PROCESSING OF PERSONAL DATA​

​

At Apex, we prioritise the protection of your personal data. In this privacy policy, we explain how we collect, process and protect the personal data you share with us in connection with the following activities:

• When you book a consultation

• As a patient at Apex (applies to both Apex Health and Apex Aesthetics)

• As a subscriber to our newsletters

• As a visitor to our website

• When you participate in training programmes, courses, events or similar 

• As a job seeker 

​

WHEN YOU BOOK A CONSULTATION

Purpose and legal basis
When you book a consultation with us – either via our website, by telephone or in person at the clinic – we register basic information such as your name, address, telephone number, e-mail address, CPR number and login details for your customer profile.

​

We use your information to create and manage your booking and to contact you if necessary prior to a consultation. Your CPR number is used solely for unique identification and to comply with legislation, including in relation to record keeping, cf. the Executive Order on Health Professionals' Records (the Journaling Regulation). The login details enable you to access and edit your customer profile.

 

​The legal basis for the processing of your information is Article 6(1)(f) of the General Data Protection Regulation (GDPR) and is based on our legitimate interest in offering you a secure and accurate booking experience, including the ability to communicate with you in connection with a planned consultation and to ensure that your information is up to date. With regard to our processing of your CPR number, the legal basis for the processing is Section 11(2)(1) of the Data Protection Act.​

Transfer of personal data​

Your data will be transferred with our IT supplier, Gecko ApS, CVR no. 29517096, which, as a data processor, helps us to operate our booking and record-keeping system. We have entered into a data processing agreement with Gecko ApS.

Storage​

As a rule, we store personal data relating to consultation bookings for three years. However, please note that personal data in medical records is stored at for a minimum of 10 years after the last record entry or longer, if relevant, including, for example, in connection with a complaint case, in which case the information will be stored until the case is finally closed.

Your rights​​

You can find more information about your rights and options for complaint at the bottom of this page.

 

 

​AS A PATIENT AT APEX (APPLIES TO BOTH APEX HEALTH AND APEX AESTHETICS) ​

Purpose and legal basis

As a patient at Apex, whether under "Apex Health" (general healthcare services) or "Apex Aesthetics" (cosmetic treatments), we may collect and process the following types of personal data about you (to the extent relevant to you):

General categories of personal data such as name, address, telephone number, email, date of birth, CPR number, gender, family relationships, social relationships, position, work relationships and education.​

Special categories of personal data such as race or ethnic origin, religious beliefs, health information, sexual relationships or orientation, genetic data or biometric data, and information about criminal offences. 

​

The processing is carried out for the following purposes: 

• Examination, diagnosis and treatment of you

• Preparation of medical certificates and attestations

• Communication with or referral to other healthcare professionals

• Conducting video consultations

• Possible use of imaging material for diagnostic purposes

• Prescription of medication, including prescriptions

• Reporting to regions and the Health Data Authority

• Requesting laboratory tests

• Administration and billing

• Reporting of side effects

• Compliance with legislation and documentation requirements

• Investigation of security breaches and handling of complaints

• Statistics and scientific research

​

​​The legal basis for our processing of personal data for the purposes listed above is Article 6(1)(c) and (d) of the General Data Protection Regulation, Article 9(2)(b), (c) and (h) of the General Data Protection Regulation, and Section 11(2)(1) of the Danish Data Protection Act. ​​

​

In addition, we are obliged to process a range of personal data about you in connection with ordinary patient treatment pursuant to (i) Chapter 6 of the Danish Authorisation Act (Patient Records), (ii) the Executive Order on Health Professionals' Records (the Journaling Regulation), (iii) Chapter 9 of the Danish Health Act (Confidentiality, disclosure and collection of health information, etc.), cf. Article 6(1)(c) and Article 9(2)(b) of the General Data Protection Regulation, and (iv) the Executive Order on Cosmetic Treatment. ​

 

Sources ​

In some cases, we collect personal data about you from other healthcare professionals or electronic medical record systems.

​

Voluntary

When we collect personal data directly from you, you provide the personal data voluntarily. You are not obliged to provide us with this personal data. However, the consequence of not providing us with the personal data may be that we will not be able to fulfil the above purposes, including that in some cases we will not be able to examine, diagnose or treat you.

If the processing of your personal data is based on consent, you have the right to withdraw your consent. If you withdraw your consent, this will not affect the processing prior to the withdrawal of consent, including any transfer based on consent.

​

Transfer of personal data

Your personal data may be transferred to the following, in accordance with applicable law: 

• Other healthcare professionals

• Clinical quality databases

• Public authorities (the Danish Patient Safety Authority, the Danish Health Data Authority, the Danish Medicines Agency), the police, courts, social authorities and the Danish Labour Market Insurance Authority to the extent that there is an obligation to do so under applicable law

• Regional settlement offices

• Joint Medication Card (FMK)

• Insurance companies and relatives (with consent)

​

​In addition, personal data is shared with our IT supplier, Gecko ApS, CVR no. 29517096, which, as a data processor, helps us to operate our patient and medical record systems. We have entered into a data processing agreement with Gecko ApS. 

