Privacy Policy

Last updated: 1st of May 2026

1. Who we are

Oasicare ApS, CVR no. 43788914 ("Oasi", "we", "us", "our") is the data controller for the personal data covered by this Privacy Policy.

Contact details: Oasicare ApS Gasværksvej 15D, 3rd floor 1656 Copenhagen V Denmark Email: hello@oasi.care Phone: +45 42 34 93 62

We have assessed that Oasicare ApS is not currently required to appoint a Data Protection Officer under Article 37 GDPR. The contact point for data protection matters is hello@oasi.care. If this changes, we will update this Privacy Policy accordingly.

2. Scope of this Privacy Policy

This Privacy Policy explains how we process personal data when you:

●      visit our website;

●      sign up for our newsletter or updates;

●      contact us through our general contact form or by email;

●      request or access downloadable materials, whether freely available or behind a form; or

●      interact with our cookies, analytics, advertising or similar website technologies.

This Privacy Policy is intended for website-related processing only. It does not govern any separate processing carried out in connection with clinical investigations, clinical studies, regulated medical-device safety or vigilance matters, product complaints, employment/recruitment, or other contexts that require separate privacy information, contractual documentation or regulatory notices.

3. What personal data we process

Depending on how you use the website, we may process the following categories of personal data:

a. Identity and contact data. Your first name, last name, email address and, if enabled in the future, phone number.

b. Enquiry and communication data. The contents of your message, the subject of your enquiry, correspondence with us, and any information you choose to provide when contacting us.

c. Download and content request data. Information about which downloadable materials you request or access, whether you completed a form to receive them, and related interaction history.

d. Newsletter and consent data. Your subscription status, consent records, unsubscribe records, communication preferences, and records showing when and how you gave or withdrew consent.

e. Technical and website usage data. IP address, browser type, device information, operating system, timestamps, pages viewed, referral information, cookie identifiers, consent choices, approximate country or region derived from IP address or consented website technologies, and similar technical data.

f. Analytics, advertising and measurement data. Information about how visitors interact with our website, ads, campaigns, forms and downloadable content, to the extent such technologies are enabled and lawfully used. Depending on your consent choices and our configuration, this may include privacy-enhancing advertising measurement features that use hashed first-party data such as an email address.

We do not intentionally collect health data or other special categories of personal data through the website.

4. How we collect personal data

We collect personal data:

●      directly from you, when you sign up for updates, submit a contact form, request gated content, or otherwise contact us;

●      automatically, when you use the website and interact with cookies, analytics, advertising, consent or security technologies; and

●      from service providers, where relevant, for example where website, analytics, consent or advertising tools provide us with information about website performance or campaign activity.

5. Why we process personal data and our legal bases

We process personal data only where we have a lawful basis under applicable data protection law.

5.1 To operate, secure and troubleshoot the website

We process technical and usage data to run the website, keep it secure, prevent abuse, manage consent settings, troubleshoot errors, and document basic website administration.

Legal basis: Article 6(1)(f) GDPR - our legitimate interests in operating, securing and maintaining our website.

5.2 To respond to general enquiries

We process the personal data you provide through our general contact channels in order to respond to your enquiry, communicate with you, and manage ordinary business dialogue. Providing your name and email is required to respond. Without these we cannot reply to you.

Legal basis: Article 6(1)(f) GDPR - our legitimate interests in responding to enquiries and managing communications. Where your enquiry is directly connected to possible pre-contractual steps, Article 6(1)(b) GDPR may also apply.

5.3 To provide requested downloadable content

Where content is placed behind a form, we process your name and email address, and any other information required in the form, in order to provide the requested material, document the request, and understand interest in our content. Providing the requested form fields is necessary for us to deliver the material. Without these we cannot provide the requested content.

Legal basis: Article 6(1)(f) GDPR - our legitimate interests in providing requested materials and understanding interest in our work.

Access to gated content is not conditional on marketing consent. If we ask for newsletter or marketing consent in connection with a download, that consent will be presented separately and will be optional.

5.4 To send newsletters and marketing communications

We process your contact details and related preference data to send newsletters, updates and other electronic marketing communications where you have asked to receive them.

Legal basis: Article 6(1)(a) GDPR - your consent.

You can withdraw your consent at any time by clicking the unsubscribe link in our emails or by contacting us at hello@oasi.care.

5.5 To use non-essential cookies, analytics, advertising and conversion measurement

Where required by law, we process personal data through analytics, advertising, behavioural and conversion measurement technologies, and to improve and optimise the website, only after obtaining your consent. This includes consent-based analytics and advertising tools, and consent-based features that use hashed first-party identifiers (such as an email address) to improve campaign measurement.

Legal basis: Article 6(1)(a) GDPR - your consent.

5.6 To comply with legal obligations and protect our legal rights

We may process personal data where necessary to comply with applicable law, document compliance, respond to lawful requests from authorities, and establish, exercise or defend legal claims.

Legal basis: Article 6(1)(c) GDPR and, where applicable, Article 6(1)(f) GDPR.

6. Important note about sensitive information and adverse-event reporting

Our general contact form and ordinary website contact channels are intended for general enquiries only.

Please do not submit patient-identifying information, health data, CPR numbers, medical records, or other sensitive information through the general contact form or ordinary email channels.

If you wish to report a suspected adverse event, device defect, malfunction, near-incident or quality issue concerning an Oasicare medical device, please contact us at hello@oasi.care, and we will direct you to the appropriate reporting channel and provide the relevant privacy information. Reports of this nature may need to be handled, documented and shared with competent authorities (such as the Danish Medicines Agency) under the EU Medical Device Regulation (Regulation (EU) 2017/745) and applicable Danish law, under separate privacy information.

