Privacy Policy and
Data Stewardship
At KostOnline, we operate with clinical precision regarding your nutritional health—and we apply the same rigor to your personal information. This policy details our commitment to GDPR compliance and the transparent management of your data within our consultancy framework.
Summary of Rights
- Right to access and export your nutrition records.
- Strict medical confidentiality for all lab results.
01 Data Collection Categories
To provide professional nutrition services via KostOnline, we collect specific identifiers required for identity verification and clinical assessment. This information is gathered when you interact with our platform or book an online consultation.
Identity Data
Name, date of birth, and residency status in Denmark for regulatory compliance.
Contact Details
Email address and phone number used for session confirmations and reporting results.
Health Metrics
Height, weight, activity levels, and dietary preferences provided via intake forms.
Clinical History
Medical conditions, allergies, or blood panel data shared during consultations.
Confidentiality Zone
Your data remains protected within our secure clinical infrastructure.
02 Purpose of Processing
KostOnline processes your data under several legal bases as defined by the General Data Protection Regulation (GDPR). We do not use your health data for generic marketing automation or unsolicited third-party advertising.
- Service Fulfillment Processing is necessary for the execution of the contract between the dietitian and the client, specifically in delivering personalized nutrition plans.
- Administrative Integrity Maintaining accurate records for billing, scheduling, and adherence to Danish healthcare documentation laws.
- Explicit Consent Processing of sensitive "special category" health data is performed only after receiving your clear, documented consent during the intake process.
03 Clinical Security Protocols
Data integrity is central to our reputation. We utilize industry-standard encryption and organizational measures to safeguard your electronic health records.
TLS/SSL Encryption
All traffic between your browser and our booking system is encrypted.
Encrypted Storage
Static health data is stored using AES-256 bit encryption at rest.
Need-to-Know Access
Access is limited strictly to the nutrition specialist assigned to your case.
04 Third-Party Disclosures
We do not sell or trade your data. To operate efficiently, we share limited information with trusted service providers who adhere to our strict confidentiality standards:
- Payment Processors: Secured billing partners who handle transactions (we do not store full credit card numbers).
- Video Conferencing Tools: Encrypted platforms used for face-to-face online consultations.
- Lab Partners: Only with your direct request, if you choose to share results from a third-party blood lab.
05 Regulatory Contact
Data Protection Officer
For inquiries concerning your data rights, requests for deletion, or to receive a copy of your nutritional history, please contact our administrator directly.
Should you feel that your data has been handled incorrectly, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) at datatilsynet.dk. We appreciate the opportunity to resolve any concerns directly before such measures are taken.