top of page

Personal data policy 

Personal data policy for Vicorda

This policy describes how Vicorda collects, processes, and stores personal data about you when you visit Vicorda's website, contact Vicorda, or are a customer through one or more of Vicorda's services (Health Screening, Physical Health Checks, Workplace Assessments, Pulse Surveys, Whistleblower, News Module, or Health Advisory). Vicorda is the data controller for the website and inquiries to Vicorda. For other services, Vicorda acts as a data processor under the instructions of a data controller through data processing agreements.

 

Regardless of Vicorda's role, Vicorda's clear goal is to ensure transparency in Vicorda's data processing and to protect your personal data in accordance with data protection legislation.

Vicorda's contact information is:

Vicorda ApS

Lejrvej 25

3500 Værløse

Tlf. +45 3055 4435

info@vicorda.dk

​CVR DK-37468835

Types of Data

Depending on whether you are a customer or a website visitor, Vicorda processes a range of data about you. This data is always collected with your involvement and typically includes:

As a website visitor

  • A unique ID and technical information about your computer, tablet, or mobile phone

  • Geographical area

  • Pages you click on (interests)

When using Vicorda's online contact form

  • Name, company, and number of employees

  • Email and phone number

  • Content of your inquiry (free text)

As a contact person at a partner company

  • Name

  • Email

  • Phone

When using health screening and physical health checks

Categories of personal data collected and processed include:

  • General personal data: General background questions such as gender, age, weight, height, full name, email address, workplace, employee type, pension status, health insurance status, workplace environment: ergonomics, relationships, psychosocial hazards, lifestyle: sleep, diet, smoking, alcohol, physical activity

  • Sensitive personal data: Health information including mental health: stress/anxiety/depression, self-care, cognitive functions, physical health: self-assessed health status, illness and absence, pain

  • Physical measurements (when physical health checks are included): Weight, waist measurement, body fat percentage, BMI, total cholesterol, HDL and LDL cholesterol, blood sugar, blood pressure, balance test

 

When using thematic surveys (Pulse Surveys):

Categories of personal data collected and processed vary by survey type and include:

  • General personal data: General background questions such as full name, email address, workplace, employee type, pension status, health insurance status

  • Sensitive personal data: Health information including mental health: stress/anxiety/depression/well-being/burnout/quality of life

When using workplace assessments (APV):

Categories of personal data collected and processed include:

  • General personal data: Gender, age, full name, email address, workplace, physical, ergonomic, biological, and psychological work environment conditions

 

When using the Whistleblower service:

Categories of personal data collected and processed include:

  • General personal data (if not anonymized): Full name, email address, workplace

  • Confidential personal data (may occur if you include personal data in your descriptions or attached documents):
    - Date or period of the incident
    - Theme of the incident
    - Description of the incident
    - Any attached documents (videos, images, text files)

How Long Do We Retain Your Data?

Vicorda generally retains personal data as long as there is an active relationship between you and Vicorda where it is in your interest that Vicorda processes the data. Data is deleted when this relationship ends. Deletion is, of course, only carried out to the extent that Vicorda does not have legal or other valid reasons to retain the data for a longer period.

 

Vicorda also has specific deletion procedures related to the various services in the solution:

  • Users always have the option to delete data/reports themselves

  • Users always have the option to delete their entire profile themselves

  • Users whose employer does not have a history will have their data deleted after 30 days

  • Inactive users will have their data deleted after 18 months of inactivity. Users are notified one month in advance.

  • If the company's agreement ends, the user's data is deleted

Disclosure of Information

Vicorda only uses sub-processors in Denmark for hosting IT systems and data. These processors solely process data on behalf of Vicorda and are not permitted to use the data for their own purposes. No sub-processor has access to personally identifiable data. Vicorda only uses data processors in Denmark, ensuring your data is protected under Danish law. Vicorda has entered into data processing agreements with its regular IT providers. These agreements ensure that the data shared with specific systems (e.g., email and file system, website hosting, customer management system, Health Screening, etc.) is processed securely, as these providers guarantee compliance with GDPR legislation.