7. Recipients and categories of recipients

We may share personal data with:

●      website, hosting and CMS providers, including Squarespace;

●      consent-management providers, including Cookiebot;

●      analytics, tag-management, advertising and conversion-measurement providers, including Microsoft, Meta, LinkedIn, Google services such as Google Tag Manager, Google Analytics and Google Ads;

●      session analytics and usability tools, including Microsoft Clarity;

●      spam and bot protection providers, including Google reCAPTCHA;

●      file hosting and sharing providers, including Google Drive, where downloadable materials are hosted or shared through such services;

●      newsletter, CRM and email marketing providers selected by us from time to time;

●      IT, security, cloud storage and business communication providers;

●      professional advisers such as lawyers, auditors or consultants, where relevant; and

●      public authorities, regulators, courts or law-enforcement bodies where required by law or necessary to protect our rights.

Depending on the service and configuration, some third-party providers may act as data processors on our behalf, while others may act as independent controllers for their own services.

Joint controllership. Where we use advertising and conversion-measurement features such as Google Ads conversion tracking, Oasicare ApS and the relevant provider may act as joint controllers within the meaning of Article 26 GDPR for the collection of certain personal data on our website. The essence of these arrangements is set out in the providers' publicly available terms (for Google: Google's Controller-Controller Data Protection Terms). You can request further information at hello@oasi.care.

8. International transfers

Some of our service providers, including Squarespace, Google and Microsoft, are established in the United States or process personal data in the United States, the United Kingdom or other countries outside the European Economic Area. Some of these countries do not provide the same level of protection as the EEA.

Where we transfer personal data outside the EEA, we rely on a lawful transfer mechanism, such as:

●      the EU-US Data Privacy Framework, where the recipient is certified under it;

●      an adequacy decision by the European Commission (for example, the UK adequacy decision);

●      the European Commission's Standard Contractual Clauses, supplemented by a Transfer Impact Assessment and additional safeguards where necessary; or

●      another lawful safeguard under applicable data protection law.

A copy of the relevant safeguards, where available, can be obtained by contacting us at hello@oasi.care.

9. How long we keep personal data

We keep personal data only for as long as necessary for the purpose for which it was collected, and as needed for documentation, security or legal compliance.

As a general rule:

●      General enquiries and contact form submissions: up to 12 months after the matter is closed.

●      Gated download request data: up to 24 months after the last meaningful interaction.

●      Newsletter and marketing consent data: until you unsubscribe or withdraw consent, and for up to 2 years thereafter where needed to document consent, withdrawal and suppression.

●      Website logs and security data: normally 6–12 months, unless a longer period is required for security, troubleshooting or legal reasons.

●      Cookie-related retention: as stated in our cookie settings, banner or consent tool.

●      Data relevant to legal claims or legal obligations: for as long as necessary to establish, exercise or defend legal claims or comply with law.

10. Your rights

Subject to applicable law, you have the right to:

●      request access to the personal data we process about you;

●      request rectification of inaccurate or incomplete personal data;

●      request erasure of your personal data in certain circumstances;

●      request restriction of processing in certain circumstances;

●      object to processing based on our legitimate interests;

●      object at any time, free of charge, to the processing of your personal data for direct marketing purposes;

●      receive the personal data you have provided to us in a structured, commonly used and machine-readable format where the right to data portability applies;

●      withdraw your consent at any time where processing is based on consent; and

●      lodge a complaint with the Danish Data Protection Agency, Datatilsynet.

Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

If you wish to exercise your rights, please contact us at hello@oasi.care. We may ask for information necessary to verify your identity before responding.

The Danish supervisory authority is Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, email dt@datatilsynet.dk, phone +45 33 19 32 00.

11. Cookies and similar technologies

We use cookies and similar technologies, including cookies, tags, scripts, pixels, local storage and comparable tools, to:

●      make the website function properly;

●      remember user preferences and consent choices;

●      maintain security and protect forms against abuse;

●      understand traffic and user behaviour;

●      measure the performance of content, campaigns and website features; and

●      support advertising, remarketing, retargeting, conversion tracking and related measurement where enabled.

We use Cookiebot, or an equivalent consent-management setup, to collect and manage consent choices. Strictly necessary technologies may be used without consent where permitted by law. Non-essential analytics, advertising and similar technologies are only used after you have provided the relevant consent. You can withdraw or change your consent at any time through the cookie settings tool on our website.

12. Third-party links and external download platforms

Our website may contain links to third-party websites or platforms, including LinkedIn and external platforms used to host downloadable materials, such as Google Drive. If you follow those links or use those platforms, the relevant third party may process your personal data under its own privacy notice and terms. We encourage you to review those notices separately.

13. Security

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure and unauthorised access. Depending on the context, these measures may include access control, password protection, limited access on a need-to-know basis, secure system configuration, vendor management, logging and internal procedures for handling data securely.

14. Automated decision-making

We do not use personal data covered by this Privacy Policy to make decisions based solely on automated processing, including profiling, that produce legal effects or similarly significant effects on you.

15. Recruitment

We do not invite job applications through the website. If this changes in the future, we may publish a separate recruitment privacy notice.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical or business changes. The latest version will always be made available on our website. Where required by law, we will take appropriate steps to inform affected individuals of material changes.

17. Contact and complaints

If you have questions about this Privacy Policy or about our processing of personal data, please contact us at:

Oasicare ApS Gasværksvej 15D, 3rd floor 1656 Copenhagen V Denmark Email: hello@oasi.care Phone: +45 42 34 93 62

You also have the right to lodge a complaint with:

Datatilsynet Carl Jacobsens Vej 35 2500 Valby Denmark Email: dt@datatilsynet.dk Phone: +45 33 19 32 00