Handling of personal data

We understand that privacy is important to users of and visitors to Capio websites. The following information is designed to help our users understand what information we collect and how we handle and use that information.

How we handle your personal information

On this page you will find information about how we handle personal data.

In our Online Privacy Policy you will find information on how we process personal data about visitors to our websites.

In our Privacy Policy you will find information about how we process personal data about our patients and any relatives of patients.

In Consent Information you will find the information we provide when filling out our consent form before or on your first visit with us.

Contact your department

Online Privacy Policy

Updated: May 2024
Last revision: May 2024

We recognize that privacy is important to visitors to the Capio Privathospital websites. The following information is therefore designed to help our users and visitors understand what information we collect and how we handle and use the information we collect.

Data Protection Officer

Capio A/S
Hans Bekkevolds Allé 2B
2900 Hellerup

Information gathering and use

When visiting our websites, we may collect technical information from the user. We only process personal data to the extent necessary to provide functioning websites, manage access to the content and optimize the services on the websites.

When Capio's websites are visited, standardized log information is automatically collected from the user's computer, e.g. information about the browser and version used, internet provider, IP address and date and time of the visit etc.

This information allows us to maintain, further develop and improve our websites. This data will not be used to identify the visitor, nor will it be linked to personally identifiable information from other sources to identify the website visitor.

Data stored in log files is regularly deleted. Storage is possible for up to 14 months, after which all collected data is deleted.

Cookies

Our websites use cookies. Cookies are text files that are stored in the user's browser during the visit to the websites. Among other things, cookies enable the browser to be uniquely identified when the websites are visited again.

We use cookies to make our websites more user-friendly. In addition, we use cookies that enable an analysis of how the websites are used, such as page view frequency and search terms used, to improve the quality of our websites and website content.

Cookies are sometimes used to collect information that is considered personal data, such as IP address and information linked to the IP address, but no personal data that can be directly attributed to the user.

Cookies are either deleted automatically when the user closes the browser, so-called temporary cookies, or stored on the user's computer to facilitate future visits to the website, so-called permanent cookies. Even permanent cookies are deleted after a certain time.

By changing the settings in the browser, the user can disable or limit the transfer of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If the use of cookies is rejected or disabled in the browser, it is possible that certain functions on our websites will not work optimally.

On our websites, the visitor is informed about the use of cookies and is offered to opt out of some of these. The information also explains how the storage of cookies can be prevented in the browser settings.

Contact forms and email contact

When a user contacts us with a question via the contact form on our websites, the user must provide us with personal information in the form of contact details. We use this information to answer/handle the questions and inquiries received and to handle further correspondence.

Similarly, the user can contact us with general questions via e-mail. In that case, personal data provided by the user via e-mail will be processed. Personal data is used exclusively to process such correspondence. Personal data is deleted as soon as it is no longer necessary for the purpose of processing.

Analysis tool

We use PiwikPro to analyze user activity on our websites. PiwikPro is a web analytics tool. It uses methods that can collect the user's preferences when they visit our websites. The information generated (including IP address) will by default be anonymized to exclude a personal reference. The information generated by these cookies is usually transferred to and stored by PiwikPro on servers in Germany. All visitors have the option to disable cookies in their browser settings.

PiwikPro uses this information to evaluate the use of the websites, compile reports on user activity on our websites and provide us with other insights into the use of our websites. We only use this information for statistical purposes.

Third-party services

We may work with third parties to provide the services described in this policy. In such cases, we will disclose the personal information necessary for the third parties to provide the services.

External links

Our websites may contain links to other organizations' platforms. We are not responsible for the privacy policies and handling of personal data on other organizations' platforms.

Your rights

You have the right to ask us what personal data we hold about you.

If the personal data we hold is outdated or incorrect, you have the right to request an update and correction of data.

You also have the right to request deletion of personal data that we have stored about you, provided that we are not subject to a legal obligation to retain data or have a legitimate interest that outweighs the retention of such data.

If the processing of personal data is carried out with consent, you have the right to contact the data controller at any time to withdraw your consent.

Any request for access, correction and deletion as well as withdrawal of consent must be made in writing to the data controller.

Modification of our Online Privacy Policy

We may update this policy from time to time. We recommend that users visit our Online Privacy Policy from time to time to find up-to-date information on how we handle our visitors' data.

Contact us about our Online Privacy Policy

In case of questions or complaints regarding the processing and/or protection of personal data or the rights of the user, we would like to receive written comments sent to the data controller. We respond to all complaints in writing.

You have the right to file a complaint with the Danish Data Protection Agency if you are still not satisfied with the way we process your personal data.

Information about our processing of personal data and your rights

We value your privacy and take the protection of your personal information seriously. It is therefore important to us that you understand how we collect and process personal information about you.

