Privacy Policy (Denmark)
1.Introduction
Qufora A/S, Gydevang 28-30, 3450 Allerød, Denmark, and its affiliated subsidiaries and distributors (“Qufora”), process your personal data, depending on the purpose, as an independent data controller and in some cases, as joint data controllers in accordance with applicable data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
Qufora A/S (Denmark) has appointed a Data Protection Officer (DPO), who can be contacted at dpo.dk@qufora.com. Each country has its own DPO and/or GDPR officer targeted to the individual country, who can be contacted via the email provided in their privacy policy.
2. Updates to our privacy policy
Previous version: June 2, 2025
Latest updated: April 7. 2026
What has changed: Addition of privacy policy for use of Facebook and LinkedIn
To ensure that the privacy policy always reflects applicable law and our practices, it is updated on an ongoing basis as needed. The latest version will always be available here. In the event of significant changes to the privacy policy, the above overview will be updated so that you can easily see what changes have been made and the date of the latest applicable privacy policy.
3. Purpose and products
Qufora develops medical devices with the aim of improving the quality of life of our users. Our range of bowel irrigation products is designed to meet different needs and life situations. The products include Qufora IrriSedo MiniGo, Qufora IrriSedo Klick, Qufora IrriSedo Flow og Qufora IrriSedo Bed. All our products are developed in accordance with applicable medical legislation and quality standards.
Your personal data will be processed for the following purposes: use of our website, customer service and support, administration and dispatch of sample packages, handling complaints and ensuring the proper conduct of clinical studies and tests if you wish to participate. We also process data to comply with legal obligations under applicable data protection and medical legislation. With this privacy policy, we inform you about the collection and processing of your personal data for these respective purposes.
For applicants, your information is used for recruitment and employment administration if you apply for a position with us. Processing of employee information occurs as part of the employment relationship, and we also manage personal data in connection with business relationships with partners, healthcare professionals and distributors.
If you have any questions, concerns or suggestions regarding data protection, or if you wish to exercise your rights as a data subject, you are welcome to contact us via email dpo.dk@qufora.com
4. Personal data we collect about you
The collection and use of personal data depend on the specific products and services that Qufora provides to you in its role as data controller. Below is an overview of the categories of personal data, the purposes of the processing, the legal basis for processing and the retention periods.
Data subject | Purpose of processing | Data categories | Legal basis for processing | Retention period |
Users of the website https://qufora.com | Weblog files Operation and administration of the website https://qufora.com | · Called address of the web server (URL) · “User agent” ID, which contains additional information depending on the browser · Operating system used · Browser type and browser version · Referrer URL (last visited website, if submitted) · Date and time of the server request · IP address · Hostname of your Internet service provider | Article 6(1)(b) (Taking steps prior to entering into a contract at your request)
Article 6(1)(f) (legitimate interest in providing and administering our website) | 30 days |
Cookies: Website Functionality (needs necessary cookies); documentation of consent for unnecessary cookies; marketing and web analytics | Consent and log data; user information such as browser and location data, IP address values, and information about website usage. | Article 6(1)(a) (Consent to cookies and tools for marketing or web analytics purposes)
Article 6(1)(f) (Legitimate interest in necessary cookies) | Detailed information can be found in our Cookie Policy. | |
Visitors to and users who interact with Qufora via our company profiles on LinkedIn and/or Facebook | To be visible on social media, provide information about Qufora, respond to any inquiries and gain overall insight into the use of our profiles. | Name, profile name, publicly available profile information, content of any messages, comments and reactions, as well as statistical and page insight information provided by LinkedIn and Meta/Facebook. | Article 6(1)(f) (legitimate interest in being visible on social media, providing information about the company and responding to inquiries) Article 6(1)(b) (if the processing is necessary to respond to a specific inquiry or to take steps prior to a possible agreement) | Personal data is only stored for as long as is necessary to fulfill the purpose of the processing. Information in messages, comments, etc. is deleted or anonymized in accordance with internal guidelines. Statistical and insight information is stored to the extent and for the period provided by the relevant platform. |
Children (up to 15 years) | Support and advice on the use of our products and the improvement of our products and services related to the child through parents or guardians. Please note that our support service is aimed at adults and all communication is carried out exclusively through parents or guardians, even if the child uses the product themselves. | Art. 6(1)(a) (Consent of parents or guardians to information concerning the child’s health data, to contact/send information by e-mail and to record conversations and store the recording) Art. 6(1)(b) (contract) Art. 6(1)(c) (legal obligations) Art. 6(1)(f) (legitimate interest) Art. 9(2)(a) (explicit consent for special categories of data, in particular health data) Art. 9(2)(f) (establishment, exercise or defence of legal claims) | Personal data is stored for as long as necessary to fulfill the purpose and is then deleted in accordance with internal guidelines and applicable legislation. Verbal consent is stored for 6 months, and written consent is stored for 3 years from the last period of use. At the end of the storage period, the information is anonymized so that it can only be used for statistical purposes without being personally identifiable. | |
