FORMATMALL
GLOBAL CSS
FÄRGER
ANIMATIONER
MEDIEFRÅGA
AVSTÅNDSSYSTEM
Kom igång
Kom igång
Kom igång
Nyheter & inspiration
Nyheter
Kunskap & inspiration
Om sjuklig övervikt
För professionen
Företag
Om oss
Kontakta oss
Pressrum
Jobba med oss
__wf_reserverad_ärva
© 2024 Yazen. Alla rättigheter förbehållna.

Yazen Health AB är en registrerad vårdgivare som lyder under hälso-och sjukvårdslagen, dataskyddsförordningen (GDPR – General Data Protection Regulation), patientdatalagen och patientsäkerhetslagen. Vårt egentillverkade journalsystem och app är registrerad hos Inspektionen för vård och omsorg (IVO).
Sekretesspolicy
Användarvillkor
Cookie-inställningar
🇸🇪 SE🇬🇧 UK🇳🇱 NL🇳🇴 NO🇪🇸ES🇩🇪 DE

Integritetspolicy

__wf_reserverad_ärva

Controller and Data Protection Officer

Yazen Health AB, corporate identity number 559315-6234, with address Spolegatan 22, 222 19 Lund ("Yazen") is the data controller under the EU General Data Protection Regulation ("GDPR") for the processing of personal data for which we determine the purposes and means. The GDPR requires us to provide information about how we process personal data as a data controller in our operations.

Yazen has appointed a data protection officer handling matters regarding our compliance with data protection and personal data processing regulations. Please contact our data protection officer if you have any questions concerning our processing of your personal data by e-mail to dpo@yazen.com or by mail to Yazen Health AB at: Data Protection Officer, Spolegatan 22, 222 19 Lund, Sweden.

Personal data and processing

Personal data is any kind of information that is relating to a living person, either directly (for example name or social security number) or indirectly. Examples of information that can be indirectly related to a living person are behavior data, diagnosis, images and audio recordings that are processed in a computer without any names being mentioned.

All types of measures taken which include personal data constitute processing of personal data. Common examples of processing are collection, registration, organisation, structuring, using, storage, processing, transmission and deletion.

According to Article 6 of the GDPR, in order to process your personal data, we need to rely on a legal basis, which in our case is contract, consent, weighing of interests or legal obligation. Insofar as we process sensitive personal data (e.g. data about your health), we need to rely on a legal exception for such processing. Such exceptions can be found in GDPR Article 9.2a (explicit consent) and 9.2h (healthcare), 9.2b (labor law) and 9.2f (defense of legal claims).

We will only process sensitive personal data (such as data about your health) to provide you with healthcare or if we have received your explicit consent to do so.

How we process your personal data

Under the headings below, we describe in detail how we process your personal data in various respects, namely what personal data is processed, how it is processed, for what purposes, on what legal grounds, how the data is collected and with whom it is shared.

1. For website visitors

1.1 When you visit our website

Categories of personal data:

  • User-generated technical data such as how you use the website or app.
  • Data on your technical device

Type of processing:

  • Personalising the website to simplify usage for you (e.g. by remembering your website settings and cookie options).
  • Collection of data that is necessary to enable the operation of the website on your technical device.

Purpose:

Provision of website and app and related functionalities

Legal basis:

Legitimate interest to provide and customize the website and app

The personal data is collected from:

You, either by providing the information directly or through cookies.

Recipients/category of recipients of personal data:

  • IT suppliers

Is there a legal obligation to provide us with the personal data?

No

Is it necessary to provide personal data to enter into or fulfill an agreement?

No

2. For recipients of treatment

2.1 When you create an account, and we evaluate if our service is suitable for you

Categories of personal data:

  • Personal identification number
  • Name
  • Age
  • Contact details
  • Health data
  • Information that you provide to us, such as information about your lifestyle
  • Photos
  • User identification

Type of processing:

  • Data collection through questionnaires and meetings and evaluation of such data
  • Scheduling and carrying through meetings and related documentation
  • Collecting data through communication with healthcare profesional and evaluating such data
  • Identification
  • Account creation
  • Communication with patient or potential patient
  • Storage of data for documentation
  • Evaluation of whether the service is suitable for you

Purpose:

Providing an account and assessing whether our service is suitable for you

Legal basis:

Contract

The personal data is collected from:

You

Recipients/category of recipients of personal data:

  • Bank ID
  • IT suppliers

Is there a legal obligation to provide us with the personal data?

