Privacy Policy
Why should I read this policy?
This policy describes how we at Lundoch Diagnostics AB (559287-0116) collect, use and protect your personal data.
What is the data protection regulation?
The Data Protection Regulation regulates the processing of personal data by companies and authorities. A number of requirements are placed on those who process individuals' personal data, e.g. to have a legal (legal) basis for the processing and to protect the data. The Data Protection Ordinance is supplemented by a number of register statutes within various industries. Within healthcare, the Patient Data Act (2008:355) regulates healthcare providers' processing of personal data, see further below.
What is personal data?
Personal data is any kind of information that can be directly or indirectly attributed to a living natural person. It can be contact information, pictures, audio recordings, and even IP numbers in case it can be linked to a physical person.
What is sensitive personal data?
According to the data protection regulation, sensitive personal data is i.a. information about race, ethnicity or religious belief. Also information about health, e.g. laboratory results, and genetic data constitute sensitive personal data. In the role of healthcare provider, Lundoch Diagnostics handles sensitive personal data about you with the support of the Patient Data Act (2008:355). Care providers do not need any consent to process sensitive personal data that is necessary for the care provider's care activities.
Collection of personal data
Processing of personal data is everything that happens with your personal data, e.g. registration, organization, transfer, record keeping and deletion. Information that Lundoch Diagnostics registers about you is the following:
Name
Phone number
Address
Email address
Data on health
What is legal basis?
The starting point according to the data protection regulation is a ban on all kinds of processing of personal data. However, the regulation exceptionally allows treatment for specific case situations (legal grounds). Consent from you is such a situation. Your employer can further process your personal data based on the employment contract he has with you. In some cases, authorities and companies have a legal obligation to perform certain tasks - then they may process your personal data to fulfill their obligation, e.g. healthcare provider's record-keeping obligation. They may have other obligations also towards you and others that are of public interest. There is also an opportunity to process personal data after a balance between the need to be allowed to process personal data and the individual's need for protection of personal integrity, if the need turns out to be greater or justified and necessary, so-called balancing of interests.
Use of personal data
Lundoch Diagnostics processes your personal data to handle your order for sampling and analysis. In the role of healthcare provider, we also establish a patient record about you because we have such an obligation according to law. As a healthcare provider, we also have the right to use your data for administration in connection with your order as well as to evaluate, develop and quality-assure our operations and produce statistics. We also use your personal data to provide you with information about our services, invoicing and delivery of products, performance of services and contact with you as a customer. Your personal data is also processed for accounting purposes according to law. Lundoch Diagnostics may also supplement your personal data by collecting information from public registers.
Right to information: You can request to receive a copy of the personal data we have about you.
Right to rectification: We want to ensure that your information is up-to-date and correct. You can request to have your information corrected or removed if you believe it is incorrect.
Right to deletion: You can request that we delete your personal data. We may not delete information that the law requires us to retain.
Data portability: You can ask us to move your personal data from our IT environment to someone else, either another company or to you. This does not apply to data that the law requires us to retain
Withdraw consent: You can withdraw your consent to share your information or to receive marketing / mailings at any time. Either by unsubscribing from the notification or contacting us by email.
Complaints: You can submit a complaint to the data inspectorate if you believe that we are processing your personal data in violation of the data protection regulation.
Legal basis
Lundoch Diagnostics processes personal data for the purpose of healthcare in accordance with the Data Protection Ordinance, the Patient Data Act (2008:355), industry standards and other applicable law. The legal basis Lundoch Diagnostics relies on is "legal obligation" (art. 6.1 c data protection regulation) because it is necessary for Lundoch Diagnostics in its role as healthcare provider to, among other things, keep patient records and otherwise fulfill a number of obligations according to health care legislation. Furthermore, Lundoch Diagnostics processes your data to fulfill accounting obligations according to law. However, we process your payment and account information based on the legal basis "agreement" (Art. 6.1 b of the Data Protection Ordinance), i.e. the agreement you enter into with us (see General terms and conditions).
Personal data controller
Lundoch Diagnostics AB is responsible for processing your personal data in a correct and legal manner.
