PERSONAL DATA POLICY
This personal data policy informs you about how iDr Medical Consulting AB, org. no. 559023-7458, with address Kyrkogatan 25, 411 15 Gothenburg (also "us", "we" and "our") uses personal information that is submitted to us. This policy is available at www.idr-medical.se. We will always comply with applicable privacy laws, and will ensure that personal information is treated confidentially. Except as expressly provided here, we will not, unless required by law or in accordance with a legally binding decision by the competent authorities, provide personal data to third parties without prior consent.
We are responsible for the personal data processing described in the personal data policy in our capacity as personal data controller. If you want to know more about our processing of your personal data, you are always welcome to contact us, e.g. at the address above or via our e-mail address email@example.com.
How we collect your personal information:
The information we process about you is mainly collected directly from you in connection with you contacting us regarding our services, when we carry out our services, or when you otherwise visit and use our website. We may also collect your personal information from an outside person who books a test on your behalf in connection with a group booking.
If you do not provide us with the personal information we request from you in connection with our services, we will not be able to perform our services.
We will address the following personal information:
• Social security number.
• Contact information (e-mail address, address, telephone number).
• Date of test and test results.
• Passport number.
• Time of departure.
• Place of departure and place of arrival.
• IP address.
We for digital journals which are saved in date files. How we should and may process your data is stipulated by law in the Patient Data Act (SFS 2008: 355) and the National Board of Health and Welfare's regulations and general advice on record keeping and processing of personal data in health care (HSLF-FS 2016: 40). According to the Patient Data Act (SFS 2008: 355), we have a legal obligation to save your medical record documents for at least 10 years after the last information was entered in the document.
The processing of your personal data is also necessary for us to be able to enter into and fulfill agreements with you, ie. receive, process and deliver orders for our services, including communication with you regarding our services and your orders, as well as other customary activities such as sending order confirmations and handling payment information for invoicing. If you enter into agreements and receive agreed services from us on behalf of others, e.g. as a representative of a company, our processing of your personal data takes place with the support of a balance of interests, where our legitimate interest is to be able to enter into or fulfill the agreement with the person you represent.
According to the Accounting Act (SFS - 1999: 1078), we have a legal obligation to save your personal data needed for accounting purposes for 7 years. Otherwise, we do not save your personal information for longer than 1 year after the case has been closed for each purpose.
However, we may need to store personal data for longer than stated above in order to establish, assert or defend legal claims (normally no longer than 10 years).
• Process your personal data legally, correctly and in a transparent manner.
• Collect your personal data for the stated and legitimate purposes set out in this policy, and will not process your personal data in any way inconsistent with these purposes.
• Collect and process personal data that is adequate, relevant and necessary for the purposes for which it is collected and used.
• Process your personal data only for as long as is necessary for the purposes for which it was collected.
• Take appropriate technical and organizational measures to prevent unauthorized access, unlawful processing and unauthorized or unintentional loss, destruction or damage to personal data, thereby ensuring an appropriate level of security.
• Take all reasonable steps to ensure that your personal information is correct and updated without delay if we are informed about it or otherwise become aware of incorrect information.
• Upon request, delete personal data without undue delay unless there are legal reasons to continue processing.
• At the request of the person to whom the information relates, disclose the information stored with us and limit the processing, unless there are legal reasons to continue the processing.
We ensure that appropriate technical and organizational measures are taken to protect yours
personal data against unauthorized access or destruction, illegal processing or unintentional loss
Authorization to access personal data is given only to individuals within the organization, as well
with the above-mentioned personal data assistants, with the sole purpose that they should be able to perform their
As a registered user, you have a number of rights, partly to ensure that we process your personal data correctly, and partly to ensure that you have access to your personal data. We ask you to note that your rights apply to the extent that follows from applicable data protection legislation and that in some cases there may be exceptions to the rights.
These are the right to:
• Get information about which personal data we process and for what purpose.
• Get information about who receives the personal data.
• Request correction of incorrect or incomplete information. Please note that according to the Patient Data Act (SFS 2008: 355) we are not allowed to delete any records.
• Request limitation of treatment.
• Withdraw any consent.
• Request data portability.
• Objection to such processing of your personal data based on our legitimate interest.
• Submit complaints to the Data Inspectorate.
We may disclose your personal information:
• To you, if you request it, so that you can then pass them on.
• To another caregiver who requests them, but always only after your consent.
• To personal data assistants as below.
• To your employer, but always only after your consent.
