PERSONAL DATA POLICY

This personal data policy informs you about how we use personal data that is submitted to us. This policy is available at www.idr-medical.se. We will always comply with applicable privacy laws, and will ensure that personal information is treated confidentially. Except as expressly provided here, we will not, unless required by law or in accordance with a legally binding decision by the competent authorities, provide personal data to third parties without prior consent.

We will address the following personal information:
• Name.
• Social security number.
• Contact information.
• Date of test and test results.

We keep physical records which are saved in date files.
How we should and may process your data is stipulated by law in the Patient Data Act (SFS 2008: 355) and
The National Board of Health and Welfare's regulations and general advice on record keeping and processing of personal data in
health care (HSLF-FS 2016: 40) and the Accounting Act (SFS - 1999: 1078). We have according to
The Patient Data Act (SFS 2008: 355) has a legal obligation to save your medical records for at least
10 years after the last information was entered in the document. Otherwise, we do not save yours
personal data for a longer period than they are needed for each purpose.

We will:
• Process your personal data legally, correctly and in a transparent manner.
• Collect your personal information for the stated and legitimate purposes set out in this policy, and
will not process your personal data in any way inconsistent with these purposes.
• Collect and process personal data that is adequate, relevant and necessary for those purposes
which it is collected and used for.
• Process your personal data only for as long as is necessary for the purposes for which it is used
collected for.
• Take appropriate technical and organizational measures to prevent unauthorized access, illegal
processing and unauthorized or unintentional loss, destruction or damage to personal data, and
thereby ensuring an appropriate level of security.
• Take all reasonable steps to ensure that your personal information is accurate and up-to-date
delay if we are informed about it or otherwise become aware of incorrect information.
• Upon request, delete personal data without undue delay unless there are legal reasons to
continue treatment.
• Upon request from the person to whom the information relates, provide the information stored with us and
limit the treatment, unless there are legal reasons to continue the treatment.

We ensure that appropriate technical and organizational measures are taken to protect yours
personal data against unauthorized access or destruction, illegal processing or unintentional loss
or damage.
Authorization to access personal data is given only to individuals within the organization, as well
with the above-mentioned personal data assistants, with the sole purpose that they should be able to perform their
tasks.

As a registered user, you have a number of rights, partly to ensure that we process yours
personal data in a correct manner, partly for you to have access to your personal data.

These are the right to:

• Get information about which personal data we process and for what purpose.
• Get information about who receives the personal data.
• Request correction of incorrect or incomplete information. Please note that according to the Patient Data Act (SFS)
2008: 355) may not delete any records.
• Withdraw any consent.
• Submit complaints to the Data Inspectorate.

We may disclose your personal information:
• To you, if you request it, so that you can then pass them on.
• To another caregiver who requests them, but always only after your consent.
• To personal data assistants as below.
• To your employer, but always only after your consent.

Below is a list of our external personal data assistants, which we use to be able to offer you our services:

Miss Hosting: Email provider, web hosting and IT system
- for booking statistics and, if you send us an email, the information you store is stored
sends in the email.
West Coast IT Design - is a provider of IT systems that receives information to the extent necessary to perform its services.
BokaDirekt AB, Booking service - receives information if you book your visit via the website. Your name, contact information and type of test are stored.
Payment solutions, iZettle AB - receives information if you pay by card. Name, and type of survey are stored.
Handelsbanken AB - receives information if you pay with Swish. Your name and amount are stored. Accounting and digital consultation
Mazars SET Revisionsbyrå AB - is our auditor and receives information to the extent necessary to perform his duties.
The cloud group - provides the digital solutions we use. Receives information to the extent necessary to perform their duties.

We reserve the right to change this personal data policy as needed, for example to comply with changes in laws and regulations.
Such a change will be published on our website.

We will address the following personal information:
• Name.
• Social security number.
• Contact information.
• Date of test and test results.

We keep physical records which are saved in date files.
How we should and may process your data is stipulated by law in the Patient Data Act (SFS 2008: 355) and
The National Board of Health and Welfare's regulations and general advice on record keeping and processing of personal data in
health care (HSLF-FS 2016: 40) and the Accounting Act (SFS - 1999: 1078). We have according to
The Patient Data Act (SFS 2008: 355) has a legal obligation to save your medical records for at least
10 years after the last information was entered in the document. Otherwise, we do not save yours
personal data for a longer period than they are needed for each purpose.