Nordic Netcare is committed to fulfill all obligations and requirements within the European regulation on the protection of personal data (GDPR)

In order for us to help you and for you to make the most of our services, we need you to entrust us with your personal data.

We consider your personal data a core value to be safeguarded, and it is important for us to respect and protect your privacy as best we can. We also wish for you to have full transparency and awareness with respect to the purposes and modalities we use when processing your data.

In order to ensure that you feel comfortable entrusting us with your personal data we hope you will read our privacy policy and contact us for any questions regarding the processing of your personal data.

You may also contact us if you wish to exercise any of your rights in respect of GDPR.

Please send us an email at:

gdpr@nordicnetcare.com

Or send it as regular mail at:

Att. Data Protection

Nordic Netcare

Dag Hammarskjölds Allé 13

2100 Copenhagen

Denmark

This privacy policy applies to any information obtained by Nordic Netcare through your use of our services.

Data Controller

Nordic Netcare is the data controller as defined by relevant data protection legislation. That means we both have control over your data and that we are responsible for keeping and using your personal data in paper or electronic form.

Personal data is defined as all information relating directly or indirectly to a person.

Personal data collected

We collect and process the following personal data (only when relevant for the specific services you require from Nordic Netcare)

Your personal data is not shared, sold or made public in any other ways than stated by this privacy policy.

Regular personal data

Special categories of personal data

Sources

Your personal data can be provided directly from you or from a third party assigned with the task to perform some activity concerning the management of our relationship with you.

This third party could be either a technical partner such as a Data Processor or a shared Data Controller (your insurance company) or it could be a service provider, such as a doctor or therapist.

The purpose and legal basis for obtaining and processing your personal data

We have contractual obligations with your insurance company or directly with your employer and we provide our services towards you accordingly.

We can not provide you with these services and activities without obtaining and processing your personal data but we will ensure that your personal data is only processed in a manner that is compatible with the purposes stated in this Privacy Policy.

Furthermore we will ensure that all processing of your personal data is compatible with all applicable and relevant laws, not least the European General Data Protection Regulation (GDPR)

User administration

To fulfill our obligations and provide you with our services we will often need to obtain health related information from you in order to match your individual needs to our range of services.

We use this information to ensure that you receive only relevant information and the best treatment possible and that we in general can offer you the best service possible.

We share your personal data with healthcare service providers of your own selection only and only if you agree to us sharing your data.

By default we restrict the personal and health related data we share with other healthcare professionals to an absolute minimum. We share only the data that is necessary for third parties to handle the administration required.

Statistics, analysis and reporting

Our it-systems are designed to pseudonymize and anonymize data by default as far as we possibly can when we process your personal data for research and analysis/reporting purposes.

This processing of personal data is necessary to fulfill our contractual obligations and for the pursuit of legitimate business interests.

We might share information based on our data analyses with the public to show general trends for our customers and users but this will not disclose or identify any one person.

Sharing your personal data

All data processing will only take place within the European Economic Area and we will not disclose your personal data to parties who are not authorized for this purpose.

For the purposes mentioned in this Privacy Policy your personal data may be disclosed to the following parties.

Sharing your personal data with Nordic Netcare employees

When you share any information concerning your health (special category personal data) please note that all health professionals within Nordic Netcare are also compliant with the general healthcare rules of confidentiality.

Please be aware that the internet is generally not regarded as a safe environment and make sure you do not send us any sensitive information by email. If in doubt please contact us to find out how best to share your data with us.

Data sharing with third parties (shared Data Controllers)

We might share your personal data with the party paying for your use of our service if you have consented to this.

If we need to share sensitive information (health related information) with any of our healthcare service providers we will explicitly ask you for your consent. You can always withdraw this consent but it can affect our services. If you withdraw a consent this will only affect future processing.

Data sharing with Data Processors

We are the owners of the Nordic Netcare it-solution; TOUCH (including the Progressive Web Apps) but this platform is developed with an external partner (Area9) who supply the development resources. Consequently, it is agreed that in relation to data processing Area9 shall act solely on Nordic Netcare’s instructions. Area9 meets the highest standards on any level of data security requirements and they conduct all relevant and necessary security audits and penetration tests.

Data sharing with public authorities

If we are requested by law enforcement agencies or other public authorities to share your personal data we will meet this requirement only in compliance with applicable legal obligations and we will share the data without your explicit consent.

Data sharing with other countries

Nordic Netcare will not transfer any of your personal data outside the European Economic Area.

Security measures

We have implemented all reasonable technical and organizational security measures to protect all personal data obtained by Nordic Netcare against unauthorized access, misuse, loss or destruction.

Both with regards to processes and technical solutions we meet the required international standards to ensure the protection of your privacy.

Retaining period

We will not retain your personal data for any longer than is necessary and we will hold it only for the purposes for which it was obtained.

We do however have obligations with regards to our customers that might require us to save your personal information for up to 10 years in compliance with applicable privacy laws.

We strive to delete (or anonymize/pseudonymize) all personal data, when they are no longer of any relevans.

Your rights

Regarding your personal data you have several rights:

The request for exercise of rights is free of charge if the request is compliant with our obligations in regards to other applicable laws, if it is not unreasonable and excessively repetitive and/or if it does not require disproportionate technical intervention.

You also have the right to complain to the relevant national authorities if you consider our processing not to be compliant with the applicable privacy laws.

Cookies

We use tracking technology to help us manage and improve the usability of our website.

For example we use cookies to save the information of your selected language but only during your visit. Besides, we use cookies from Google Apps to track the visit.

We do not use cookies for direct marketing.

Changes

This privacy policy may be updated from time to time so please do check it on a regular basis. We will never limit any of your rights with regards to this privacy policy without your explicit consent or without making you aware of limiting changes.

We regularly review this privacy policy and we will make sure the most recent updated version is published.

This version was published on April 21, 2022.