Personal data and public information
As part of the administration of the EU ETS Registry and the Danish Emission Trading Registry, the Danish Business Authority is obliged to process, report, publish and store personal data and other information.
Regulation regarding personal data and public information
The Danish Business Authority complies with the requirements stipulated in the European Commission’s Union Registry Regulation, No. 389/2013, concerning the publication of confidential information.
In article 5 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data it is stated that the processing of personal data must be necessary and required by law or the European Court of Justice. The Union Registry Regulation and the Danish Executive Order No 1636 of 13/12 2017 list the requirements to documents and information that must be provided in order to open an account in the Danish Emission Trading registry or be added as an account representative.
Personal data categories
The Danish Business Authority collects, processes and stores personal data concerning the notifier, account holder, account representatives and account holder's management and real owners (if the account holder is a legal person). This might involve the following personal data categories:
- Ordinary personal data, including data on name, date and place of birth, national identity number, passport number/ID card number, expiry date and issuing country, email address, place of ordinary residence and telephone number
- Criminal record
For the purposes of security surveillance, a log is also retained of the user ID, IP addresses, time of login and logout, applications used and infrastructure resources accessed (server logs). In addition, bank details will for some account holders be collected, processed and stored.
The personal data we collect, register and process are those that we obtain from the account holder, from you, and from other authorities.
We can obtain data from the Danish Central Business Register (CVR) and Danish Civil Registration System (CPR), the National Police of Denmark, SKAT (the Danish Tax Authority), the EU's financial sanctions list, and we can cross-check data with Transparency International and Financial Action Task Force.
Further information is available in the European Commission's specific privacy statement for users of the EU ETS Registry here: http://ec.europa.eu/clima/sites/registry/privacy_en.htm
The purposes of, and the basis in law for, the processing of your personal data
The purpose of processing personal data is the administration and supervision of the EU emissions allowances and the Danish Kyoto Registry.
The basis in law for our processing of your personal data ensues from:
- Art. 8 (1 and 5) of Commission Regulation (EU) No 389/2013
- Articles 21-22 of the Danish Executive Order on Emission Trading No 1095 of 23/12 2012
- Danish Executive Order No 1636 of 13/12 2017.
In relation to processing of information and personal data article 107 of the Registry Regulation states that:
1. The central administrator and Member States shall ensure that the Union Registry, the EUTL and other KP registries only store and process the information concerning the accounts, account holders and account representatives as set out in Table III-I of Annex III, Tables VI-I and VI-II of Annex VI, Table VII-I of Annex VII and Table VIII-I of Annex VIII.
2. No special categories of data as defined in Article 8 of Directive 95/46/EC and Article 10 of Regulation (EC) No. 45/2001 shall be recorded in the Union Registry, the EUTL or other KP registries.
3. The central administrator and Member States shall ensure that only personal data related to transactions that transfer Kyoto units are transferred to the ITL.
Data controller responsibility
The Danish Business Authority and the EU Commission have joint data-controller responsibility for the processing of the personal data we have received concerning you.
If you have experienced a security breach regarding data from the Danish Emission Trading Registry, you must always contact the Danish Emission Trading Registry in the Danish Business Authority so that we can stop the security breach:
Contact details for the Danish Emission Trading Registry, the Danish Business Authority:
The Danish Emission Trading Registry
The Danish Business Authority
Langelinie Allé 17
DK-2100 Copenhagen Ø
Central Business Register no.: 10150817
Telephone: +45 7220 0038 (an emergency phone (+45 3529 1862) can be contacted on Monday to Friday after normal business hours and until 9pm and on Saturday and Sunday and on holidays from 10am to 6pm)
Retention of personal data
We store personal data for 10 years after you no longer are associated with, or after the closure of the account you are associated with in the Danish Emission Trading Registry. Art. 108 of Commission Regulation (EU) No 389/2013 stipulates that data in the Danish Emission Trading Registry shall be stored for five years after the closure of an account in the EU ETS Registry or association to an account has ended. This also applies to national registries. However, personal data may be stored up to 10 years after the closure of an account or removal of persons from the account in order to comply with the maximum prescription period of criminal offences laid down in the national law of the national administrator. The Danish Business Authority has therefore decided to utilize the option to retain data for a maximum of 10 years.
This limitation on the storage of personal data also applies to files submitted to the Danish National Archives every 5 years pursuant to the rules of the National Archives.
Recipients of personal data
The recipients we may disclose or transfer personal data to are as follows:
- Account representatives on the account(s) concerned, account holder and account holder’s digital mailbox, and the notifier who has submitted the personal data.
