Schedule a meeting
Acture

Privacy Policy

Health Group Privacy Policy

This Privacy Policy describes how Health Group collects, uses, stores, and protects your personal information in accordance with applicable laws and regulations, including the General Data Protection Regulation (GDPR).

We encourage you to read this policy carefully so that you understand how we process your personal information and what rights you have in this regard. We want to be open and transparent about our practices so that you feel confident when interacting with us.

Types of information

Health Group is committed to ensuring that your personal information is handled responsibly. We collect only the information necessary to provide our services to you, and we use this information solely for the purpose for which it was collected. Your personal information will either be provided by you or submitted by your employer when you begin a program.

Depending on whether you are a customer or a website visitor, Health Group processes various types of information about you. This information is always collected with your consent and typically includes:

As a website visitor

  • A unique ID and technical information about your computer, tablet, or mobile phone,
  • Geographical area
  • Which pages you click on (interests)

When you use Health Group's online contact form

Health Group uses Weply to manage our online chat service. Weply’s privacy policy can be accessed via the contact form.

  • Company and number of employees
  • Personal information: Email address and phone number, and possibly an address

As a contact person for a business partner

  • Personal information: Name, email, phone number

As a user of health screenings, health checkups, and medical examinations

  • Personal information: Full name, email address, gender, date of birth, and, if applicable, department and phone number.
  • Sensitive personal data: Height, age, weight, cholesterol levels, long-term blood sugar levels, waist circumference, triglycerides, fitness level, and, if applicable, hearing and vision test results, as well as information on physical and mental health provided during the screening.

When purchasing healthcare emergency response services

  • Personal information: Full name, email address, gender, date of birth, and, if applicable, department and phone number
  • Sensitive personal data: Information regarding physical and mental health obtained through screening and, where applicable, previous physical health examinations

As a user of Company Fitness and online training (exclusively through self-paid membership or booking of group classes)

  • Personal information: Full name, email address, and phone number (if applicable)

At the APV

  • General personal information: Contact information for sending the questionnaire, typically an email address
  • Survey responses are subsequently anonymized (contact information is replaced with a unique identifier)
  • If a user chooses to include identifiable information in their responses, personal data may still be present in the data

As a user of combination therapy, psychomotor therapy, and corporate massage

  • Personal information: Full name, email address, and phone number (if applicable)
  • Sensitive personal data: Various types of health information, depending on what is disclosed during the consultation(s)

Recipients of information and disclosure of information

Health Group uses external vendors to a limited extent to process personal data on our behalf. In such cases, we enter into data processing agreements with the vendors to ensure that the information is processed in accordance with applicable data protection laws. 

In some cases, Health Group may share information with your employer, including your name, email address, and registration for a specific activity. This may be necessary for billing purposes. With the exception of the above, your personal data will not be shared with your employer, insurance companies, government agencies, or any other third parties without your express consent. 

Transfers to third countries, including international organizations

Health Group does not transfer personal data to third countries.

How long do we keep your information?

Health Group generally retains personal data for as long as there is an active relationship between Health Group and you, where it is in your interest for Health Group to process the information. Information is deleted or anonymized when this relationship ends. Deletion occurs only to the extent that Health Group has no legal basis or other legitimate reason to retain the information for a longer period (e.g., different rules apply to medical record-keeping).

Health Group also has a number of specific deletion procedures associated with our health platform, DigiHealth, which are described here:

  • Users always have the option to delete data or reports themselves, unless the law requires that the information be retained.
  • Users always have the option to delete their entire profile themselves, unless the law requires that the information be retained.
  • After 60 months of inactivity, a user’s data will be deleted unless the law requires that the information be retained. The user will be notified one month in advance.
  • If the company’s agreement with Health Group is terminated, the user’s data will be deleted, unless the law requires that the information be retained.

Purpose

Health Group processes your personal data for the following purposes:

  • Processing your inquiry if you send us an email or contact us through our website.
  • Processing of your visit to the Health Group website. See the Health Group’s cookie policy: Link: Cookie and Privacy Policy (GDPR).
  • Managing Health Group partnerships, if you are the contact person for a partner.
  • To manage the relationship between you and Health Group if you use our services.

The legal basis for Health Group’s processing of your personal data is as follows:

Website visits and inquiries:General information is processed pursuant to GDPR Article 6(1)(f) (balancing of interests). Health Group assesses that our legitimate interest in processing this information does not override your rights and interests. If Health Group uses cookies on the website other than those that are technically necessary, we will obtain your consent in accordance with the Cookie Policy.

Services and business relationships:General information is processed pursuant to Article 6(1)(b) of the GDPR (performance of a contract).

Sensitive and confidential information:Some of Health Group’s services involve the processing of sensitive personal data, including health information.

The legal basis depends on the specific service and our role, and will be provided in connection with the specific activity, such as when you log in to the DigiHealth platform:

Treatment by licensed healthcare professionals(e.g., combined treatment provided by Health Group’s own healthcare professionals): The information is processed in accordance with the provisions of the Danish Health Act and the Executive Order on Patient Records of Licensed Healthcare Professionals, pursuant to GDPR Article 6(1)(c) and Article 9(2)(h).

