How we collect your personal information:
The information we process about you is mainly collected directly from you in connection with you contacting us regarding our services, when we carry out our services, or when you otherwise visit and use our website. We may also collect your personal information from an outside person who books a test on your behalf in connection with a group booking.

If you do not provide us with the personal information we request from you in connection with our services, you will not be able to perform our services.

We will address the following personal information:
• Name.
• Social security number.
• Contact information (e-mail address, address, telephone number).
• Date of test and test results.
• Passport number.
• Time of departure.
• Place of departure and place of arrival.
• IP address.

We for digital journals which are saved in date files. How we should and may process your data is stipulated by law in the Patient Data Act (SFS 2008: 355) and the National Board of Health and Welfare's regulations and general advice on record keeping and processing of personal data in health care (HSLF-FS 2016: 40). According to the Patient Data Act (SFS 2008: 355), we have a legal obligation to save your medical record documents for at least 10 years after the last information was entered in the document.

The processing of your personal data is also necessary for us to be able to enter into and fulfill agreements with you, ie. receive, process and deliver orders for our services, including communication with you regarding our services and your orders, as well as other customary activities such as sending order confirmations and handling payment information for invoicing. If you enter into agreements and receive agreed services from us on behalf of others, e.g. as a representative of a company, our processing of your personal data takes place with the support of a balance of interests, where our legitimate interest is to be able to enter into or fulfill the agreement with the person you represent.

According to the Accounting Act (SFS - 1999: 1078), we have a legal obligation to save your personal data needed for accounting purposes for 7 years. Otherwise, we do not save your personal information for longer than 1 year after the case has been closed for each purpose.

We also process your IP address for the purpose of keeping statistics on and analyzing visitor traffic on our website. The treatment takes place with the support of balancing of interests, where our legitimate interest is to collect data to maintain and improve the functionality, content and security of our website. For more information about how we use cookies, see our cookie policy. We process and store information about how visitors interact with our website for a maximum of two (2) years after collection.

However, we may need to store personal information for a longer period than stated above in order to establish, assert or defend legal claims (normally no longer than 10 years).

We will:
• Process your personal data legally, correctly and in a transparent manner.
• Collect your personal data for the stated and legitimate purposes set out in this policy, and will not process your personal data in any way inconsistent with these purposes.
• Collect and process personal data that is adequate, relevant and necessary for the purposes for which it is collected and used.
• Process your personal data only for as long as is necessary for the purposes for which it was collected.
• Take appropriate technical and organizational measures to prevent unauthorized access, unlawful processing and unauthorized or unintentional loss, destruction or damage to personal data, thereby ensuring an appropriate level of security.
• Take all reasonable steps to ensure that your personal information is correct and updated without delay if we are informed about it or otherwise become aware of incorrect information.
• Upon request, delete personal data without undue delay unless there are legal reasons to continue processing.
• At the request of the person to whom the information relates, disclose the information stored with us and limit the processing, unless there are legal reasons to continue the processing. 

We ensure that appropriate technical and organizational measures are taken to protect your personal data against unauthorized access or destruction, illegal processing or accidental loss or damage.
Authorization to access personal data is only given to individuals within the organization, as well as to the above-mentioned personal data assistants, with the sole purpose that they should be able to perform their tasks.

As a registered user, you have a number of rights, partly to ensure that we process your personal data correctly, and partly to ensure that you have access to your personal data. We ask you to note that your rights apply to the extent that follows from applicable data protection legislation and that in some cases there may be exceptions to the rights.

These are the right to:

• Get information about which personal data we process and for what purpose.
  • Get information about who receives the personal data.
  • Request correction of incorrect or incomplete information. Please note that according to the Patient Data Act (SFS 2008: 355) we are not allowed to delete any records.
  • Request limitation of treatment.
  • Withdraw any consent.
  • Request data portability.
  • Objection to such processing of your personal data based on our legitimate interest.
  • Submit complaints to the Data Inspectorate.

We may disclose your personal information:
• To you, if you request it, so that you can then pass them on.
• To another caregiver who requests them, but always only after your consent.
• To personal data assistants as below.
• To your employer, but always only after your consent.

