Privacy Policy

 

In this privacy policy, you can read how Skovgaard Museum processes information about you when you visit our websites, shop in the webshop, sign up for activities, or otherwise interact with us.

 

In addition, this privacy policy applies to purchases of services provided by Skovgaard Museum on shop.domkirkekvarteret.dk. The policy applies to all processing of personal data in this context, including purchases and bookings on Wibergis.dk, Domkirkekvarteret.dk, and shop.domkirkekvarteret.dk.

 

 

1. Data Controller and Contact Details

 

Skovgaard Museum
Domkirkestræde 2–4, 8800 Viborg
CVR no. 14940677
Phone: +45 86 62 39 75
Email: post@skovgaardmuseet.dk

We have implemented technical and organisational measures to ensure that your information is not accidentally or unlawfully deleted, disclosed, lost, degraded, or misused.

2. General Information on the Processing of Your Personal Data

 

We collect and process personal data in accordance with applicable data protection regulations when you:

• Visit our websites
• Subscribe to our newsletters
• Participate in competitions or surveys
• Complete purchases in the webshop
• Contact us with questions, complaints, or feedback

The information we typically process includes name, telephone number, email address, address, and payment details, which you have provided in connection with a purchase or registration. The data is stored only for as long as necessary for the purpose and to comply with legislation, e.g. bookkeeping and accounting rules.

Purpose of Processing

The information is used to:

• Identify you as a user
• Register your purchases and payments
• Deliver the services you have requested (e.g. tickets or goods)
• Send newsletters and marketing material, if you have given consent
• Customise content and target advertisements, if you have given consent via cookies
• Analyse user behaviour and optimise our website

Your Rights

You have the right to:

• Access the personal data we hold about you
• Have your data corrected, deleted, or restricted
• Withdraw your consent
• Object to processing
• Receive your data in a structured, commonly used format (data portability)

Requests regarding your rights should be sent to post@skovgaardmuseet.dk.

You may lodge a complaint about our processing with:
The Danish Data Protection Agency (Datatilsynet)
Borgergade 28, 5th floor, 1300 Copenhagen K
Email: dt@datatilsynet.dk
Phone: +45 33 19 32 00

3. Purpose, Legal Basis, and Deletion

 

Skovgaard Museum’s processing of personal data depends on your purchases, interactions, given consents, and behaviour. Please read more under the relevant specific topic.

3.a Cookies

Cookies are small text files stored on your device when you visit our websites. Some cookies are technically necessary, while others help us understand how the site is used or display relevant content.

Purpose of processing: We use cookies to make the website function, for statistics, and—if you give consent—for personalisation and marketing.

You can always change or withdraw your consent via the cookie settings on the site.

Read more and see the full overview of cookies used on the site.

3.b Purchases in the Webshop

When you complete a purchase on shop.domkirkekvarteret.dk, we process the necessary information to receive, handle, and deliver your order. This includes name, address, contact details, and information about the order itself.

Purpose of processing: The data is used to receive, process, and complete a purchase or booking, provide customer service, and transfer relevant data to our financial system (Business Central) for bookkeeping. We also process technical log data in connection with operations and security, but not for marketing purposes.

Legal basis: Processing is carried out to enter into and fulfil the purchase agreement, cf. GDPR Article 6(1)(b).

Retention: Data is stored for as long as necessary for order processing. Bookkeeping-related data is stored in accordance with the Danish Bookkeeping Act. Log data is not used for marketing.

3.c Payment Information

Payments are handled by our payment provider Adyen N.V. To complete a payment, the information necessary for the transaction is shared, such as contact details, order/payment reference, limited card data (tokenisation), and technical information for fraud prevention.

Adyen processes some of the information as an independent data controller under financial legislation. In some cases, Adyen may transfer data to countries outside the EU/EEA. Such transfers take place only on the basis of valid transfer mechanisms, typically the EU Standard Contractual Clauses (SCCs).

You can read more in Adyen’s privacy policy:
https://www.adyen.com/privacy-policy

Legal basis: Processing of payment information is necessary to fulfil the purchase agreement, cf. GDPR Article 6(1)(b), and based on our legitimate interest in a secure and efficient payment process, cf. Article 6(1)(f). Adyen processes certain data pursuant to Article 6(1)(c) (legal obligation).

Retention: We store payment-related data only for as long as necessary for the purpose and in accordance with applicable bookkeeping and limitation rules. As a financial provider, Adyen stores certain transaction data for up to 7 years where required by law.

3.d Customer Service and General Communication

If you have questions about our website or wish to learn more about our services, you can contact us via a contact form on our websites, by email, or by telephone.

Purpose of processing: We process your personal data in order to handle and respond to your enquiry and any related order. We process only the information you provide to us in connection with our communication.

We may process your personal data based on our legitimate interests in handling your enquiry, communicating with you, and developing our products and services (GDPR Article 6(1)(f)). If your enquiry concerns a (potential) agreement, we process your data in order to conclude the agreement (GDPR Article 6(1)(b)).

Correspondence is deleted once the dialogue has ended, unless other legislation, such as the Danish Bookkeeping Act, requires longer retention.

In special cases, it may be necessary to retain your personal data for a longer period.

3.e Booking of Guided Tours and Educational Programmes

When you book a guided tour as a private individual, company, or association, or when you register a class for an educational programme, we process the contact details of the responsible contact person in order to plan and carry out the booking.

Types of personal data:
Name, company or institution, work or private address, email, and telephone number. For schools and companies, we generally process work email addresses and work telephone numbers.

Legal basis: Processing is carried out to enter into and fulfil the agreement for educational services, and based on our legitimate interest in administering and verifying participants (GDPR Article 6(1)(f)).

Retention: Booking-related data is generally deleted no later than 12 months after the event has taken place, unless it forms part of bookkeeping material.

4. Third Parties and Data Processors

 

We use trusted partners for the operation of our websites, webshop, financial system, newsletter, and payments. Some of these parties process personal data on our behalf and are therefore data processors.

Our primary data processors include:

• Umbraco – operation and hosting of our websites and CMS
• Magento – operation of the webshop
• Business Central – financial system and bookkeeping
• Mailchimp – distribution of newsletters (only if you have given consent)
• Adyen – payments and fraud prevention
• Viborg Municipality – IT operations, infrastructure, and technical support
• iTide – development, maintenance, and support of digital solutions

We enter into data processing agreements with all suppliers who process personal data on our behalf. These agreements require suppliers to protect your data in accordance with applicable legislation, follow our instructions, and implement appropriate technical and organisational security measures.

Transfers to Third Countries

Some of our suppliers, including Mailchimp and Adyen, may transfer personal data to countries outside the EU/EEA. Such transfers take place only on the basis of valid transfer mechanisms, typically the EU Standard Contractual Clauses (SCCs), and any supplementary security measures.

Disclosure of Personal Data

We do not disclose personal data for purposes other than those stated in this policy. Data may be disclosed to our suppliers and data processors who process the data on our instructions when necessary to deliver our services. In addition, we may disclose data to relevant authorities where we are legally obliged to do so, for example in connection with bookkeeping or regulatory supervision.

Last updated: 20 March 2026