How we collect your personal information 
The personal data that we process about you, we mainly collect directly from you in connection with you contacting us regarding our services, when we performs our services, or when you otherwise visit and use our website. We may also collect your personal information from an outside person who book a test on your behalf in connection with a group booking. If you do not provide us with the personal information we provide requests from you in connection with the performance of our services and we will not come to be able to perform our services for you.

What personal data we process and legal basis for the processing 
We process your name, social security number or date of birth (if you do not have a Swedish social security number), contact information (e-mail address, address, telephone number), date of test, test result, passport number, time of departure, place of departure and place of arrival and IP address to provide our services to you. The treatment is necessary for us to be able to enter into and fulfill agreements with you, ie. receive, process and deliver orders for our services, including communication with you regarding our services and your orders, as well as other usual activities such as sending order confirmations and handling payment information for invoicing. The processing of your name, social security number or date of birth, contact information, date of test and test results is necessary to fulfill legal obligations for us as care providers according to the Patient Data Act (SFS 2008: 355) and for reasons related to medical diagnoses and provision of health and healthcare.  

We also share your name, social security number or date of birth (if you do not have a Swedish social security number) and your test result with the E-health authority in connection with the E-health authority's issuance and provision of evidence of negative test results on a covid-19 test. This treatment is necessary to fulfill legal obligations for us as care providers according to the Patient Data Act and for reasons related to medical diagnoses and the provision of health care.

We for digital journals which are saved in date files. How we should and may process your data for record keeping is stipulated by law in the Patient Data Act and the National Board of Health and Welfare's regulations and general advice on record keeping and processing of personal data in health care (HSLF-FS 2016: 40).

If you enter into agreements and receive agreed services from us on behalf of others, e.g. as a representative of a company, our processing of your personal data takes place with the support of a balance of interests, where our legitimate interest is to be able to enter into or fulfill the agreement with the person you represent.

We also process your IP address for the purpose of keeping statistics on and analyzing visitor traffic on our website. The processing takes place with the support of balancing of interests, where our legitimate interest is to collect data to maintain and improve the functionality, content and security of our website. For more information about how we use cookies, see our cookie policy.

How long we store your personal information

According to the Patient Data Act (SFS 2008: 355), we have a legal obligation to save your medical records for at least ten (10) years after the last information was entered in the document.
According to the Accounting Act (SFS - 1999: 1078), we have a legal obligation to save your personal data needed for accounting purposes for seven (7) years.
We will save the test certificate and personal information in this for a period of a maximum of seven (7) days. For test certificates in paper format, the test certificate is deleted after you have received it, and for test certificates in digital format, the test certificate is deleted when the validity of the test certificate has expired.
We process and store information about how visitors interact with our website for a maximum of two (2) years after collection.
In other respects, we do not usually store your personal data for longer than one (1) year after the case has been closed for each purpose, but we may need to save personal data for a longer period of time in order to establish, assert or defend legal claims (normally not longer than ten (10) years).

We share your personal information with our partners and suppliers in the way we describe below. 

• Head of Search: email provider, web hosting and IT systems for booking statistics and, if you send us an email, the information you send is stored in the email.
• iXSy AB: provider of IT systems that receive information to the extent necessary to perform their services.
• BokaDirekt AB: booking service - receives information if you book your visit via our website. Your name, contact information and type of test are stored.
• iZettle AB: - payment solution, receives information if you pay by card. Name, and type of survey are stored.
• Handelsbanken AB: - receives information if you pay with Swish. Your name and amount are stored. Accounting and digital consultation
• Mazars SET Revisionsbyrå AB: - our auditor and receives information to the extent necessary to perform his duties.
• Svea Vaccin AB - Partner for medical testing and personal data assistant.  
• Bonliva AB -Partner for medical testing and personal data assistant.
• Orthopedics Skåne AB - Partner for medical testing and personal data assistant.
• The e-health authority: issues evidence of negative test results on a covid-19 test and exchanges personal data digitally to issue travel documents. 
• iLab Medical AB - Laboratory which receives data in the capacity of personal data assistant to the extent necessary to provide analytical results. 

Information regarding test certificates will not be transferred outside the EU / EEA.

In other respects, our partners and suppliers, in the capacity of our personal data assistants, may transfer your personal data outside the EU / EEA. This is done if there is support for the transfer in accordance with the Data Protection Regulation (GDPR). This means that the transfer can be based on, for example, the European Commission's decision that a country offers equivalent protection for personal data as within the EU or standard contract clauses with supplementary security measures when necessary.

If you want more information about how your personal data is transferred outside the EU / EEA or if you want a copy of standard agreement clauses that we have entered into, you are welcome to contact us at the contact details stated at the beginning of this personal data policy.

