Privacy policy
Privacy and data security policy of Parasport Denmark.
Privacy and data security policy of Parasport Denmark
At Parasport Denmark, we handle a significant amount of personal data because we work with people—and for people. Protecting your privacy and safeguarding your rights to decide how personal information we borrow and which you trust with us is used is a top priority for us. It’s equally important to us that everyone connected to Parasport Denmark – whether employees, volunteers, athletes, parents, or others – feels confident and safe entrusting us with their personal information.
We are data controller – how to contact us
Parasport Danmark is data controller, and we ensure that your personal data is processed in accordance with applicable laws and regulations in EU countries.
You can reach us at the following contact information:
Contact person: Jan Bjørlik Hansen
Address: Idrættens Hus, Brøndby Stadion 20, 2605 Brøndby
CVR: 44 30 13 18
Mobile no.: 21 52 53 32
Email: gdprpost@parasport.dk
Website: www.parasport.dk
Purpose of processing Personal Data
We collect and process personal data solely for specific and legitimate purposes. And all processing is carried out based on lawful interests and in full compliance with the General Data Protection Regulation (GDPR) and applicable national legislation.
The processing of personal data is necessary to fulfill the tasks and responsibilities of Parasport Denmark as the main federation for disability sports and its affiliated clubs and associations.
Tasks are among others:
- To provide support and services to other of the sport federation’s associations and clubs regarding their sports activities, daily operations, and administration.
- To manage personnel administration and accounting services for external partners.
- To handle Paralympic-related activities, including registration in ISDMS and NSDMS systems.
- To conduct training and education of coaches, classifiers, officials, and leaders.
- To facilitate carrying out courses for clubs and other stakeholders.
- To conduct analysis and reporting for sports associations and other parties concerned.
- To develop sports activities under the Tumbling and Rising Stars projects, which are designed for new participants in Parasport.
- To distribute news, information, and guidance to athletes, assocations, and clubs affiliated with Parasport Denmark.
Legal Basis for processing your Personal Data
When we process personal data, we do so in accordance with applicable national legislation and the legal grounds for processing set out in the General Data Protection Regulation (GDPR).
In particular, processing is based on Article 6(1)(b) and 6(1)(c) of the GDPR, which allow for the processing of data necessary to fulfil a contract or agreement between the data subject and the data controller, respectively provide such compliance with the legal obligations as the data controller is obliged to ensure.
Additionally, the processing of personal data by Parasport Denmark is often legally based on Article 6(1)(f) of the GDPR—commonly known as ‘the balancing of interests rule’. This permits data processing where the data controller has assessed, prior to processing, that the interests or fundamental rights and freedoms of the data subject do not override the controller’s legitimate interest. For example, the processing may be necessary to support participation in sports activities that the individual has actively chosen to be part of.
The purposes and tasks of Parasport Denmark—as outlined in the section above—can, taken as a whole, equally serve to let Article 6(1)(f) or ‘the balancing of interests rule’ be cited in support of our legitimate interest as basis for processing personal data.
We always use encrypted email when handling sensitive personal data, and in doing so abide by what the requirements in Article 9(2)(b), (d), and partly (e) of the General Data Protection Regulation (GDPR) set out, concerning increased demand for security measures for such processing.
We comply with Article 10 of the GDPR regarding the processing of special categories of personal data. This article not only dictates that such data be subject to encryption but also stipulates that either a public authority must oversee the processing of these data, or that the legal basis under EU or national law must provide appropriate guaranties for the rights and freedoms of the data subjects.
For specific activities involving the processing of confidential and sensitive personal data, the individuals concerned—or their legal guardians—will be informed separately about the processing in question.
What personal data we process about you
Data concerning management, employees, and volunteers in the federation and in affiliated associations and clubs
General personal data such as name, email address, phone number, initials/login name, date of employment, and job title.
General confidential data requiring enhanced protection such as safe mail, such as CPR number (civil registration number) and bank account details for salary payments.