Health checkups, health screenings, and workplace health assessments: We obtain consent in accordance with GDPR Article 6(1)(a) and Article 9(2)(a). You will be asked for your consent before the processing begins.

In certain cases, Health Group acts as a data processor, for example, on behalf of your employer. You can read more about our various roles here:https://healthgroup.dk/gdpr-roller-for-health-groups-ydelser/

The role of Health Groups:

 Under the GDPR, it is important to identify and clarify the roles of data controller, data processor, or joint controller, particularly when it comes to the processing of personal data. You can read more about Health Group’s role in relation to the individual services we provide via thislink.

Your rights

In accordance with applicable law, all registered individuals are guaranteed the following rights:

1. The right to receive information about the processing of one’s personal data (duty to provide information):
As a general rule, you have the right to know who the data controller is, what the purpose of the processing is, and who receives or processes the data.
This Privacy Policy generally contains all of this information

2. The right to access your personal data (right of access):
You may request information about what data Health Group processes, as well as a printout or copy of the collected data

3. The right to have inaccurate personal data corrected (the right to rectification):
If you believe that the information Health Group has about you is incorrect, inaccurate, or incomplete, you may request that the information be corrected

4. The right to have your personal data erased (the right to be forgotten):
If you believe that the information Health Group holds about you is no longer necessary for the purpose for which it was originally collected, you may request that the information be erased. Please note, however, that we have a duty and a right to retain certain personal data in order to comply with legal requirements.

5. The right to data portability:
As a general rule, you have the right to receive information about yourself in a structured, commonly used, and machine-readable format, and you have the right to transmit this information to another company

6. Right toobject:
You have the right to object to the use of your personal data for purposes such as direct marketing and profiling. However, we do not use profiling, and any marketing will always be based on your explicit consent.

Contact regarding the exercise of rights

As a customer or business partner, you may contact Health Group at any time by emailing info@healthgroup.dk if you have questions about how Health Group processes data, or if you wish to exercise your rights regarding the processing of your personal data and/or withdraw your consent.

If you contact Health Group regarding any of the above matters (access, correction, deletion, etc.), Health Group guarantees that you will receive a response to your inquiry within one month of receipt. For example, if you request that your information be corrected or deleted, we will typically review whether all conditions are met, including whether there is a legal basis for continued processing of the data. If we determine that the objection is justified, Health Group will ensure that the request is accommodated.

Complaint Procedure

Complaints regarding Health Group’s processing of personal data, objections, and questions about our privacy policy should be directed to Health Group at: info@healthgroup.dk

You can file a complaint regarding Health Group’s processing of your data by contacting the Danish Data Protection Agency. The Danish Data Protection Agency’s contact information is available at www.datatilsynet.dk.

In the event of a data breach, Health Group is required to notify the Danish Data Protection Agency as soon as possible, and no later than 72 hours after the breach occurs.

We encourage you to contact us if you have any questions or concerns regarding our processing of your personal information. You can find our contact information at the bottom of this policy.

Safety

Health Group ensures that personal data is stored securely. Health Group’s security measures are divided into organizational and technical measures. The organizational security measures mean that only Health Group’s trusted staff with a legitimate purpose have access to your personal data. Health Group’s staff receive ongoing guidance and training on data security, including how to process and protect the information. Health Group also maintains a record of its data processing activities, which are subject to oversight by the Danish Data Protection Agency.

The technical security measures relate to Health Group’s use of IT systems for data recording and management. Health Group’s data is stored securely and responsibly in a Danish data center that meets the necessary security standards in accordance with applicable regulations.

Health Group’s internal IT systems (computers, etc.) are protected by passwords, up-to-date antivirus software and a firewall, two-factor authentication (2FA), and physical equipment is kept under lock and key. When IT equipment is disposed of or repaired, it is disposed of in a responsible manner to ensure that your personal data cannot fall into the hands of unauthorized persons.

Our D-mark certification and ISO 9001:2015 certification ensure that our internal processes and procedures are audited annually and that your data is always secure with us. 

Please contact us for more information about our security measures.

Thank you for choosing Health Group as your partner. We look forward to serving you with care and respect for your privacy.

Contact information for the Data/IT Manager at Health Group:

Asta Rude Riis
asr@healthgroup.dk
61404842

Our DPO

Tor Valstrøm
Data Protection Officer
Tor Valstrøm also serves as an outsourced DPO for the Danish Society of Engineers (IDA), the Danish Consumer Association, Popermo Insurance, Mølholm Private Hospital, Loyal Solutions, the Danish Heart Association, and Ortos. He is also a co-founder of the Danish DPO Association, where he serves on the board of directors.

Since 2007, Tor has worked both domestically and internationally on cybersecurity and compliance projects for clients including Shell, Maersk, as well as military and government institutions.

Today, Tor works both strategically with information security at the executive and board levels, as well as practically with implementation and operations in collaboration with staff in legal departments, governance, risk, and compliance, and IT departments.

Certifications: CIPM, CIPP/E, CISSP, ISO 27001 Lead Implementer, Microsoft MCSE, and others.

If you have any questions, you are always welcome to contact our DPO:
Email
DPO@healthgroup.dk
© 2026 Acture - All rights reserved.
ISO 9001