Databehandling

Aftalegrundlag og information om behandling af personoplysninger mellem MediSkill og vores kunder.

Ikrafttrædelsesdato: 4. januar 2026

This Databehandling ("DPA") forms part of the agreement between MediSkill ApS (the "Processor") and the Customer (the "Controller") for the provision of MediSkill's digital competency tracking platform (the "Services").

1. Genstand og varighed

The Processor processes personal data on behalf of the Controller as necessary to provide the Services. This DPA applies for the duration of the underlying agreement.

2. Behandlingens karakter og formål

The Processor will process personal data for the purpose of enabling registration, tracking, and documentation of clinical competencies. Processing operations may include collection, storage, retrieval, anonymisation, deletion, and – where relevant for platform functionality – analysis via AI models.

3. Typer af personoplysninger og registrerede

Types of personal data: Name, professional credentials, competency logs, training records, and related metadata.

Categories of data subjects: Physicians, healthcare professionals, and other users registered by the Controller.

4. Databehandlerens forpligtelser

The Processor shall:

  • Process personal data only on documented instructions from the Controller (including this DPA).
  • Ensure that persons authorised to process the data are committed to confidentiality.
  • Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk (as described in our privatlivspolitik).
  • Assist the Controller in fulfilling data subject rights requests and data breach notifications, where required.
  • Upon termination, fully anonymise personal data and retain only metadata for research purposes, as specified in the Terms of Service.
  • Make available to the Controller all information necessary to demonstrate compliance with GDPR Article 28.

5. Underdatabehandlere

The Controller authorises the use of the following sub-processors:

  • One.com (website and database hosting – EU/EEA)
  • Plausible Analytics (privacy-friendly website usage tracking for optimisation)
  • Hetzner Online GmbH (local server hosting and processing – EU)
  • xAI (Grok AI models – US, with appropriate safeguards)
  • OpenAI (AI models – US, with appropriate safeguards)
  • Anthropic (Claude AI models – US, with appropriate safeguards)

The Processor shall inform the Controller of any intended additions or replacements of sub-processors and allow reasonable objection. Agreements with all sub-processors ensure equivalent data protection obligations.

6. Dataoverførsler

Personal data is primarily processed within the EU/EEA (e.g., on Hetzner servers). Where transfers to third countries (outside EU/EEA) occur – particularly to the US for AI processing via Grok, OpenAI, or Claude – appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, and supplementary measures where required.

7. Revision og assistance

The Processor shall allow for and contribute to audits by the Controller or an independent auditor mandated by the Controller, subject to reasonable notice and confidentiality.

8. Ansvar

Each party's liability under this DPA is subject to the limitations in the main agreement and applicable law.

9. Lovvalg

This DPA is governed by Danish law and the GDPR.

Kontakt

MediSkill ApS
c/o Martin Lawaetz
Spurvevænget 11
2791 Dragør
Danmark

Email: contact@mediskill.dk
CVR-nr.: 42753505

By using the Services, the Controller confirms acceptance of this databehandlingsaftale.