Privacy Notice for Teladoc Health's Rehabilitation Services

Effective Date: March 1st, 2026

This is the Privacy Notice (“Notice“) for the provision of Teladoc Health’s Rehabilitation Services, provided by Teladoc Health Denmark ApS (“Teladoc Health“, “We“, “Us” and “Our“). Teladoc Health is the data controller for the personal data disclosed in this privacy policy.

Teladoc Health Denmark ApS
CVR-nummer: 41627425
Rønnegade 9, 1. 2100 København Ø.

Our Rehabilitation Services (the “Services”) is a virtual care program run by Teladoc Health on behalf of your pension or insurance provider. The Services are designed for members who are currently on sick leave or assessed to be at risk of going on sick leave. Our Rehabilitation Services offer a flexible, health‑ and social‑care–oriented course intended to improve your quality of life and empowerment, and thereby support you in maintaining your connection to the labour market.

To meet your different needs for both social and health professional intervention, the Teladoc Health’s Rehabilitation effort is multidisciplinary. No two offers are alike, and how many sessions you need and with which professionals will depend on your situation.

In order to provide the Services to you, we need to collect and process your personal data (“Personal Data“). This Notice describes the kind of Personal Data we collect about you, why we collect it, how it is collected, how we use it, how we protect it and under what circumstances we share it with third parties. This Notice also describes how you may access your Personal Data and exercise the rights you have concerning your Personal Data. Please review it carefully.

Teladoc Health is committed to ensure full compliance with all applicable data privacy laws and regulations, including (but not limited to) the General Data Protection Regulation (EU) 206/679 (the GDPR) and the Danish Data Protection Act (collectively Data Protection Laws). As a health care provider, we are also obligated to process your Personal Data as set out in the Danish health legislation.

By requesting or utilizing our Services you are entering into a contractual relationship with Teladoc Health for the provision of these Services to you, and you accept the privacy practices described below.

Teladoc Health and your pension- or insurance provider is a independent data controller in relation to the Personal Data processed. For more information about how your pension or insurance provider handles your data, please reach out to them directly.

What Personal Data is collected and processed by Teladoc Health?

We will process your Personal Data in the situations described below.

Types of Personal Data The purpose of the processing Legal basis
Personal Data processed for administrative purposes when you request Teladoc Health’s Services through your pension or insurance provider
We will process your name, address, date of birth, your gender/sex, contact information (email address and phone number) as well as your insurance terms. We will also process your CPR number. The purpose of our processing of your personal data is to administer your request for our Services and to communicate with you. We rely on your consent, cf. Article 6 (1) (a) of the GDPR and Section 11 (2) (2) of the Danich Data Protection Act.
Personal Data processed when providing our Services
Ordinary and sensitive Personal Data, including your name, age, date of birth and your gender/sex.

We also process your CPR number as well as health data, e.g. your previous health and medical records, physical and mental performance, characteristics, diseases or disabilities, work ability, and information about your sex life or sexual orientation, occupation and/or other information we collect through our communication with you.

 The purpose for our processing of your personal data is to deliver our Services, i.e. our online medical treatment during our consultation. We are also obligated under applicable health legislation to e.g. report any side effects to the public authorities, to process your data for journaling purposes and for medicine descriptions. We process your Personal Data based on our legal obligation when providing health care treatment, cf. Article 6 (1) (c) and Article 9 (2) (a)., cf. Section 7 (3) of the Danish Data Protection Law and the Danish health legislation.

Processing of your CPR number is required by law, e.g. under the Danish Executive Order on Medical Records Section 12, cf. the Danish Data Protection Act Section 11 (2) (1).
Personal Data obtained through survey forms, calls or text
We process your responses, which may include health information. We process your answers together with the information we have already collected about you as part of Teladoc Health’s Rehabilitation Services.

 

 

 Our aim is to better understand our customers’ needs and improve the Services i.e. satisfaction, improvement of working capabilities of customers etc. Data collected through surveys forms, calls or text messages directly to and from you will be processed based on your consent, cf. Article 6 (1) (a) and Article 9 (2) (a) of the GDPR.

