Privacy Policy
Your privacy is important to us and we are responsible for the personal information you provide us with. This policy describes how we process, store and manage your personal information when you are a patient with us, listed as a relative of a patient and when you visit our website.
The privacy policy also describes your rights and how you can assert them. It is important that you read and understand the privacy policy and feel safe in our processing of your personal information.
Contents
Responsible for processing personal information
How do we get access to the personal information?
What personal information do we process?
How do we process your personal information?
Who has access to your personal information?
What legal basis do we have for our personal information processing?
How long do we store your personal information?
Especially about cookies
How can you manage cookies?
Who do we share personal information with?
How is your personal information protected?
Your rights
Contact the Swedish Data Protection Authority
Changes to our privacy policy
Responsible for processing personal data
As a private healthcare provider in the healthcare sector, Europavård Vårdförmedling AB (hereinafter “Europavård” or “the Business”), corporate registration number 559461-3993, is the data controller for most of the processing of personal data in the business. As the data controller, Biovisor determines the purposes and means of processing personal data in accordance with applicable laws and regulations.
If you have any questions or want to invoke any of your rights, you can reach us at:
E-mail: [email protected]
Address: Ormestad 1
Postal address: 61031 Vikbolandet
Telephone: 0763404012
How do we get access to the personal data?
We get access to the data that you provide to us yourself, or that we collect from you in connection with you becoming a patient with us. If you are a relative of a patient and provide your personal data, contact us or visit our website.
What personal data do we process?
When you come into contact with EuropavĂĄrd, we process information about your health in order to be able to treat you as a patient. As a private healthcare provider, we are subject to health and medical care legislation, such as the Patient Data Act (2008:355) which entails a record-keeping obligation, for this purpose we have a record system. You can read more about what a patient record contains at 1177.se.
A patient record contains several different types of record documents, including:
• Identity and contact information: we store information such as name, social security number, national registration address, any other temporary address you have provided to us and telephone number you have provided to us.
• Journal entries from visits and other contacts with us: A journal entry contains information about when the visit/contact took place, who you had contact with, the background to the medical assessment that is made (your symptoms, what we find during the examination and, in cases where it is important for the medical assessment or your continued care, information about your social situation, your previous illnesses, your medications, any allergies, etc.), what assessment is made, what diagnosis we have made and what measures are taken. It also contains information about what information you have received and whether you have chosen to forgo any part of the care you have been offered.
• Medicines: the medicines you have been prescribed and information about the prescriptions you have received are documented and stored.
• Responses to examinations and referrals: The patient record also contains information such as responses to blood tests and X-ray examinations, other examinations and assessments that are carried out on a referral from us to another healthcare provider.
• Documents from you: Letters you send to us are stored as medical records.
• Consents: we document and store the consents you give us, for example to save samples according to the Biobank Act, to access a consolidated medical record (i.e. to read other healthcare providers’ patient records about you).
Health information is sensitive personal data and is regulated by confidentiality and we never disclose personal data to unauthorized parties.
In addition to the above medical records, Biovisor keeps a record of your visits. From this record, invoices are received for you as a patient, the employer, insurance company or other payment provider.
How do we process your personal data?
We process your personal data primarily to fulfill our obligations to you. Our starting point is not to process more personal data than is necessary for the purpose, and we always strive to use the least privacy-sensitive data.
Below is information about which personal data processing operations exist.
• Providing and fulfilling agreements on care/services
We process personal data in order to fulfill our agreement and provide care/services to you. We process personal data for our administration and invoicing of care/services, to handle complaints, to help you with questions about your care/service and otherwise to safeguard our rights and fulfill our obligations under our agreement with you. The personal data we process in this processing is contact information, identity-related personal data and financial personal data.
• Accounting
We process your personal data in order to fulfill the statutory obligations that are incumbent on us, such as the Accounting Act’s requirements for archiving accounting material. Personal data we handle in this processing are contact information, identity-related personal data and financial personal data.
• Marketing
We process personal data to enable marketing of services/goods to you and to enable sending newsletters for the services/goods you are interested in in general as well as information about the company. Furthermore, to enable invitations to events in the area of your interest. Personal data we handle in this processing is contact information.
Who has access to your personal data?
Only those who absolutely must have access to your personal data have access, for example only those:
• who participate in the care of a patient, i.e. the healthcare professional you meet in your contacts with Europavård,
• who need the data for their work in healthcare, for example medical secretaries who write out the healthcare professional’s dictations.
For certain services, EuropavĂĄrd deems it necessary to obtain your consent before processing the personal data.
With your consent, we may refer you to other healthcare providers or transfer your personal data to competent authorities.
Other employees at Europavård are subject to the same principle – access is limited to only those who need it to perform their duties.
We also use specialized data processors within the EU/EEA that are categorized as IT services, software, operations, support and infrastructure.
Data processors that process personal data on behalf of EuropavĂĄrd do so in accordance with EuropavĂĄrd’s instructions. This also includes those who work under the data processor’s management. None of these may receive personal data that is not required for them to be able to provide their services in accordance with the agreement. Special data processor agreements are drawn up that regulate the processing of personal data in its entirety, including organizational and technical security measures.
What legal basis do we have for our personal data processing?
We process your personal data in order to be able to administer and provide the agreed service/goods. When it comes to processing personal data to fulfill requirements such as the Accounting Act or tax legislation, the legal basis for processing is a legal obligation.
