Legal

Privacy Policy

How CareClub processes your personal data in accordance with the General Data Protection Regulation (GDPR) and Danish data protection law.

1

Data Controller

CareClub App ApS (hereinafter "CareClub", "we" or "us") is the data controller for the processing of the personal data we receive about you when you use our app or website.

Company nameCareClub App ApS
VAT/Reg. no.45555674
AddressHandal 11, 8643 Ans By
Emailhej@careclub.dk

If you have questions about this privacy policy or about the processing of your personal data, you are always welcome to contact us at hej@careclub.dk.

2

Purpose of processing

We process your personal data in order to provide CareClub's booking platform and the associated services. Specifically, we process your data in order to:

  • create and administer your user account
  • arrange and complete bookings between customers and providers
  • receive and settle payments for completed treatments
  • issue invoices and fulfil bookkeeping obligations
  • pay salaries to providers affiliated with the platform
  • send relevant notifications, reminders and service messages
  • respond to enquiries and handle complaints
  • improve the platform's functionality, security and user experience
3

What personal data we process

We process the following categories of personal data, depending on whether you are a customer or a provider:

General information about all users:

  • name and phone number
  • email address (if provided)
  • profile picture (if uploaded)
  • language, selected theme and other preferences
  • booking history and messages exchanged via the platform
  • technical information about device, IP address and login times

Additional information about providers:

  • address, company registration number (where relevant) and bank account details
  • Danish personal identification number (CPR), required for salary payments and reporting to the Danish tax authority
  • education, certificates, services and prices published in the profile

Payment information: Card details are entered directly with our payment partner Frisbii and are never stored on CareClub's own systems. We only receive a token reference and information about completed transactions.

4

Legal basis

We process your personal data on the following legal bases, cf. the General Data Protection Regulation (GDPR):

  • Performance of a contract (art. 6(1)(b)): processing of data necessary to create an account, complete bookings, settle payments and pay salaries to providers.
  • Legal obligation (art. 6(1)(c)): retention of bookkeeping material under the Danish Bookkeeping Act and reporting of salary and CPR to the Danish tax authority via our payroll provider.
  • Legitimate interest (art. 6(1)(f)): operation, security and continued improvement of the platform, including prevention of misuse and fraud.
  • Consent (art. 6(1)(a)): sending newsletters, marketing, and the use of non-essential cookies. Consent can be withdrawn at any time.
  • Section 11 of the Danish Data Protection Act: processing of providers' CPR numbers is authorised for payroll administration and reporting to the Danish tax authority.
5

Data processors and third parties

We use a number of trusted data processors in order to deliver our services. Data processing agreements have been entered into with all processors in accordance with GDPR art. 28.

Danløn (Bluegarden / Visma)

Payroll provider for paying salaries to providers. CPR numbers and salary data for the relevant month are transferred once a month to Danløn. After each monthly transfer, the CPR number is deleted from CareClub's own systems and is retained only by Danløn as part of the legally required payroll administration.

e-conomic (Visma e-conomic A/S)

Accounting and invoicing system. Invoices and vouchers, including customer and provider data, are retained in e-conomic for 5 years from the end of the financial year, cf. section 12 of the Danish Bookkeeping Act.

Frisbii

Payment gateway handling card payments. Card data is entered directly with Frisbii and is not stored by CareClub. Frisbii is PCI-DSS certified.

Firebase (Google Ireland Ltd.)

Used for push notifications on mobile devices. Device tokens and notification content are transferred.

Google Analytics (Google Ireland Ltd.)

Statistical traffic analysis of the website. IP addresses are anonymised. See the section on cookies for details.

sms1919 (Compaya A/S)

Sending SMS codes to verify the phone number at login and account creation.

Hosting (europæisk datacenter)

Operation of servers and database. All data is stored in the EU/EEA.

Some of these providers (Google) are owned by groups based outside the EU/EEA. In such cases, transfers outside the EU/EEA take place on the basis of the European Commission's Standard Contractual Clauses and supplementary safeguards.

6

Retention and deletion

We retain your personal data for as long as is necessary for the purposes for which it was collected. Specifically:

  • Account information: retained for as long as your account is active.
  • Providers' CPR numbers: retained by CareClub for up to one month, after which they are transferred to Danløn and deleted from our own systems.
  • Bookkeeping material (invoices, receipts, payment details): retained in e-conomic for 5 years from the end of the financial year to which the material relates, cf. section 12 of the Danish Bookkeeping Act.
  • Booking history: deleted together with the account, unless the data is included as a voucher for bookkeeping purposes.
  • Complaints and enquiries: retained for up to 3 years after the case is closed.
  • Technical logs: retained for up to 90 days for troubleshooting and security purposes.
7

Account closure and data deletion

You can close your account and request deletion of your personal data at any time via www.careclub.dk/en/close-account or by contacting us at hej@careclub.dk.

When you close your account, your personal data is deleted from CareClub's systems. However, we are obliged to retain certain information pursuant to applicable law — in particular bookkeeping material, which must be retained in e-conomic for 5 years. This information will only be used to meet the relevant legal requirements and will be deleted when the retention obligation expires.

8

Your rights

Under the General Data Protection Regulation, you have a number of rights in relation to our processing of your personal data:

  • Right of access: you have the right to be informed of what personal data we process about you.
  • Right to rectification: you have the right to have inaccurate data corrected.
  • Right to erasure: in certain cases you have the right to have data about you deleted before our normal retention period expires.
  • Right to restriction: in certain cases you have the right to have the processing of your data restricted.
  • Right to data portability: in certain cases you have the right to receive your data in a structured, commonly used and machine-readable format.
  • Right to object: in certain cases you have the right to object to our otherwise lawful processing.
  • Right to withdraw consent: if the processing is based on consent, you may withdraw your consent at any time.

You can exercise your rights by contacting us at hej@careclub.dk. We will process and respond to your request as soon as possible, and no later than within one month.

You can read more about your rights in the guidance on data subjects' rights published by the Danish Data Protection Agency at www.datatilsynet.dk.

9

Cookies

A cookie is a small text file stored in your browser when you visit our website. CareClub uses cookies for the following purposes:

  • Necessary cookies: ensure that the website and app function correctly — for example login session, selected language and security measures. These do not require consent.
  • Statistical cookies (Google Analytics 4): help us understand how visitors use the website so that we can continuously improve it. IP addresses are anonymised.

You can change or withdraw your consent to non-essential cookies at any time. Your choice is stored locally in your browser until you change it.

We do not use cookies for profiling or targeted third-party advertising.

10

Security

We have taken appropriate technical and organisational security measures to protect your personal data against accidental or unlawful loss, alteration, disclosure or unauthorised access. These include, among others:

  • encryption of data in transit (HTTPS/TLS)
  • access control and restricted access to personal data
  • ongoing security updates and logging
  • data processing agreements with all suppliers

In the event of a personal data breach that entails a high risk to your rights, we will notify you without undue delay in accordance with GDPR art. 34.

11

Complaint to the Danish Data Protection Agency

You have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with our processing of your personal data. We do, however, encourage you to contact us first at hej@careclub.dk so that we have the opportunity to clarify the matter.

AuthorityDatatilsynet
AddressCarl Jacobsens Vej 35, 2500 Valby
Phone+45 33 19 32 00
Emaildt@datatilsynet.dk
Webwww.datatilsynet.dk
12

Changes to this privacy policy

CareClub may update this privacy policy at any time, for example as a result of changes in legislation or in our own practices. The policy in force at any given time is published on this page.

For material changes, we will notify you in the app or by email before the changes take effect.

Last updated: 23 April 2026