitimate interests pursued by CPH:

  1. improvement of websites and apps, statistics and necessary functionality, 
  2. targeted promotion of our products and services, 
  3. ensuring that only private individuals (and not e.g. tenants) use the network,
  4. ensuring that CPH FREE WIFI is not used to download illegal material or is otherwise used in contravention of Danish law.

2.1.4 Recipients

Relevant personal data are disclosed to suppliers with whom we collaborate, including suppliers of technical support and operation of our services, media agencies, advertising networks and social media for marketing purposes.

2.1.5 Erasure

Data collected in connection with your use of CPH FREE WIFI will be anonymised on an ongoing basis and erased within 12 months of collection. 

Cookies expire in accordance with our Cookie Policy, read more here.

2.1.6 Restriction of your rights

Access to processed data for the purposes stated above, requires that you provide CPH with additional information that will enable us to identify you, cf. Article 12(6) of the GDPR; (i) e-mail and country registered at log-in, (ii) IP/MAC address; and (iii) date and approx. time for use of CPH FREE WIFI. CPH does not process information about your first and last name, and therefore CPH cannot identify you from the registered data.

2.2 CPH App
 

In connection with your downloading and using our CPH App, CPH collects various data about you, your device and your use of our app. Furthermore, cookies are registered when using the app, which you can read about in CPH’s cookie policy, which can be found here.

2.2.1 The personal data collected in the app are the following:

  • Information sent from your telephone/terminal equipment when you visit CPH or our websites;
  • Including information about your device ID, device type, browser type, duration of visit, geographic location, electronic address (e.g. IP and MAC address), terminal equipment and connection information, referral URL
  • Preferences and information about your use of CPH’s websites and services
  • If you are an CPH Advantage member: Name, gender, language, telephone no., e-mail address and information about your CPH Advantage membership
  • Name, address, e-mail address and payment information in connection with purchases through the app*

2.2.2 Purpose

We use the personal data collected to:

  1. handle orders of parking, meals and goods in CPH Webshop;
  2. improve our knowledge of you, for example to enable us to send you more relevant marketing material; and to
  3. send you targeted marketing via e-mail, push messages or other technologies. The data may also be used to produce statistics on CPH users.

2.2.3 Basis of processing

The data processed in connection with your order are processed on the basis of the GDPR Article 6(1)(b) (necessary for the performance of a contract with you) and Article 6(1)(f) (necessary for the following legitimate interests: marketing purposes, producing statistics).

2.2.4 Recipients

In certain circumstances, we share relevant information collected in the app with our business partners for the purpose of processing your order of services, including goods from CPH Webshop.

Erasure

Data collected in connection with your purchase of parking or goods in CPH Webshop are erased after five years plus the current financial year in accordance with the rules of the Danish Bookkeeping Act.

2.3 CPH’s pages and groups on Facebook
 

CPH and Facebook are joint data controllers with regard to the collection of your personal data, when you visit our Facebook fan pages and groups (hereinafter: “CPH’s pages”). You can read the agreement on joint controlling here.

2.3.1 The personal data processed on CPH’s pages are the following:

Please read Facebook’s privacy policy about the information, which Facebook collects, when you visit CPH’s pages and how Facebook processes your data. You can find the policy here.

Furthermore, CPH processes information about you, which you provide to us, e.g. in connection with a direct enquiry from you to CPH via Facebook. This will typically include your name and question.

2.3.2 Purpose

The purpose of processing data is to receive anonymous information about the visitors on CPH’s pages from Facebook.

The purpose of processing data is also to answer your direct enquiries sent to us via Facebook among other things.

2.3.3 Basis of processing

Data processed in connection with CPH’s pages are processed on the basis of Article 6(1)(f) of the GDPR (necessary for the following legitimate interests: acquiring knowledge of the users of our pages on Facebook and communication with users on our pages).

2.3.4 Recipients

In certain instances, CPH will disclose personal data collected in connection with your use of CPH’s pages. Data may be disclosed to:

  1. suppliers with whom we collaborate, including suppliers of technical support and operation of our services; or
  2. if CPH has been ordered to disclose information in consequence of a court decision or if required under applicable law.

2.3.5 Erasure

CPH neither stores or has access to information regarding your online behaviour collected by Facebook. The information is stored by Facebook as described in their Privacy Policy.

The data that CPH receives are processed as described in sections “Purpose” and “Basis of processing”.

2.4 Contact CPH
 

As a user of CPH you are, of course, welcome to contact CPH with inquiries, complaints or other matters.

2.4.1 Personal data processed may be the following:

  • Name, address, e-mail address and telephone no.*
  • Any information you provide that is necessary for CPH to handle your inquiry
  • Recording of telephone conversation in customer service*

2.4.2 Purpose

The purpose of processing data is for CPH to be able to help you and handle your inquiry. The recording of telephone conversation are carried out for the purpose of complying with Security and Safety obligations.

