Personal data policy
Personal data policy for Vicorda
This describes how Vicorda collects, processes, and stores personal information about you who either visits Vicorda's website, contacts Vicorda or are a customer through Vicorda's Health Screening and the associated services. Vicorda is the data controller for this processing - in some cases, however, the data processor (regarding Health screening).
Regardless of Vicorda's role, Vicorda's clear goal is to create transparency regarding Vicorda's personal data processing and to protect your personal data in accordance with data protection law.
Vicorda's contact information is:
Tlf. +45 3055 4435
Types of information
Depending on whether you are a customer or a website visitor, Vicorda processes several pieces of information about you.
This information is always collected with your participation and is typically:
As a website visitor
A unique ID and technical information about your computer, tablet, or mobile phone,
Which pages you click on (interests)
When using Vicorda's online contact form
Name, company, and number of employees
Email and phone number
The content of your inquiry (free text)
As a contact person at a partner
As a customer through Health Screening
Full name and e-mail address, alternatively telephone number
Other form of personally identifiable ID, e.g., a number
Height, gender, age, weight, working conditions, well-being and self-rated health, lifestyle, mental health, pain and disease picture
Survey history and indication of risk group
How long do we keep your information?
Vicorda generally stores personal data if there is an active relationship between Vicorda and you, where it is in your interest for Vicorda to process the information. Information is deleted when this relationship ends. Deletion will only take place to the extent that Vicorda has no legal authority or other objective reason to store the information for longer than this.
Vicorda also has several specific deletion procedures associated with the Health Screening as well as other services in the solution as described here:
User always has the option to delete data / reports
The user can delete his entire profile at anytime
User where company has no function of history, data will be deleted after 30 days
Inactive user will have data deleted after 18 months of inactivity. User is notified 1 month before.
If the company's agreement expires, the user's data will be deleted
Disclosure of information
Vicorda only uses sub-data processors in Denmark in connection with hosting IT systems and data. These processors have information solely on behalf of Vicorda and may not use the data for their own purposes. No sub-data processor has access to personally identifiable data.
Vicorda only uses data processors in Denmark. Your information is hereby protected in accordance with Danish law. Vicorda has entered into data processor agreements with Vicorda's permanent IT suppliers. These agreements ensure that the data passed on to the specific systems (e.g., mail and file system, website host, customer administration system, health screening, etc.) is processed in a secure manner, as these suppliers thereby guarantee compliance with GDPR legislation.
Legal basis and purpose
Vicorda processes your personal data for the following purposes:
Processing of your inquiry to us if you send us an e-mail or contact us through the website
Processing your visit to Vicorda's website – see Vicorda's Cookie Information:
Cookie and Personal Data Policy (GDPR)
Administration of Vicorda's collaboration if you are the contact person for a collaboration partner
Administration of the relationship between you and Vicorda if you use Health Screening and the associated services
The legal basis for Vicorda's treatment is the following general legal basis:
General information from your website visit or your inquiry is processed based on the Personal Data Regulation art. 6, paragraph one, litra f (rules of legitimate interests). It is Vicorda's assessment that Vicorda's interest in collecting, processing, and disclosing information about you does not exceed your interest in the opposite. Consent is used if Vicorda collects other than functional cookies on the website.
General information in relation to the Health Screening and the associated services as well as if you are a partner is processed based on art. 6, paragraph one, litra b of the Personal Data Ordinance; Processing for the purpose of fulfilling the contract (contractual relationship).
When using Vicorda's Health Screening and the related services, Vicorda also processes several sensitive and confidential information about you that requires your voluntary and informed consent, cf. art 9, paragraph two, litra a of the Regulation. You will automatically be asked for consent in the relevant contexts when using the Health Screening. In connection with the consent, you will be informed about the details of the processing, including the purpose and the recall process.
Vicorda ensures that data is stored securely and discreetly. Vicorda's security measures are divided into organizational and technical measures. The organizational security measures mean that only Vicorda's trusted staff for business purposes will have access to your personal data after your consent. Vicorda's staff are continuously guided and instructed on data security, including how they process and protect the information. Vicorda also keeps a record of Vicorda's data processing activities, which are subject to the Danish Data Protection Agency's control.
The technical security measures are related to Vicorda's use of IT systems for registration and administration. Vicorda's data is located securely and securely in a Danish data center which has the necessary level of protection in accordance with current rules. All communication on Vicorda's website is protected by approved security certificates with 256-bit encryption key.
To secure your personal data, all your personal data is backed up daily.
Vicorda's internal IT systems (PCs, etc.) are password protected, updated antivirus software and firewall, two factor authentication (2FA) and physical material stored locked. When destroying or repairing IT equipment, IT equipment is disposed of responsibly, which means that your personal information cannot come to the knowledge of unauthorized persons.
All are guaranteed the following rights in accordance with current legislation:
The right to receive information about the processing of one's personal data (duty to provide information):
As a starting point, you have the right to know who is responsible for the data, what the purpose of the processing is and who receives / processes the information. This Personal Data Policy basically contains all this information.
The right to access his personal data (right of access):
You can ask to know what information Vicorda processes and a possible printout or copy of the information collected.
The right to have incorrect personal data rectified (the right to rectification):
If you believe that Vicorda's information about the person in question is incorrect, inaccurate, or incomplete, you can ask for the information to be corrected.
The right to have one's personal data deleted (the right to be forgotten):
If you believe that the information held by Vicorda is not necessary in relation to the purpose for which it was originally collected, you may request that the information be deleted. Please note, however, that we have a duty and right to store certain personal data to comply with the rules of law.
The right to transfer one's personal data (data portable):
In principle, you have the right to receive information about yourself in a structured, commonly used, and machine-readable format, and you have the right to transfer this information to another company.
Right to object:
You have the right to object to the use of personal data for e.g., direct marketing and profiling. However, we do not use profiling, and possibly. marketing will always be linked to an explicit consent.
By contacting Vicorda regarding. one of the above points (insight, correction, deletion, etc.) is received no later than one month after a message about what Vicorda does when contacted. If, for example, you ask to have your information corrected or deleted, we will normally investigate whether all conditions are met, including whether there is a legal basis for continued processing of data. If we consider that the objection is justified, Vicorda will ensure that the request is granted.
Complaints and contact info
Complaints about Vicorda's processing of personal data, objections and questions regarding personal data policy are directed to Vicorda, see contact information above.
You can complain about Vicorda's processing of your data by contacting the Danish Data Protection Agency. The Data Inspectorate's contact information can be found on the Data Inspectorate's website, www.datatilsynet.dk