This personal data policy informs you about how iDr Medical Consulting AB, org. no. 559023-7458, with address Kyrkogatan 25, 411 15 Gothenburg (also "us", "we" and "our") uses personal information that is submitted to us. This policy is available at www.idr-medical.se. We will always comply with applicable privacy laws, and will ensure that personal information is treated confidentially. Except as expressly provided here, we will not, unless required by law or in accordance with a legally binding decision by the competent authorities, provide personal data to third parties without prior consent.
We are responsible for the personal data processing described in the personal data policy in our capacity as personal data controller. If you want to know more about our processing of your personal data, you are always welcome to contact us, e.g. at the address above or via our e-mail address info@idr-medical.se.
How we collect your personal information:
The information we process about you is mainly collected directly from you in connection with you contacting us regarding our services, when we carry out our services, or when you otherwise visit and use our website. We may also collect your personal information from an outside person who books a test on your behalf in connection with a group booking.
If you do not provide us with the personal information we request from you in connection with our services, you will not be able to perform our services.
We will address the following personal information:
• Name.
• Social security number.
• Contact information (e-mail address, address, telephone number).
• Date of test and test results.
• Passport number.
• Time of departure.
• Place of departure and place of arrival.
• IP address.
We for digital journals which are saved in date files. How we should and may process your data is stipulated by law in the Patient Data Act (SFS 2008: 355) and the National Board of Health and Welfare's regulations and general advice on record keeping and processing of personal data in health care (HSLF-FS 2016: 40). According to the Patient Data Act (SFS 2008: 355), we have a legal obligation to save your medical record documents for at least 10 years after the last information was entered in the document.
The processing of your personal data is also necessary for us to be able to enter into and fulfill agreements with you, ie. receive, process and deliver orders for our services, including communication with you regarding our services and your orders, as well as other customary activities such as sending order confirmations and handling payment information for invoicing. If you enter into agreements and receive agreed services from us on behalf of others, e.g. as a representative of a company, our processing of your personal data takes place with the support of a balance of interests, where our legitimate interest is to be able to enter into or fulfill the agreement with the person you represent.
According to the Accounting Act (SFS - 1999: 1078), we have a legal obligation to save your personal data needed for accounting purposes for 7 years. Otherwise, we do not save your personal information for longer than 1 year after the case has been closed for each purpose.
We also process your IP address for the purpose of keeping statistics on and analyzing visitor traffic on our website. The treatment takes place with the support of balancing of interests, where our legitimate interest is to collect data to maintain and improve the functionality, content and security of our website. For more information about how we use cookies, see our cookie policy. We process and store information about how visitors interact with our website for a maximum of two (2) years after collection.
However, we may need to store personal information for a longer period than stated above in order to establish, assert or defend legal claims (normally no longer than 10 years).
We will:
• Process your personal data legally, correctly and in a transparent manner.
• Collect your personal data for the stated and legitimate purposes set out in this policy, and will not process your personal data in any way inconsistent with these purposes.
• Collect and process personal data that is adequate, relevant and necessary for the purposes for which it is collected and used.
• Process your personal data only for as long as is necessary for the purposes for which it was collected.
• Take appropriate technical and organizational measures to prevent unauthorized access, unlawful processing and unauthorized or unintentional loss, destruction or damage to personal data, thereby ensuring an appropriate level of security.
• Take all reasonable steps to ensure that your personal information is correct and updated without delay if we are informed about it or otherwise become aware of incorrect information.
• Upon request, delete personal data without undue delay unless there are legal reasons to continue processing.
• At the request of the person to whom the information relates, disclose the information stored with us and limit the processing, unless there are legal reasons to continue the processing.
We ensure that appropriate technical and organizational measures are taken to protect your personal data against unauthorized access or destruction, illegal processing or accidental loss or damage.
Authorization to access personal data is only given to individuals within the organization, as well as to the above-mentioned personal data assistants, with the sole purpose that they should be able to perform their tasks.
As a registered user, you have a number of rights, partly to ensure that we process your personal data correctly, and partly to ensure that you have access to your personal data. We ask you to note that your rights apply to the extent that follows from applicable data protection legislation and that in some cases there may be exceptions to the rights.
These are the right to:
We may disclose your personal information:
• To you, if you request it, so that you can then pass them on.
• To another caregiver who requests them, but always only after your consent.
• To personal data assistants as below.
• To your employer, but always only after your consent.
Below is a list of our external personal data assistants, which we use to be able to offer you our services:
Miss Hosting: Email provider, web hosting and IT system
- for booking statistics and, if you send us an email, the information you send is stored in the email.
Head Of Search- is a provider of IT systems that receives information to the extent necessary to perform its services.
BokaDirekt AB, Booking service - receives information if you book your visit via the website. Your name, contact information and type of test are stored.
Payment solutions, iZettle AB - receives information if you pay by card. Name, and type of survey are stored.
Handelsbanken AB - receives information if you pay with Swish. Your name and amount are stored. Accounting and digital consultation
Mazars SET Revisionsbyrå AB - is our auditor and receives information to the extent necessary to perform his duties.
The cloud group - provides the digital solutions we use. Receives information to the extent necessary to perform their duties.
Our goal is to always process your personal data within the EU / EEA. However, as some of our suppliers work internationally, your personal data may be transferred to countries outside the EU / EEA in accordance with the agreements we have with the suppliers. In such cases, we have an obligation to ensure that the transfer takes place in accordance with applicable data protection legislation before the data is transferred, e.g. by ensuring that the country to which the data is transmitted meets the requirements for an adequate level of protection in accordance with the European Commission decision, or by ensuring that the transmission is covered by appropriate protection measures in the form of e.g. standard contractual clauses decided by the European Commission which ensure that appropriate measures are taken to safeguard your rights and freedoms.
We reserve the right to change this personal data policy as needed, for example to comply with changes in laws and regulations. Such a change will be published on our website.
Below is a description of how iDr Medical Consulting AB, org. no. 559023-7458, with address Kyrkogatan 25, 411 15 Gothenburg, (also ”U.S","we"Or"spring"), Uses cookies and any other similar technologies that collect information about visits to and use of our website www.idr-medical.se ("The website”).
Name |
|
|
|
[Eg has_js] | [For example. Website.com] | [For example. "Used to let us know if the user has enabled JavaScript in the browser"] | [For example. "When the browser closes"] |
[…] | […] | […] | […] |
3.2 The Website uses the following cookies and similar technologies for function and analysis:
Name | Supplier | Purpose | Storage time |
_ga | Google Analytics | Used to distinguish one visitor from the Website from another and to see how the visitor uses the Website. | Two years |
_gid | Google Analytics | Helps us compile statistics on how visitors use the Website. | 1 day |
_gat_UA-168057915-1 | Google Analytics | Used to limit the number of calls to Google Analytics if the Website receives a lot of traffic. | 1 minute |
_gat_gtag_UA_168057915_3 | Google Analytics | Used to distinguish different visitors. | 1 minute |