Below is a list of our external personal data assistants, which we use to be able to offer you our services:
Miss Hosting: E-mail provider, web hosting and IT system - for booking statistics and, if you send us an email, the information you send is stored in the email.
Head Of Search - is a provider of IT systems that receives information to the extent necessary to perform its services.
BokaDirekt AB, Booking service - receives information if you book your visit via the website. Your name, contact information and type of test are stored.
Payment solutions, iZettle AB - receives information if you pay by card. Name, and type of survey are stored.
Handelsbanken AB - receives information if you pay with Swish. Your name and amount are stored. Accounting and digital consultation
Suprimax AB - Accounting consultant who receives information to the extent necessary for the performance of his services.
TATAA Biocenter AB - Laboratory which, in the event of a positive response, is given your personal data for notification to the Swedish Institute for Infectious Disease Control.
Mazars SET Revisionsbyrå AB - is our auditor and receives information to the extent necessary to perform his duties.
The cloud group - provides the digital solutions we use. Receives information to the extent necessary to perform their duties.
Svea Vaccine - provides testing activities in collaboration with iDr and has access to parts of our database to perform its services.
Our goal is to always process your personal data within the EU / EEA. However, as some of our suppliers work internationally, your personal data may be transferred to countries outside the EU / EEA in accordance with the agreements we have with the suppliers. In such cases, we have an obligation to ensure that the transfer takes place in accordance with applicable data protection legislation before the data is transferred, e.g. by ensuring that the country to which the data is transmitted meets the requirements for an adequate level of protection in accordance with the European Commission's decision, or by ensuring that the transmission is covered by appropriate protection measures in the form of e.g. standard contractual clauses decided by the European Commission which ensure that appropriate measures are taken to safeguard your rights and freedoms.
We reserve the right to change this personal data policy as needed, for example to comply with changes in laws and regulations. Such a change will be published on our website.
1.1 The website uses so-called cookies. Cookies are small text files that a website places or requests access to on the visitor's computer or mobile device. Cookies and other similar technologies enable websites to remember a visitor when he returns to the website from the same device used in a previous visit and can be used for various functions on websites, for example to save previous searches or adapt the content of the website to the visitor's previous use . The cookies and other similar technologies we use on the Website are described in section 3
1.2 There are two types of cookies: 1) permanent cookies that are stored on the visitor's computer for a certain period of time and then disappear; and 2) session cookies that are temporarily stored in the computer's memory during the visit to the website and disappear when the visitor closes the browser.
1.3 Cookies are either: 1) a first-party cookie placed by the Website, or; 2) a third-party cookie placed by someone other than the Website. You can manage and disable first-party cookies by using the Website's cookie tools.
1.4 If you choose not to allow cookies, it is possible that some of the Website's functions do not work in the way you expect.
1.5 Cookies have different purposes and those used on the Website refer to 1) strictly necessary cookies; and 2) function and analysis.
1.6 Strictly necessary cookies are placed when you use our services and visit the Website. Functional and analysis cookies are only placed after you have given your consent to them. You can revoke your consent at any time by changing your cookie settings.
1.7 Strictly necessary cookies are placed for the Website to function in the way you expect. Without such cookies, we will not be able to provide the service you request, as they are crucial to the Website's functions.
1.8 Function and analysis cookies help us to understand how visitors use the Website and ensure that it works in an optimal way. These cookies may collect information about how visitors use our Website.
1.9 Cookies may collect personal information, such as IP addresses. We process all personal data in accordance with the Website's personal data policy.
- Social plugins
2.1 Social plugins in the form of icons for Facebook and Instagram are used on our Website. By clicking on these icons, you will be linked to Facebook or Instagram. In that case, Facebook and Instagram will be provided with information that you have visited our Website. If you want to learn more about data that can be collected through these social plugins, you can read the relevant policies via the following link: https://www.facebook.com/policy.php.
- Cookies and similar technologies on the Website
3.1 The Website uses the following strictly necessary cookies:
[For example. Website.com]
[For example. "When the browser closes"]
3.2 The Website uses the following cookies and similar technologies for function and analysis:
Used to distinguish one visitor from the Website from another and to see how the visitor uses the Website.
Helps us compile statistics on how visitors use the Website.
Used to limit the number of calls to Google Analytics if the Website receives a lot of traffic.
Used to distinguish different visitors.
- Browser settings
4.2 If you choose not to allow cookies, it is possible that certain functions on the websites you visit do not work as you expect them to do. Your choice not to allow cookies does not mean that previously placed cookies are deleted.