Guidelines for sitecore editors in relation to the handling of personal data

Websites created in DTU's sitecore solution use various cookies for statistics and information dissemination. For these cookies, data processing agreements have been entered into with relevant parties to ensure that DTU complies with GDPR rules.

In addition to cookies, editors have the option of creating forms (including newsletter subscriptions) that collect personal data from users. All data collected via such forms must be done via an encrypted connection (https). This is activated by the editor on the individual form page, where you can mark that https is enforced.

Data from forms may only be used for the purpose specified on the form page and data must be deleted as soon as it is no longer required. Always state on the form page how long data is stored and for what purpose. There must be clear contact information if the user wishes to withdraw information provided via the form.

As an editor, you must also be careful not to introduce content, features or services without being sure that they are compliant with the GDPR. This means, for example

• Not placing files in the media library that contain personal data
• Only using images with people that are approved for website use (e.g. use DTU's image database "Skyfish" or commercial image services)
• Do not add code to your website that discloses user information to third parties without a data processing agreement.

Sitecore allows you as an editor to present personal data in templates that pull data from, among others, DTUbasen and DTU Orbit. This data processing is covered by the data sets prepared centrally in the administration and therefore does not need to be handled locally.

If the website you are responsible for complies with the guidelines, it is recommended that you copy the link to "use of personal data" in the footer on DTU.dk.