In this privacy policy, we describe how BetterCare ApS, CVR 43408941, Feldborgvej 10, 2770, Kastrup, Denmark (hereinafter "we", "our" or "us") process, use, and disclose your personal data.

Data Processing

In connection with our consultation, examination, diagnosis, and treatment of you as a patient, we collect and process a range of personal data about you as the data controller. We are obliged to do this according to the Danish Authorization Act Chapter 6 and the Record Keeping Order.

Types of Data

We collect and process the following types of personal data about you (to the extent relevant to you):

General Categories of Personal Data:

• Name, address, email address, phone number, personal identification number, gender, family relationships, social relationships, work relationships, and education.

Special Categories of Personal Data ("sensitive personal data"):

• Health information (e.g., medical records, test results, X-ray images, scans), sexual orientation, race or ethnic origin, and religious beliefs.

Purpose

We process your personal data for the following purposes:

• Our examination, diagnosis, and treatment of you.

• Preparation of medical certificates.

• Preparation of reports for use by authorities, insurance companies, etc.

• Communication with or referral to other healthcare professionals, doctors, hospitals, or hospital laboratories, including receiving and transmitting necessary patient information between healthcare professionals, e.g., booked appointments, diagnoses, and treatment plans.

• Conducting video consultations.

• Possible use of image material for diagnosis.

• Medication prescriptions, including issuing prescriptions.

• Reporting to clinical quality databases.

• Requisition of laboratory tests to hospital laboratories.

• Billing purposes.

• Comply with our obligations under applicable law, including the EU General Data Protection Regulation, the Data Protection Act, and other relevant healthcare legislation, e.g., 

  • Documentation obligations.

  • Compliance with basic principles for processing personal data and legal basis for processing.

  • Implementation and maintenance of technical and organizational security measures, including but not limited to preventing unauthorized access to systems and information, preventing the receipt or distribution of malicious code, stopping denial-of-service attacks, and damage to computer systems and electronic communication systems.

  • Investigation of suspicions or knowledge of security breaches and reporting to individuals and authorities.

  • Handling inquiries and complaints from registered individuals and others.

  • Handling inspections and inquiries from supervisory authorities.

  • Handling disputes with registered individuals and third parties.

Voluntariness

When we collect personal data directly from you, you provide the personal data voluntarily. You are not obliged to provide these personal data to us. The consequence of not providing us with the personal data will be that we cannot fulfill the purposes mentioned above, including that we may not be able to examine, diagnose, or treat you.

Sources

In some cases, we collect personal data about you from other healthcare professionals, e.g., hospitals or by checking electronic medical record systems. We process the received data in accordance with this privacy policy.

Disclosure of Personal Data

To the extent necessary for your specific examination, diagnosis, or treatment, your personal data will be disclosed and shared with the recipients mentioned below:

• Disclosure of data to other healthcare professionals.

• Disclosure of data to RKKP (clinical quality databases), the Danish Patient Safety Authority, the Danish Health Data Authority (medications, vaccinations, adverse events, and deaths), the police and courts, social authorities, the Labor Market Insurance in so far as there is an obligation to do so under applicable law.

• When referring patients, data is disclosed to the healthcare professionals to whom the referral is sent.

• When reporting laboratory tests, samples are sent to laboratories.

• When reporting data in connection with billing for patient treatment, data is sent to the regional billing offices.

• When issuing prescriptions, data is sent to the relevant country's pharmacies and if applicable, the Danish Medicines Agency via FMK ('Shared Medication Record')

• In other cases, data is disclosed to relatives or insurance companies.

Legal Basis for Processing and Disclosure of Personal Data

The legal basis for collecting, processing, and disclosing your personal data is:

• For general patient treatment, general personal data is collected, processed, and disclosed under Article 6(1)(c) and (d) of the General Data Protection Regulation, while sensitive personal data is collected, processed, and disclosed under Article 9(2)(c) and (h) of the General Data Protection Regulation.