Disclosure to third parties
Lundoch Diagnostics is the one that disposes of your personal data. We do not sell, exchange, transfer or share your personal data with third parties without your consent.
However, we need the help of other actors to process your personal data when it is necessary to fulfill the agreement with you and to comply with the law, constitution or decision. The following types of recipients may be relevant:
a) Clinics, healthcare centers and labs - Lundoch Diagnostics cooperates with various clinics and healthcare centers to carry out sampling that is included in ordered analyses. Lundoch Diagnostics also has collaborations with specialized labs that analyze different parts of submitted samples to provide results for doctors to analyze.
b) Hired doctors – Sometimes our own doctors are not enough. Lundoch Diagnostics therefore has collaborations with selected doctors who help analyze and comment on the results that come in.
c) Authorities – Lundoch Diagnostics may need to disclose information to authorities if we are required to do so by law or if you request us to do so. In some cases, we may be prevented by law from telling you that your personal data has been requested by an authority.
d) Suppliers – In order for Lundoch Diagnostics to be able to offer its services, we need the help of suppliers to operate our IT infrastructure, further develop the service and communicate automatically to you, e.g. with confirmations or reminders. In these cases, Lundoch Diagnostics shares your personal data with so-called personal data assistants. This is someone who processes the information on our behalf and according to our instructions. Lundoch Diagnostics has written agreements with all personal data processors through which they guarantee the security of the personal data that is processed. Suppliers do not have the right to access your health-related data. However, they may have access to your name and social security number when it is necessary for troubleshooting and measures to ensure the quality of the service and other measures to avoid access to your personal data have been exhausted.
You can get more information by contacting us by e-mail.
Transfer to third countries
Lundoch Diagnostics may need to transfer personal data to third countries. We only transfer personal data to countries outside the EU/EEA if the country concerned has a so-called adequate level of protection according to the EU or the European Commission or in the absence of an adequate level of protection with the support of the European Commission's standard contractual terms or if this has been specifically stated in connection with your provision of your personal data to us. No health data processed by Lundoch Diagnostics is transferred outside the EU/EEA by Lundoch Diagnostics or Lundoch Diagnostics' suppliers.
Information protection
Lundoch Diagnostics and its personal data assistants take various security measures to protect your personal data, such as, but not limited to, encrypted traffic, prevented access through firewalls, personal login with limited authority. Only employees who are to perform a specific job get access to personally identifiable information.
How long are your personal data saved?
Lundoch Diagnostics never saves your personal data longer than is necessary according to law or for the execution of the assignment and administration in connection with this. Personal data in patient records is kept for ten years. Other care documentation, e.g. in My Journal, is saved as long as our agreement is valid. If our relationship ends, we will delete all information within one month from the date of termination, with the exception of such information that we are required by law to keep. Accounting material where your personal data appears is saved for 7 years after the calendar year in which the financial year ended.
What are my rights?
Right to information: You have the right to request additional information about the processing of your personal data.
Right to access: You have the right to find out if your personal data is being processed by Lundoch Diagnostics and to receive a copy of these free of charge. You have access to your own health-related data.
Right to rectification: We want to ensure that your information is up-to-date and correct. You can request to have your information corrected if you believe it is incorrect.
Right to deletion: You can request that we delete your personal data. We may not delete information that the law requires us to keep, e.g. in a patient record.
Right to note: You always have the right to have a note added to your patient record if you believe that something is misleading, and regardless of our opinion on the matter
Right to restriction: You have the right to limit our use of your personal data in order to .ex. check that they are correct
Data portability: You can ask us to move your personal data in your personal account to someone else, either another company or to you in the event that we have the technical possibility for this.
Complaints: You can submit a complaint to the Swedish Data Protection Authority if you believe that we are processing your personal data in violation of the Data Protection Regulation.
How can I use my rights?
If you want to exercise any of your rights, please contact us via email which is at the bottom of this policy. If you want to submit a complaint to the Data Protection Authority, you need to contact them.
Updates to this policy
We may update this policy and will then publish them on this website. This policy was last updated on May 19, 2018.