This Privacy Notice applies to the processing of the personal information we collect when providing healthcare services to you. The Privacy Notice explains what personal information we collect about you, why and how we collect and process it, and how we share it with others. The Privacy Notice also explains the rights you have in relation to your personal information and how you can exercise those rights.

Responsible for personal data

Capio A/S, who provides healthcare services to you, is legally responsible for ensuring that your personal data is processed in accordance with our Key Privacy Principles, this Privacy Notice and applicable law.

Responsible: Capio A/S, Hans Bekkevolds Allé 2B, 2900 Hellerup, Denmark

Data Protection Officer (DPO): Mads Flensted Hauge: dataprotectionofficer@capio.dk

How we collect personal information about you

Capio has different ways of collecting the personal information covered by this Privacy Notice. Most often, we obtain the information when we provide healthcare services to you, or it is information you have given us during the course of your treatment with us. From time to time, we may also receive information from other parties on your behalf. Generally, we will only do this to provide you with the best possible healthcare and only when you have explicitly authorized us to do so.

Purpose of personal data processing

Every time you seek treatment with us, we register personal data about you in our medical record register. We do this to ensure that you as a patient receive the best and safest treatment possible. We also use your personal data to process invoices and collect payment for our healthcare services.

We process your personal data:

  • to keep patient records and other documentation necessary for the care and treatment of patients
  • for administration that relates to you in connection with providing you with treatment and care
  • to offer you online consultations and contact via services such as Doctor Connect and Platform24
  • to establish other documentation required by law, regulation or other constitution
  • communicate with you about the healthcare services we provide to you
  • to continuously develop and ensure the quality of treatment and care
  • for planning, monitoring, evaluating and supervising the business
  • to compile statistics on treatment and care
  • perform credit checks to assess your application for a healthcare contract

The basis for personal data processing

The processing of your personal data to fulfill the above purposes is legally stipulated in the Danish Personal Data Act, the Danish Health Act and the Danish Journal Entry Order.

Some personal data processing requires your consent. For example, we need your consent to send you emails, text messages or contact you via e-Boks (we use these channels to send you invitations and reminders for hospital consultations). When you are invited for your first visit to the hospital, we will ask you to fill out a consent form for the personal data processing covered.

If you have given consent to a personal data processing - e.g. that we may send you emails - you always have the right to withdraw your consent, after which the personal data processing must cease.

Categories of personal data

Capio collects various information about you. This information varies depending on the healthcare services we provide to you and may include

  • Social security number, insurance policy number
  • Your name
  • Address, phone numbers and other personal contact information
  • Gender, date of birth, marital status
  • Health information and information about sex life and sexual orientation
  • Bank details

In some cases, we process personal data about relatives that you or your relatives have provided, such as name and contact details.

We only collect personal data about you that is deemed necessary to fulfill the purpose of the personal data processing.

Privacy and security provisions applicable to data and data processing

We may only disclose information about you if neither you nor a relative of yours is harmed by the disclosure. The starting point is that disclosure of your data must be made with your consent. In certain situations, however, we are required by law to disclose information to authorities.

Health records are subject to confidentiality and professional secrecy. Unauthorized persons are prevented from accessing your personal information through security measures such as limiting access permissions to patient data.

From time to time we will share your data with third parties, but we ensure your privacy in the process. Usually this happens when third parties help us provide healthcare services to you, but we may also share data if we have your permission to do so or if we are legally required to do so.

Record keeping and access to medical record data

As a patient at Capio, you will have a patient record of your treatment with us. It is a legal requirement to keep a record of your treatment, cf. the Danish Executive Order on Record Keeping. This record can only be accessed by Capio staff, unless you consent to your own doctor or other hospitals having access to the record, if relevant. Records are only disclosed to other healthcare professionals with your informed consent.

You can give your consent to this in the consent form you must fill out when you visit the hospital for the first time. Here you can also give your consent for the doctor at Capio to access your previous medical records, which can be useful to get an overview of your medical history in relation to the ongoing treatment.

Storage and data minimization

We will not keep your information longer than we need it, unless required by law.

It is required by law that patient records must be kept for at least 10 years from the last entry in the record (Journalføringsbekendtgørelsen).

It is stipulated by law that accounting material must be kept for 5 years from the end of the financial year to which the material relates (Bookkeeping Act).

How we protect your personal information

Capio works hard to protect and secure your personal information. We have policies and processes in place internally that are designed to protect your privacy. Our specialists are dedicated to their work and your privacy drives our privacy program.

We have implemented appropriate technical and organizational security measures to protect your personal information from unauthorized access, collection, use, disclosure, modification or disposal. We continuously review our privacy practices throughout the Capio Group and conduct training for individuals involved in privacy-related activities.

When we use service providers or other data processors to process personal data on our behalf, we require them to follow our instructions and apply appropriate security measures to protect the personal data they process on our behalf.

