Privacy Policy
Cookies
Last updated: 1 July 2026.
A cookie is a small text file stored on your device so that a website can recognise it, remember your settings, and compile statistics. Cookies cannot contain harmful code such as viruses.
This website sets only strictly necessary cookies until you choose otherwise. We do not load Google Analytics, the Meta Pixel, or any other statistics or marketing technology — and send no data to Google or Meta — until you give your consent in the cookie banner. You can change or withdraw your consent at any time via the “Cookie settings” link in the footer, or by deleting cookies in your browser (see guidance).
We group cookies into three categories:
Necessary
Required for the site to work and to keep it secure — for example, cookies our host Cloudflare may set to protect the site against malicious traffic. These do not require consent and are never used for tracking or marketing.
Statistics
Help us understand how the site is used so we can improve it. With your consent we use Google Analytics 4, which sets the cookies _ga and _ga_E7RZWJ4QGC (stored for up to two years).
Marketing
Used to measure and target our advertising. With your consent we use the Meta Pixel, which sets the cookies _fbp (stored up to three months) and fr (set by Meta on the facebook.com domain).
Recipients and transfers
Google Analytics is provided by Google Ireland Limited and the Meta Pixel by Meta Platforms Ireland Limited; both are loaded through Google Tag Manager, and only after you consent. Using these services may involve transferring personal data to the USA, which we base on the EU–US Data Privacy Framework and the European Commission’s standard contractual clauses.
The legal basis for statistics and marketing cookies is your consent (GDPR Article 6(1)(a) and the ePrivacy rules). When you withdraw consent, we stop setting these cookies and delete the ones already stored in your browser; data already received by Google or Meta before withdrawal is retained and processed under their own policies, and you can ask them — or us — to have it deleted.
Privacy Policy
About our data responsibility, in general
When you are examined and treated here at the clinic, we collect and process personal data about you.
We only obtain and process personal data that is relevant for the purpose, and we delete your data when it is no longer necessary to fulfil that purpose.
Below you can read more about how we collect and process your personal data.
Collection, use, storage and deletion of personal data
1. What personal data do we collect?
We obtain the following contact details about you:
- Full name
- Residential address
- Telephone number
- Email address.
We also obtain the following sensitive personal data:
- Civil registration (CPR) number
- The name of your general practitioner
- Information about your health that we receive from you. Where necessary, we also obtain health information about you from other healthcare professionals, e.g. your doctor, in accordance with the rules of the Danish Health Act, as well as
- Photographic information in the form of body images, which form part of the record.
Your CPR number and the information about your health are necessary for us to keep the patient record that, under healthcare legislation, we are obliged to keep as a physiotherapist.
Finally, we may register other information about you for financial and administrative purposes, e.g. invoicing.
Because our treatment at the clinic depends on your personal data being correct and up to date, we kindly ask you to inform us of any relevant changes to your personal data.
2. How do we use your personal data?
We use your personal and health information to ensure you receive safe and relevant treatment at the clinic.
Photographic information in the form of body images is used to plan and document the course of treatment.
If we use your contact details to send newsletters or for other marketing purposes, this is only done with your prior explicit consent. You can withdraw this consent at any time.
3. Disclosure of information
Under the Danish Health Act, we have a duty of confidentiality regarding your health and other sensitive personal matters, but where it is necessary and there is a legal basis, we may disclose your health information internally at the clinic or to a third party.
We always make sure there is a legal basis before disclosing your personal data to a third party, and disclosure can, as a rule, only take place with your consent. In special cases, disclosure may take place without consent under the rules of the Danish Health Act. This will typically be to other healthcare professionals, e.g. your own doctor.
The information we have registered for invoicing and similar financial and administrative purposes is exchanged with a third party to the extent necessary to complete the transaction. This applies, for example, to a booking system, an accounting program, a payment processor or an IT host.
4. How and for how long is the information stored?
We are obliged to store your information in a way that protects it against unauthorised disclosure and against unauthorised persons gaining access to or knowledge of it.
Your record is stored for the period laid down by the Danish Patient Safety Authority pursuant to the Authorisation Act. The applicable period is 5 years from the most recent entry in the record. In special cases, the record may and must be stored for longer.
Information used for invoicing and similar financial and administrative purposes is stored for as long as it is needed.
We delete your personal data when it is no longer necessary in relation to the purpose that was the reason for our collection, processing and storage of that personal data.
5. Your rights regarding the information
You can gain insight into the information we have registered about you by contacting us, or by using any client access to the electronic record. Under the Authorisation Act, we may not delete information in your record, but if you believe there is an error in the record, you can ask for an addition to be made.
For information not covered by the patient record, you have the right to have incorrect information corrected or deleted. You also have the right to ask us to stop processing such information about you. Once you have turned 15, you are, as a rule, entitled to be told what is written about you in a record held by the healthcare system.
6. Complaints about the handling of personal data
Complaints about our processing of your personal data can be submitted to the Danish Data Protection Agency. You can find their contact details etc. at www.datatilsynet.dk.
Supervision of the rules in healthcare legislation is carried out by the Danish Patient Safety Authority. You can find the authority’s contact details etc. at www.stps.dk.
Adverse event
An adverse event is an occurrence that causes harm or a risk of harm. The event is unintended because the healthcare professionals involved have no intention of harming anyone — on the contrary, they would rather the event had not happened.
You can report an adverse event here.
Patient compensation
The Patient Compensation Association compensates for injuries and deaths that occur as a result of treatment, lack of treatment or delayed treatment.
The Patient Compensation Association can only compensate financial losses and provide compensation for pain and suffering and/or permanent injury.
You can read more about the Patient Compensation Association and report any injury here.
Contact details of the data controller
OUCH ApS, CVR no. 39939959, is the data controller. You can contact us to request information — for example, about which personal data we store — or to withdraw a consent. Our contact details are as follows:
OUCH ApS
CVR no. 39939959
Contact person: Jens Q Adolphsen
Address: Sønder Boulevard 47, 1720 Copenhagen V
Email: privatliv@ouch.dk
Website: www.ouch.dk