What rights do you have?
In accordance with the GDPR, you have certain rights in relation to our processing of your personal data. Below you can read more about what these rights are.
If you have any questions about the rights or want to exercise any of your rights, you are welcome to contact us. Our contact information is stated at the beginning of this personal data policy.

Right to object to treatment
You have the right to object at any time to the processing of your personal data based on a balance of interests. In some cases, we may continue to process your personal data even if you have objected to the processing. This can be done if we can present legitimate reasons for the processing that outweigh your interests, rights and freedoms or if it is done for the determination, exercise or defense of legal claims.

Right of access
You have the right to receive a confirmation of whether we process your personal data. If we process your personal data, you also have the right to receive information about how we process them and receive a copy of your personal data.

Right to rectification
You have the right to correct any incorrect personal data that concerns you and to have incomplete personal data supplemented.

Right to erasure (right to be forgotten) and restriction of treatment
Under certain conditions, you have the right to request deletion of your personal data. Such conditions exist if e.g. the personal data are no longer necessary for the purposes for which they were collected or processed or if you revoke your consent on which the processing is based and there is no other legal basis for the processing.

You also have the right to request that we limit our processing of your personal data. Such conditions exist if you e.g. disputes the accuracy of the personal data or if the processing is illegal and you object to the personal data being deleted and instead want us to limit how we process your personal data.

Right to data portability
You have the right to obtain your personal information in a structured, generally used and machine-readable format from us. You also have the right to have your personal data transferred to another personal data controller when it is technically possible ("data portability").

The right to data portability applies to personal data that you have provided to us in a structured, generally used and machine-readable format if the processing is based on an agreement and the processing takes place automatically.

The right to lodge a complaint
You always have the right to lodge a complaint with a competent supervisory authority. The competent supervisory authority in Sweden is the Privacy Protection Authority.

• We reserve the right to change this personal data policy as needed, for example to comply with changes in laws and regulations. Such a change will be published on our website.

Cookie Policy

Below is a description of how iDr-Kliniken AB org. no. 559300-6165 , with address Kyrkogatan 25, 411 15 Gothenburg, (also ”U.S","we"Or"our"), Uses cookies and any other similar technologies that collect information about visits to and use of our website www.idr-medical.se ("The website”).

1. Cookies
   1.1 The website uses so-called cookies. Cookies are small text files that a website places or requests access to on the visitor's computer or mobile device. Cookies and other similar technologies enable websites to remember a visitor when he returns to the website from the same device used in a previous visit and can be used for various functions on websites, for example to save previous searches or adapt the content of the website to the visitor's previous use . The cookies and other similar technologies we use on the Website are described in section 3

   1.2 There are two types of cookies: 1) permanent cookies that are stored on the visitor's computer for a certain period of time and then disappear; and 2) session cookies that are temporarily stored in the computer's memory during the visit to the website and disappear when the visitor closes the browser.

   1.3 Cookies are either: 1) a first-party cookie placed by the Website, or; 2) a third-party cookie placed by someone other than the Website. You can manage and disable first-party cookies by using the Website's cookie tools.

   1.4 If you choose not to allow cookies, it is possible that some of the Website's functions do not work in the way you expect.

   1.5 Cookies have different purposes and those used on the Website refer to 1) strictly necessary cookies; and 2) function and analysis.

   1.6 Strictly necessary cookies are placed when you use our services and visit the Website. Functional and analysis cookies are only placed after you have given your consent to them. You can revoke your consent at any time by changing your cookie settings.

   1.7 Strictly necessary cookies are placed for the Website to function in the way you expect. Without such cookies, we will not be able to provide the service you request, as they are crucial to the Website's functions.

   1.8 Function and analysis cookies help us to understand how visitors use the Website and ensure that it works in an optimal way. These cookies may collect information about how visitors use our Website.

   1.9 Cookies may collect personal information, such as IP addresses. We process all personal data in accordance with the Website's personal data policy.

2. Social plugins
   2.1 Social plugins in the form of icons for Facebook and Instagram are used on our Website. By clicking on these icons, you will be linked to Facebook or Instagram. In that case, Facebook and Instagram will be provided with information that you have visited our Website. If you want to learn more about data that can be collected through these social plugins, you can read the relevant policies via the following link: https://www.facebook.com/policy.php.
3.  
4. Cookies and similar technologies on the Website
   3.1 The Website uses the following strictly necessary cookies:

3.2 The Website uses the following cookies and similar technologies for function and analysis:

4. Browser settings
   4.1 If you do not accept our use of cookies or similar technologies, you can change the settings in your browser so that cookies are not placed. Through the browser, you can also delete previously stored cookies. Some browsers also offer the ability to disable tracking techniques between different websites. Use your browser's help section for more information.

   4.2 If you choose not to allow cookies, it is possible that certain functions on the websites you visit do not work as you expect them to do. Your choice not to allow cookies does not mean that previously placed cookies are deleted.