Book now
Legal

Privacy policy

How we collect, process, and store your personal data at Nadim Aesthetics. In accordance with the GDPR and Danish healthcare legislation.

Last updated: May 11, 2026

This is an English translation of our Danish privacy policy provided for the convenience of English-speaking visitors. The Danish version is the authoritative text; in case of any inconsistency, the Danish version prevails. The policy and all data processing described below are governed by Danish law.

Your privacy matters to us. This privacy policy describes how Nadim Aesthetics ApS ("Nadim Aesthetics", "we", "us", "our") as data controller collects, processes, and uses the personal data we gather about you in connection with:

  • Booking an appointment
  • Cosmetic treatment
  • Newsletters and marketing
  • Reporting of adverse events and side effects
  • Use of our website
  • Job applications
  • Supplier and partner relationships

We inform you of all of this because we are required to do so under the General Data Protection Regulation (GDPR) and applicable Danish healthcare legislation.

1. Data controller

Nadim Aesthetics ApS is the data controller for the processing of your personal data.

Contact details:

Nadim Aesthetics ApS
CVR no.: 42576492
Phone: +45 50 80 80 61
Email: kontakt@nadimclinic.dk
Website: https://nadimclinic.dk/

Our clinics:

  • Horsens: Slotsgade 32, st, 8700 Horsens
  • Copenhagen: Ved Vesterport 9, 1612 Copenhagen

Data protection officer:

Nadim Aesthetics has assessed that the clinic is not required to appoint a formal data protection officer (DPO) under GDPR article 37. Questions regarding the processing of your personal data can always be sent to kontakt@nadimclinic.dk.

2. Booking an appointment

What information do we collect?

When you book an appointment for a consultation or treatment with us, we collect the following identification details:

  • Name
  • CPR number (required for secure identification in the patient record)
  • Address
  • Phone number
  • Email address
  • Booking details (time, treatment type)

Purpose and legal basis:

The purpose of the processing is to register and administer your booking, send you confirmations and reminders (via SMS/email), and meet our statutory record-keeping obligations.

  • Legal basis: GDPR article 6(1)(b) (necessary for performance of a contract) and (f) (legitimate interest in administration).
  • CPR number: Processing of the CPR number takes place pursuant to section 11(2)(1) of the Danish Data Protection Act, as its use follows from the Record-Keeping Order and the Health Act, which require unambiguous identification in the patient record.

Storage:

This information is stored as part of your overall patient record (see section 3).

3. Cosmetic treatment (record-keeping)

What information do we collect?

In connection with cosmetic treatment we collect, in addition to the identification details, a number of health-related details (special categories of personal data) to ensure professionally responsible treatment:

  • Information about allergies, medication, illnesses, pregnancy/breastfeeding.
  • Previous cosmetic treatments or surgeries.
  • Skin analysis and treatment history.
  • Before and after photos of the treated area.

Purpose and legal basis:

  • Consultation and treatment: The purpose is to assess your health status and document the treatment in accordance with healthcare legislation.
    • Legal basis: GDPR article 9(2)(h), cf. article 6(1)(c) (legal obligation under the Authorisation Act and the Record-Keeping Order).
  • Before and after photos: We are legally required to take photos of the treatment area as documentation, cf. the Danish Cosmetic Treatment Order (BEK no. 834/2014) section 37.
    • Legal basis: Legal obligation.

Storage:

According to the Record-Keeping Order we must store your patient record (including health information and photos) for at least 10 years from the latest entry in the record. We may not delete your record before this deadline expires. In the event of pending complaints or compensation cases, the information is retained until the case is finally concluded.

Confidentiality:

Our healthcare professionals and other employees are subject to a duty of confidentiality and may not disclose information about you or your treatment without your explicit consent, unless disclosure is required by law (e.g. reporting adverse events or side effects to authorities).

4. Reporting of side effects and adverse events

If, contrary to expectation, side effects or adverse events occur in connection with your treatment, we are obliged to report this to the authorities.

What information:

We record the circumstances of the event, including relevant health information, CPR number, and any image material.

