Privacy Policy webshop
Privacy Policy – Copenhagen Medical A/S
Copenhagen Medical A/S (below referred to as "we" "our" "us") offers several different healthcare services as well as providing digital platforms, such as "MedicalMe", where users may opt for a personal user profile.
This privacy policy contains information about how we collect and process your personal data, in accordance with the rules of the General Data Protection Regulation (GDPR) and the Danish Data Protection Act.
- Data controller (data processing)
Copenhagen Medical A/S is data controller in regard to the processing of any personal data collected by us in connection with the use of our website, health services - including appointment booking -, sign up for Copenhagen Medical A/S news and offers or in using the MedicalMe app.
Copenhagen Medical A/S
Gammel Mønt 3A, 1st-2nd floor
DK-1117 Copenhagen K
Support phone: +45 70 40 42 42
Support Email: support@cphmed.com
Web: www.cphmed.com
- Contact
If you have any questions regarding our processing of your personal data, you are welcome to contact us by phone +45 70 40 42 42 or via e-mail at support@cphmed.com
- The purposes and legal basis for processing of personal data
We process your personal data with the following purposes:
- Registration and administration: your data is processed when delivering our app to you, including creating you as a user, managing your user, confirming your identity, etc.
- Identification: unique identification via your civil registration number (CPR) or a replacement civil registration number.
- Delivery of services and products: your data is processed when providing our healthcare services and in connection with any services and products you may choose to use.
- Improvement and development of our services and products: data will be used for quality assurance and development of our app, services, and products.
Legal reference
The processing of your personal data is based on Article 6(1)(a) of the General Data Protection Regulation.
If you have provided us with sensitive information, this will be processed in accordance with Article 9(1)(a). of the General Data Protection Regulation.
Processing of social security numbers is carried out for unique identification, cf. section 11(2)(2) of the Danish Data Protection cf. Article 7 of the General Data Protection Regulation.
To prevent vandalism, theft, etc. we use camera surveillance of e.g., entrance doors and reception areas in our Health centers. This is carried out with reference to the General Data Protection Regulation Article 6(1)(f), and section 8 of the Danish Data Protection Act, and within the framework of the Danish TV Surveillance Act.
- Types of information collected
Copenhagen Medical A/S collects, the following information, depending on the purpose, in connection with the use of our website, webshop or healthcare services, including booking appointments or sign up for Copenhagen Medical A/S news and offers:
Website, webshop and Cookies |
Health services, including appointments |
Marketing |
The first time you visit cphmed.com and checkout.cphmed.com, you will be greeted by a pop-up window where you must choose whether you want to accept or reject cookies.
Your choice of cookies only applies to the browser on the device with which you visit cphmed.com and checkout.cphmed.com.
You always have the option to view or change your choice of cookies by clicking on the link below. Read more about cookies below.
Webshop – when buying products
|
· First name and surname · Civil registration number (CPR number) · Phone number · Your e-mail · Regular General Practitioners (GP) “ydernummer” (identification number) · Your test results, cf. the Danish Act regarding patient records (journalføringsbekendtgørelsen). · Location, date and time of test or examination. This data is collected by Copenhagen Medical A/S in connection with statistics. · Health information · Your zip code
|
· First name and surname · Your e-mail · Phone number · Data relating to your previous purchases |
Copenhagen Medical A/S takes the necessary technical and organizational measures to ensure that data is processed safely and to avoid that information may be accessed by unauthorized persons, is misused, or otherwise processed in violation with the General Data Protection Regulation.
- Voluntariness
Copenhagen Medical A/S’ collection of personal information, related to the use of our website, receival of health services, or news and offers respectively presupposes voluntariness.
When we collect personal information directly from you, you provide it voluntarily. You are not obligated to provide your personal information to us. The consequence of not providing us with your personal information would be that we cannot accommodate to the purposes described above, thus not being able to the examine, diagnose, or treat you.