National quality registers

To follow up and improve treatment, we report to national quality registers. In relation to reporting to national quality registers, the Executive Order on reporting to approved clinical quality databases and disclosure of data to the Danish Health Data Authority and the Executive Order on approval of nationwide and regional clinical quality databases apply.

Disclosure of personal data

In case of non-payment of the amount due for examination or treatment at Capio, Capio may, based on legitimate interests (see the Danish Data Protection Agency), disclose information about the outstanding amount, name and contact information to a debt collection company for the purpose of collecting the outstanding payment.

Your rights

You have certain rights in relation to the personal data we hold about you. You always have the right to know exactly what data we hold on your behalf and to ask us to correct or delete data that is inaccurate if permitted by national laws and regulations. We have processes in place to enable you to exercise your rights and ensure that we can fulfill your requests regarding the personal information we hold about you.

Access to read your medical records
As a patient, you have the right to read your own medical records and get a copy of your medical records. Your medical record from Capio is not posted on sundhed.dk, but you can request a copy of your medical record by contacting us. Before we can fulfill your request, we may ask you to identify yourself and provide us with additional information about your request. We will respond to your request within an appropriate timeframe and in any event within the timeframe required by applicable law.

Your request must include the following:

  • Your name
  • Personal number
  • Phone number
  • How you want to receive the copies (as a pdf sent via our online patient communication portal or by picking up the copy at the hospital)
  • Which department you visited
  • What year and preferably the specific date of your visit

Correction of inaccurate personal data
We will do our best to ensure that the personal information we hold about you is correct, complete and accurate. However, it is your responsibility to ensure that you provide us with correct, accurate and complete information and that you keep your contact details up to date.

You have the right to request correction of erroneous information, including information in your medical record, by contacting the healthcare facility in question. If no agreement can be reached on the wording in your medical record, you have the right to have your wording/opinion recorded in the medical record.

It is important that our contact information for you is correct. If you change your address, phone number or email address during your treatment, please let us know.

Complaints

If you believe that your rights have been violated when we process data relating to you, please contact us and we will respond to you in a timely manner.

If you have a complaint about how your personal data is processed and/or protected or about your rights, please send your written comments to us either by email to info@capio.dk or by letter to your processing site. We respond to all complaints in writing and register complaints in our system.

You can also contact the Danish Data Protection Agency if you believe that your personal data has been handled incorrectly by us.

Version: 5 - Revised: January 2022

The staff at Capio is bound by confidentiality when it comes to information about your health and other personal information that the staff becomes aware of during your treatment. As a general rule, no information may be shared without your consent. This applies, for example, to information to your general practitioner, to relatives and to other authorities.

Staff who are directly involved in the current course of treatment can exchange information about it without consent.

Capio never discloses information to a greater extent than required for the specific purpose. Therefore, the staff always assesses the relevance of the information disclosed. You always have the right to fully or partially object to the disclosure of data.

In addition, there are specific situations where healthcare professionals can disclose health information without your consent or have a direct obligation to do so (see below*).

You can always withdraw your consent, in whole or in part, if the disclosure has not taken place. Withdrawal does not affect the legality of the processing carried out prior to the withdrawal of consent.

Consent to share information for purposes other than current processing is valid for one year. As a general rule, you can give consent to share information from the age of 15.

Rules on the disclosure of health information and processing of personal data can be found in the Danish Health Act (2019) and the EU General Data Protection Regulation (GDPR) (2018).

*Excerpt from the Danish Health Act, chapter 9, published 26.08.19:

Disclosure of health information etc. in connection with and after treatment of patients

§ 41. With the patient's consent, healthcare professionals may disclose information to other healthcare professionals about the patient's health conditions and other confidential information in connection with the treatment of the patient or the treatment of other patients.

Paragraph 2. Disclosure of the information referred to in subsection (1) may be made without the patient's consent when

[...]

4) the disclosure is necessary for the legitimate pursuit of an obvious public interest or for the important interests of the patient, including a patient who is unable to safeguard his or her own interests, the healthcare professional or others,

5) the disclosure is made to the patient's general practitioner by a doctor acting as a substitute for the patient's general practitioner,

[...]

Paragraph 4. The healthcare professional in possession of confidential information shall decide whether disclosure under subsection (2) is justified.

(5). If information is disclosed pursuant to subsection (2)(4), the person to whom the information relates shall be informed as soon as possible thereafter of the disclosure and the purpose thereof, unless such information may be omitted pursuant to other legislation or for reasons of public or private interests corresponding to those protected by this legislation.

[...]

Paragraph 8. The Minister of Health shall lay down further rules on the disclosure of health information, etc. under this provision, including the scope of the disclosure and the implementation thereof.

Online dialog with medical secretary

Login with MitID so you can safely and securely get your questions answered online.

Prices & payment

See our prices and read more about your payment options.

Contact us today

Our skilled medical secretaries are ready to help you.