Metroselskabet I/S owns the metro and Metro Service A/S is responsible for the operation and customer service of the metro on behalf of Metroselskabet I/S.

If you want information about how your personal data is processed when you use the metro, please read the Metro's personal data policy. It can be found here.

All questions regarding the processing of personal data in connection with the use of the metro, such as tickets, control fees, lost property, ticketing and the like, must also be submitted via the general customer service forms here.

Other enquiries regarding e.g. personal data in relation to job applications etc. are the responsibility of Metro Service A/S and are processed by Metro Service in accordance with the personal data policy below.

Privacy policy for Metro Service A/S

Metro Service A/S is the data controller for the processing of personal data relating to the part of the operation of the Metro that takes place on its own initiative and not on the basis of being a data processor for Metroselskabet. In the following, you can read more about our processing and your rights in this connection.

Metro Service respects your right to privacy and your personal integrity. It is important to us that you feel safe when we process your personal data. With our personal data policy, we want to inform you that we process your personal data in accordance with the legislation in force at any given time.

Data controller

Metro Service A/S is an independent company. As a result, there are a number of personal data for which we are the data controller. Metro Service A/S information is:
Metro Service A/S ("Metro Service", "us", "we") Metrovej 3 2300 Copenhagen S CVR no: 21263834 Phone: +45 7015 1615. Website: metroservice.dk

If you have any questions about Metro Service A/S' processing of your personal data, you can contact us via the form here.

Metro Service A/S Data Protection Officer (DPO)

 If you have questions of a general nature in relation to the handling of your personal data in accordance with personal data legislation, you can contact Metro Service A/S's DPO.

The DPO cannot handle cases, but can answer legal questions in relation to your rights etc. Enquiries to the DPO are treated confidentially by the DPO. You can contact the Data Protection Officer by email dpo@metroservice.dk or by letter to the above address labelled "DPO". Please note that if you send an e-mail, it should not contain confidential or sensitive information as the connection cannot be guaranteed to be encrypted.

Accountability and safety

At Metro Service A/S, we are committed to protecting your personal data so you can feel comfortable with our processing. It is important to us that your personal data is kept secure and confidential. We have procedures for collecting, storing, deleting, updating and disclosing personal data in order to comply with applicable legislation at all times.

Metro Service A/S processes your personal data for the following purposes

Your personal data may be processed by Metro Service A/S in different contexts. The primary purposes are described below.

TV surveillance

Surveillance cameras are installed in both metro trains and stations to create a safe journey for our passengers and a safe working environment for our employees, as well as for railway safety and crime prevention purposes. The recordings from these are only used and reviewed if we receive a request from the police, or if it is necessary to support our internal work with railway safety, in the resolution of insurance cases or when review is authorised by our internal policies.

Purpose: To ensure a safe journey for our passengers and a safe working environment for our employees, as well as to fulfil our railway safety obligations and to prevent crime.

Basis for processing: We are subject to a number of legal requirements to implement security measures in the metro and at stations. The data is processed in accordance with Article 6.1.c of the GDPR as the processing of personal data is necessary to fulfil our security obligations. 

Recipients: We may share your personal data with:
- Police
- Insurance companies
- Other authorities, e.g. the Accident Investigation Commission. 

Storage: CCTV recordings are stored for between 14 and 30 days, after which they are automatically deleted. In special cases and in connection with a specific case, the data may be stored for a longer period.

Specifically regarding access: Under Chapter III of the General Data Protection Regulation, the rights of data subjects may be restricted as a result of Articles 12(5) and 23(1)(c) and (d) of the General Data Protection Regulation. You are therefore generally not entitled to access TV recordings for reasons of public security and the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the protection against and prevention of threats to public security.

Tours or authorisation for commercial activities

If you want to take a tour of the metro areas, including workshops, or if you want to apply for a licence for commercial purposes in the metro area, you must first apply for this.

Purpose: To ensure that such activities take place without disrupting the operation and maintenance of the trains, control who participates in tours, and keep track of commercial authorisations. 

Legal basis for processing: Our legal basis for processing is: - Article 6.1.b of the General Data Protection Regulation - Article 6.1.f of the General Data Protection Regulation.

Recipients: Personal data is generally not disclosed.

Storage: Participant data from tours and commercial activity agreements are stored for up to 3 years.

Accidents, assaults or insurance claims

Passengers travelling on the metro could risk an accident or be the victim of assault or violence. This can result in insurance claims or cases being reported to the police or the accident commission.

Purpose: To help authorities and insurance companies investigate and document incidents in the metro and in the metro area.

Legal basis for processing: Our legal basis for processing is: - Article 6(1)(a) of the General Data Protection Regulation - Article 6(1)(c) of the General Data Protection Regulation - Article 6(1)(f) of the General Data Protection Regulation

Recipients: We may share your personal data with: 
- Police
- Insurance companies
- Other authorities, e.g. the Accident Investigation Centre

Storage: Personal data included in these cases is generally deleted 6 months after the authority or insurance company's enquiry, unless we are ordered to store it for a longer period.

Applications

When applying for a job at Metro Service A/S, we process your personal data in connection with the recruitment process.

Purpose: to review and select suitable applicants for a job at Metro Service A/S.

Legal basis for processing: Our legal basis for processing is: - Article 6.1.b of the General Data Protection Regulation - Article 6.1.f of the General Data Protection Regulation

Recipients: We may share your personal data with: - Generally, your data is not shared outside Metro Service A/S

Storage: All personal data submitted and collected in connection with the recruitment process is generally stored for 6 months after the specific position has been filled. In the case of unsolicited applications, these are generally stored for up to 6 months after receipt.

Rights of data subjects

Under the General Data Protection Regulation, you have a number of rights in relation to the processing of your personal data. The individual rights are explained in more detail below.
If you choose to exercise one of your rights, e.g. by requesting access to the personal data being processed, you can contact us here.

Please note that in some cases we may need to ask for additional information in order to verify the identity of the enquirer. This is because we need to ensure that we do not disclose personal data to anyone other than the person themselves or their authorised representative.

If you are applying for a job, you can exercise your rights by contacting Metro Service at HR@metroservice.dk.

The right to access

You have the right to request access to the personal data we process. If we process personal data, we will provide information about this, as well as the purpose and legal basis.

The right to object

You have the right to object if you disagree with our processing of personal data. Whether an objection is complied with is assessed on a case-by-case basis.

The right of restriction

You have the right to request that we restrict processing. If we process personal data, you can in some cases ask to restrict the processing if you do not want all the registered data to be included in the processing.

The right to erasure

You have the right to ask to be deleted. This right is not final, as some data cannot be deleted due to other legislation or if the agreement and purpose gives us the right to retain the personal data.

The right to rectification

If the personal data we process is incorrect, you have the right to have it updated with correct information.

The right to data portability

In certain cases, you have the right to receive your personal data in a machine-readable format. Please note that this only applies to the personal data you have provided to us.

The right to withdraw consent

If the processing of personal data is based on consent, this can be withdrawn at any time and the processing will cease.

The right to complain

If you are not satisfied with our processing of your personal data, you are encouraged to contact us. See our contact details above.

You also have the right to complain to the Danish Data Protection Agency, which oversees compliance with personal data legislation. See how to contact the Danish Data Protection Agency at www.datatilsynet.dk.

Update of this privacy policy

This privacy policy is version 1.1. and valid from 30 August 2021.