nordicesglab

Privacy Policy

1. The data controller

The Nordic ESG Lab under Management, Society and Communication (MSC) is part of Copenhagen Business School (CVR no. 19596915). The privacy policy will explain how our organization processes the personal data we collect from you when you use our website.

2. What data do we collect

The Nordic ESG Lab collects the following data:

  • Name and email through the contact form: When you contact us using our contact form, you will voluntarily provide us with your personal information. The information you enter is using Hypertext Transfer Protocol Secure (HTTPS) for secure communication over a computer network.
  • Authentication and login cookies: We use cookies for authentications and login purposes. These tracking cookies work by identifying a user through their login credentials. When a website visitor enters their user ID and password (including when using a password manager), these cookies will confirm the user’s identity and remember their account information. Since our website is used as pure CMS and do not offer login/registration for visitors, the website does not store cookies in visitors’ computers. In addition, WordPress sets cookies to manage logged-in user sessions and authentication. Please find detailed information on the cookies that we use and the purposes for which we use them in our Cookie policy.
  • Server Log files: When you visit our website, the information about your visit is automatically stored in our server log files. The purpose of log files are for administrative use, troubleshooting and security. The log files rotates and delete for a period of time. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded. The information comprises:
    • The type and version of browser used
    • The used operating system
    • Referrer URL
    • This data is not merged with other data sources.
    • The hostname of the accessing computer
    • The time of the server inquiry
    • The IP address
  • Wordfence: We have included Wordfence on our website to detect and prevent malicious cyberattack, fraudulent, invalid or illegal activity. Ensure proper and efficient operation of systems and processes, including monitoring and improving the performance of systems and processes involved in permitted purposes.

3. How do we collect your data

The Nordic ESG Lab collects data and processes data when you have given your consent in the following situations:

  • When you contact us through the contact form

4. Receivers of personal data

The Nordic ESG Lab does not receive your data indirectly.

The Nordic ESG Lab does not pass personal data on to the external institutions.

5. How will we use your data

The Nordic ESG Lab project collects your data so that we can:

  • Respond to your enquiry

6. The period for processing your personal data

You are welcome to withdraw your consent at any time, otherwise the Nordic ESG Lab will store your data for as long as the purpose still apply and thus, delete your data when the purpose of the processing is fulfilled.

7. What are your data protection rights

The Nordic ESG Lab would like to make sure you are fully aware of all your data protection rights. Every user is entitled to the following:

7.1 The right to access

As a data subject you have the right to request the Nordic ESG Lab for copies of your personal data which are being processed by CBS free of charge. Upon request for further copies, CBS is allowed to obtain a reasonable fee in accordance with the administrative costs associated with this service.

7.2 The right to rectification

You have the right to request that the Nordic ESG Lab correct any information you believe is inaccurate. You also have the right to request the Nordic ESG Lab project to complete information you believe is incomplete.  

7.3 The right to erasure

You have the right to request that the Nordic ESG Lab erases your personal data.

The right to erasure implies that you can have personal data erased, which is no longer necessary for CBS as an organization, if you have withdrawn your consent, if the personal data is being processed illegally or if CBS in accordance with the law is obligated to delete the personal information.    

7.4 The right to restrict processing

In general, you can exercise your right to restrict the processing of personal data in cases where it is not clear whether and when personal data should be deleted. The data may not be subject to processing other than storage. This right can be used when:

  • You dispute the accuracy of the personal data. The processing of your personal data must not be subject to processing in the period until you have had the opportunity to determine whether the personal data is correct.
  • You do not want your personal information deleted, however you prefer limited processing. This would be the case e.g. if you wish to be able to document what information has been included in the processing of a case.
  • The personal data is no longer to be used for its original purpose but for legal reasons cannot be deleted yet e.g. the personal data is necessary for later determining, defending or making a legal claim.
  • Your objection to the processing of your personal data has not yet been decided.

7.5 The right to object to processing

You have the right to object to the Nordic ESG Lab’s processing of your personal data and to request the Nordic ESG Lab to stop processing your personal data if the personal data is processed in connection with:

  • Direct marketing.
  • Scientific/historical research and statistics.
  • The Nordic ESG Lab’s legal interest or when performing tasks in the interest of society or for a public authority.

However, the Nordic ESG Lab may continue to process your personal data despite your objection if:

  • The processing of information is necessary to be able to perform a task in the interest of society if it concerns scientific/historical research and statistics.
  • The Nordic ESG Lab can prove that it has compelling legitimate reasons that override your interests, rights and fundamental freedoms when it comes to processing personal data on the basis of legal interests or performing a task in the public interest or in the exercise of public authority.

7.6 The right to data portability

You have the right to request that the Nordic ESG Lab transfer the data that we have collected to another organization, or directly to you, under certain conditions.

7.7 The right to withdraw consent

If you have consented to the Nordic ESG Lab processing of your personal data, you can at any time withdraw your consent, and the Nordic ESG Lab will not be able to process your personal data on the basis of your consent. Withdrawing your consent will however not affect the legality of the processing, which has already taken place.

How to contact us

If you have any questions about the privacy policy, the data we hold on you, or you would like to exercise any of your data protection rights, please do not hesitate to contact us at our email: emg.msc@cbs.dk or contact CBS’ Data Protection Officer at email: dpo@cbs.dk.

If you make a request, we have 1 (one) month to respond to you.

Should you wish to report a complaint or if you feel that the Nordic ESG Lab has not addressed your concern in a satisfactory manner, you may contact the Danish Data Protection Agency (Datatilsynet). Please find contact details below.

How to contact the appropriate authority

Danish Data Protection Agency (Datatilsynet)
Carl Jacobsens Vej 35
2500 Valby
Tlf. 33 19 32 00
dt@datatilsynet.dk

Please do not hesitate to contact us if you have any questions or comments.