Private Policy of Medipal Solutions

1. INTRODUCTION

1.1. Medipal Solutions AB, Reg. No. 556921-8489, Nygränd 10, 111 30, Stockholm, Sweden (hereafter “Medipal Solutions“, “we“) is a company established in Sweden, and we comply with the applicable data protection legislation in Sweden.

 
1.2. In this Privacy Policy, Medipal Solutions intends to provide information on which types of personal data that we may process in connection with the use of the digitized platform Medipal, as well as the services and products provided via Medipal (“Medipal“). We also intend to describe our processing of personal data and what choices the user has in relation to these processing activities.
 
1.3. Please note that this privacy policy only includes information about the processing of personal data that Medipal Solutions performs as a data controller. The privacy policy does not cover the processing of personal data that Medipal Solutions performs as a data processor for the health-care provider (public or private), the research institute, pharmaceutical company or another operator within the health care area that the user belongs to. The user is welcome to contact us at support@medipal.se, or via our contact form at www.medipal.se if the user has questions about our processing of personal data performed on behalf of another personal data controller. However, we primarily refer to the specific operator’s privacy policy.
 
1.4. Unless otherwise stated in this Privacy Policy, terms and concepts mentioned in the privacy policy shall have the same meaning as in the applicable legislation and industry standards (such as the EU’s General Data Protection Regulation 2016/679).

2. CATEGORIES OF PERSONAL DATA

2.1. This Privacy Policy applies to the processing of personal data that belongs to the following types of users:

i) Qualified personnel within health-care and research institutions;
ii) Patients or others with special needs;
iii) Visitors to Medipal Solutions’ website www.medipal.se;
iv) Representatives of Medipal Solutions existing or prospective customers; and v) Representatives of Medipal Solutions existing or prospective partners.
 
2.2. A condition for using Medipal is that the user is assigned a user account, which means that an authorized person submit the user’s personal data, included but not limited to name, telephone number, e-mail address, social security number, employer and HAS-ID. Medipal Solutions collect these personal data either through Medipal’s interface or through correspondence with Medipal Solutions customer service.
 
2.3. When the user contacts Medipal Solutions’ customer service or support staff for various cases, we may request other personal data such as information about the operator within health-care, or the research institution, that the user represents or belongs to, IT equipment and hardware used, information on where the user is geographically, the reason why the user contacts Medipal Solutions and the information we provide to the user in connection with his or her contact with Medipal Solutions.
 
2.4. Some parts in Medipal collect and provide Medipal Solutions with information about the User, for example:
a) Details of the online content displayed or integrated with Medipal Solutions, such as information about the user’s browser, websites visited by the user and selection of objects and which items the user “clicks on”.
 
2.5. Service or server logs, stored information about a person’s use of the services or websites, such as IP address, browser information (including HTTP User-Agent strings), HTTP Request and time and location for its activities, domains, devices and application settings, errors and hardware activity.
 
a) Information about the physical location of the user’s hardware, geolocation services, and applications, browser settings or other internet activation services or other information that our support administration needs to assist customers and users in troubleshooting.
 
2.6. In general, this online information is collected using digital identifiers, such as browser cookies, plugins, or the user’s IP address. These identifiers are used to distinguish the information provided by the hardware or browser being used. However, Medipal Solutions can associate the collected information with the users’ account, for example, when they are logged in to the services.
 
2.7. We encourage users always to exercise caution when providing information, especially regarding information that the user stores and makes available to other users, or when using free text boxes that may be in Medipal. Some of our services are automated and cannot detect that users have submitted incorrect or sensitive personal information.

3. THE PROCESSING OF PERSONAL DATA

3.1. All processing that Medipal Solutions carries out in Medipal as the data controller takes place exclusively for the purposes that are either stated in this privacy policy, or when the collection of the personal data takes place, and, where applicable, when the user is asked to approve the processing.

 
3.2. How Medipal Solutions uses personal data depends partly on which Medipal Solutions service the user use, partly on how they use these services. Nevertheless, we primarily use personal data of the user to provide, maintain, and adapt Medipal in a manner that is relevant and useful to the users.
 
3.3. More precisely, Medipal Solutions use the users’ personal data for the purposes listed below.
 
a) We use the user’s login information to confirm the user’s identity to give them access to Medipal.
 
b) We use personal data to process user licenses and activities to upload/download, organize, process, process, distribute, and store information in Medipal.
 
c) We use personal data to communicate with our users. The communication may concern how users can use Medipal, updates, and reminders. In some cases, the user can change the choice of communication, but the user cannot opt-out of service announcements from Medipal, including security notices and operating information, or legal and regulatory issues.
 
d) We use personal data (which may include the user’s communications with us), which is necessary to investigate, answer, and handle complaints, reclamations, and service issues (e.g., errors).
 
e) We may use the user’s personal data to produce aggregated datasets where it is no longer possible to identify the user. For example, Medipal can use the information to generate statistics about the users.
 
3.4. We use personal data (including communication with us) if we consider it necessary for security reasons or to investigate any fraud or other violations of our license agreement, terms of use, policies, guidelines, and standards (including this privacy policy).

4. GROUNDS FOR THE PROCESSING OF PERSONAL DATA

4.1. Our collection and processing of users’ personal data are necessary for us to be able to provide, inform, and further develop Medipal.