No

Is it necessary to provide personal data in to enter into or fulfill an agreement?

Yes

2.2 When you sign up and pay for a subscription with us  

Categories of personal data:

  • Personal identification number
  • Name
  • Contact details
  • Payment data, such as payment card or billing data
  • Credit assessment
  • User identification

Type of processing:

  • Handling of payment (including obtaining any credit reports)
  • Identification
  • Organising and managing your subscription
  • Communication with you
  • Storage of data for documentation

Purpose:

Managing your subscription

Legal basis:

Contract

The personal data is collected from:

You

Provider of credit assessment

Supplier of payment solutions

Bank ID

Recipients/category of recipients of personal data:

  • IT suppliers
  • Bank ID
  • Supplier of services for the management of prescriptions
  • The Swedish state personal adress register (SPAR)
  • Supplier of payment solutions

Is there a legal obligation to provide us with the personal data?

No

Is it necessary to provide personal data to enter into or fulfill an agreement?

Yes

2.3 When we provide your treatment

Categories of personal data:

  • Name
  • Personal identification number
  • Health data (e.g. weight, general wellbeing, information about diseases, lab results, prescribed medication, information about treatments).
  • Contact details
  • Photos
  • Information about your lifestyle (including exercise and dietary habits)
  • Information you provide to our systems or in your communication with us
  • User identification  
  • Information you provide in our communication channels including Community including your health data if you choose to provide it.

Type of processing:

  • Identification
  • Scheduling and carrying through meetings and related documentation
  • Preparation of a care plan and evaluation of your progress, health, and care needs.
  • Communicating with you (including advice and recommendations on i.a. exercise and diet).
  • Prescription and administration of medication (prescriptions)
  • Keeping of medical records including archiving
  • Administration and evaluation of tests
  • Referral to another healthcare provider
  • Issuing certificates
  • Provision, administration and moderation of a communication channel between you, healthcare professionals and other patients (Community).

Purpose:

Provision of treatment

Legal basis:

Contract

The personal data is collected from:

You and our suppliers and/or cooperation partners within healthcare (including laboratories).

Recipients/category of recipients of personal data:

  • IT suppliers
  • Bank ID
  • Supplier of services for the management of prescriptions
  • The Swedish state personal adress register (SPAR)
  • Laboratories
  • Other healthcare providers
  • The recipients you specify when issuing certificates (e.g. employers or the Social Security Agency).
  • Suppliers of postal services

Is there a legal obligation to provide us with personal data?

No

Is it necessary to provide personal data to enter into or fulfill an agreement?

No

2.4 When we perform quality assurance and ensure your patient safety

Categories of personal data:

  • User identification  
  • Health data

Type of processing:

  • Creation and management of the deviation lists
  • Documentation of patient injuries
  • Collecting, analysing and evaluating quality assurance
  • Investigation of medical issues
  • Implementation and evaluation of control measures
  • Administration of cases with the Health and Social Care Inspectorate (IVO)
  • Documentation and evaluation of potential side effects

Purpose:

Ensuring your patient safety, ensuring the quality of your care

Legal basis:

Legal obligation regarding safe healthcare and patient safety

The personal data is collected from:

You

Recipients/category of recipients of personal data:

  • Authorities
  • Insurance companies
  • IT suppliers

Is there a legal obligation to provide us with the personal data?

No

Is it necessary to provide personal data to enter into or fulfill an agreement?

No

2.5 When you contact customer service, and we deal with your case

Categories of personal data:

  • Contact details
  • Name
  • User identification
  • Personal identification number
  • Your health data
  • The information you provide when communicating with our customer service
  • The information needed to investigate your case, e.g. technical data

Type of processing:

  • Communication with you
  • Investigation and assistance with your case
  • Follow-up and documentation of your case

Purpose:

Providing customer service and handling your case

Legal basis:

Our legitimate interest to provide customer service to you

The personal data is collected from:

You and our systems.

Recipients/category of recipients of personal data:

  • IT suppliers

Is there a legal obligation to provide us with personal data?

No

Is it necessary to provide personal data to enter into or fulfill an agreement?

