You can always expect that your personal data is processed in a safe manner by us, and you can contact us at any time if you have any questions about your personal data by e-mailing us at firstname.lastname@example.org.
1. Personal data we process about you, why and what are legitimate interest
ReleaseCo collects and processes various types of personal data about you prior to undergoing any treatment, purchase our products or otherwise when contacting us.
We process the personal data listed below for the following purposes and legitimate interest:
To provide you with the treatment you ordered from us.
To be able to book an appointment with us, you need to enter your e-mail address, password, phone number, name, national identity number and mailing address on our website. Data processing is based on our legitimate interest in being able to provide a safe and smooth booking process.
In order for us to be able to administer and provide the treatment you requested of us, you first need to fill in our Health Declaration. This process is required of us as registered healthcare providers, to be able to comply with our legal obligations under applicable healthcare legislation.
Medical records data.
As a registered healthcare provider, we keep your patient records based on your health declaration, linked to the treatments you were provided by us. This process is required of us as registered healthcare providers, to be able to comply with our legal obligations under applicable healthcare legislation.
We collect payment information in our legitimate interest in being able to charge for our services and products.
To be able to communicate with you and provide support. The contact details you provide as well as the information you include in your e-mails to us or that you otherwise provide to us through communication are processed for and with our legitimate interest in being able to communicate with you.
If you contact us for support, we will also process relevant circumstances as needed, along with the date/time you contacted us and other essential information we need in each case to assist and process a case, such as device information. The processing is necessary for us to be able to provide our services and products to you either within the framework of a contract we have entered into with you or for our legitimate interests, including our interest in our services and products working flawlessly and in effectively communicating with you.
For customer surveys. Your contact details may be used to contact you regarding customer surveys, e.g. to hear your thoughts about us and our services and products. Thus, in our legitimate interest in improving our products and services when you are a former customer of ours, we may contact you and ask you to participate.
However, it responding to customer surveys is voluntary and in the event that personal data appears in the information collected from customer surveys, we only process this personal data with your consent.
Send reminders of booked appointments. If you give your consent, we will send you a reminder of the booked date and time.
To market our products and services. In the event that you agree to this, we will also send you marketing info such as newsletters about our products and services. The legal basis for processing is your consent, and you can opt out of marketing at any time by using the link we provide in our e-mail or message or otherwise by contacting us.
To develop and improve the services and products we offer. Your personal data will be used to create statistics in aggregated form, which means the data can no longer identify you as an individual, as a basis for continuing to develop and improve the services and products we offer. Processing takes place on the basis of our legitimate interests, including our interest in being able to develop and improve our products and services.
To comply with laws. ReleaseCo is obligated to comply with Swedish laws and regulations. This means that your personal data will be processed to the extent required by law or other legal obligations. In addition to the obligations mentioned under health and medical care legislation, this includes e.g. our obligation to save relevant information for our accounting in accordance with the Swedish Accounting Act.
To protect us, you and others. We may process your personal data if necessary to defend or assert our, your or others' legal rights, business interests or other legitimate interests. This may be necessary if you or someone else makes claims against us. It is necessary to protect you and others as well as for other legitimate interests, such as our interest in being able to defend ourselves against or assert legal claims.
In connection with a transfer of business enterprise. In the event that we, for strategic or business reasons, decide in the future to sell or transfer all or part of the company, your personal data may be shared or transferred to the parties involved in the transaction. This processing is based on our legitimate interest in being able to develop our business enterprise.
2. How your data is collected
Information you provide to us. The data we collect from you is typically the information you provide us when registering your account and when communicating with us.
3. How your data is shared with others
For certain purposes, we need to share your personal data with other trusted individuals and companies:
People who work for us or are associated with us. Your personal data will be shared with people who work for or are associated with ReleaseCo – but only people who need access to the data – in order to perform their duties.
Service providers. We use the following suppliers who may need access to your personal data:
Payment institutions such as Swish and current banks.
Providers of e-mail systems and services.
Provider of IT services, platforms and servers for our website and booking system.
Government agencies and in legal contexts. Your personal data may sometimes need to be shared with authorities, courts and other parties. As required by law, in connection with a legal process, or to respond to a request from supervisory authorities or other authorities.
Transfer of business enterprise. For strategic or business reasons, we may decide in the future to sell or transfer all or part of the company. As part of such a transaction, your personal data may need to be shared with or transferred to the parties involved in the process.
