top of page

Patient Privacy Policy

 â€‹

Please print, read and sign the privacy policy linked above. Please have it ready at your visit. 

 

The policy is also detailed below:

​

​

Processing of data

In connection with Thrive Wellness’s examination, diagnosis and treatment of you as a patient, Dr. Ileana M. Serrano (CVR 45124665) collects and processes personal data about you.

This privacy policy describes how she processes, uses and discloses your personal data.


Types of information

I collect and process the following types of personal data about you (to the extent that it is relevant to you):

Common categories of personal data:

Name, address, e-mail address, telephone number, social security number, gender, family and social relations, work relations and education. Special categories of personal data ("sensitive personal data"):

Health information (e.g. medical records, test results, tests, X-rays, scan results, etc.), sexual relations, racial or ethnic origin and religious matters.


Purpose

I process your personal data for the following purposes:

  • My examination, diagnosis and treatment of you

  • Preparation of medical certificates

  • Preparation of certificates for use by authorities, insurance companies, etc.

  • Communication with or referral to other healthcare professionals, doctors, hospitals or hospital laboratories

  • Prescriptions for medicines, including the issuing of prescriptions

  • Reporting to clinical quality databases

  • Reporting of laboratory samples to hospital laboratories

  • Settlement purposes

  • In order to comply with our obligations under applicable law, including the EU General Data Protection Regulation, data protection law and other relevant health legislation, such as the GDPR.

  • Documentation obligation

  • Compliance with basic principles for the processing of personal data and legal basis for the processing.

  • Implementing and maintaining technical and organizational security measures, including but not limited to preventing unauthorized access to systems and information, preventing the receipt or distribution of malicious code, stopping denial-of-service attacks, and damage to computer systems and electronic communications systems.

  • Investigation of suspected or knowledge of security breaches and reporting to individuals and authorities.

  • Handling inquiries and complaints from data subjects and others.

  • Handling inspections and inquiries from supervisory authorities.

  • Handling disputes with data subjects and third parties.

  • Statistical studies and scientific research.

 

Volunteerism

When I collect personal data directly from you, you provide the personal data voluntarily. You are not obliged to provide this personal data to me. The consequence of not providing me with the personal data will be that I cannot carry out the purposes above, including that in some cases we cannot examine, diagnose or treat you.


Sources

In some cases, we collect personal data about you from other healthcare professionals, e.g. hospitals, referring doctors or by looking up electronic medical record systems. We process the information received in accordance with this privacy policy.


Disclosure of personal data

To the extent necessary for the specific examination, diagnosis or treatment of you, your personal data will be disclosed and shared with the following recipients:

Information is disclosed to other authorities, clinical quality databases, the Danish Vaccination Register, the Danish Patient Safety Authority, the Common Medicine Card, the police, social authorities, the Labour Market Insurance to the extent that there is an obligation to do so under current legislation. As a patient, you have access to your own information (self-access). When referring patients, information is disclosed to the healthcare professionals to whom the referral has been sent. When reporting laboratory samples, the samples are passed on to the hospital laboratories. When reporting information in connection with the settlement of patient treatment, information is passed on to the regional settlement offices. When issuing prescriptions, information is passed on to the country's pharmacies and the Danish Medicines Agency via the prescription server. When reporting to clinical quality databases.
When discharge summaries are disclosed, information is disclosed to the referring physician and, in some cases, to the referring hospital. In other cases, information is disclosed to relatives or insurance companies.

The legal basis for collecting, processing and disclosing your personal data is:

For the purposes of general patient treatment, general personal data is collected, processed and disclosed pursuant to Article 6(1)(c) and (d) of the General Data Protection Regulation, while the sensitive personal data is collected, processed and disclosed pursuant to Article 9(2)(c) and (h) of the General Data Protection Regulation. In addition, we are obliged to process a number of personal data about you in connection with the general patient treatment pursuant to the Authorisation Act's chap. 6, the Executive Order on Health Professionals' Medical Records (the Executive Order on Medical Records), especially Paragraphs 5-10, and the Health Act's chap. 9.Health information for use in further treatment in connection with referral of patients is disclosed in accordance with the rules in Paragraphs 20-23 of the Agreement on Specialist Medical Assistance and the Danish Health Act. Reporting of laboratory tests to hospital laboratories is done in accordance with the rules in the Danish Health Board's guidelines on the handling of paraclinical examinations pursuant to the Authorisation Act. Information for the purpose of billing for patient treatment is sent once a month to the region's settlement office in accordance with the rules in Paragraph 49 of the Collective Agreement on Specialist Medical Care and the Danish Health Act. Prescription orders are sent via the IT service and the prescription server in accordance with the rules in Chapter 1 of the Danish Health Act chap. 42 and the Executive Order on Prescriptions and Dose Dispensing of Medicinal Products, especially chap. 3. Clinical patient data is disclosed to clinical quality databases in accordance with the rules in paragraphs 195-196 of the Danish Health Act and the Executive Order on the Reporting of Information to Clinical Quality Data Databases, etc. Data may also be disclosed on the basis of specific consent from you as a patient. Discharge summaries, which are a brief summary of the patient's medical history and course of treatment, are sent to the referring doctor and in some cases to the referring hospital in accordance with the rules in Chapter 9 of the Health Act.  Your personal data is only disclosed to insurance companies with your prior consent, cf. Articles 6(1)(a) and 9(2)(a) of the General Data Protection Regulation. Your personal data will only be disclosed to your next of kin with your prior consent in accordance with the rules in paragraph 43 of the Danish Health Act. In the case of deceased patients, certain personal data may be disclosed to the deceased's next of kin, the deceased's general practitioner and the doctor who treated the deceased in accordance with the rules in paragraph 45 of the Danish Health Act. If the processing of your personal data is based on consent, you have the right to withdraw the consent. If you withdraw consent, it will not affect the processing prior to the withdrawal of consent, including a disclosure based on consent.


Use of data processors

Your personal data is processed and stored by my data processor, who stores it on behalf of and on instructions from me. My data processor is currently.

1. Novax A/S

 

Retention period

I store personal data about you for as long as we need to take care of the stated purposes. However, according to the Executive Order on Record Keeping, I am obliged to store these for a minimum of 10 years after the last entry in the journal. There may be cases where I am forced to store your personal data for a longer period of time, e.g. in connection with a complaint or compensation case, in which case the data will be stored until the case is finally closed.


Your rights

You have – subject to the limitations of the law – certain rights, including the right to access personal data, the right to have incorrect data corrected, the right to have data deleted, the right to have data restricted, the right to data portability, the right to object to the processing of the personal data, including in relation to automated, individual decision-making ("profiling").

You also have the right to complain to a competent supervisory authority, including the Danish Data Protection Agency.


Contact

If you have any questions regarding the processing of your personal data or the exercise of your rights, you are welcome to contact me.

Best regards

Ileana M. Serrano, MD  

 

Thrive Wellness

Thrivewellness.dk

Tel. 21 87 04 44  

ileanaserrano@thrivewellness.dk

Last Revised: 15/09/2025

 

​

​

bottom of page