Withdrawal of Consent

When our processing of your Personal Data is based on your consent, you can withdraw such consent at any time. Your withdrawal will not affect the lawfulness of processing based on consent before its withdrawal, but not consenting can affect our ability to provide the Services to you. You can withdraw your consent at any time by sending an email at dpo-teladoc@dpo-danmark.dk.

Personal Data Teladoc Health Collects About You from other sources

We collect Personal Data directly from you through correspondence via email or telephone. Furthermore, we may collect Personal Data from:

  • your pension or insurance provider for the purpose of providing you with treatment which are covered by your insurance terms,
  • your past or current health care providers. For example, it may be relevant for us to collect your previous health information from online registers, e.g. sundhed.dk, provided this is necessary for our treatment of you cf. the Danish Health Act Section 42a (1), and/or if you have specifically consented, or
  • your authorized representatives if it is necessary for providing our Services to you.

Whether it is necessary to collect Personal Data about you from you or third parties will be assessed on a case-by-case basis.

Disclosure of Your Personal Data

We may in some cases share your Personal Data with third parties, as described below:

  • Your pension or insurance provider: If you consent, cf. Article 6(1)(a) and Article 9(2)(a) of the GDPR, cf. Section 43(1) of the Danish Health Act, we will disclose ordinary and sensitive Personal Data about you to your relevant pension or insurance provider for administrative and case handling purposes according to your insurance terms. The Purpose is to make sure the case handling process can be done in accordance with applicable rules and conditions, and to understand the effects of Teladoc Health’s Rehabilitation Services with respect to customer claims. The Purpose is also to be able to understand and improve the services within the product via the reporting on i.e. satisfaction, improvement of working capabilities.
    • The data on patient level and aggregated is:
    • (Ordinary Data) name, phone number, email, case number, occupation, insurance policy terms
    • (Confidential Data) CPR number
    • (Sensitive Data) health history, illnesses, diagnosis and treatment, work ability, reasons for referral, suggested treatments, medication, private GP information, information from specialist doctors and hospitals, work ability, physical, psychological and relational ability or disability.
    • (For report and case handling Purposes) Which service were used. When was the service used. Number of treatments. What kind of treatment was given and how was the progression, the diagnosis and recommendation for future treatment. It will also include the customers’ work status and prognosis for reactivation, either to the current employment or other profession, as well as ongoing relevant case reports outlining the key factors contributing to a successful rehabilitation. If an Expert Medical Opinion is prepared as part of Teladoc Health’s Rehabilitation Services, the overall findings of the report will be shared to help improve the rehabilitation efforts.
    • (For report Purposes): Satisfaction questions and usage, e.g. average number of sessions (and length of the sessions) per customer per segment per health professional incl. nurse assistance.
  • Other health care professionals (external partners) including private hospital: We will disclose ordinary and sensitive Personal Data, including your name, contact details and health data, if we refer you to another relevant health care professional because it is necessary for the current course of your treatment. The legal basis for such transfer is GDPR Article 9 (2) (a) and the Danish Data Protection Act Section 7 (3), and your consent cf. Section 41 (1) of the Danish Health Act.
  • Your general practitioner: We will disclose ordinary and sensitive Personal Data, including your name and health information, to ensure that your own doctor is informed about your treatment. The legal basis for such transfer is GDPR Article 9 (2) (a) and the Danish Data Protection Act Section 7 (3), and your consent cf. Section 41(1) of the Danish Health Act.
  • Your municipality: We may disclose your ordinary and sensitive data in case this is of relevance to your municipality. Such disclosure is carried out in accordance with Article 6(1)(e) and Article 9(2)(g) of the GDPR, as well as Section 43(1) of the Danish Health Act and the supplementing applicable legislation relevant to your application.
  • Public authorities, including health authorities: Teladoc Health is required by law to report to authorities in certain cases and regarding certain observations, e.g. if it is identified that a child under 18 years of age is in need of social support or in relation to side effects- and pharmacovigilance reporting, cf. Article 6 (1) (c) and Article 9 (2) (h), cf. Section 7 (3) of the Danish Data Protection Law and supplementing health legislation e.g. the Danish Health Act Section § 43 (2) and the Executive Order on Pharmacovigilance.
  • Teladoc Health Group: When preparing an Expert Medical Opinion report, we share information that is anonymised or pseudonymised when this is sufficient to deliver the service. However, in certain cases, it is necessary to disclose personal and sensitive data, including health information, to medical professionals, hospitals, or translators of medical documents in order to prepare the Expert Medical Opinion. Where necessary, information may also be shared within the Teladoc Health Group. The legal basis for this disclosure is GDPR Article 6(1)(a), GDPR Article 9(2)(a) and Section 7(3) of the Danish Data Protection Act.
  • Danish Labour Market Insurance (Arbejdsmarkedets Erhvervssikring/AES): Under the Danish Workers’ Compensation Act, the Danish Labour Market Insurance (AES) may require Teladoc Health to provide relevant personal and health information when necessary for processing a work‑injury case. When AES requests information as part of its exercise of public authority, Teladoc Health is obligated to disclose the requested data. The disclosure is carried out pursuant to GDPR Article 6(1)(e) as well as Article 9(2)(g) and/or Article 9(2)(f).
  • The Danish Appeals Board (Ankestyrelsen): As an appeals and supervisory authority, the Danish Appeals Board may require Teladoc Health to provide information necessary to make decisions in appeal cases related to insurance or work‑injury matters. In such cases, Teladoc Health must provide the information the authority is legally entitled to obtain. The disclosure is carried out pursuant to GDPR Article 6(1)(e) as well as Article 9(2)(g) and/or Article 9(2)(f).
  • The Danish Working Environment Authority (Arbejdstilsynet): Under the Danish Working Environment Act, the Danish Working Environment Authority may require Teladoc Health to provide relevant information in connection with assessments of work‑related illness, injury, or supervisory investigations. When the Authority requests information as part of its statutory tasks, Teladoc Health is obligated to disclose the necessary data. The disclosure is carried out pursuant to GDPR Article 6(1)(e) as well as Article 9(2)(g) and/or Article 9(2)(b).

