Privacy Policy

When you visit our website or use our other services, information about you is collected. This information is collected, processed, and stored either to provide you with a requested service, for business operational purposes, or to improve our service.

In these situations, NT is the data controller and must ensure that your personal data is processed in accordance with the law. As part of this, NT has adopted this privacy policy, where you can read more about the processing of your personal data and your rights.

Your rights

Legislation grants you certain general rights. If you wish to exercise your rights, you must contact us. If we cannot fulfil your request, we will always provide a written explanation.

  • Right to access your personal data: You have the right at any time to know what data we process about you, where it originates from, and what we use it for. You can also be informed about how long we store your personal data and who receives information about you if we share data within Denmark or internationally.
  • Right to rectification or deletion of inaccurate personal data: If you believe that the personal data we process about you is inaccurate or incorrect, you have the right to have it corrected or deleted. This also applies if you withdraw your consent.
  • Right to restriction of processing: In certain cases, you have the right to restrict the processing of your personal data. If you have the right to restrict processing, we may only process your data, apart from storage, with your consent, for the establishment, exercise, or defence of legal claims, or to protect a person or significant public interests.
  • Right to data portability: You have the right to receive personal data about yourself in a structured, commonly used, and machine-readable format. You also have the right to transfer this personal data from one data controller to another without obstruction.
  • Right to object: In certain cases, you have the right to object to our processing of your personal data. If your objection is justified, we will ensure that the processing of your personal data ceases.

You can read more about your rights in the Danish Data Protection Agency’s guide on the rights of data subjects, available at datatilsynet.dk.

Complaints

If you are not satisfied with our processing of your personal data, you can contact us using the details provided above.

You also have the right to lodge a complaint with the Danish Data Protection Agency, which supervises compliance with data protection legislation. You can find information on how to contact the Danish Data Protection Agency at datatilsynet.dk.

This privacy policy was last updated on February 13th 2025.

General information on the processing of personal data

Personal data includes all types of information that can, to some extent, be attributed to you. When you use our websites, we collect and process various types of information. This occurs, for example, through general access to content, when you sign up for our newsletter, participate in competitions or surveys, register as a user, use other services, or make purchases through the website.

The types of data NT typically processes include name, address, CPR number, email address, and phone number. Additionally, we collect information about your website usage to understand how you navigate our site.

Purpose

We collect, process, and store only data about you that is relevant, adequate, and necessary for the purpose at hand. The purpose determines which types of data are relevant to us, as well as the extent of data we use. We do not use more data than necessary for the specific purpose.

The data is used to identify you as a user, register your purchases and payments, and deliver the services you have requested, such as sending newsletters. Additionally, we use the information to optimize our services and content.

Retention period

Data is stored for the period permitted by law, and we delete it when it is no longer necessary. The period depends on the nature of the data and the reason for storage. Therefore, it is not possible to specify a general timeframe for when information is deleted.

Consent and disclosure of information

We obtain your consent before processing your personal data. Your consent is voluntary, and you can withdraw it at any time by contacting us using the above contact details. If you withdraw your consent, please note that we may no longer be able to provide the service covered by the consent.

NT uses data processors for various technical solutions, and your personal data may be processed by third parties. Data processing agreements are in place to ensure that your information is treated confidentially and within the designated purpose.

If we share your personal data with partners or other entities for purposes such as marketing, we will obtain your consent and inform you of how your data will be used. You can object to such sharing at any time. We do not obtain your consent if we are legally obligated to disclose your personal data, such as for reporting to an authority.

Security

NT has implemented internal information security policies containing guidelines and measures that protect your personal data from unauthorized disclosure, destruction, loss, alteration, or unauthorized access. These policies ensure that your data is not misused or otherwise processed in violation of the law.

Processing

  • When and how do we collect your information? NT records calls when you contact Flextrafik if you give consent during the call.
  • Purpose: Training, quality assurance, and documentation of transport agreements.
  • Types of information processed: Name, address, travel details, phone number, voice recording, and potentially sensitive health-related information.
  • Legal basis: GDPR Article 6.1.a and 9.2.a (consent, which can be withdrawn at any time).
  • Other recipients: FlexDanmark (system provider handling calls per NT’s instructions).

Processing

  • When and how do we collect your information? We process the information you provide when booking transport and data received from Region Nordjylland (The North Denmark Region) and local municipalities.
  • Purpose: To carry out the transport service and process payments.
  • Types of information processed: Name, address, email, travel details, CPR number, payment details, mobility aids, and phone number.
  • Legal Basis:
    • GDPR Article 6.1.e
    • GDPR Article 9.2.f
  • Other recipients: Transport providers, hospitals, booking offices, Region Nordjylland, local municipalities, and payment processors (e.g., DIBS).