2.4.3 Basis of processing

The data are processed on the basis of Article 6(1)(f) of the GDPR (the balancing of interests provision). The legitimate interests pursued by CPH are to assist you by answering your inquiry. In the balancing of your interests against those of CPH, it is also taken into account that CPH only processes the information that you have submitted to CPH. CPH does not obtain any additional information. Further, CPH is recording telephone conversations in customer service on the basis of a legal obligation in accordance with article 6.1.C.

In case of complaints or claims for damages, which may contain sensitive information including e.g. health information, data are processed in accordance with Article 9(2)(f) of the GDPR (for the establishment or defence of legal claims).

2.4.4 Recipients

To the extent that CPH is required to do so, relevant data may be disclosed to relevant public authorities, including the Transport, Construction and Housing Authority, the Environmental Protection Agency and the Police. Further CPH may, if relevant, disclose information to external advisers, including lawyers.

2.4.5 Erasure

Data processed by CPH when answering inquiries are erased within 24 months of the case being closed by CPH.

Recordings of telephone conversations will be stored no more than 30 days from the time of the recording.

Data processed in connection with environmental inquiries, will be deleted or anonymized no later than 5 years after closure.

3. IN THE AIRPORT

3.1 Security, CCTV monitoring and baggage
 

Security is important to CPH, and in order to meet the security requirements imposed on CPH, CPH processes various data about you when you use and move around CPH.

3.1.1 The personal data processed in the various functions at CPH are the following:

  • Scanning of boarding cards in connection with security checks*
  • CCTV monitoring of the airport areas*
  • Screening and sorting of baggage*

3.1.2 Purpose

The data are processed for the purposes of complying with the requirements of security, validating passengers through boarding cards, statistics on the users of CPH, and generating incidence reports and handling of special transports. In order to comply with these obligations, CPH uses CCTV monitoring within CPH’s area. Moreover, CPH processes data in connection with screening and sorting of baggage.

3.1.3 Basis of processing

CPH is subject to a wide number of legal requirements concerning the arrangement of security measures at CPH. Accordingly, CPH’s basis of processing is Article 6(1)(c) of the GDPR, as the processing of personal data is necessary to comply with CPH’s legal obligations, including the Danish Air Navigation Act.

3.1.4 Recipients

In special circumstances, CPH may share relevant data with the Danish authorities, as required. In exceptional circumstances, data may be disclosed to private third parties, such as insurance companies, in connection with the settlement of disputes. In such situations, we only disclose data about the specific individual concerned. Moreover, to the extent necessary, CPH discloses data to airlines for settlement purposes in connection with CPH Fast Track and CPH Express. 

3.1.5 Erasure

Data from boarding card validation are erased after three months.

CCTV footage filmed within CPH’s area is subject to the requirements under the Danish Video Surveillance  Act regarding storage of such footage. Footage is erased within 30 days. In special circumstances and relating to specific cases, such data may be stored for a longer period.

Images of scanned baggage are kept in a limited time period, which by security reasons is confidential.

Data processed in connection with the sorting of baggage are erased after 5 days.

3.1.6 Restriction of your rights

In relation to CCTV recordings within CPH’s area and images of scanned baggage, your rights following General Data Protection Regulation Chapter III, including article 15 regard access, be restricted following § 22 (2), litra 3 and 4 in The Danish Data Protection Act. Therefore you do not have the right to access the CCTV monitoring or images of scanned baggage, due to:

  • public security reasons in Copenhagen Airport
  • the prevention, investigation, detection or prosecution of criminal offences
  • the safeguarding against and the prevention of threats to public security in Copenhagen Airport

We ask you to provide specific reasons for your interest in access to the CCTV recording or images of scanned baggage, for example if (parts) of the recordings should show information of particular interest to you, e.g. an accident involving personal injury. We refer to the Danish Data Protection Authority's decision in the Danish Metro case (Journal number 2018-832-0009), where right to access was denied.

Access to processed data in connection with scanned boarding cards requires that you provide CPH with additional information that will enable us to identify you, cf. Article 12(6) of the GDPR; (i) date and approx. time for scanning boarding card, (ii) booking number and (iii) your initials. CPH only processes information from the boarding card as well as the date and time, but not your first and last name, and therefore can not identify you from the registered data.

3.2 Photo and video recordings
 

From time to time, CPH records photos and video for the use of marketing purposes, information material etc. on CPH’s platforms. You may be part of these, when you are in our terminals or other areas.

3.2.1 Personal data processed may be the following:

  • Photos
  • Video recordings

3.2.2 Purpose

The purpose of processing data is for CPH to be able to produce marketing and information material etc.