 

Legal Basis and Purpose

Vicorda processes your personal data for the following purposes:

  • Handling your inquiry if you send us an email or contact us through the website

  • Processing your visit to Vicorda's website (see Vicorda's Cookie Policy, link in footer)

  • Administration of Vicorda's cooperation if you are a contact person at a partner company

  • Administration of the relationship between you and Vicorda if you use Health Screening and the associated services

 

The legal basis for Vicorda's processing includes:

  • General information from your website visit or inquiry is processed under the legal basis of GDPR Article 6(1)(f) (the balancing rule). Vicorda assesses that Vicorda's interest in collecting, processing, and disclosing information about you does not outweigh your interest in the opposite. Consent is used if Vicorda collects other than functional cookies on the website.

  • General information in relation to Vicorda's solution and the respective services, as well as if you are a partner, is processed under the legal basis of GDPR Article 6(1)(b); processing for the purpose of fulfilling a contract (contractual relationship).

  • When using Vicorda's solution and the respective services, Vicorda also processes a range of sensitive and confidential information about you, requiring your voluntary and informed consent in accordance with GDPR Article 9(2)(a). You will automatically be asked for consent in the relevant contexts when using Vicorda's solution or one or more of the respective services. In connection with consent, you will be informed of the details of the processing, including purpose and withdrawal process.

 

Security

Vicorda ensures that data is stored securely and discreetly. Vicorda's security measures are divided into organizational and technical measures. The organizational security measures mean that only Vicorda's trusted personnel with a valid purpose have access to your personal data with your consent. Vicorda's personnel are continuously instructed and trained on data security, including how to handle and protect the information. Vicorda also maintains a record of its data processing activities, subject to the Danish Data Protection Agency's oversight.

 

The technical security measures relate to Vicorda's use of IT systems for registration and administration. Vicorda's data is securely and safely placed in a Danish data center with the necessary protection level according to current regulations. All communication on Vicorda's website is protected with approved security certificates with a 256-bit encryption key. Stored data (data at rest) is protected via 256-bit encryption, and sensitive data in use (data in memory) is also protected via 256-bit encryption. To ensure your personal data, backups of all your personal data are performed daily, and a Disaster Recovery as a Service (DRaaS) solution is in place.

 

Vicorda's internal IT systems (PCs, etc.) are protected with passwords, updated antivirus programs and firewalls, two-factor authentication (2FA), and physical materials are stored locked. When IT equipment is destroyed or repaired, it is disposed of responsibly to ensure that your personal data does not become accessible to unauthorized persons.

 

Your Rights

According to current legislation, everyone is guaranteed the following rights:

 

  1. Right to information about the processing of personal data (right to be informed):
    You have the right to know who the data controller is, the purpose of the processing, and who receives/processes the data.
    This Privacy Policy generally contains all this information.
     

  2. Right to access your personal data (right of access):
    You can request information about what data Vicorda processes and request a copy of the collected data.
     

  3. Right to have inaccurate personal data rectified (right to rectification):
    If you believe that the data Vicorda holds about you is incorrect, inaccurate, or incomplete, you can request that the data be corrected.
     

  4. Right to have personal data erased (right to be forgotten):
    If you believe that the data Vicorda holds about you is not necessary for the original purpose it was collected, you can request that the data be deleted. Note that we are obliged and entitled to retain certain personal data to comply with legal requirements.
     

  5. Right to data portability:
    You generally have the right to receive information about yourself in a structured, commonly used, and machine-readable format, and you have the right to transfer this information to another company.
     

  6. Right to object:
    You have the right to object to the use of personal data for, among other things, direct marketing and profiling. We do not use profiling, and any marketing will always be linked to explicit consent.

 

When contacting Vicorda regarding any of the above points (access, rectification, deletion, etc.), you will receive a response within a month about what Vicorda will do with your request. If, for example, you request to have your data corrected or deleted, we will normally investigate whether all conditions are met, including whether there is a legal basis for continued data processing. If we find the objection justified, Vicorda will comply with the request.

 

Complaints and Contact Information

Complaints about Vicorda's processing of personal data, objections, and questions regarding the privacy policy should be directed to the data controller.

 

You can complain about the processing of your data by contacting the Danish Data Protection Agency. The contact information for the Danish Data Protection Agency can be found on their website, www.datatilsynet.dk.

bottom of page