Processing

  • When and how do we collect your information? With your consent, we collect information from photoshoots and other media activities.
  • Purpose: Internal and external marketing.
  • Types of information processed: Photos, videos, name, and statements as per consent form.
  • Legal basis: GDPR Article 6.1.a (consent, which can be withdrawn at any time).
  • Other recipients: None unless stated in the consent form.
  • Retention period: Max 5 years or until consent is withdrawn.

Processing

  • When and how do we collect your information? We use the information you provide when entering data and profile details.
  • Purpose: Ticket sales and renewals.
  • Types of information processed: Institution name, EAN/CVR number, name, email, phone number, and travel details.
  • Legal basis: GDPR Article 6.1.b
  • Other recipients: In some cases, data may be shared with service providers for group bookings.

Processing

  • When and how do we collect your information? We use the information you provide when entering data.
  • Purpose: To serve you as a customer in ticket sales.
  • Types of information processed: Name, email, travel details, and payment information.
  • Legal basis: GDPR Article 6.1.e
  • Other recipients: Data may be shared with MobilePay and QuickPay for payment processing.

Processing of personal data

  • When and how do we collect your information? We use the information you provide when entering data. In some cases, we collect your CPR number to identify you and/or process payments to your NemKonto. We may also collect information from Rejsekort A/S if necessary to handle your inquiry.
  • Purpose of processing the information. The collected information is processed as part of public authority administration in connection with NT’s transport services. Additionally, the information is used to provide the best possible service as a transportation company, for example, to handle your inquiry.
  • What types of information do we process?
    • Personal information: Name, phone number, email, and possibly address, CPR number, customer type, or travel card number.
    • Website usage data: Log files of visited pages and IP address.
    • Competitions on the website: Data you provide when entering a competition to draw winners and send prizes.
  • Legal basis. Our legal basis for processing is:
    • GDPR Article 6.1.e
    • Danish Data Protection Act § 11 (CPR number)
  • Are there other recipients of your information? We may share your data with your bank or NemKonto for payment purposes.

Processing

  • When and how do we collect your information? We use the information you provide when entering data.
  • Purpose: To document external visitors in NT’s premises.
  • Types of information processed: Name, workplace, check-in/out time, and privacy policy acceptance. If given an access card, movements in restricted areas are logged.
  • Legal basis: GDPR Article 6.1.c
  • Other recipients: None.

Processing

  • When and how do we collect your information? We receive your information from your school.
  • Purpose: Issuing and managing school passes.
  • Types of information processed: Name, address, photo, validity, zones and school.
  • Legal basis: GDPR Article 6.1.e
  • Other recipients: None.

Processing

  • When and how do we collect your information? We use the information you provide when entering data.
  • Purpose: To respond to customer inquiries (not for case processing, which is handled through our contact form).
  • Types of information processed: Entered data and username.
  • Competitions: Data is used to draw winners and send prizes.
  • Legal basis: GDPR Article 6.1.e
  • Other recipients: Data may be shared with third parties if necessary.

Processing

  • When and how do we collect your information? If a ticket inspector finds that you do not have valid travel documentation, your personal data will be recorded. This also applies if you appeal a fine or if it is forwarded for debt collection
  • Sources:
    • Directly from you
    • CPR Registry
    • Police
  • Purpose: Ticket inspection, issuing fines, handling complaints, and debt collection.
  • Types of information processed: Name, contact details, birthdate, travel details, ID, CPR number, and possibly a photo of your ID.
  • Legal basis:
    • GDPR Article 6.1.e
    • Danish Data Protection Act § 11 (CPR number)
  • Other recipients: Debt Collection Agency, Appeals Board for Bus, Train, and Metro.

Many NT buses have fixed surveillance cameras. NT is not responsible for these recordings - the bus company operating the route is the data controller. NT can provide contact details for the relevant bus company.

Processing

  • When and how do we collect your information? NT conducts video surveillance at bus terminals with clear signage.
  • Purpose: Security and crime prevention.
  • Types of information processed: Video recordings, including potential criminal activity.
  • Legal basis: GDPR Article 6.1.e and Article 10.
  • Other recipients: Authorities such as the police.
  • Retention period: 30 days (Aalborg Bus Terminal: 54 days).

Data controller

Nordjyllands Trafikselskab
John F. Kennedys Plads 1T, 3rd floor
9000 Aalborg
CVR No.: 3001 5940

Phone: 9811 1111
E-mail: info@NTmail.dk

Our data protection officer
For questions regarding your data protection rights and requests for access, etc., please contact our Data Protection Officer (DPO):

DPO Danmark ApS
Rosengården 4, st.th
1174 Copenhagen K
CVR: 4086 3427

E-mail: DPO-NT@dpo-danmark.dk