Recipients:

Depending on the nature of the event, we may share information with:

  • The Danish Patient Safety Authority (for adverse events).
  • The Danish Medicines Agency (for side effects of medication or medical devices).
  • The Patient Compensation Association (for reporting any treatment injury).
  • Doctors, hospitals, or other healthcare professionals (if further treatment or referral is required as a result of a complication).
  • Pharmaceutical companies or device manufacturers (to the extent necessary to ensure patient safety in connection with side effects of specific products).

Legal basis:

Chapter 61 of the Danish Health Act (adverse events) and Chapter 5 of the Danish Medicines Act (side effects).

5. Newsletters and marketing

What information do we collect?

If you sign up for our newsletter or consent to marketing, we process:

  • Your name
  • Your email address
  • Information about your interests (e.g. which treatments you have clicked on).

Purpose and legal basis:

The purpose is to send you newsletters, campaign offers, invitations to events, and relevant information about our treatments.

  • Legal basis: GDPR article 6(1)(a) (your active consent).

Use of images in marketing:

In some cases we may ask whether you would like us to share before-and- after photos of your treatment on our social media or other marketing. As before-and-after photos can constitute health information or information about the receipt of healthcare services, we only use such photos for marketing on the basis of your separate, voluntary, and explicit consent, cf. GDPR article 6(1)(a) (ordinary consent) and article 9(2)(a) (explicit consent to processing of special categories of personal data).

Marketing photos are stored for as long as they are actively used in the clinic’s marketing and your consent has not been withdrawn. You can withdraw your consent at any time by contacting us at kontakt@nadimclinic.dk, after which the photos will be removed from any marketing material we control. Note that photos that may already have been shared, screenshotted, or reshared by others on the internet may persist beyond our control.

Storage of newsletter data:

We store your information for as long as you are subscribed to the newsletter. If you unsubscribe, we delete your marketing data, although we retain documentation of your consent for 2 years after the latest mailing in line with the limitation period for the spam rules.

Withdrawal of consent:

You can unsubscribe at any time by clicking the "unsubscribe" link at the bottom of the newsletter or by contacting us directly.

6. Reviews

If you choose to review the clinic on public platforms (such as Google, Trustpilot, or Facebook), your name and your review become publicly available. We may in some cases encourage you to review your experience, but this is always voluntary.

7. Use of our website (cookies & tracking)

When you visit our website, we collect information about your behaviour via cookies and tracking technologies, provided that you have given consent in our cookie banner.

Legal basis:

The use of cookies and similar technologies requires your consent, cf. the Danish Cookie Order (BEK no. 1148/2011), which implements the EU ePrivacy Directive. To the extent cookies also process personal data, this takes place on the basis of your consent, cf. GDPR article 6(1)(a).

We use the following tools:

  • Google Analytics & Google Tag Manager: To analyse traffic and visitor statistics and optimise the user experience.
  • Google Ads: To target ads to you based on your visits.
  • Meta (Facebook/Instagram) Pixel: May be used to show relevant ads for our treatments on social media.

What information:

IP address, browser type, device type, pages visited, time of visit, and geographic location.

You can change or withdraw your cookie consent at any time via the cookie icon on the website. For further information about which cookies we use, please refer to our cookie policy.

8. Job applicants

When you apply for a position with Nadim Aesthetics, we process the following personal data about you:

  • Name and contact details (address, phone, email)
  • CV, application, and any photo
  • Educational and professional information
  • Any references (only with your consent)

Purpose and legal basis:

The purpose is to assess your application and conduct the recruitment process. The legal basis is GDPR article 6(1)(f) (legitimate interest in being able to assess candidates and enter into employment agreements) and article 6(1)(a) (consent), to the extent we obtain references or process sensitive information.

Recipients:

Your application data is accessed only by relevant employees involved in the recruitment. We do not share your information with third parties without your prior consent.

Storage:

If you are not offered a position, we keep your application and related material for up to 6 months after rejection, unless you have explicitly consented to longer retention. If you are offered a position, the information becomes part of your personnel file and is retained in accordance with relevant legislation. You may at any time request that your data be deleted before the end of the retention period.