 
4.2. Medipal Solutions has determined that personal data processing carried out in accordance with this privacy policy is necessary since:
 
a) We shall be able to fulfil our contractual obligations towards the users (e.g., applicable terms of use) – Article 6.1(b) of the EU Data Protection Regulation (EU) 2016/679.
 
b) We shall be able to comply with applicable laws and regulations, such as to comply with regulatory injunctions, administrative procedures or another legal process (e.g., Accounting Act 1999:1078) – Article 6.1
 
(c) of the EU Data Protection Regulation (EU) 2016/679.
 
c) We may have a legitimate interest in processing personal data of the users when making Medipal available and providing information about Medipal, managing customer service matters and general requests about Medipal Solutions, IT and information security, product development, etc. Our opinion is that our interests in processing personal data of the user in these contexts outweigh the users’ interests in us not processing the personal data – Article 6 (1) (f) of the EU Data Protection Regulation (EU) 2016/679.
 
4.3. For more specific information about our legitimate interests, as well as our performed risk and impact assessments due to our processing of the user’s personal data, please contact us at the address stated on Medipal Solutions’ website www.medipal.se.
 
4.4. Medipal Solutions may also process the user’s personal data for one or more specific purposes on the basis that the user leaves his or her consent to such processing. It will be clear to the user when that is the case and what such consent means to the user.

5. WHO DO WE SHARE YOUR PERSONAL DATA WITH

5.1. Medipal Solutions never forwards sells, or exchanges personal data to third parties for marketing purposes or purposes that are not consistent with Medipal’s intended use.

 
5.2. Medipal Solutions uses suppliers to carry out certain maintenance of our systems, data analysis, auditing, payments, fraud prevention, and development. These suppliers can be granted access to users’ personal data to the extent necessary to perform these tasks on our behalf. Our suppliers are obligated not to disclose or use the information for any other purpose.
 
5.3. Because the service constitutes a system that serves the purpose to make information available and enables communications with other users, it is natural that some other users can access the user’s personal data.
 
5.4. It is possible that we need to share personal data when required by law, court procedure or another legal process, or if we consider it necessary to disclose the information to (1) investigate, prevent or take action in the event of suspicion or detection of illegal activities or to help public authorities; (2) protect and secure our services and/or its integrity. We will notify our users of the legal obligation to share their personal data unless we are legally prevented from doing so.

6. HOW LONG WILL WE KEEP YOUR PERSONAL DATA

6.1. We save the user’s personal data as long as it is necessary to be able to make Medipal available or otherwise fulfill our obligations to the users. However, we will not retain the users’ personal data for a longer period than necessary for the purposes for which the personal data were collected.

 
6.2. We keep the user’s personal data after they have closed their accounts only if it is necessary to fulfill our legal obligations (including at request of the authorities), to comply with laws and regulations, to establish, enforce or defend legal claims, maintain security, prevent fraud and abuse, fulfil our license agreements, terms of use agreement or according to their request that we continue to communicate with them.

7. USERS RIGHT

7.1. Users can, at any time, contact Medipal Solutions to claim the following rights.

 
a) Right to access. This means that an individual has the right to receive a confirmation of whether his or her personal data is being processed, and if so, also get access to the personal data (and receive an extract from the register) and some additional information about the processing.
 
b) Right to data portability. In some cases, users have the right to access their personal data in a structured, commonly used and machine-readable format and have the right to transmit those data from Medipal Solutions to another controller.
 
c) Right to rectification. The users have the right to ask us to rectify inaccurate personal data, and the right to have incomplete personal data completed. The user also has the right to ask us to erase the personal data in certain circumstances.
 
d) Right of withdrawing consent. The user he shall have the right to withdraw his or her consent at any time.
 
e) Right to object to processing. When processing is based on our legitimate interest (see section 4.2.c) above), the user has the right to object to the processing at any time.
 
f) The right to object to the processing of personal data for direct marketing purposes at any time. The personal data shall no longer be processed for such purposes.
 
g) The right to restrict the processing of personal data in certain circumstances.
 
h) The right to file a complaint about Medipal Solutions’ processing of personal data to the relevant supervisory authority, The Swedish Data Protection Authority (DPA) (Sw: Datainspektionen).

8. SECURITY INFORMATION

8.1. Medipal Solutions has implemented technical and organizational security measures that protect personal data from accidental or illegal destruction, loss, or change. These measures also protect the personal data from unauthorized disclosure, expose, abuse, or other processing that violates applicable law.

 
8.2. We regularly monitor our systems to identify possible vulnerabilities and possible attacks. However, there is no guarantee that personal data will be protected from unauthorized access or disclosure, alteration, or destruction despite our physical, technical, and administrative security measures.

9. UPDATE OF PRIVACY POLICY

9.1. Medipal Solutions’ services are dynamic, and from time to time, we are launching new functions that may involve the collection of new personal data. When this happens, or when we use personal data for other purposes, Medipal Solutions will, when relevant, update this privacy policy. This privacy policy may also change over time due to, for example, changes in the law. If Medipal Solutions believe that the change in the privacy policy is of great importance to the user, we will inform the user directly in an appropriate manner. However, the latest version of this privacy policy can always be found at www.medipal.se.

10. CONTACT DETAILS

For questions, comments, or complaints regarding this privacy policy, about our protection of privacy or our IT and information security, please contact us at: Medipal Solutions AB

Reg. no. 556921–8489
Nygränd 10, SE-111 30, Stockholm, Sweden
Tel: +46(0)707-25 05 75
 
This is a translation of the Swedish original wording. In case of discrepancies, the Swedish version shall prevail.

Last Updated: May 25, 2018

Version 1.0