Personal data policy

​In the Capital Region of Denmark, we use information about citizens, users and patients as part of our day-to-day work. This personal data policy will explain how we process and protect personal data. 

What is personal data?

Personal data is any information that relates to an identifiable natural person, for example:
  • name
  • addres
  • civil registration number (CPR number)
  • health information
  • genetic data
  • ethnic origin
  • religion
  • marital status
  • social aspects
  • criminal convictions.

How we obtain personal data

The Capital Region of Denmark receives your personal data if you are admitted to one of our hospitals or if you are in contact with the region in some other way. We also receive your personal data from others outside of the region, such as public registers, private hospitals, hospitals in other regions, doctors with a private practice, municipalities or other public authorities.

In accordance with our duty to provide information, we will inform you whenever we receive or collect information about you. We will always provide you with the information you are entitled to receive, such as the basis and reason for why we are processing your data.

Why does the region need your personal data?

The Capital Region of Denmark collects personal data for a number of purposes as part of our daily work, for example: 
  • patient treatment
  • clinical quality database (approved by the Danish Health Data Authority)
  • health science research
  • special needs teaching, social and psychosocial services
  • case processing
  • HR tasks
  • Regional Council elections.

How we process personal data

The Capital Region of Denmark is responsible for ensuring that the processing of personal data is done according to legislative principles.   This means that we must process personal data legally, fairly and transparently. 

Therefore, we only process your personal data if this is permitted by legislation or if you have given your consent. Consent is always voluntary and you are free to retract consent at any time.

We collect and process personal data for specific purposes, for example patient treatment, health planning and social sheltered housing.   

We only process personal data that is relevant, sufficient and necessary to achieve the purpose for which the data was collected. 

The personal data we process as part of our day-to-day routines must be correct and up-to-date.  When we become aware of mistakes in personal data, we will rectify them.

We will erase your personal data when we no longer need it. However, we will store personal data for a longer period if the law requires us to do so, for example personal data in patient records.

As part of the day-to-day routines at the Capital Region of Denmark, we sometimes transfer personal data to parties outside of the region. We will only share personal data on the basis of legislation, your consent or at your request.  

We collect and process personal data in a manner that ensures protection of your privacy. The Joint Regional Information Security Policy is the framework of the region’s own policies, guidelines etc. on information security. 

What processing your data means

Processing is the activity or activities your data is used for. For example, data collection, registration, processing, storage, publication, adjustment/amendment, searches, transfers, comparing/merging and erasure.

Security breach

We will notify you as quickly as possible should there be a personal data security breach that we determine entails a high risk to your rights, including discrimination, identity theft or fraud, financial loss, damage to reputation or social consequences.

Your rights

We are obligated to inform you of your rights when we process your personal data. For example, you have

  • the right to access information regarding the region's processing of your personal data
  • the right to correct incorrect personal data about you 
  • the right to restrict the processing of your personal data (i.e. if the accuracy of the data is unclear)
  • the right to object.


You can lodge a complaint directly to the Danish Data Protection Agency if you believe that the Capital Region of Denmark is not processing your personal data correctly according to the protection of personal data legislation.

However, you should always contact the Capital Region of Denmark first if you believe the region is processing your personal data in contravention of the protection of personal data legislation.

Visiting websites

The Capital Region of Denmark's websites use cookies to improve the user experience and to collect statistics.  A cookie is a file that is saved on the device (computer, smartphone, tablet or other device) you use when you access the region's websites. 

The region's websites contain links to other websites. The region is not responsible for the content on those websites.

The Danish version of the personal data policy has been prepared in cooperation between the Capital Region of Denmark, Region Zealand, Region of Southern Denmark, Central Denmark Region and North Denmark Region

The Danish version of the policy was approved by the Capital Region of Denmark on 19 June 2018.

Please notice that the English version of the policy is translated for the Capital Region of Denmark.
Responsible editor