Privacy policy
Privacy policy for Health Group
This Privacy Policy describes how Health Group collects, uses, stores and protects your personal information in accordance with applicable laws and regulations, including the European General Data Protection Regulation (GDPR).
We encourage you to read this policy carefully so that you understand how we process your personal data and what rights you have in this regard. We want to be open and transparent about our practices so that you feel comfortable interacting with us.
Types of information
Health Group is dedicated to ensuring that your personal information is processed in a responsible manner. We only collect the information necessary to provide our services to you, and we only use this information in accordance with the purpose for which it was collected. Your personal data will either be provided by yourself or by your employer in connection with the start of a course.
Depending on whether you are a customer or a website visitor, Health Group processes a range of information about you. This information is always collected with your consent and is typically
As a website visitor
- A unique ID and technical information about your computer, tablet or mobile phone,
- Geographical area
- Which pages you click on (interests)
When using Health Group's online contact form
Health Group uses Weply to manage our online chat service. Weply's privacy policy can be accessed in the contact form field.
- Company and number of employees
- Personal data: Email and phone number, address if applicable
As a contact person at a business partner
- Personal data: Name, email, phone
As a user for health screening, health checks and health surveillance
- Personal data: Full name, email address, gender, date of birth, department and phone number if applicable.
- Sensitive personal data: Height, age, weight, cholesterol, long-term blood sugar, waist circumference, triglyceride, fitness level, possible hearing/vision test, and physical and mental health information provided through the screening.
When purchasing medical emergency response
- Personal data: Full name, email address, gender, date of birth, and possibly department and phone number
- Sensitive personal data: Information about physical and mental health as indicated by screening and any previously completed physical health checks
As a user for Company Fitness and online training (only for self-paid memberships or class bookings)
- Personal data: Full name and email address and phone number (if applicable)
As a user at APV and well-being survey
- Personal data: Name, gender, phone number, email address, date of birth, department
- Sensitive personal data: Information about physical and mental health provided via the questionnaire
As a user for Combination Therapy, Psychomotor Therapy and Corporate Massage
- Personal data: Full name and email address and phone number (if applicable)
- Sensitive personal data: Health information of various kinds depending on what is provided for the consultation(s)
Recipients of information and disclosure of information
To a limited extent, Health Group uses external suppliers to process personal data on our behalf. In these cases, data processing agreements are entered into with the suppliers to ensure that the data is processed in accordance with applicable data protection law.
In some cases, Health Group will provide your employer with your name, email and registration for a given activity. This may be necessary in connection with invoicing. With the exception of the above, your personal data will not be shared with your employer, insurance companies, government agencies, or other third parties without your explicit consent.
Transfer to third countries, including international organizations
Health Group does not transfer personal data to third countries.
How long do we keep your data?
Health Group generally stores personal data for as long as there is an active relationship between Health Group and you, where it is in your interest that Health Group processes the data. Data is erased/anonymized when this relationship ends. Deletion only takes place to the extent that Health Group does not have a legal basis or other objective reason to store the data for longer than this (e.g. other rules apply to record keeping).
Health Group also has a number of specific deletion procedures associated with our health platform DigiHealth, which are described here:
- Users always have the option to delete data/reports themselves
- Users always have the option to delete their entire profile
- User where company has no history, data is deleted after 30 days
- Inactive users will have their data deleted after 26 months of inactivity. The user is notified 1 month before
If the company's agreement with Health Group ends, the user's data will be deleted
Purpose and objectives
Health Group processes your personal data for the following purposes:
- Processing your inquiry to us if you send us an email or contact us through the website.
- Processing of your visit to the Health Group website. See Health Group's cookie information: Link: Cookie and Personal Data Policy (GDPR).
- Administration of Health Group's collaboration if you are the contact person for a partner.
- Managing the relationship between you and Health Group if you use our services.
The legal basis for Health Group's processing is the following general legal grounds.
- General information from your website visit or your inquiry is processed on the basis of Article 6(1)(f) of the General Data Protection Regulation (the balancing of interests rule). It is Health Group's assessment that Health Group's interest in collecting, processing and disclosing information about you does not exceed your interest in the opposite. Consent is used if Health Group collects other than functional cookies on the website.
