PRIVACY POLICY

Data Controller

We provide services to businesses, private entrepreneurs, and individuals and are, as a rule, the data controller for the personal data we receive from customers, partners, counterparties, authorities, etc.

​

Collection of Personal Data

We typically receive information about individuals from our customers, partners, counterparties, authorities, other advisors, etc., as a basis for our services.

​

Types of Personal Data

We collect, among other things, the following personal data:

• Name, address, phone number, email address, date of birth, and other general personal data

• Bank details

• Any information about family relationships and relationships with other closely related individuals

• Information about financial matters

​

Information about contact persons at our business clients is treated as personal data.

In some cases, we process so-called sensitive personal data, such as information about religious affiliation, criminal records, and health conditions.

​

Purpose of Data Collection

We collect personal data solely as part of delivering our services, which are relevant (or required) for the services we provide to our customers.

​

Legal Basis for Processing

As a rule, the agreement we enter into with customers for the provision of services forms the basis for our collection and processing of personal data. In certain cases, the collection and processing of personal data will be based on legislation and administrative regulations.

​

Disclosure of Personal Data

We disclose personal data to third parties if it is relevant and reasonably justified in relation to the task we have undertaken to complete.

​

Transfer to Third Countries Outside the EU/EEA

In special cases, there may be a need to transfer personal data to countries outside the EU/EEA (third countries).

If we exceptionally need to transfer data to third countries, we follow the Danish Data Protection Agency’s guidelines on transferring personal data to third countries.

​

Rights of Data Subjects

Under the General Data Protection Regulation (GDPR), individuals whose data we process have several rights, including:

1. The right to access the personal data being processed about them

2. The right to have such personal data corrected and updated

3. The right to request the deletion of such personal data, provided that we are not legally required or otherwise justified in retaining the information

4. The right to withdraw consent regarding the processing of sensitive personal data, if previously given

​

The above rights may be limited due to legal obligations requiring us to process and store certain personal data. Access to personal data may also be restricted to protect the privacy, confidentiality, or similar concerns of others.

​

At any time, it is possible to request a copy of the stored personal data, an update of registered personal data, an objection to the processing of personal data, or a request for the deletion of personal data. However, as mentioned above, the ability to provide such materials may be limited.

 

The request must be in writing and include the name, address, phone number, and email address of the individual. The request must also be signed by the person to whom the personal data relates. Requests can be sent by mail or email. Our contact details can be found on our website at www.apexhealth.dk.

​

If the objection is justified, we will stop processing and delete the relevant data unless we are legally required to retain it or based on the nature of the services the data relates to.

Complaints regarding our processing of personal data can be submitted to the Danish Data Protection Agency.

​

Data Security

To protect your personal data from unauthorized access, we use IT solutions that automatically ensure that all data is only accessible to relevant persons.

Additionally, we have internal procedures and policies regarding information security. These procedures and policies include instructions and actions that protect your data from being destroyed, lost, altered, disclosed, or accessed or shared without authorization.