Storage​

Personal data is stored for as long as we need it to fulfil the purposes stated above. However, in accordance with section 35 of the Executive Order on Health Professionals' Records (the Journaling Regulation), we are obliged to store patient records for at least 10 years after the last entry in the patient record. There may be cases where we are required to store your personal data for a longer period of time, e.g. in connection with a complaint or compensation case, in which case the information will be stored until the case is finally concluded. 

Your rights​

You can find more information about your rights and options for complaint at the bottom of this page.​​​

​

AS A SUBSCRIBER TO OUR NEWSLETTERS 

​

Purpose and legal basis
If you sign up for our newsletter, we will register and process personal data in the form of your name, address, telephone number, email address and, where applicable, information about your previous purchases or interests. We use personal data to send you relevant offers and invitations, further develop and improve our newsletters, and compile statistics on the use of the newsletter.

The processing is carried out with your consent in accordance with Section 10 of the Marketing Practices Act and Article 6(1)(a) of the General Data Protection Regulation. 

Transfer

Your data will be transferred to our IT suppliers, who help us operate our IT systems. We have entered into data processing agreements with all IT suppliers. 

Storage

We store your personal data until you withdraw your consent.

 

You can unsubscribe from newsletters, invitations and similar communications at any time. You can do this either by using the unsubscribe link at the bottom of the newsletters sent to you or via our contact details below.

 

Upon confirmed unsubscription, or if you have not confirmed your subscription, we will store your personal data for up to seven days.

 

Dine rettigheder

Du kan finde mere information om dine rettigheder og klagemuligheder nederst på denne side.

​

AS A VISITOR TO OUR WEBSITE OR SOCIAL MEDIA

Purpose and legal basis
When you visit our website or social media, please be aware that we may process personal data about your IP address and your behaviour on our website and/or social media, including in the form of cookies, likes, comments, etc. In our cookie policy below, you can find more information about our use of cookies and how to delete or disable them.

The purpose is to optimise your visit to our website, including ensuring functionality, generating statistics on the use of the website, remembering your preferences for future visits to our website (e.g. choice of language) and optimising advertising initiatives on our social media platforms.

Our legal basis for processing your IP address is our legitimate interest in generating useful and accurate statistics on the use of our website, optimising the operation of our website, and marketing our services on our social media platforms. The legal basis is therefore Article 6(1)(f) of the General Data Protection Regulation.

In addition, the legal basis for the placement of other cookies, including cookies that are not necessary for the functioning of the website, is your consent, cf. Article 6(1)(a) of the General Data Protection Regulation. You can revoke or change your consent to cookies at any time. 

 

Transfer
Your data is transferred to our IT suppliers, who help us operate our IT systems. We have entered into data processing agreements with all IT suppliers. 

 

Storage
We store your personal data until you withdraw your consent.

​

You may unsubscribe from newsletters, invitations and similar communications at any time. You can do this either by using the unsubscribe link at the bottom of the newsletters sent to you or via our contact details below.

​

Upon confirmed unsubscription, or if you have not confirmed your subscription, we will store your personal data for up to seven days.

 

Your rights

You can find more information about your rights and options for complaint at the bottom of this page.​

WHEN YOU PARTICIPATE IN TRAINING COURSES, EVENTS OR SIMILAR

Purpose and legal basis
When you participate in training programmes, courses, events or similar activities, including via Apex Academy, we register your name, address, e-mail and telephone number.
The purpose of processing this information is to manage participants, ensure an overview of the number of participants, and to be able to communicate with you before, during, and after events or training courses.
The processing of your personal data is based on Article 6(1)(f) of the General Data Protection Regulation, as we have a legitimate interest in being able to plan and hold events and communicate with participants. For training courses, the legal basis will also be Article 6(1)(c) of the General Data Protection Regulation, as the processing is necessary to fulfil our contractual obligations to you as a participant.

Transfer
Your data will be transferred to our IT suppliers, who help us operate our IT systems so that we can administratively manage and run events and training courses. We have entered into data processing agreements with all IT suppliers.

Storage​

We store your personal data for as long as necessary for the purposes described – typically until the event/training course has ended, unless we need to store it for longer, for example to handle a legal claim or comply with applicable legislation, including accounting rules, in which case we are obliged to store information for 5 years from the end of the financial year to which the information relates. 

​

AS A JOB SEEKER

Purpose and legal basis
When you apply for a position with us, we collect and process personal data about you as an applicant, including, for example, your name, address, telephone number, email address, current job title, photo, CV, application and other attachments, and store this data in case a position becomes available at a later date.

