CfL Privacy Notice
Policies on processing of cookies and personal data.
By visiting the CfL website, you accept the terms of the following Privacy Notice.
When you access the website, CfL collects data on how you use our website. Read on to learn about the information we collect, including how that information is processed, what it is used for, who has access to the data, and who to contact if you have any questions or objections concerning the data collected.
CfL collects data on you in two ways:
- By using cookies
- When you voluntarily disclose information to us
1.2 About cookies in general
1.2.1 What are cookies?
Cookies help tell CfL about your visit.
1.2.3 How long do we keep cookies?
The cookies sent to you are stored on your devices for a variable number of months from your last visit to one of CfL’s websites. Each time you visit a CfL website, the cookie retention period is extended. Each cookie is then deleted automatically after it expires. If you wish to remove these cookies, read the instructions below.
1.2.4 How can you avoid cookies?
If you do not wish to receive cookies, you can block all cookies, delete existing cookies on your hard drive, or receive a warning before a cookie is placed on your device.
1.3 Which types of cookies do we use?
1.3.1 Strictly necessary cookies
These cookies help make a website usable by enabling essential features such as page navigation and access to secure areas of the website. Without these cookies, a website will not work properly.
1.3.2 Preferences cookies
Also known as ‘functionality cookies’, these cookies allow a website to remember data that change how the website is displayed or how it behaves, such as your preferred language, or the region you are located in.
1.3.3 Statistics cookies
Also known as ‘performance cookies’, these cookies help website owners understand how visitors interact with their website by collecting and reporting data anonymously.
1.3.4 Marketing cookies
These cookies are used for tracking visitors across websites. The aim is to show advertisements that are relevant and engaging for an individual user, making them more valuable to publishers and third-party advertisers.
Click here to manage which cookies you want to accept on our website.
1.3.5 We place cookies on your device from the following partners:
When you visit cfl.dk, your visit will be shared with Google so that we can generate statistics and enhance our website, measure the impact of our marketing, and in order to tailor advertisements to you.
Statistical, anonymised data are retained until they lose their commercial relevance.
We also share data on your use of our website with Google. Google can combine these data with other information you have shared with them, or which they have collected from your use of their services.
When you visit cfl.dk, your visit will be shared with Facebook so that we can generate statistics and enhance our website, measure the impact of our marketing, and in order to tailor advertisements to you.
We also share information about your use of our website with Facebook. Facebook can combine these data with other information you have shared with them, or which they have collected from your use of their services.
When you visit cfl.dk, your visit will be shared with LinkedIn so that we can generate statistics and enhance our website, measure the impact of our marketing, and in order to tailor advertisements to you.
We also share information about your use of our website with LinkedIn. LinkedIn can combine these data with other information you have shared with them, or which they have collected from your use of their services.
Zapier collects your name, email address, employer, job title, and telephone number from Facebook and/or LinkedIn when you download materials or sign up for newsletters, courses, and events. These data are then forwarded to ActiveCampaign and Dynamics 365.
When you visit cfl.dk, your visit will be registered at ActiveCampaign so that we can generate statistics and enhance our website, measure the impact of our marketing, and in order to tailor advertisements to you.
When you actively disclose information/give your consent on one of our websites, we can then contact you as part of our marketing.
When you opt to receive our e-newsletters, ActiveCampaign register information about how you interact with each e-newsletter. This includes whether you access email addresses or click hyperlinks. We do this in order to measure the impact of our marketing and to enhance your user experience by sending you relevant communications. You may withdraw your consent at any time by unsubscribing from the newsletter by clicking the link at the bottom of each newsletter.
2. Personal data
2.1 What are personal data?
These are the personal, user-related details CfL asks you to provide when you subscribe to newsletters or enter competitions, etc. These data are mainly your name, job title, employer/organisation, phone number and email address, but may also include information such as your purchasing history, interests, etc. Disclosure of any other information when making a purchase or signing up for a service is voluntary on your part.