For the processing of marketing, the legal basis is our legitimate interest. This means that we believe that our interests in processing your personal data for these purposes listed above outweigh the privacy infringement that you are exposed to due to the processing. This assessment has been made in particular taking into account that we believe that the processing will be beneficial to you.
Regarding personal data in connection with job applications that have no connection with a recruitment process or a completed recruitment process, we will save your personal data for possible future recruitment needs only if you have specifically consented to this.
How long do we store your personal data?
Information in the patient record is archived for at least 10 years according to the Patient Data Act (2008:355). Certain personal data that is not recorded in the patient record, for example to meet requirements from the Accounting Act and tax legislation, is stored for a period of time according to the requirements of the respective legislation. Once the purposes of the processing have been fulfilled and the storage period has expired, your personal data will be securely deleted or anonymized so that it can no longer be linked to you.
Special Information about cookies
A cookie is a small text-based data file that a web server asks to be saved in your browser. By generally sending the content of the cookie back with each request to the relevant website, it is possible for the server to keep track of the visitor’s preferences, behavior or identity (to the extent known). We use the following cookies on our website:
• Session cookies (a temporary cookie that expires when you close your browser or device).
• Persistent cookies (cookies that remain on your computer until you delete them or they expire).
• Third-party cookies (cookies set by a third-party website. We use these primarily for analysis, such as Google Analytics.
The cookies we use are intended to improve the services we offer. Cookies make the website more functional and make it easier for you as a user. We also use cookies to collect and analyze behavioral data based on your use of the website and services in order to improve the user experience and also enable personalized communication and messages to you as a user. We also use cookies to be able to target relevant marketing to you.
How can you manage cookies?
You can change the settings for the use and scope of cookies in your browser at any time. You can then choose to block all cookies, only accept certain cookies or delete cookies when you close your browser. If you choose to block or delete cookies, it may mean that certain services cannot be used or that the website does not function correctly in all respects.
Who do we share personal data with?
Our starting point is not to disclose the personal data of data subjects to third parties unless the data subject has consented to it or unless it is necessary to fulfill our obligations under a contract or law. In cases where we disclose personal data to third parties, we ensure that the personal data is processed in a secure manner.
• Service providers
In order to fulfill the purposes of our processing of your personal data and to meet the requirements that we are obliged to as a company, we share personal data with companies that provide services to us. These companies may only process personal data in accordance with the personal data processing agreement signed with the company and in accordance with the instructions they receive in connection with this. They may not use your personal data for their own purposes and they are obliged by law and contract to protect your personal data. A service provider may not share your personal data with a third party or subcontractor without our approval.
• Authorities
We may provide necessary information to authorities if we are obliged to do so by law. This information may include your personal data. In connection with a legal dispute, it may also be necessary to transfer information that may contain personal data to other parties to the dispute.
In cases where we need to forward parts of your medical record to another healthcare provider, for example if we send a referral for assessment to another specialist, this will be done in consultation with you.
We participate in Unified Medical Records, which means that other healthcare providers can access information in your patient record with us, but only after consent from you. You can read more about Unified Medical Records at 1177.se.
How is your personal data protected?
Collecting and processing extra-protected (sensitive) personal data is a crucial part of Biovisor’s operations. We protect your personal data through a combination of technical and organizational solutions. We have taken special security measures to protect your personal data against illegal or unauthorized access. We develop routines and working methods to ensure that your personal data is handled securely. Only those people who actually need to process your personal data for their work tasks have access to them.
Your rights
As a registered user with us, you have the following rights:
• You have the right to request a register extract where you can see what personal data we have about you.
• You have the right to request correction if we have incorrect or incomplete personal data registered about you.
• You have the right to have your personal data deleted under these conditions:
– The data is no longer needed for the purpose for which it was collected.
– If the data is saved with your consent and you revoke your consent.
– If the processing is based on a balance of interests and there are no legitimate reasons that outweigh your interest.
– If the personal data has been processed unlawfully.
– If deletion is required to comply with a legal obligation.
– If you object to processing for direct marketing purposes.
The right to have personal data deleted does not apply if we are required by law (e.g. the Accounting Act) to retain the data.
• You have the right to data portability (the right to have your personal data moved) provided that the legal basis is consent or contract and what you can get out is personal data that concerns you, that you yourself have provided or that has been generated by your actions/activities.
• You have the right to request that the processing of your personal data be restricted. However, if you request a restriction of your processing of personal data, this may mean that we cannot fulfill any obligations we may have towards you for the period in which the restriction is in effect.
• You have the right to object to personal data processing based on a balancing of interests. In order for us to continue with the current processing, we need to be able to demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights or freedoms. Otherwise, we may only process the data for the establishment, exercise or defence of legal claims.
• You always have the right to object to your personal data being used for direct marketing. If an objection is made to direct marketing, the personal data may no longer be processed for such purposes.
If you are not satisfied with the response you have received from us, you have the right to lodge a complaint with the supervisory authority (Datainspektionen).
Contact the Swedish Data Protection Authority
If you believe that EuropavĂĄrd does not meet the current requirements of the General Data Protection Regulation, you can file a complaint with the Swedish Data Protection Authority.
Email: [email protected]
Phone: 08-657 61 00
Fax: 08-652 86 52
Postal address: Datainspektionen, box 8114, 104 20 Stockholm