The use of the camera on your phone to scan a personal QR-code, that enables opening of a guide and registration of tests performed at Copenhagen Medical A/S health centres and at home furthermore presupposes voluntariness. It is to be mentioned that the QR-code is a unique code that is not stored on your phone. Your personal information is not collected, processed, and shared when using the camera on your phone.
- Your Rights
According to the General Data Protection Regulation, you have several rights that you may invoke in connection with our processing of your information:
- Right of access; You have the right to access the information we process about you and certain supplementary information
- Right to rectification (correction); You have the right to have any incorrect information about yourself corrected.
- Right to deletion; Under special circumstances, you have the right to have your personal data deleted before the time of our general deletion policy.
- Right to object; In certain cases, you have the right to object to our lawful processing of your personal data.
- Right of data portability; In certain cases, you have the right to retrieve a copy of your personal data, which you yourself have given to the data controller, in a structured, commonly used and machine-readable format and, in addition, the right to request that your personal data be transferred from one data controller to another.
You may read more about your rights as a data subject on the European Commission´s website.
If you want to make use of your rights, please contact Copenhagen Medical A/S.
However, there may be conditions or limitations to these rights, as Copenhagen Medical A/S is subject to requirements from other legislation which, among other things, regulate the obligation to keep patient records (journalføringspligt).
- Disclosure of personal data
In certain cases, Copenhagen Medical A/S may be obliged to transfer your personal data to public authorities.
Copenhagen Medical A/S is obliged to report your COVID-19 test results to Statens Serum Institut, i.e., MiBa database, from where they are transferred to Sundhed.dk, administered by the Danish Regions, the Ministry of Health, and the Local Government Denmark (KL).
Copenhagen Medical A/S reports and shares your information related to given vaccinations with the Shared Medication Record (FMK) and the Danish Vaccination Register (DVR), operated by the Danish Health Data Authority, to the extent that it is an obligation by law, according to current legislation.
In Denmark, there is both a clinical and a laboratory reporting system for positive gonorrhea results. Copenhagen Medical A/S must therefore submit clinical reports on positive gonorrhea samples to the Department of Infectious Disease Epidemiology and Prevention, Statens Serum Institut.
Please note that apart from the obligation to share COVID-19 test results, vaccinations and positive gonorrhea samples, Copenhagen Medical A/S does not share your personal data with any third parties, your regular General Practitioners (GP) or sundhed.dk, unless you yourself have granted us consent.
- Storage and deletion of personal data
We store your information for as long as we have a legitimate reason or legal obligation to do so. Your information is stored securely and confidentially in our IT systems, where access is limited to employees with legitimate relevance.
The specific time of deletion depends on the purpose of the collection.
When storage is no longer relevant (as per above), your personal data will be deleted or anonymized.
Storage of user information in MedicalMe
Copenhagen Medical A/S stores your user information for one year after your most recent use of MedicalMe, after which it is automatically deleted. However, this does not apply to data subject to the Danish Act regarding patient records (journalføringsbekendtgørelsen).
Storage of information in electronic patient record (EPR)
Please note that Copenhagen Medical A/S is obliged to store information about your completed tests and examinations in the electronic patient record for minimum 10 years, cf. section 35 of the Danish Act regarding patient records (journalføringsbekendtgørelsen).
- Complaints
If you wish to complain about Copenhagen Medical A/S' processing of your personal data, you may do so to the Danish Data Protection Agency (www.datatilsynet.dk). The Danish Data Protection Agency may be contacted at dt@datatilsynet.dk or by following their complaint instructions on their website.
You are always encouraged to contact us before filing any complaints. We would like the opportunity to answer any queries you may have about our processing of personal data and if possible, comply with your wishes if you believe that the processing should be carried out any differently.
- Changes to this privacy policy
We reserve the right to change this privacy policy in case of significant changes in legislation, new technical solutions, new or improved functions, to improve our digital platforms or in case there are changes in the way we process personal data.
The updated and relevant privacy policy is available on our website and in MedicalMe. In the event of significant changes, you will be notified.
Last updated: 01.12.2022