As a rule, we only process general personal data and do not wish to receive personal data that is not necessary for recruitment purposes, nor personal data within the special categories, including information about race, political beliefs, trade union membership, etc. 

The legal basis for our processing of personal data in connection with recruitment is the pursuit of our legitimate interests, including managing the recruitment process, evaluating applicants and hiring the most suitable candidate, cf. Article 6(1)(f) of the General Data Protection Regulation. 

If we obtain references from previous employers, we do so only on the basis of your prior consent, cf. Article 6(1)(a) of the General Data Protection Regulation. 
If we offer you a position, our processing of personal data is also necessary for the conclusion of the employment contract, and the processing is therefore based on Article 6(1)(b) of the General Data Protection Regulation. 

​

​The processing of personal data relating to (potential) criminal offences is based on Section 8(3)-(5) of the Data Protection Act if it is necessary to safeguard a legitimate interest, including in relation to crime prevention and the protection of Apex and patients. Alternatively, the information is processed if it is necessary to establish, assert or defend a legal claim, or if you have given your explicit consent. Criminal records are processed on the basis of Apex's legitimate interest in protecting its own and patients' assets and information, cf. Article 6(1)(f) of the Data Protection Regulation. 

​

​As a rule, Apex does not process special categories of personal data unless you provide this information yourself, e.g. in your application or CV. In such cases, the processing is carried out in accordance with Article 9(2)(b) or Article 9(2)(f) of the General Data Protection Regulation and Article 6(1)(c) or Article 6(1)(f) and/or Section 12 of the Danish Data Protection Act.

Sources 
As a rule, personal data is provided by you via your application, CV or other material that you share with us. 

In some cases, we may process personal data about you collected from third parties, including public databases, via LinkedIn or other social media, and in certain cases we may obtain and process references from previous employers. 

If we offer you a job and deem it relevant and necessary in relation to the specific position we can offer you, we may ask you to obtain and present a criminal record certificate, which may contain information about criminal offences. 

Voluntary
When we collect personal data directly from you, you provide the personal data voluntarily. You are not obliged to provide us with this personal data. However, the consequence of not providing us with the personal data may be that we will not be able to fulfil the above purposes, including that in some cases we will not be able to process your application.

​

​If the processing of your personal data is based on consent, you have the right to withdraw your consent. If you withdraw your consent, this will not affect the processing prior to the withdrawal of consent, including any transfer based on consent.

Transfer
Your data will be transferred to our IT suppliers, who help us operate our IT systems. We have entered into data processing agreements with all IT suppliers. 

Storage​

We store your personal data for as long as necessary for the purposes described – typically until the position is filled and the recruitment process is completed, and as a rule for six months thereafter, unless we need to store it for longer, e.g. to handle a legal claim. Criminal records are deleted immediately after presentation. 

​

​If you are hired by Apex, your information will be transferred to your personnel file, but test results will be deleted no later than 6 months after the recruitment process. If your application is rejected, we will store your application and related material for up to 6 months, unless you withdraw your consent – in which case the information will be deleted as soon as possible thereafter.

Your obligation to provide us with certain information about your health
As a job applicant, you must, in accordance with Chapter III of the Health Information Act (Employee's duty to provide information), inform us if you suffer from or have symptoms of an illness that will have a significant impact on your ability to perform the job you are applying for.

If you are hired, we will need your name, address and CPR number for your employment contract, salary and tax purposes. If you do not provide us with the necessary information, we will not be able to offer you employment.

Your rights​

You can find more information about your rights and options for complaint at the bottom of this page.

​

YOUR RIGHTS AND OPTIONS FOR COMPLAINT​

​

Under the Data Protection Regulation, you have a number of rights in relation to our processing of information about you. 
If you wish to exercise your rights, please contact us.

Right to access information (right of access)
You have the right to access the information we process about you and a range of additional information.

Right to rectification (correction)
You have the right to have incorrect information about yourself corrected.

Right to erasure
In certain cases, you have the right to have information about you deleted before our regular general deletion takes place. 

​However, we must point out that your rights are limited by the legislation applicable to healthcare professionals, including, among other things, the Executive Order on Health Professionals' Records (the Journaling Regulation), which stipulates that patient records may not be deleted, but only corrected and supplemented.

Right to restriction of processing
In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we may only process the data in future – apart from storage – with your consent or for the purpose of establishing, exercising or defending legal claims, or to protect a person or important societal interests. In this context, it should be noted that archiving purposes are considered important societal interests.
 

Right to data portability
In certain cases, you have the right to receive your personal data and to request that the personal data be transferred from one data controller to another.

Right to object

In certain cases, you have the right to object to our otherwise lawful processing of your personal data.

You can read more about your rights on the Danish Data Protection Agency's website at www.datatilsynet.dk. 

Complaints

If you wish to complain about our processing of your personal data, you can contact the Danish Data Protection Agency, which is the authority in Denmark that supervises data protection.