2.2 What do we use personal data for?
The personal data we collect from you when you create a profile on CfL’s digital platforms are mainly used for fulfilling your purchase or providing the service CfL collected the data for. Those data are also used for getting to know more about you. This purpose may include surveys and analyses aimed at enhancing our products, services and technologies, and displaying content tailored to your interests.
These data are only forwarded to a third party in the case of courses held at a sub-supplier’s premises.
If you have consented to receive direct marketing featuring news and offers, etc., we can also use the data we collect to target the marketing you receive by phone, letter or digital media.
2.3 Privacy protection
According to the Danish Data Protection Act, your personal data must be stored securely and confidentially.
2.4 Retention period
Your data are retained for the period of time permitted by Danish legislation, and we delete them when they are no longer strictly necessary. The retention period depends on the nature of the data and the purpose of retaining it. This means it is not possible to indicate a standard timeframe within which your data will be deleted. In the case of job applications, we retain applications and data for up to 12 months.
2.5 Data transfer
Data on your use of the website, which advertisements you receive and click on, your geographical location, gender, and age-group, etc. are transferred to third parties if such data are known. You can see which third parties are involved in the ‘Cookies’ section above. The data are used for targeted advertising.
We also use a number of third parties for data storage and processing. These third parties process data solely on our behalf and are not permitted to use them for their own purposes.
Your personal data, such as your name and email address, will only be transferred to third parties with your consent. We only use processors in the EU or in countries where we can provide adequate protection for your data.
2.6 Access and objections
You have the right to be informed regarding which of your personal data we process. You have the right at any time to object to use of your data. You have the right to revoke your consent to processing of your data. You have the right to request the rectification or erasure of your data retained for processing. If you wish to exercise these rights, please write to us at firstname.lastname@example.org. If you wish to complain about our processing of your personal data, you can also contact the Danish Data Protection Agency.
2.7 Changes to personal data processing
The rapidly evolving internet means that changes in how we process personal data may be necessary. We therefore reserve the right to update and amend the present Privacy Notice and its policies on personal data processing. If we do so, we will as standard amend the ‘last updated’ date at the bottom of the page. In the event of substantive changes, we will notify you by posting an easily visible notice on our website.
3. HR Legal Hotline
All contact with our HR Legal Hotline is recorded by the legal adviser who answers the call or email. The call or email will be recorded against the name of the organisation or of the employee of that organisation who made such contact and under a keyword describing the topic of the call or email.
No personal data will be recorded for the employee(s) of the organisation that is/are the subject of the call or email.
The record is made solely in the interests of CfL’s advisory accountability and for statistical purposes.
4. Data security and ethics in the use of CfL’s personality tests
CfL and the individuals who make use of our tests have a duty to comply with a number of rules and guidelines concerning personal data processing and concerning the ethics of using personality tests in an employment context. As a testee, the Danish Data Protection Act accords you certain rights, including the following:
- Your test result shall be kept confidential and may be disclosed solely with your consent.
- Your test result may not be retained beyond a defined period of time.
- You have the right at any time to demand the erasure of your test result.
CfL (formerly Dansk Management Forum) in association with a number of other test providers and interest groups has additionally laid down a number of quality requirements concerning professional personality screening in public- and private-sector undertakings. These quality requirements incorporate the Ethical Code of the Danish Psychological Association on the use of testing in employment contexts and pertain to both the quality of the testing instrument itself and the fairness of test feedback and interpretation/use of your test results. They require, for example, that:
- you must be informed explicitly of the content of what is reported to other parties from your test result, and how such onward reporting is performed.
- you must be informed of the consequences of declining to undergo testing before you decide if you wish to take the test.
- the test result is to be regarded as a set of hypotheses forming a basis for further pre-employment screening, and any decisions or advice must never be based solely on your test result.
- the individual who gives you feedback on the results of your test shall communicate with respect for you and any other parties involved.