Educational background, exam results, and career-related information.
Data about job applicants provided by applicants themselves
General personal data provided by and registered for applicants during applying , including name, address, date of birth, email address, phone number, and other standard contact information.
Confidential personal data, such as information on disabilities or any other details voluntarily submitted in CVs (e.g., previous employment or career history).
Club Management and coaches
General personal data such as address, email address, and phone number. Educational and exam records related to qualifications.
Other information concerning roles and responsibilities in connection with the federation, including bank account details if applicable.
Special Categories of Personal Data granted the highest level of protection under the GDPR, such as criminal record information collected through mandatory child protection certificates.
Information about the contact persons and/or treasurers in associations/clubs
Basic personal information such as address, phone number, and email address for contact persons and treasurers or members of associations or clubs affiliated with the federation, all for the purpose of conducting analytical activities.
Information about participants in courses
We collect general personal information such as contact details. In addition, we process general but confidential data, such as educational background and test—or exam results of the participant in a course.
Information about athletes
General personal information such as registration and contact details, including name, gender, address, email address, username/login ID, date of membership, phone number, date of birth, photographs and the like.
General but confidential data such as civil registration numbers (CPR), passport numbers, and sports data related to Paralympic athletes and so on.
Sensitive personal data—particularly biometric, genetic, or health-related data, i. e. information about disabilities and sport-specific data regarding participants in sports events.
User activity on our digital platforms
When you visit Parasport Denmark’s website—Parasport Danmark – parasport.dk—we collect information about your user behavior. This is done to tailor and enhance your experience on the site, including customizing articles, advertisements, and other content.
In line with this, the following information will be collected about you:
- Cookies (see our cookie policy here)
- IP addresses
- Website behavior
Only the information necessary to process your request or deliver a service is collected. And just if required to provide the best possible response to your inquiry, we may request additionnal information.
When you give your consent to the processing of your personal data, we only collect the information you have in specific agreed to share.
We never use your personal data for the promotion of Parasport Denmark or any other federations or associations within disability sports without having first obtained your—or your parent’s/guardian’s—explicit consent to do so.
Disclosure of personal data to external recipients
Parasport Denmark works with a wide range of partners—from our local member clubs and sports schools to major international sports organizations such as Special Olympics and the International Paralympic Committee (IPC). It is frequently appropriate and, at times, imperatively necessary for us to share information about members, athletes, and staff among themselves in order to fulfill our role as a national sports federation.
The legal basis which is obligatory for sharing personal data about employees and others—such as payroll reimbursements including parental leave information with government authorities—is founded on Article 6(1)(c) of the GDPR, which refers to compliance with a legal obligation. Besides, under this provision, Parasport Denmark is further required among others to disclose information related to athlete funding granted through foundations.
According to the Danish Data Protection Act, when concerning disclosing personal data to an individual’s bank, pension provider, and/or insurance company, the legal basis primarily stems from Sections 11 and 12, which in the context of the obligations arising from an employment contract assures the legal basis for disclosing to them; cf. section 12 of the Danish Data Protection Act.
The Danish Sports Confederation (DIF), which handles salary payments for Parasport Denmark employees, has to that purpose been granted access to and acts as such as an independent data controller for the payroll information it receives.
When Parasport Denmark relies on a subcontractor or partner to perform a task related to our operations or administration, the processing of personal data—according to the legal basis given under Article 6(1)(b) of the GDPR—is considered lawful when it is a necessity in connection with a contract. This further applies when processing is necessary for the performance of a contract or to take steps at the request of the data subject prior to entering a contract.
To the greatest extent possible, we aim to have clear and up-to-date Data Processing Agreements (DPAs) in place with all our subcontractors and partners. And we regularly ensure partially that the instructions outlined in each DPA are being complied with. Partially that those acting as independent data controllers themselves comply with all legal obligations like a secure data storage through their own subcontractors which to the point fulfill and are in accordance with accentuated articles of the GDPR and — provisions of the Danish Data Protection Act.