3.2.3 Basis of processing

Situational photos and/or situational recordings: We are not required to request for your consent, cf. the practice of the Danish Data Protection Agency. In this connection personal data are processed on the basis of Article 6(1)(f) of the GDPR (necessary for the following legitimate interests: photo and video recordings in areas available to the public, including the terminals).

You participate in photo and/or video recordings: Your personal data are subject to your consent in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR). Naturally you have the right to withdraw your consent at any time, unless a separate agreement regarding CPH’s use of the recordings has been entered into.

3.2.4 Recipients

Photos and video recordings may be uploaded on social medias or other channels for the purpose of showing and spreading the material.

3.2.5 Erasure

CPH will store and use photos and video recordings for as long they are relevant, or as specifically stated in connection with the request for a consent.

3.3 Passenger and waiting time counts
 

CPH continuously monitors the number and flow of passengers through the airport for statistics, operational and emergency reasons.

The counts are made using sensors or registration of connection to CPH FREE WIFI. In this connection MAC addresses are collected, however immediately hashed.  Further counts are made byregistration of MAC addresses from devices with enabled WiFi or Bluetooth. However, the MAC addresses are immediately anonymized and hashed.

If you do not want this, we recommend that you deactivate Bluetooth and WiFi and do not use CPH Free WiFi on your device. 

3.3.1 The personal data processed in the various functions at CPH are the following:

  • Sensor information*
  • MAC address

CPH has taken the view that waiting time counts and flow analysis using sensors can be linked to individuals. However, the data is processed in pseudonymized form and CPH does not refer the data from passenger and waiting time counts via sensors to specific individuals.

The same view applies to registered MAC addresses from devices with activated WiFi or Bluetooth, despite this information is immediately anonymized and hashed and for registered MAC addresses when connection til CPH FREE WIFI.

3.3.2 Purpose

CPH continuously monitors the number and flow of passengers through the airport for statistics, operational and emergency reasons.

CPH uses a number of technologies including sensors in different locations in the airport to calculate the average waiting times in the security check as well as for other analysis purposes, including for staffing purposes.

Although these sensors themselves do not collect personal data, CPH has taken the view that the conuts in some cases can be linked to individuals via compilation with other information. However, CPH does not refer the information to specific individuals, but only uses the information for the purposes referred to above.

3.3.3 Basis of processing

To the extent that information from passenger and waiting time counts can be linked to a specific individual, the information is processed on the basis of Article 6.1.F of the GDPR (the balancing of interest provision). The legitimate interests pursued by CPH is to measure the waiting time in the security check and to make analyzes regarding the use of the airport terminals, including for staffing purposes, statistics, and operational and emergency reasons.

In the balancing of interest, the fact that CPH does not compile data with other data sources, why the information is not related to specific individuals, is included.

3.3.4 Recipients

In special circumstances, CPH may share relevant data with the Danish authorities, if required.

3.3.5 Erasure

Information from waiting counts via sensors is only identifiable when it is possible to compile it with additional information from e.g. CCTV footage or information from the validation of your boarding pass. When the information from the CCTV footage or the information from the validation of the boarding card is deleted after respectively maximum of 30 days and 3 months, the information from the waiting time counts is anonymized, as they no longer can be related to a person.

Registered MAC addresses in connection to CPH FREE WIFI are deletes in accordance with the specific section concerning this topic above.

Collected MAC addresses in other situations, including passenger counts in baggage reclaim area, are immediately anonymized and hashed, via an algorithm, which changes after no later than 24 hours.

3.4 Passengers with reduces mobility (PRM)
 

CPH reveives as airport operator messages from grounhandling and airline operators etc. regarding arriving passangers with required PRM assistance, with the purpose of disclosure to the PRM supplier in the airport.

3.4.1 The personal data processed are the following:

  • Name
  • Information regarding requirement for PRM assistance
  • Other identity details, e.g. bookingnr. etc.

3.4.2 Purpose

CPH processes information in received messages in order to carry out the tasks and responsibility following the PRM regulation.

3.4.3 Basis of processing

CPH’s basis of processing is Article 6(1)(c) of the GDPR, as the processing of personal data is necessary to comply with CPH’s legal obligations, following the EU PRM regulation.

3.4.4 Recipients

Information is shared with the supplier of PRM assistance in the airport.

3.4.5 Erasure

Information in recived messages is deleted after maximum 3 months.

4. OTHER OPERATORS

4.1 Other operators in and at the airport
 

The airport houses a wide number of independent operators, including airlines, ground handling companies, shops and other service providers. CPH is not responsible for processing of personal data by these independent operators. For example, CPH is not in charge of check-in and boarding at Copenhagen Airport, Kastrup.