No

3. For our other contacts with potential customers, suppliers, partners, candidates, etc.

3.1 When we market our services

Categories of personal data:

  • Name
  • Contact details
  • Details of your employment (including company and position)
  • User behaviour on our website, such as how you click around
  • Age and date of birth
  • Gender
  • Place of residence and position
  • Information about your experiences and health provided in your 'testimonial'.
  • Data provided by you in reviews through Trustpilot (data on your health if you choose to provide it).
  • Information provided when you use the “invite a friend” functionality (e.g. name and contact information)

Type of processing:

  • Sending out newsletters
  • Sending of e.g. offers or campaigns
  • Collecting, managing and storing your 'testimonial'
  • Administration of agreements and consents regarding your 'testimonial'
  • Publication of your "testimonial" on all internal and external digital channels and in internal and external printed media.
  • Collection of your reviews from Trustpilot
  • Publication of your reviews
  • Send information to potential patient that has received an “invite a friend” invitation
  • Providing credits to the patient that has sent the “invite a friend” invitation
  • Analysis and segmentation of you and your use of our website to understand your interests and to provide relevant and customised advertising and other materials. e.g. invitations to events.
  • Collecting, collating, analysing and transferring data to our marketing partners in order to serve targeted advertisements on social media and other digital platforms and websites.

Purpose:

Marketing of our service

Legal basis:

Legitimate interest.

Consent for the use of success stories in marketing

The personal data is collected from:

You, cookies, Trustpilot

Recipients/category of recipients of personal data:

  • IT suppliers
  • Companies we cooperate with regarding marketing
  • Recipients of our marketing communications
  • Visitors to our website

Is there any automated decision-making (including profiling):

Yes

Is there a legal obligation to provide us with the personal data?

No

Is it necessary to provide personal data to enter into or fulfill an agreement?

No

3.2 When we provide, evaluate, develop and improve our services and systems

Categories of personal data:

  • Name
  • Contact details (e.g. phone number, address, email address)
  • Information about you (e.g. gender, age, date of birth)
  • Video footage
  • The comments you have provided on the use of our service
  • Data regarding your use of our service and systems (e.g. click behaviour on our website).

Type of processing :

  • Maintaining, updating and improving our service and systems
  • Collection, analysis and segmentation of user behaviour, user experience and data.
  • Troubleshooting and fixing errors in our systems

Purpose:

Provision, evaluation, development and improvement of our service and systems

Legal basis:

Legitimate interest

The personal data is collected from:

You and through our systems

Recipients/category of recipients of personal data:

  • IT providers

Is there a legal obligation to provide us with personal data?

No

Is it necessary to provide personal data to enter into or fulfill an agreement?

No

3.3 When we conduct our business activities

Categories of personal data:

  • User identification
  • Contact details
  • Name
  • Details of your employment (including company and position)
  • Information contained in contracts, invoices, order forms and other documents
  • Information in communication with our suppliers, partners and other business relations.

Type of processing:

  • Managing the salaries of our staff
  • Administration of an invoice or payment document and related payment
  • Managing customer relationships or business relationships
  • Administration of invoicing and payment

Purpose:

Conducting our business activities.

Legal basis:

Fulfillment of contracts for patients.

Legitimate interest regarding employees of e.g. suppliers, partners or other business relations.

The personal data is collected from:

You, your employer or other sources of information. Some sources are publicly available e.g. websites.

Recipients/category of recipients of personal data:

  • IT suppliers

Is there a legal obligation to provide us with personal data?

No

Is it necessary to provide personal data to enter into or fulfill an agreement?

No

3.4 When we fulfill our legal obligations

Categories of personal data:

  • The information necessary to fulfil our legal obligations, e.g. name, personal identification number and data on your health.
  • Information necessary for accounting purposes, such as names, choice of payment options and other information contained in the payment documents.
  • Information contained in the request to exercise their rights (e.g. contact details)

Type of processing:

  • Management of your request to exercise your rights under the GDPR including identification.
  • Administration of accounts
  • Managing and responding to information requests from public authorities
  • Communication related to the request to exercise your rights

Purpose:

To fulfill our legal obligations

Legal basis:

Fulfillment of legal obligations

The personal data is collected from:

You, our systems and your employer.

Recipients/category of recipients of personal data:

  • IT suppliers
  • Authorities

Is there a legal obligation to provide us with personal data?

No

Is it necessary to provide personal data to enter into or fulfill an agreement?

No

3.5 When defending and protecting our legal interests, averting abuse, and preventing and investigating offences against the company.