In some cases, the providers of cloud solutions or system software used by Parasport Denmark may be too large or commercially dominant to enter individually signed DPAs. In such cases, we refer instead to the provider in question’s official website to identify whether a publicly available addendum, known legally as a Data Protection Addendum is present and offered, that supplements the originally stated and accepted terms for when their service or software was first implemented.
Such addendums often include the provider’s and/or (sub)contractor’s declarations about their ongoing GDPR compliance efforts and security practices and that they themselves monitor that potential subcontractors of their own may be confirmed to do so, too. The addendum can then serve as a generally applicable data processing agreement(DPA) for all the provider’s subscribers and stakeholders.
For example, in the case of a major software provider, we can point to their Microsoft Online Services Data Protection Addendums. These serve as their method of offering an addendum to their standard terms, following the same framework and which they localize for different countries, and approximately every six months update and reissue for renewed download.
When other subcontractors providing services and/or software solutions do not offer a DPA or an equivalent assurance of compliance, Parasport Denmark will alternatively resort to check whether an ISAE 3000 auditor’s report is available—potentially published for download on the provider’s website. This designation refers to an international standard that a provider can be certified against, enabling a company to document GDPR compliance for a specific business area. In this way, it also serves as a kind of quality seal to the outside world, comparable in effect to a general data processing agreement.
When sharing personal data with our partners, we are fully aware that such data frequently includes particularly sensitive information regarding a data subject’s disability or other health conditions/physique. When sharing this information is unavoidable, such as during major international competitions and sporting events, where it is cardinal for athlete participation that their classification details can be disclosed, this is done strictly in accordance with Article 6(1)(a) of the GDPR, as we have first obtained the participating athletes’ consent.
Moreover, Parasport Denmark is mindful of occasions where new or current athletes are of such a young age that they must leave a parent or their legal guardian to make important decisions on their behalf. Again in such cases, we ensure that consent is obtained from them for the child’s or young person’s special and sensitive personal data in particular, including, where applicable, photographs and video recordings of the individual, to be allowed being shared with external recipients in connection with participation in competitions or the general practice of para-sports.
For obtaining consent for the disclosure of personal data, we follow Article 7 of the GDPR, in particular paragraphs 1–3 concerning the conditions for consent. This provision stipulates that the data controller must be able to demonstrate, beyond doubt, the data subject’s consent to the sharing of personal data; included, as specified in Article 7(2), that it must be made absolutely clear what the consent is being given for.
Finally, in accordance with paragraph 3, we take notice to ensure from the outset that the data subject is informed of their right to withdraw consent. Such withdrawal does not, however, affect the lawfulness of processing carried out based on consent before this was withdrawn. We furthermore note that a reconfirmation of consent may be required if significant changes occur to the matters for which consent was previously granted.
Where we obtain your information
As a rule, whether you are a participating athlete in one of our associated clubs (or a relative/guardian of such) or otherwise have an interest in Parasport Denmark, you supply us with the information yourself. However, in certain cases, the information originates from third parties.
These include partners and authorities such as:
- Anti-Doping Denmark and Team Denmark
- Public authorities, including the The Danish Customs and Tax Administration (Skatteforvaltningen) and the Danish Labour Market Insurance (=Arbejdsmarkedets Erhvervssikring)
- The Central Crime Register
- The International Paralympic Committee, including The IPC Sport Data Management System (ISDMS) and its Nordic counterpart created to support National Paralympic Committees (NPCs) in the Nordic countries, The IPC National Sport Data Management System (NSDMS)
- Other external parties, such as Egmont Folk High School
Streaming, photography, and video
Disciplines within para-athletics and para-sport are largely visual in nature. Therefore, the use of photography and video will always be a significant and important part of Parasport Denmark’s communication. When you, or a person authorized to act on your behalf, register for our activities, you simultaneously consent to the following use of photographs, video recordings, streaming, and unedited footage of the registered gymnasts, athletes, and/or coaches.
