Effective date: November 11, 2025
Health Tech Hub Copenhagen’s Privacy Policy
1. Introduction
This privacy policy explains how Health Tech Hub Copenhagen (hereinafter also ‘HTHC’, ‘we’, ‘our’ or ‘us’) collects, uses, stores, and protects personal data that you provide to us directly, or that we obtain in connection with our activities. This privacy policy applies to the following:
These groups are referred to as “data subjects.”
HTHC handles personal data in accordance with applicable legislation. We continuously update our procedures to comply with the EU General Data Protection Regulation (GDPR).
The most up-to-date version of the privacy policy is always available at www.healthtechhub.org.
2. Health Tech Hub Copenhagen as Data Controller
HTHC is the data controller, responsible for processing the personal data as described in this policy. Contact information:
Health Tech Hub Copenhagen CVR no. 40479007
Danneskiold-Samsøes Alle 41
1434 Copenhagen K
Email: hello@healthtechhub.org
3. Your Rights
As a data subject, you may exercise your rights at any time by contacting HTHC. Contact details are provided in Section 2 of this policy.
Data subjects have the right to:
For more information, please refer to the Danish Data Protection Agency’s guidance on data subjects’ rights, available at www.datatilsynet.dk.
4. Health Tech Hub Copenhagen’s Processing of Personal Data
This section describes the types of personal data HTHC collects on data subjects, and the purposes for which they are collected. HTHC only processes data about data subjects that are relevant and necessary for the purposes stated in this privacy policy. Likewise, the organization only processes the amount of data needed for specified purposes.
HTHC processes different categories of personal data about you depending on whether you are a contact person for an organization, a partner, an event participant, a job seeker, or simply a user of our website. Below you can see which personal data we collect, the purpose and legal basis for processing it, and when the data will be deleted:
|
Data Subject |
Personal Data |
Purpose & Legal Basis |
Erasure Policy |
|
Visitors on healthtechhub.org |
Cookies/online identifiers, IP address, browsing behaviour (depending on consent). |
Ensure website functionality, improve services, statistics. Legal basis: Art. 6(1)(a) (consent for non-essential cookies), Art. 6(1)(f) (legitimate interest for essential cookies). |
Session cookies are deleted after session. Other cookies are deleted when they expire or upon withdrawal of consent. |
|
Event participants |
Name, email, job title, name of organization, phone number, payment details (if applicable).
For digital events, participants will potentially be recorded. |
Manage registration incl. potential payment, communication, event delivery, reporting. Legal basis: Art. 6(1)(b) (contract for event participation), Art. 6(1)(f) (legitimate interest in executing and documenting events). |
Event data deleted 3 years after the end of the calendar year in which the event took place, except for events with payment where legal obligations require longer retention.
Recordings deleted 1 year after the end of the calendar year in which the event took place. |
|
Newsletter subscribers |
Name, email, company name, job title, behavioural data (what the subscriber opens and clicks on). |
Send newsletters, customize content, improve communication. Legal basis: Art. 6(1)(a) (consent). |
Emails and names of unsubscribed recipients of the newsletter are deleted every six months. |
|
Job seekers |
Name, email, CV, cover letter, references, communication. |
Recruitment, assessment of candidates. Legal basis: Art. 6(1)(b) (contract), Art. 6(1)(f) (legitimate interest in recruitment), Art. 9(2)(b) if sensitive data is provided voluntarily. |
All data deleted 6 months after receiving the inquiry unless consent for longer retention. |
|
Contacts at member organizations |
Name, email, job title, name of organization, phone number, LinkedIn profile, behavioural data (email opens and clicks). |
Membership administration, updates, collaboration. Legal basis: Art. 6(1)(b) (contract with member organization), Art. 6(1)(f) (legitimate interest in running membership program). |
Contact profile deleted 1 year after end of the calendar year in which the organization ended its membership, or when the contact person leaves the organization.
|
|
Contacts at potential member organizations |
Name, email, job title, name of organization, phone number, LinkedIn profile, behavioral data (email opens and clicks).
|
Discuss membership opportunities, communication. Legal basis: Art. 6(1)(f) (legitimate interest in recruiting members). |
Contact profile deleted 1 year after end of the calendar year in which the last contact took place, unless the lead is converted to member/subscriber; immediately upon objection. |
|
Contacts working with partners and suppliers |
Name, email, phone, job title, organization, contractual/payment data. |
Manage partnerships, projects, accounting. Legal basis: Art. 6(1)(b) (contract), Art. 6(1)(c) (legal obligation, bookkeeping law), Art. 6(1)(f) (legitimate interest in collaboration). |
Contact information deleted 5 years after the end of the financial year in which the contractual relationship is terminated, unless it is relevant to store the information for a longer period, e.g. as a result of the relationship or for administrative purposes. |
|
Photos & videos from events |
Photos/videos where you may be identifiable. |
Publish situational images on website/social media for communication purposes. Legal basis: Art. 6(1)(f) (legitimate interest in promotion), Art. 6(1)(a) (consent, where close-up identifiable pictures are used). |
Media deleted when no longer relevant for HTHC’s communication, or upon objection. |
5. Data Security
We have implemented appropriate technical and organizational security measures to protect the personal data we process. These measures are designed to prevent alteration, loss, or unauthorized access. We only engage with data processors who maintain a corresponding level of security.
6. Sharing of Personal Data with Third Parties
We may share your information with carefully selected third parties when it is necessary to provide you with our services or to meet our legal obligations. This may include sharing data with:
In each case, we ensure that your personal data is protected through confidentiality agreements or data processing agreements.
Some of our providers are located outside the EU/EEA. If your personal data is transferred to such a provider, we only do so when the provider ensures an adequate level of protection such as certification under the EU-U.S. Data Privacy Framework.
If you are our contact person at a member organization, your email will be shared with employees at other member organisations.
We never share your personal data with any other third parties without your consent, unless required by law.
7. Filing a Complaint
If you are dissatisfied with the way we process your personal data, you can file a complaint with the Danish Data Protection Agency:
Carl Jacobsensvej 35, 2500 Valby
Phone: +45 33 19 32 00
Email: dt@datatilsynet.dk
8. Updates to This Privacy Policy
We review this Privacy Policy regularly to ensure it reflects current practices and legislation. Updates may occur without prior notice; significant changes will be published on our website alongside the updated version.