- oral and written onward reporting of test results and on the content of a test feedback session must solely comprise information of relevance to the purpose served by the test taken.
- the choice of test shall be commensurate with the purpose of the test, and the test administrator shall be fully familiar with the test, including its strengths and weaknesses.
- documentation of the validity of the test used must be available, and your test results must be assessed on the basis of benchmarking against the test results of a relevant group.
Everyone holding the right to use CfL’s personality tests has been trained and examined in use of the tests by CfL and has gained their user licence subject to their compliance with the above-stated guidelines. With regard to requirements for the quality of the testing instrument, CfL performs continuous audit and documentation of the validity of the tests and procures an updated scoring benchmark for individual test results. The testing instrument’s quality in these areas is of mutual interest to you as the testee and to the test administrator: a high standard counteracts flawed interpretation or arbitrary assessment of your test results.
To familiarise yourself with the full wording of the Danish Personal Data Act and the quality requirements for psychometric testing endorsed by CfL, you can follow the links below. If you continue reading this page, CfL will elaborate on confidentiality principles and retention of your test responses, and will provide answers to frequently asked questions from testees concerning terms and conditions of testing.
The Danish Data Protection Agency (the Danish Data Processing Act is published on its website) and the VPP - Knowledge Center for Professional Personal Assessment website at www.personvurdering.dk (ethical principles and quality requirements)
4.1 How long will my data be retained?
Your name and contact details will be erased automatically from the system database 4 months after your sign-in. The organisation that conducts the test will from that time on no longer have access to calling your data or your test results up in the system. If the test organisation prints out reports and retains them for subsequent use, the responsible test administrator must notify you of how long those hard copies will be retained before they are destroyed. As the test results have time-limited validity, there will rarely be any legitimate interest in retaining your test results for more than 6 months. Please note also that you have the right at any time to request erasure of your test results, regardless of whether they are in hard-copy or digital format. If you would like to have your test results erased, you must contact the test administrator.
4.2 Who has access to my test results?
The only individual who automatically has access to your personal test results in the system is the person who administrated your test, and who emailed you your username and password.
The system permits the test administrator to allow one or more users of the system to view your test results, e.g. if the test is conducted jointly by several individuals, or if the original test administrator is prevented from giving you feedback on your test results and has to transfer that process to a colleague.
Print-outs from the system are subject to the same rules for retention and confidentiality as are digital data. Access is limited to trusted staff, and your test results must be kept under lock and key.
The confidentiality of your test results, i.e. which individuals/organisations have access to your test results, which individuals are notified of them and the extent of such access and notification shall in every instance be notified to you in detail by the administrator of your test. Any subsequent disclosures concerning you to individuals or organisations not originally notified to you may only be made subject to your prior consent.
Responsibility for compliance with the legislation on confidentiality and retention as regards authorised access to and printing of test results is lodged with the individual(s) and organisations(s) administrating your testing and feedback. Any non-compliance will have consequences for the test users right to use CfL personality tests and is appealable to the Danish Data Protection Agency.
4.3 How is digital access to my test results protected?
It is CfL’s responsibility to put in place safeguards to protect access to data as regards digital retention in our data system. CfL shall put in place security measures to ensure that only authorised individuals can gain access to the system, and that two-way communication between your computer and the system server cannot be intercepted by any third party. The system is protected by passwords at all access points so as to ensure full control of who has access to what, and to what extent.
As an additional safeguard, all communication between the system and your computer is encrypted. The encryption is by SSL (Secure Sockets Layer), symbolised by a padlock icon in the bottom right-hand corner of your browser. SSL encryption ensures that the data sent to and from your computer and the CfL server are garbled for anyone who might intercept the communication transmitted between your computer and the CfL server. It also ensures that messages you receive from our server are not coming from a third party. This means that you can trust that it is actually CfL’s website you sign into, and that your data do not end up in the wrong hands.