- The Danish Energy Agency, SKAT (Danish Tax Authority), SØIK (State Prosecutor for Serious Economic and International Crime), European Court of Auditors, Eurojust, national supervisory authorities, entities for investigation of economic crime in countries other than Denmark, the European Commission and the Danish National Archives.
- In special cases, in response to letters rogatory, data may be disclosed to Danish courts or courts in other EU/EEA Member States.
- In the event of non-compliance with the requirement to submit documents, for example, in connection with the Danish Business Authority's periodic documentation checks of account holders and account representatives, personal data may be disclosed to national administrators of the emission trading registries in other EU/EEA Member States and to the European Commission.
Data may be provided to the entities referred to above upon their request to the central administrator or to a national administrator if such requests are justified and necessary for the purposes of investigation, detection, prosecution, tax administration or enforcement, auditing and financial supervision of fraud involving allowances or Kyoto units, or of money laundering, terrorism financing, or other serious crime, market manipulation for which the accounts in the Union Registry or the KP registries may be an instrument, or breaches of Union or national law ensuring the functioning of the Union ETS.
An entity receiving data in accordance with the above shall ensure that the data received is only used for the purposes stated in the request in accordance with the above and is not made available deliberately or accidentally to persons not involved in the intended purpose of the data use. This provision shall not preclude these entities to make the data available to other entities, if this is necessary for the purposes stated in the request made in accordance with the above.
Transfer to recipients in third countries, including international organisations
The recipients outside the EU and EEA we may disclose or transfer personal data to are:
- UN Climate Committee
Transfer of personal data to the UN Climate Committee is covered by the rules for secure data processing under the UN Kyoto Protocol.
Where to find publicly available information
Account Holder's Name, CVR Number, and Address. For operators and aircraft operators, the name of the production unit, type of activity, license number and compliance status, as well as address, will be published. Information about the number of allocated allowances and verified emissions. Publicly available information about accounts and transactions is contained in Annex XIV of the Regulation Regulation.
Please, for more information also reference the annex to decision 13/CMP.1 available at: http://unfccc.int/resource/docs/2005/cmp1/eng/08a02.pdf#page=32
Note that publication of contact information requires consent from account holders in accordance with EU regulation. Therefore, all information is not publicly available. Regarding publicly available information about transactions, inventories and total volumes via the EUTL, this information is not publicly available until three years after a transaction has taken place.
Article 110 of the Registry provides that information, including information on the inventory of all accounts, all transactions carried out, the unique unit identification code of the allowances and the unique numerical value of the unit serial number of Kyoto units, which are included in the holdings or are affected by a transaction which included in the EUTL, the EU Register and any other KP registry shall be considered confidential, except where otherwise provided for in EU legislation or in national legislation pursuing a legal objective compatible with this Regulation, and are reasonable in relation to the purpose.
Retirement accounts in the Danish Kyoto Registry
- DK-300-4-0-72 (CP0 – 2005-7)
- DK-300-4-0-72 (CP1 – 2008-12)
- DK-300-5017465-1-68 (CP1 – 2008-12)
- DK-300-501-1-9 (CP1 - 2008-12)
Cancellation accounts in the Danish Kyoto Registry
Net source cancellation (type 1):
- DK-210-3973-1-46 (CP1 – 2008-12)
- DK-210-5017460-1-30 (CP1 – 2008-12)
Non-compliance cancellation (type 2):
- DK-220-5017461-1-32 (CP1 – 2008-12)
Voluntary cancellation (type 3):
- DK-230-502-1-52 (CP0 – 2005-7)
- DK-230-502-1-52 (CP1 – 2008-12)
- DK-230-5017462-1-34 (CP1 – 2008-12)
- DK-230-1-0-38 (CP0 - 2005-7)
- DK-230-5022501-2-56 (CP2)
Surplus cancellation (type 4):
- DK-240-5017463-1-36 (CP1 – 2008-12)
Obligatory cancellation (type 5):
- DK-250-5017464-1-38 (CP1 – 2008-12)
Operator holding account: EUA, CER, ERU
Aircraft operator holding account EUA, AEUA, CER, ERU
Personal holding account and trading account, EU ETS Registry: EUA, AEUA, CER, ERU,
Personal holding account, The Danish Kyoto Registry: CER, ERU, RMU
National holding account, EU ETS Registry: EUA, AEUA, CER, ERU
National holding account, The Danish Kyoto Registry:CER, ERU, RMU, tCER, lCER
Annual Reporting to the UN
Reporting the 2008-2012 period to the UN (per November 19, 2015)