Data Protection
As the data controller, the Faroese Board of Appeal is responsible for ensuring that all processing of personal data complies with the Data Protection Act (i.e., Parliamentary Act no. 80 from 2020 on the protection of personal data).
When does the Faroese Board of Appeal process personal data?
In its daily operations, the Faroese Board of Appeal processes personal data. This mainly takes place in connection with the institution's core activities, which involve handling complaints, but also in relation to matters such as personnel issues, recruitment, and inquiries directed to the institution.
In most cases, the processing involves the registration, storage, and disclosure of personal data. The data typically consists of basic contact information such as name, address, email, and similar details.
In relation to specific cases, such as appeals, child protection issues, and applications for debt restructuring, the Faroese Board of Appeal may also process sensitive personal data.
Purpose of processing personal data
The core task of the Faroese Board of Appeal is to handle complaints regarding decisions made by public authorities.
The Board also processes applications for debt restructuring and child protection cases. In these cases, the objective is likewise to ensure that the cases are sufficiently informed so that decisions can be made on a fully informed basis.
The specific information relevant to a given case varies greatly, depending on the subject area and the nature of the case.
As a general rule, the Faroese Board of Appeal ensures that all processing of personal data serves a clearly defined and specifically authorized purpose.
Legal basis for processing
The Faroese Board of Appeal processes personal data in connection with its role of handling complaints and related matters. One of its tasks is to ensure that cases are well-documented so that decisions can be made based on a fully informed basis.
The legal basis for such processing is § 8, subsection 1, items 3 and 5, and § 12, subsection 1, item 2 of the Data Protection Act.
In some cases, the Faroese Board of Appeal also processes personal data based on consent – for example, in relation to job applications or applications for debt restructuring. This processing is authorized under § 8, subsection 1, item 1 and § 12, subsection 1, item 1 of the Data Protection Act.
Disclosure of personal data
The Faroese Board of Appeal carries out various tasks as mandated by different laws applying to specific subject areas. The institution is also subject to obligations under the Administrative Procedure Act, particularly in relation to the handling of appeal cases.
In the course of case handling, it may be necessary to share personal data with other authorities or with parties involved in the case, for example, in connection with the right to be heard. When the Faroese Board of Appeal discloses personal data – e.g., as part of a consultation procedure – a specific assessment is always made regarding which data is necessary to disclose based on the particular purpose.
In most cases, this involves sharing data between a public authority and a citizen – typically data that the parties are already familiar with from the original proceedings that led to the appeal.
The Faroese Board of Appeal is also subject to the law on public access to documents and the rules on parties' access to documents under the Administrative Procedure Act. This may require the disclosure of personal data.
The Faroese Board of Appeal does not use data processors located abroad and, as a general rule, does not transfer personal data to foreign countries or third countries unless specifically authorized in relation to a case being handled by the institution.
Retention of personal data
The Faroese Board of Appeal is required to retain personal data in a way that prevents the identification of individuals for longer than necessary, with respect to the purpose of the processing.
As a public authority, the Board records correspondence and received information according to applicable regulations and guidelines concerning data retention periods.
Cases handled by the Faroese Board of Appeal are transferred to the National Archives in accordance with the Archival Act.
Job applications are deleted one year after a decision has been made in the case.
Rights of the data subject
The Data Protection Act provides data subjects with several rights, which are described in Chapter 4 of the Act.
These rights include:
The right to information (§§ 23–25)
The right of access (§ 26)
The right to rectification (§ 27)
The right to erasure (§ 28)
The right to restriction of processing (§ 29)
The right to data portability (§ 31)
The right to object (§§ 32–34)
The right not to be subject to decisions based solely on automated processing
These rights are not absolute and depend on the specific case and the nature of the request.
More information about the rights of data subjects and data protection in general can be found on the website of the Data Protection Authority: www.dat.fo.
Complaint to the Data Protection Authority
Data subjects may file a complaint with the Data Protection Authority regarding the processing of personal data, pursuant to § 76 of the Data Protection Act.
More information about the Data Protection Authority can be found at: www.dat.fo.
Data Protection Officer
If you have questions about the processing of personal data at the Faroese Board of Appeal, you can contact the institution’s Data Protection Officer.
Send an email with the subject line
“Attn: Data Protection Officer”
to the following address: fks@fks.fo