Categories of personal data:

  • Information that is necessary for us to defend and protect our legal interests, e.g. contact details, name, personal identification number, information provided in communication with us, invoicing documents.

Type of processing:

  • Provision of documentation for the preparation of police reports and such
  • Preparation police reports
  • Preparation of documentation for and conduct of court hearings or other dispute resolution procedures.
  • Other processing operations necessary for the defence of our legal interests
  • Evaluating whether to block user from our service due to inappropriate behaviour (e.g. providing misleading information).

Purpose:

Defending and monitoring of our legal interests

Legal basis:

Legitimate interest.

Fulfilment of legal obligation (if there is such)

The personal data is collected from:

You, our systems, your employer and authorities.

Recipients/category of recipients of personal data:

  • IT suppliers
  • Authorities
  • Courts

Is there a legal obligation to provide us with personal data?

No

Is it necessary to provide personal data to enter into or fulfill an agreement?

No

3.6 When you apply for employment with us or have been provided as a reference in a recruitment process.

Categories of personal data:

  • Name
  • Contact details
  • Nationality, place of birth and passport details
  • Details of your past and present employment
  • Data on your skills and personal characteristics
  • Information on your education and qualifications
  • Information contained in communications with you
  • Information about your application, such as your CV, application letter and letters of recommendation.
  • Information you provide in an interview
  • Test results
  • Information provided by the reference about you
  • Information you provide in reference interviews

Type of processing:

  • Communication with you
  • Administration of your application
  • Evaluation and selection of job applicants
  • Managing and liaising with references provided
  • Evaluation and verification of your competences
  • Execution and evaluation of tests
  • Communication with potential recruitment agencies

Purpose:

Carry through the recruitment process.

Legal basis:

Legitimate interest to carry through the recruitment processes.

The personal data is collected from:

You, your references, recruitment agencies, and publicly available sources.

Recipients/category of recipients of personal data:

  • IT suppliers
  • Recruitment companies

Is there a legal obligation to provide us with personal data?

No.

Is it necessary to provide personal data to enter into or fulfill an agreement?

No.

From which sources do we obtain your personal data

In addition to the data that you provide to us, or that we collect from you based on your use of our service, we may also collect personal data via cookies or from other third parties. Information about where the data was collected and whether it comes from a third party can be found in each box under "The personal information is collected from".

Automated decisions and profiling

Profiling means that we analyze information about you to assess personal characteristics, which allows us to understand you as a customer and create the best possible offers for you. The extent to which we carry out profiling and for which purposes is described in detail above.

Recipients of data

Employees of Yazen

Your personal data will be shared with our employees (including consultants) who need access to them in order to fulfil their tasks.

Processors

In cases where it is necessary for us to be able to offer our services, we share your personal data with companies that are processors in relation to us. This applies, for example, to our suppliers of IT solutions and marketing. A processor is a company that processes information on our behalf and based on our instructions.

The processors may only process personal data in accordance with the purposes and instructions on processing and security that we have provided to them in a data processing agreement.

Independent controllers

We also share your personal data with certain companies that are independent controllers. The fact that the receiving entity is an independent controller means that we are not determining how the personal data disclosed will be processed by the receiving entity. Independent controllers with whom we share your personal data are:

  • State authorities (the police, the Swedish Tax Agency, The Health and Social Care inspectorate/IVO, The Social Insurance Agency/Försäkringskassan, or other authorities) if we are obliged to do so by law or in the event of a suspected offence.
  • Companies offering payment solutions
  • Bank ID
  • Insurance companies
  • Other healthcare providers and laboratories

When your personal data is shared with a company that is an independent data controller, that company's privacy notice will be applicable.

How long do we store/save your data?

We only process your personal data for as long as it is necessary for the purposes described above.

We will delete or anonymize your personal data when you no longer use our services or the personal data is no longer necessary for the purposes it has been collected for, unless we have a legal obligation to save the personal data or we need to do so to defend our legal claims. For example, as a registered healthcare provider, we have an obligation under the Patient Data Act to save patient records for ten (10) years, which means that we cannot delete or anonymize the information contained in patient records before that time has passed. Further, there are legal requirements stating that accounting documents need to be saved for seven (7) years, etc.

Personal data stored on the basis of your consent will be deleted if you withdraw your consent. You can read more about how to withdraw your consent in below. Withdrawal of consent does not affect our obligation to keep records or process personal data in accordance with applicable laws as stated above.