• Furthermore, we are obliged to process a range of personal data about you in the context of general patient treatment under Chapter 6 of the Danish Authorization Act, the Order on Healthcare Professional Records (Record Keeping Order), especially §§ 5-10, and Chapter 9 of the Danish Health Act.

• In cases where we are not obliged to process your personal data under Chapter 9 of the Danish Health Act, your personal data is collected and disclosed solely to other healthcare professionals with your prior consent under the rules in §§ 42a – 42e of the Danish Health Act.

• Data for billing for patient treatment is forwarded to Stripe.

• Medication prescriptions and vaccinations are sent via the IT service FMK under the rules in § 157 of the Danish Health Act and the Order on Prescriptions and Dose Dispensing of Medicines, especially Chapter 3.

• Your personal data is disclosed to insurance companies only with your prior consent, under Article 6(1)(a) and 9(2)(a) of the General Data Protection Regulation.

• Your personal data is disclosed to your relatives only with your prior consent under § 43 of the Danish Health Act.

• In the case of deceased patients, certain personal data can be disclosed to the deceased's closest relatives under § 45 of the Danish Health Act.

• Withdrawal of consent: If the processing of your personal data is based on consent, you have the right to withdraw your consent. If you withdraw your consent, it does not affect the processing carried out before the withdrawal, including disclosure based on consent.

Disclosure of Personal Data for International Customers

When issuing prescriptions for international customers, personal data necessary for the prescription (e.g., name, date of birth, medication, dosage) is disclosed to the selected pharmacy in the customer’s country. In the absence of a centralized system like FMK, data is transmitted directly to the pharmacy through secure communication channels.

The legal basis for processing and disclosing this data is:

• Article 6(1)(c) and (d) of the General Data Protection Regulation for general personal data.

• Article 9(2)(c) and (h) of the General Data Protection Regulation for sensitive personal data.

The processing complies with GDPR and any relevant national laws applicable to the pharmacy in the relevant country.

Recipients of Personal Data, Including Data Processors

Your personal data is processed and stored with the following recipients, including our data processors, who store them on our behalf and following our instructions. Our current data processors are:

• Google Drive, Google Email, etc.: Used for communication and storage of documents related to patient treatment and administrative purposes.

• GetHealthie's platform: Used for storing patient records, scheduling appointments, and communicating with patients.

• Stripe: Used for payment processing.

• Zoom (via GetHealthie’s encrypted platform): Used for conducting telemedicine consultations.

• Loom: Used for recording videos for educational purposes.

• HeadsUpHealth: Used for aggregating and analyzing patient health data, such as biomarkers, wearable device data, and other metrics, to provide personalized health insights and track progress over time.

• Calendly: Used for initial meeting bookings.

  
  

Retention Period

We retain personal data about you as long as we need to fulfill the purposes mentioned above. However, we are obliged under § 15 of the Record Keeping Order to retain patient records for a minimum of 10 years after the last entry in the patient record. There may be cases where we are required to retain your personal data for longer, e.g., in connection with a complaint or compensation case, where the data will be retained until the case is finally closed.

Your Rights

Under data protection law, you have certain rights that we are obliged to inform you about, including the right to access personal data and, in certain cases, the right to correct inaccurate data, the right to have data deleted, the right to restrict data processing, the right to data portability, and the right to object to the processing of personal data.

However, we must inform you that your rights are limited by the legislation applicable to practicing doctors, including, for example, the Record Keeping Order, which in § 14 states that deletions are not allowed in patient records, but only corrections/additions.

You have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with how we process your personal data. You can find the contact information for the Danish Data Protection Agency at www.datatilsynet.dk.

Contact

If you have questions regarding the processing of your personal data or the exercise of your rights, please contact us at the following contact details:

Clinic Contact Information:

• BetterCare ApS under the brand name OptimizedMD

• CVR 43408941

• Feldborgvej 10, 2770, Kastrup

• Phone: +45 27 44 71 63

• Email: doctorkassem@optimizedmd.eu

Date: 16/11/2024