4. Processing outside the EU/EEA
We always strive to process your personal data within the EU/EEA. However, your personal data may sometimes need to be transferred to companies outside the EU/EEA when we use a service provider with a business address or server outside the EU/EEA.
You should be aware that other rules may apply to your personal data outside the EU/EEA, which can sometimes mean less protection. However, we always choose our service providers with care and take the necessary measures necessary to ensure that your personal data is always offered an adequate level of protection in accordance with the General Data Protection Regulation (GDPR). These measures include that we enter into the EU Commission's standard contractual clauses or ensure that service providers are located in a country that the EU Commission has deemed as having an adequate level of protection or that the company, if located in the United States, is affiliated with Privacy Shield.
You can always contact us if you have questions about applicable protective measures.
5. How long your data is stored
ReleaseCo keeps your patient records for 10 years after the last information was entered in our documents. We do this in order to comply with the healthcare legislation to which we are subject.
Personal data processed with your consent as a legal basis will be deleted if you withdraw your consent. This applies e.g. to the data we process in order to send newsletters to you. Please note, however, that this does not affect our right to process the data before the revocation.
We regularly check the need to save your data, taking into account applicable legal requirements, and we save personal data only as long as it is justified for the purpose of the processing after which it is deleted or de-identified. How long we save your personal data depends on the type of data. The same data can sometimes be saved for different purposes. For example, a piece of data can be saved because the law requires it, even though it has been aggregated and anonymised for other purposes.
Generally speaking, your personal data is stored during the time of our contractual relationship, in other words for as long as it is needed for us to provide the processing or products you purchased from us.
6. Links to other websites
Our website may contain links to the websites of third parties. Visitors who follow such a link should check the terms and policies of the website in question before disclosing their personal data to the provider of the page. Under no circumstances is ReleaseCo responsible for websites belonging to third parties.
7. Your rights
Right to read and access your data. You can at any time request information about whether we process your personal data and how it has been collected, used, shared etc. and receive a copy of your personal data. The first copy you request you always get for free. However, in the event of repeated and unreasonable requests for copies, we may charge an administrative fee.
Especially concerning your medical records. You can at any time request information about what access has occurred to your patient data as we by law record the access that takes place to your electronic health records. In addition, if the confidentiality test we are required by law to carry out allows it, you have the right to access the data in your patient records.
Right to object to processing. You have the right to object to your personal data being processed for legitimate interests and we must cease the processing unless we can show that there are compelling legitimate reasons for continued processing. You can contact us to get more information about the balance of interests that have been made for the processing that we base on our legitimate interests.
Especially concerning your medical records. As a general rule, if the Patient Data Act allows the processing of your personal data, e.g. for record keeping, we may process this personal data even if you object.
Right to delete data. You have the right to request that a data about you be deleted if the data is no longer necessary for the purpose for which it was collected or otherwise processed, or if there is no legal basis for processing the data.
Especially concerning your medical records. Information in a medical record may not be deleted without a decision from the Swedish Health and Social Care Inspectorate (IVO). However, you have the right to state that an entry in the journal is incorrect or misleading.
Right to correct incorrect data. You have the right to request that incorrect personal data about you be corrected. You also have the right to complete incomplete personal data.
Especially concerning your medical records. If you believe that an entry in your journal is misleading, you have the right to provide it to us and have a note added to your journal, regardless of what our opinion is on the matter.
Right to restriction. You have the right to request that the processing of your personal data be restricted until incorrect information has been corrected or an objection from you has been handled.
Right to withdraw your consent. You have the right to withdraw consent at any time. Note, however, that it does not affect the processing performed before withdrawal.
Right to move your data. You have, in some cases, the right to receive the personal data that we process about you to fulfil our agreement with you in order to be able to transfer it to another data controller.
Right to lodge a complaint with a supervisory authority. You have the right to contact and file a complaint with the Data Inspectorate if you believe that your personal data has been handled incorrectly by us. Read more at imy.se. You can also contact the supervisory authority in the country where you live or work. If personal data about you has been processed in violation of the Patient Data Act and GDPR, you may be entitled to damages.
If you request that we restrict or delete your personal data, it may affect or hinder certain uses of our services and products. You should also be aware that there may be legal regulations that limit, or expand, your rights. For example, legal obligations may prevent or give us the right not to disclose, delete or move parts of your data.
8. Updates to the policy