Participants / Participants in product development (clinical studies) / | If you participate in product development, including clinical trials, Qufora will process your personal data in order to enable your participation and to ensure that the development process is carried out in accordance with applicable legislation and consent requirements. Healthcare professionals and any external partners may in certain cases be involved in product development and individual clinical studies, for example by providing advice or communicating directly with you as a participant. | Contact information, health information and other relevant data related to the use of the products. This data is anonymized before it is used for research purposes. Once the data is anonymized, we use it to improve our products and services (including staff training) and to monitor and handle complaints and issues regarding the products. | Art. 6(1)(a) (Consent) Art. 6(1)(b) (contract) Art. 9(2)(a) (explicit consent for special categories of data, in particular health data)
| Personal data will be stored for as long as necessary to fulfill the purpose and will then be deleted in accordance with internal guidelines and applicable legislation. Data related to medical devices will be stored for a period of at least 10 years after the market launch of the last product and data related to implants for a period of at least 15 years, cf. the EU Medical Device Regulation (MDR). |
Healthcare professionals (doctors/nurses)
| Collaboration on clinical studies, product development and dissemination of information about products and other relevant tasks Processing of personal data about healthcare professionals when they are involved in the user’s process, including advice, treatment or documentation. | Name, contact information, professional qualifications, place of work, and information about participation in clinical studies or product development | Art. 6(1)(a) (Consent) Art. 6(1)(b) (contract) Art. 6(1)(f) (legitimate interest) | Personal data is stored for as long as necessary to fulfill the purposes for which it was collected, and will then be deleted in accordance with internal policies and applicable legislation. Relevant information for accounting and financial documentation is stored in accordance with the Danish Accounting Act. |
Distributors and Subsidiaries | Administration of cooperation agreements, communications and other related business activities, including support for sales activities carried out exclusively through Qufora’s distributors and subsidiaries. Please note that each distributor and subsidiary acts as an independent data controller and processes personal data in accordance with the applicable data protection legislation in the relevant country, unless otherwise stated. However, in some cases they may act as joint data controllers together with Qufora A/S (Denmark). | Company information, including contact information, as well as information related to business relationships and sales activities | Art. 6(1)(b) (contract) Art. 6(1)(f) (legitimate interest) | |
Logistics and distribution partners | Handling and shipping sample packages and product deliveries to end users via an external courier service | Contact information (name, address, phone number), delivery information (product order/order, shipping status) | Art. 6(1)(b) (contract) Art. 6(1)(f) (legitimate interest) | Personal data is stored for as long as necessary to complete the delivery, and is then deleted in accordance with internal guidelines and applicable legislation, including tax retention requirements. |
Other people who contact us | Responding to inquiries, general communication and administration of requests | Contact information (name, email, telephone number), content of the inquiry, any attached files | Art. 6(1)(f) (legitimate interest) Art. 6(1)(b) (Contract or implementation of pre-contractual measures upon request) | Personal data is stored for as long as necessary to respond to and administer the inquiry, and is then deleted in accordance with internal guidelines. |
Employees | Administration of employment relationships, payment of wages, compliance with legal obligations, including occupational health and safety and tax requirements | Contact information, CPR number, bank information, employment history, health information (e.g. for reimbursement) | Art. 6(1)(b) (performance of employment contract)
Art. 6(1)(c)
Art. 6(1)(f) (legitimate interest)
Art. 9(2)(b) (employment, health and safety obligations)
Art. 9(2)(f) (establishment, exercise or defence of legal claims) | Personal data is stored during employment and deleted after termination when it is no longer necessary in accordance with internal guidelines, unless there is a statutory reason for a longer retention period. Documentation and work emails related to medical devices: Retained for at least 10 years after the last product has been placed on the market, cf. MDR. For implants, the documentation is kept for at least 15 years Please note that upon termination of an employee, incoming emails for up to 6 months may be automatically forwarded to a relevant colleague to ensure business continuity and follow-up on ongoing cases. After this, the employee’s email account will be deactivated and deleted in accordance with internal guidelines. |
Job applicants (including unsolicited ones) | Assessment of applications, conducting interviews related to the job posting, and possibly storing contact information for future recruitment opportunities, provided that you have actively consented to this, either verbally or in writing. | Contact information, CV, application, references, and any publicly available information online, including from social media, if relevant to the position | Art. 6(1)(b) (to carry out the recruitment process with a view to a possible employment contract)
Art. 6(1)(f) (legitimate interest in carrying out a comprehensive assessment of the applicant using publicly available information)
Art. 6(1)(a) (storage of application for future positions based on e-mail consent) | If you are not hired, we will retain your information for up to 6 months after the end of the recruitment process, unless you have actively consented via email to a longer retention period. |
5. How your personal data is collected
Directly from you: When you contact us via phone, email, letter or chat to get support or handle complaints and claims.