Where we process your personal data

We always endeavor to ensure that your personal data is processed within the EU/EEA but it may happen that your personal data is transferred to a third country. Regardless of where your personal data is processed, we take reasonable legal technical and organizational security measures to ensure that the level of protection is the same as within the EU/EEA. In cases where personal data is processed outside the EU/EEA, the level of protection is guaranteed either by a decision from the European Commission that the country in question ensures an adequate level of protection or by the use of so-called appropriate safeguards. If you would like more information about the protection measures taken, you are welcome to contact us by email to dpo@yazen.com.

Risks and security measures

Yazen uses technical and organizational security measures to protect your personal data against loss and to protect it against unauthorized access. This includes, for example, secure and private connections (such as VPN), encryption, and that access to your personal data is always limited to those employees who need access to perform their jobs. We continuously evaluate our systems and procedures and policies to ensure that they are secure and protected.

What are your rights?

You have several rights under the GDPR. These rights are summarized below. More information about your rights can be found on the Swedish Authority for Privacy Protection/IMY's website: https://www.imy.se/en/organisations/data-protection/this-applies-accordning-to-gdpr/the-data-subjects-rights/

If you wish to exercise your rights or have questions, please contact us. Contact details can be found at the top of this data protection notice.

Right to information

You have the right to be informed about how we process your personal data, which we provide you through this privacy notice.

Right of access

You can request information as to whether we process personal data relating to you and, if so, receive a copy of the personal data processed - a so-called register extract - together with certain more detailed information

Right of rectification

We have a responsibility to ensure that the personal data we process is correct, but if you consider that personal data relating to you is incorrect or incomplete, you have the right to request that the information be corrected.

Right to object

When we process your personal data within the framework of our legitimate interest, you have the right to object to the processing at any time. If we cannot show that there are legitimate grounds for continuing to process the personal data, we must cease the processing.

Right to withdraw consent

If our processing of your personal data is based on your consent, you can withdraw your consent at any time by sending an email to dpo@yazen.com or letter to our Data Protection Officer (see contact details under the heading "Controller and Data Protection Officer"). Withdrawal of consent does not affect the legality of the processing of your personal data that took place before the withdrawal. Withdrawal of consent does not affect our obligation to keep patient records or process personal data in accordance with applicable legislation. In other words, when there is such relevant legislation to adhere to, we might still have the obligation to process your personal data according to such legislation and if so, we must continue the processing to the extent the legislation states.  

Right to limitation of processing

In certain cases, for example if you have objected to the processing, you have the possibility to request a limitation of the processing of your personal data. By requesting a limitation, you have, at least for a certain period of time, the possibility to stop us from using the data other than to, for example, defend legal claims. You can also prevent us from erasing the data, for example if you need the data to claim damages.

Right to erasure

In certain cases, you can obtain the erasure of your personal data. When your personal data is necessary for the purposes for which it was collected, is needed to fulfill a legal obligation or when we need to establish, to assert or defend legal claims, we cannot erase the data.

Right to data portability

If we process personal data relating to you to fulfill an agreement, you have the possibility in certain cases to obtain your personal data to use it somewhere else, for example transferring the data to another personal data controller.

Comments on our processing?

If you have any concerns about our processing of your personal data, please feel free to contact us. You can find our contact details above.

You can also lodge a complaint with the IMY. Information on how to do this can be found on the IMY page on lodging a complaint.

If you have suffered damage due to the unlawful processing of your personal data, you may be entitled to compensation. You can then claim damages from us or bring an action for damages in court. You can find our contact details above.

Kom igång
Kom igång
Kom igång
Nyheter & inspiration
Nyheter
Kunskap & inspiration
Om sjuklig övervikt
För professionen
Företag
Om oss
Kontakta oss
Pressrum
Jobba med oss
__wf_reserverad_ärva
© 2024 Yazen. Alla rättigheter förbehållna.

Yazen Health AB är en registrerad vårdgivare som lyder under hälso-och sjukvårdslagen, dataskyddsförordningen (GDPR – General Data Protection Regulation), patientdatalagen och patientsäkerhetslagen. Vårt egentillverkade journalsystem och app är registrerad hos Inspektionen för vård och omsorg (IVO).
Sekretesspolicy
Användarvillkor
Cookie-inställningar
🇸🇪 SE🇬🇧 UK🇳🇱 NL🇳🇴 NO🇪🇸ES🇩🇪 DE