These may be used on the following media and for these purposes:
- Websites: www.parasport.dk and www.SO-IF.dk
- Parasport Denmark social media channels, including Facebook, Instagram, LinkedIn, and YouTube
- Newsletters
- Press releases
- Banners, roll-ups, and promotional displays set up at Parasport Denmark activities
- Marketing materials, such as flyers, posters, programmes, association mailings, presentations, meeting materials, PowerPoint presentations, etc.
- Advertisements in local and nationwide media
Please observe the disclaimer below regarding photographs/videos on social media.
Storage and deletion of your Personal Data
Unless there are other specific circumstances that justify retaining them for a longer period, the personal data you have entrusted to Parasport Denmark must be deleted when they are no longer necessary to fulfil the purposes for which they were collected or otherwise processed.
Other circumstances that may warrant continued storage of a data subject’s personal information include, for example, ongoing cases and/or unresolved or non-time-barred financial claims. In matters such as warranty obligations, there remains a theoretical risk of a claim being made against the data controller until the limitation period expires (typically after three years).
Compliance with the requirements of the Danish Bookkeeping Act to retain accounting records for five years; an ongoing legal proceeding; or a legitimate interest in continued marketing also qualify as special circumstances, pursuant to the General Data Protection Regulation (GDPR) Article 5(1)(e) and Article 17(1)(a) (personal data are no longer necessary for the purposes for which they were collected or otherwise processed).
If a given consent is withdrawn, or if a data subject opts out of receiving marketing material, the individual’s data must always be deleted, unless there is another legal basis for the processing of his/her data.
Disclaimer
Please note that Parasport Denmark disclaims responsibility for any further dissemination or sharing on social media of images or video for which consent to be recorded and used was given at the time of registration, even if such consent is later withdrawn.
This disclaimer applies to all competitions and activities hosted by Parasport Denmark and relates to live streaming and unedited video published on platforms such as Facebook, Instagram, YouTube, websites, and similar channels. Consequently, coaches or other individuals may still make recordings of athletes or teams for private use.
If you are not comfortable with and therefore do not wish for Parasport Denmark to use photos, video, or streaming footage of you that is recorded in connection with one of the federation’s activities, unfortunately, you cannot participate in them.
Our purposes for processing personal data vary, and so do the time periods for which we retain them:
Athletes aspiring to join an associated club under Parasport Denmark as a new member and consequently via the “New in Parasport” initiative have contacted us as interested in and with a wish, when possible, to begin in one of these, if not having become active within 12 months of first contact, will have the personal data they provided in this context erased.
For the duration that an athlete is active in a club or association under our federation, their personal data will be retained.
Please note that sports data on participants in national and international sporting events, submitted to the IPC’s (N)SDMS, is handled and administered by this organization. This also applies to the retention period for an athlete’s submitted data, which is typically the year of the relevant competition/event plus one additional year, for a total of 24 months. If the athlete does not re-register for another IPC event within that 24-month period, the IPC will either delete or anonymize the individual’s personal data in the (N)SDMS. The latter may occur if the data is to be used for statistical or other research purposes.
Protection of your Personal Data
Parasport Denmark stores your personal data securely and confidentially. We have implemented both organizational and technical security measures to protect your personal data against inadvertent or unlawful loss, alteration, unauthorized access, misuse, or processing in violation of data protection legislation.
Your rights
Under applicable regulations, you have a series of specific rights when we process personal data about you. These include:
- You have the right to access your personal data
- You have the right to have inaccurate personal data corrected, deleted, or restricted
- You have the right to object to our processing of your personal data
- You may, in certain cases, have the right to data portability
When you submit a request to have the processing of your personal data corrected, deleted, or restricted, we will assess whether the conditions are met and, if so, implement the changes or deletion as quickly as possible.
Complaints
You always have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. However, we encourage you to contact us first so that we can investigate whether it is possible to resolve the issue you are unhappy with.
Amendment date, August 2025