- General information in relation to our services and if you are a business partner is processed on the basis of Article 6(1)(b) of the General Data Protection Regulation; Processing for the purpose of fulfilling a contract (contractual relationship).
- When you use a selection of Health Group's services, Health Group also processes a number of sensitive and confidential data about you. In the case of contact with authorized healthcare professionals, the processing of this information will be based on a legal basis in the Journal Entry Order (BEK no. 1225). In other cases (health checks/health screening/APV ), your explicit consent is required, cf. Article 9(2)(a) of the Regulation. You will automatically be asked for consent in the relevant contexts.
The role of Health Groups:
Under GDPR, it is important to identify and clarify the roles of either data controller, data processor or joint controller, especially when it comes to processing personal data. You can read more about what role Health Group has in relation to the individual services we provide via this link.
Your rights
All data subjects are guaranteed the following rights under applicable law:
1. the right to receive information about the processing of your personal data (duty of disclosure):
You have the right to know who the data controller is, what the purpose of the processing is and who receives/processes the data .
This Personal Data Policy generally contains all of this information
2. The right of access to your personal data (right of access):
You can request to know what data Health Group processes and, if applicable, a transcript or copy of the collected data
3. The right to have inaccurate personal data rectified (the right to rectification):
If you believe that information Health Group holds about you is incorrect, inaccurate or incomplete, you can ask to have the information rectified
4. The right to have your personal data erased (the right to be forgotten):
If you believe that the information Health Group has about you is not necessary in relation to the purpose for which it was originally collected, you can ask to have the information erased. Please note, however, that we have a duty and right to retain certain personal data in order to comply with legal requirements
5. The right to move your personal data (data portability):
You have the right to receive data about yourself in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another company
6. The right to object:
You have the right to object to personal data being used for e.g. direct marketing and profiling. However, we do not use profiling and any marketing will always be linked to explicit consent.
Contact in relation to exercising rights
As a customer/partner, you can contact Health Group at any time by e-mail info@healthgroup.dk if you have questions about how Health Group processes data or wish to exercise your rights in relation to the processing of your personal data and/or withdraw your consent.
When contacting Health Group regarding one of the above points (access, correction, deletion, etc.), Health Group guarantees that you will receive a clarification of the request within one month of receipt. If, for example, you ask for your data to be corrected or deleted, we will normally examine whether all conditions are met, including whether there is a legal basis for continued processing of data. If we assess that the objection is justified, Health Group will ensure that the request is granted.
Complaints guide
Complaints about Health Group's processing of personal data, objections and questions regarding personal data policy should be directed to Health Group at: info@healthgroup.dk
You can complain about Health Group's processing of your data by contacting the Danish Data Protection Agency. The Danish Data Protection Agency's contact information can be found at www.datatilsynet.dk.
In the event of a data breach, Health Group is obliged to notify the Danish Data Protection Agency as soon as possible and within 72 hours at the latest.
We encourage you to contact us if you have any questions or concerns regarding our processing of your personal data. You can find the contact details at the bottom of this policy.
Safety and security
Health Group ensures that personal data is stored securely. Health Group's security measures are divided into organizational and technical measures. The organizational security measures mean that only Health Group's trusted personnel with a legitimate purpose have access to your personal data. Health Group's staff are regularly guided and instructed on data security, including how to process and protect the data. Health Group also keeps a record of Health Group's data processing activities, which are subject to the supervision of the Danish Data Protection Agency.
The technical security measures relate to Health Group's use of IT systems for registration and administration. Health Group's data is placed safely and securely in a Danish data center that has the necessary level of protection in accordance with applicable rules.
Health Group's internal IT systems (PCs, etc.) are protected with passwords, updated antivirus software and firewall, two factor authentication (2FA) and physical material is kept locked. When destroying or repairing IT equipment, IT equipment is disposed of responsibly so that your personal data cannot come to the attention of unauthorized persons.
Our D-mark and ISO 9001:2015 certification ensures that our internal processes and procedures are audited annually and that your data is always safe with us.
Contact us for more information about our security measures.
Thank you for choosing Health Group as your business partner. We look forward to serving you with care and respect for your privacy.
Contact details of the data/IT manager at Health Group:
Asta Rude Riis
asr@healthgroup.dk
61404842