Below is a list of our external personal data assistants, which we use to be able to offer you our services:

Miss Hosting: Email provider, web hosting and IT system
- for booking statistics and, if you send us an email, the information you send is stored in the email.
Head Of Search- is a provider of IT systems that receives information to the extent necessary to perform its services.
BokaDirekt AB, Booking service - receives information if you book your visit via the website. Your name, contact information and type of test are stored.
Payment solutions, iZettle AB - receives information if you pay by card. Name, and type of survey are stored.
Handelsbanken AB - receives information if you pay with Swish. Your name and amount are stored. Accounting and digital consultation
Mazars SET Revisionsbyrå AB - is our auditor and receives information to the extent necessary to perform his duties.
The cloud group - provides the digital solutions we use. Receives information to the extent necessary to perform their duties.

Our goal is to always process your personal data within the EU / EEA. However, as some of our suppliers work internationally, your personal data may be transferred to countries outside the EU / EEA in accordance with the agreements we have with the suppliers. In such cases, we have an obligation to ensure that the transfer takes place in accordance with applicable data protection legislation before the data is transferred, e.g. by ensuring that the country to which the data is transmitted meets the requirements for an adequate level of protection in accordance with the European Commission decision, or by ensuring that the transmission is covered by appropriate protection measures in the form of e.g. standard contractual clauses decided by the European Commission which ensure that appropriate measures are taken to safeguard your rights and freedoms.  

We reserve the right to change this personal data policy as needed, for example to comply with changes in laws and regulations. Such a change will be published on our website. 

Below is a description of how iDr Medical Consulting AB, org. no. 559023-7458, with address Kyrkogatan 25, 411 15 Gothenburg, (also ”U.S","we"Or"spring"), Uses cookies and any other similar technologies that collect information about visits to and use of our website www.idr-medical.se ("The website”).

1. Cookies
   
   1.1 The website uses so-called cookies. Cookies are small text files that a website places or requests access to on the visitor's computer or mobile device. Cookies and other similar technologies enable websites to remember a visitor when he returns to the website from the same device used in a previous visit and can be used for various functions on websites, for example to save previous searches or adapt the content of the website to the visitor's previous use . The cookies and other similar technologies we use on the Website are described in section 3
   
   1.2 There are two types of cookies: 1) permanent cookies that are stored on the visitor's computer for a certain period of time and then disappear; and 2) session cookies that are temporarily stored in the computer's memory during the visit to the website and disappear when the visitor closes the browser.
   
   1.3 Cookies are either: 1) a first-party cookie placed by the Website, or; 2) a third-party cookie placed by someone other than the Website. You can manage and disable first-party cookies by using the Website's cookie tools.
   
   1.4 If you choose not to allow cookies, it is possible that some of the Website's functions do not work in the way you expect.
   
   1.5 Cookies have different purposes and those used on the Website refer to 1) strictly necessary cookies; and 2) function and analysis.
   
   1.6 Strictly necessary cookies are placed when you use our services and visit the Website. Functional and analysis cookies are only placed after you have given your consent to them. You can revoke your consent at any time by changing your cookie settings.
   
   1.7 Strictly necessary cookies are placed for the Website to function in the way you expect. Without such cookies, we will not be able to provide the service you request, as they are crucial to the Website's functions.
   
   1.8 Function and analysis cookies help us to understand how visitors use the Website and ensure that it works in an optimal way. These cookies may collect information about how visitors use our Website.
   
   1.9 Cookies may collect personal information, such as IP addresses. We process all personal data in accordance with the Website's personal data policy.
2. Social plugins
   
   2.1 Social plugins in the form of icons for Facebook and Instagram are used on our Website. By clicking on these icons, you will be linked to Facebook or Instagram. In that case, Facebook and Instagram will be provided with information that you have visited our Website. If you want to learn more about data that can be collected through these social plugins, you can read the relevant policies via the following link: https://www.facebook.com/policy.php.
3. Cookies and similar technologies on the Website
   
   3.1 The Website uses the following strictly necessary cookies:

3.2 The Website uses the following cookies and similar technologies for function and analysis:

4. Browser settings
   
   4.1 If you do not accept our use of cookies or similar technologies, you can change the settings in your browser so that cookies are not placed. Through the browser, you can also delete previously stored cookies. Some browsers also offer the ability to disable tracking techniques between different websites. Use your browser's help section for more information.
   
   4.2 If you choose not to allow cookies, it is possible that certain functions on the websites you visit do not work as you expect them to do. Your choice not to allow cookies does not mean that previously placed cookies are deleted.