Finally, we may share your Personal Data with our IT service providers and our company affiliates acting as data processors.

International Transfers of Your Personal Data

We generally do not transfer your personal data to countries outside the EU/EEA (third countries). Intended transfers may only take place if the European Commission has issued a decision confirming that the country in question ensures an adequate level of protection (an adequacy decision), or if a valid transfer mechanism has been established, such as the European Commission’s Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or another legally recognised transfer mechanism.
Intended transfers will only occur to the Teladoc Health Group or to the organisation’s data processors, and not to any other independent third parties. Before any transfer, we conduct a Transfer Impact Assessment and implement, where required, supplementary technical and organisational security measures.

Security of Your Personal Data

We safeguard your Personal Data with technical and organizational security controls which are consistent with Data Protection Laws. We educate our staff (e.g.: healthcare professionals) in our policies and the relevant data protection laws.

Data Retention

We will retain your Personal Data for as long as it is needed for the provision of the Services to you and after that, for the statutory periods for the only purpose of attending any statutory responsibilities that might arise from the provisions of the Services and to comply with the Data Protection Laws.

Medical records will be stored for 10 years after the last note made in the records, cf. the Danish Executive Order on Medical Records.

At the end of the relevant retention period, your Personal Data will be securely destroyed or permanently anonymized in accordance with Data Protection Laws and any applicable regulations.

Your data subject rights

Subject to applicable Data Protection Laws, you have the following rights:

  • Right of access: right to ask us for copies of your Personal Data.
  • Right to rectification: right to ask us to rectify your Personal Data You think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Right to withdraw: your consent to the processing of any of your Personal Data.
  • Right to erasure: right to ask us to erase your Personal Data in certain circumstances.
  • Right to restriction of processing: right to ask us to restrict the processing of your Personal Data in certain circumstances.
  • Right to object to processing: right to object to the processing of your Personal Data in certain circumstances.
  • Right to data portability: right to ask that we transfer your Personal Data to another organisation or to you, in certain circumstances.

You may exercise your data subject rights as may be applicable at any time by emailing us at dpo-teladoc@dpo-danmark.dk. You also have the right to lodge a complaint with the Danish Data Protection Agency.