SSL encryption is available in different strengths. CfL uses an encryption strength (256-bit) currently regarded as virtually unbreakable. If you are using a very old browser version, it may only support a weaker encryption standard (128-bit), but this also meets the Danish Data Protection Agency’s requirements for the type of data operated with in this system. Nonetheless, if you are using an old browser, you should consider upgrading to a more recent version, as a high level of security will also benefit you in other contexts.
4.4 I have to give my consent for my test responses to be used in CfL statistics. What will CfL use these for, and which data will actually be used for statistical purposes?
When you take a test, your test responses will be transmitted to CfL’s statistical database. All the responses you provide in taking the test – apart from your name, username, password and contact details – will be stored in this database. This means your gender, age, level of educational attainment, job title (optional), job grade, etc. These data are used for obtaining an average for different population groups and are necessary for our efforts to assure the quality of the tests and for their further development. There is no means of identifying you personally in this database, and the database is accessible only to individuals within CfL whose job it is to assure the quality of the test for statistical purposes. As the data held in this database are only held in anonymised form, it is not possible to specify erasure of responses made by an identified person, and unlike your personal test responses, we are therefore unable to revoke your test responses from our statistics once you have submitted your test.
4.5 List of CfL’s test-instrument sub-processors
- CfL Leadership Focus Profile (LFP)
- CfL Personality Focus Profile – 12 Factor (BTB),
- CfL Personality Focus Profile – 6 Factor (OTS)
- CfL Ability Focus Profiles (EFP)
- The operating server and backup server are operated by Scannet A/S, Birkemose Allé 1, 6000 Kolding, Denmark.
- Jungian Type Index (JTI)
- The operating server is located at Hetzner Online AG in Germany. The backup server is operated by Amazon S3 Ireland.
- Decision Dynamics Career Model
- Decision Dynamics Decision Styles
- The operating server and backup server are operated by Decision Dynamics in Lund, Sweden.
- Connector Ability 2.1
- Reflector BigFive 2.1
- Sub-processor: Cortal Danmark/PI C0mpany
- The operating server and backup server are operated by Rackspace in the UK.
- Leadership Equity Assessment (LEA) survey instrument
- The sub-processor is Falkenberg & Lynggaard in Aarhus, Denmark
- The operating server and back-up server are operated by Persona Global Sausalito CA, USA
- The operating server and backup server are located in the USA.
- Persona Global is covered by the EU Privacy Shield
- SLX identification of leadership style
- Sub-processor: Blanchard International Group, San Diego CA, USA
- The operating server and backup server are operated by Learnifier/Dabox and are located in Sweden
5. Privacy protection in connection with network meetings
Images: At some network meetings, situational photos may be taken. These images will be posted on the network’s online platform, where the network participants can view what happened at the meetings. Only network participants, and the network adviser and administrative assistant have access to these images. A network participant wishing to use a situational image in their own organisation/other context, must obtain the consent of the network to do so. You can at any time demand erasure of images featuring your likeness by contacting email@example.com
Request for Participation (RFP): If you apply to be accepted into a network, you must do so by means of request for participation (RFP) (Danish: høringstekst) sent out to the other participants on the network’s online platform. The RFP is a presentation of you, written by you. The purpose of the RFP is to allow the existing network members to ascertain if your profile is a good fit for the network. Once the RFP consultation deadline has expired, your RFP will be erased and will no longer be accessible. In case of any objection to your joining the network, you will be notified of this by the network’s adviser.
If you would like to access to the data CfL has registered concerning you, please email firstname.lastname@example.org or call +45 70 23 00 22. If we have incorrect data on you, or you have other objections, please use the same contact details. You have the right to be informed of the information registered concerning you, and to object to such registration in accordance with the rules in the Danish Data Protection Act.
Folke Bernadottes Allé 45
DK-2100 Copenhagen Ø
T: +45 7023 0022
Last updated 6 June 2020