Our products are sold through subsidiaries and distributors, although the order is processed through Denmark. For order processing, we receive the necessary data from the respective sellers of the product.
Product Recall:
In the event of a product recall, you will be informed immediately via our subsidiaries and distributors, who will exercise your rights as a consumer in accordance with Article 37 of the EU Product Safety Regulation 2023/988 (General Product Safety Regulation, GPSRR). In this case, we will receive your data from our subsidiaries and distributors.
Through our digital platforms:
When you visit our website or interact with us via emails and social media, information may be collected. This also applies when you visit our company profiles on LinkedIn and Facebook or interact with us there, including by sending messages, commenting on posts or responding to content.
We only use LinkedIn and Facebook to be visible and to provide information about Qufora and not for advertising or lead generation. Information may be collected directly from you, from your publicly available profile content and via the platforms’ own analysis and statistics tools.
Read our Cookie policy for further information about the use of cookies on our website.
Links and references to other websites, etc.
Our profiles on LinkedIn and Facebook may contain links and references to other websites or external pages. When you follow such a link and leave our profile, we are not responsible for the content of third-party websites or for these third parties’ processing of your personal data. We therefore recommend that you always read the relevant third-party privacy policy and any cookie policy when visiting other websites.
From third parties: We may receive information from healthcare providers, hospitals or research institutions in connection with product development. This information is collected solely from patients and users who have voluntarily participated in specific development trials based on their express consent.
When receiving information, we ensure that this is done in accordance with the GDPR. Healthcare providers, hospitals and research institutions will in this context either act as independent data controllers or as data processors under a contractual agreement.
Please note that a healthcare provider can create an end user if this has been agreed between the parties in advance.
6. Disclosure of your personal data
We do not sell your personal data and only share necessary information with selected third parties who help us with specific tasks, including hosting and IT service providers, recruitment companies (in connection with job applications) and logistics companies (for product delivery). These data processors act solely on our instructions and for the purposes we have determined. They may not disclose information to others and delete the personal data once the task is completed, unless retention is required by applicable law. Your information is always processed responsibly and in accordance with applicable data protection laws.
In connection with our presence on LinkedIn and Facebook, the respective platforms may process personal data about you when you visit or interact with our profiles. For certain statistics and page insight services, there may be joint data responsibility between Qufora and the relevant platform, to the extent that this follows from the platform’s terms and applicable data protection law.
Joint data controller:
Qufora A/S and its affiliated subsidiaries and distributors may in some cases act as joint data controllers pursuant to Article 26 of the GDPR. In order to safeguard your rights, the parties have entered into an agreement that sets out the rules for the processing of your personal data, including the obligations each party must fulfil to comply with the GDPR.
Each company has also appointed a DPO and/or GDPR officer, whom you can contact directly regarding the processing of your information. We will work closely with you to process your applications to ensure effective and lawful processing.
7. Protection of personal data
Qufora uses comprehensive technical and organizational security measures to protect your personal data against unauthorized access. We continuously take security measures to best secure the processing of your personal data.
Technical security measures: Access to personal data and IT systems at Qufora is protected with passwords and multi-factor authentication (MFA) to prevent unauthorized access. All devices are equipped with encrypted hard drives via BitLocker, and antivirus programs are installed to ensure a high level of protection against security threats. Data communication takes place exclusively through secure networks, and external users use VPN connections to maintain data security. All personal data is available in Microsoft 365, including CRM, where it is stored on servers physically located within the EU/EEA.