9. Suppliers and partners

If you are a supplier, partner, or contact person at a business we cooperate with, we may process your contact details, including name, email, phone number, and your connection to the business.

Purpose and legal basis:

The purpose is to be able to communicate with you or the business you represent and to manage our business relationship. The legal basis is GDPR article 6(1)(f) (legitimate interest in being able to communicate and manage the relationship) or article 6(1)(b), if the contract is entered into directly with you.

Storage:

The information is kept for as long as the business relationship exists and is generally deleted 5 years after the end of the financial year in which the latest relevant interaction took place, cf. the Danish Bookkeeping Act rules on retention of accounting material.

10. Automated decisions and profiling

Nadim Aesthetics does not use automated individual decision-making or profiling with legal effect for you, cf. GDPR article 22. All treatment-related assessments and clinical decisions are made by our licensed healthcare professionals on the basis of a personal consultation.

11. Recipients of personal data (processors)

We process your information confidentially. We never sell your data to third parties. We do, however, share certain information with external partners (data processors) that help us run the clinic.

These processors include providers of:

  • Booking systems: (Gecko Booking) for calendar and patient record management.
  • IT systems and office software: for secure storage of documents, emails, and spreadsheets (e.g. for internal calculations or customer lists).
  • Marketing systems: for sending emails (e.g. Brevo) and analytics.
  • Finance and payment systems: for invoicing, bookkeeping, and payment handling.

We have entered into statutory data processing agreements with all our suppliers to ensure that your data is protected.

12. Transfer to third countries

We strive to keep data within the EU/EEA. Some of our technical suppliers (e.g. Google, Meta, or IT software) may, however, have servers located in the US or other third countries. In these cases we ensure that there is a lawful transfer basis, for instance the EU Commission’s Standard Contractual Clauses (SCCs) or the Data Privacy Framework.

13. Processing security

We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or misuse. Only employees with a work-related need have access to your personal data and records.

14. Your rights

Under the General Data Protection Regulation you have a number of rights in relation to our processing of information about you:

  • Right of access: You have the right to access the information we process about you (including a copy of your record).
  • Right to rectification: You have the right to have inaccurate information corrected.
  • Right to erasure: In special cases you have the right to have information about you deleted before our ordinary general deletion takes place. (Note: we cannot delete statutory patient records before the 10-year deadline expires.)
  • Right to restriction of processing: In certain cases you have the right to have the processing of your personal data restricted.
  • Right to object: You have the right to object to our otherwise lawful processing of your personal data, including objection to direct marketing.
  • Right to data portability: In certain cases you have the right to receive your personal data in a structured, commonly used, and machine-readable format.

You can read more about your rights in the Danish Data Protection Agency’s guidance at www.datatilsynet.dk.

If you want to exercise your rights, please contact us at kontakt@nadimclinic.dk.

Complaint to the Danish Data Protection Agency:

You have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find the Agency’s contact details at www.datatilsynet.dk.

15. Changes to this privacy policy

We may update this privacy policy from time to time to reflect changes in our practices, legislation, or our suppliers. The version in force at any given time will be available on our website with the date of the latest update indicated at the top. If the changes are material, we will notify you directly via email if you are subscribed to our newsletter or are an active patient with us.

Beautiful results, accessible to everyone.

Book a free consultation

Horsens

Slotsgade 32, st
8700 Horsens

Copenhagen

Ved Vesterport 9
1612 Copenhagen

Contact & opening hours

© 2026 Nadim Aesthetics ApS · CVR: 42576492
Privacy policy Terms of service
Book consultation

New or existing patient?

Pick the path that fits you and we will send you to the right booking flow.

First visit New patient Start with a free, no-obligation consultation where we find the right treatment together. Choose new patient Been here before Existing patient Book your next appointment, follow-up, or new treatment if you have already had a consultation with us. Choose existing

The booking page itself is in Danish. If you need help in English, write to kontakt@nadimclinic.dk.