How is your health data handled in the PHAIR project?

We process personal health data to improve the monitoring of adverse drug reactions, strengthen patient safety and public health, and support research and innovation in pharmacoepidemiology and artificial intelligence. All processing is carried out exclusively for scientific and statistical purposes that serve a significant public interest.

PHAIR operates under joint data controllership between the following public institutions:

• The Capital Region of Denmark
• Statens Serum Institut
• University of Southern Denmark
• University of Copenhagen
• Danish Medicines Agency

These parties have entered into a joint data controller agreement in accordance with Article 26 of the GDPR, ensuring a clear allocation of responsibilities and rights.

Your data is stored securely on a closed platform at the Danish National Genome Center. Only authorised researchers can access it, and all access is logged. Before any research use, your data is pseudonymised—your name and civil registration number (CPR) are removed and kept separately. An independent legal assessment has concluded that the risk associated with this processing is low to moderate.

PHAIR does not use your data for commercial purposes. The project is independent of financial interests and guided by strong ethical principles. Patients and ethicists are actively involved to ensure responsible use and respect for citizens’ rights.

You have the right to access the information we hold about you, request corrections or deletion (with certain exceptions), object to processing, and file a complaint with the Danish Data Protection Agency.

If you have any questions about how your data is used in the PHAIR project, or if you wish to exercise your rights under data protection law, you are welcome to contact us.