Organizational security measures: Access to personal data is limited to employees who have a work-related need for access. Physical documents containing personal data are stored securely and destroyed when no longer needed. Employees receive ongoing training in the correct handling of personal data and are protected against security threats and cyberattacks. And internal procedures have been developed for handling data breaches in accordance with the provisions of the General Data Protection Regulation (GDPR).
8. Transfer of personal data to third countries
Qufora may transfer personal data to countries outside the EU/EEA if necessary to provide our services, cooperate with external partners or to manage logistics and sales activities, such as providing sample packages to end users.
Although data protection laws may vary between countries, we maintain a consistently high standard of data protection to ensure that your information is processed fairly and in accordance with applicable law. We use security measures that comply with EU data protection standards.
When we transfer data to third countries, we use approved transfer mechanisms, including standard contractual clauses (SCCs) approved by the European Commission.
For transfers to the United States, the EU-US Privacy Framework may also apply if the receiving company is certified under the program. This ensures that all of our partners, including logistics and distribution partners, subsidiaries and distributors, handle your personal information with the same care and security.
When using LinkedIn and Facebook, personal data may be processed by recipients outside the EU/EEA, including in the USA, depending on the technical and organizational set-up of the platform in question. In such cases, we, to the extent that we are data controllers, seek to ensure that the processing has an appropriate transfer basis in accordance with applicable data protection law. We also refer to LinkedIn’s and Meta’s/Facebook’s own privacy policies for further information about their processing of personal data, recipients and transfers to third countries.
9. Your rights
If your personal data is processed in connection with your use of or interaction with our profiles on LinkedIn or Facebook, you also have the same rights in this context as set out below. However, LinkedIn and Facebook also process personal data as independent data controllers on their own terms, and we therefore recommend that you also read their own privacy policies for further information on exercising your rights vis-à-vis them.
Right to information (Art. 13 and 14)
When we collect and process your personal data, including the purpose, storage period and recipients of the data
Right of access (Art. 15)
You have the right to access the personal data we process about you and may request a copy thereof, provided that we hold the information and it does not contravene other legislation.
Right to rectification (Art. 16)
You have the right to have inaccurate or outdated personal data about you corrected. If you discover that we are processing incorrect or incomplete information about you, you always have the opportunity to contact us to have your information updated. You can request correction of your information by contacting us using the details at the bottom of the page.
Right to erasure (Art. 17)
You may at any time request the deletion of personal data we hold about you, provided that this does not conflict with applicable laws governing its storage. Personal data that we do not use is continuously deleted within the company.
Right to restriction of processing (Art. 18)
For the use of your personal data (provided it does not conflict with other legislation).
Right to data portability (Art. 20)
You have the right, in certain cases, to receive your personal data in a structured, commonly used format and may request that these be transmitted to a third party.
Right to object (Art. 21)
You have the right to object to the processing of your personal data, unless this is in conflict with other applicable laws.
Right not to be subject to (Art. 22)
For a decision based solely on automated individual decisions, including profiling
Right to withdraw existing consent
You have the right to withdraw your consent to the processing of your personal data at any time, regardless of whether the consent was given in writing or orally. However, the withdrawal does not affect the processing of your personal data carried out before the withdrawal.
Oral consent is stored for 6 months from the last period of use, while written consent is stored for 3 years from the last period of use. When the storage period expires, the information is anonymized so that it is no longer personally identifiable.
If you wish to withdraw your consent, please contact us using the contact details provided below. Please note that a withdrawal only affects processing based on consent and not processing carried out on other legal grounds, such as contractual obligations or statutory requirements.
10. Opportunity to file a complaint
We do everything we can to protect your personal data and protect your rights in the most optimal way. If you do not believe that we are processing your request and your rights in accordance with the law, please contact us by email dpo.dk@qufora.com, please add ‘complaint’ in the subject line of the email. It is not possible to contact us by telephone, as we want to be able to legally document your inquiry.
If you still do not believe that we are not processing your request and rights in accordance with the law, you have the option According to Article 77, paragraph 1, the right to file a complaint with Datatilsynet Tlf.: (+45) 33 19 32 00, E-mail: dt@datatilsynet.dk website: www.datatilsynet.dk
11. Contact
Qufora A/S
Gydevang 28-30
3450 Allerød Denmark
(Data Controller)