Privacy Policy for the Service

Summary: Privacy policy for you if you use Vital’s services

General and substantive scope

Your personal privacy is very important to us at Vital. Our aim is for you to feel safe whenever we process your personal data. Our aim with this privacy policy (“Privacy Policy”) is to show how we ensure that the way your personal data is handled complies with the applicable legislation. This Privacy Policy applies to you if you use Vital’s healthcare services (“Services”).

In our role as data controller, we ensure that applicable data protection laws are always complied with, and that we only process your personal data for the purposes set out in this Privacy Policy. 

How we process your personal data

We will only process your personal data if it is necessary to fulfil the processing purposes.

The categories of personal data we process are:

  • Contact details, such as name, phone number, postal address and email address;
  • Social security number;
  • Medical data such as test results, general health details you have chosen to share, and medical notes regarding your results; and
  • Other details that you choose to share when you use our Service or otherwise have contact with us.
  • We only process your personal data for the purposes listed below:
  • To provide and enable record-keeping and other necessary documentation;
  • To provide, administer and manage our Services;
  • To analyse and develop our Services;
  • In order to fulfil Vital’s legal obligations;
  • In the event of mergers, divestitures, restructuring, reorganisation, dissolution and other sale or transfer of Vital’s assets; and
  • To safeguard our legal interests in the event of a dispute.
  • We do not use your personal data for any other purpose incompatible with the above, and only keep it for as long as it is required. For more information about how we process your personal data, please refer to Vital’s full privacy policy.
  • If you wish to read about how we process your personal data in the event that you visit our Website or make purchases, and for marketing and similar activities, please see our Privacy Policy for website users.

Contact details

If you have any questions about this Privacy Policy, our processing of your personal data, or if you wish to exercise your rights, please do not hesitate to contact us at kundservice@vital.se.

Full privacy policy for you if you use Vital’s services

1.  PREAMBLE

1.1 Your personal privacy is very important to Vital Labs AB (corporate registration number 559332-0723, hereinafter “Vital”). Our aim is for you to feel safe whenever we process your personal data. Our aim with this privacy policy (“Privacy Policy”) is to show how we ensure that the way your personal data is handled complies with the applicable legislation. This Privacy Policy applies to you if you use Vital’s healthcare services (“Services”).

2.   DATA CONTROLLER AND DATA PROTECTION OFFICER

2.1 Vital is the data controller for processing your personal data and is thus responsible for ensuring that any data processing takes place in accordance with the applicable legislation.

2.2 We have appointed Caroline Olstedt Carlström at Cirio Law Firm as our Data Protection Officer (“Data Protection Officer”). The Data Protection Officer is responsible for duties such as monitoring that our use of personal data complies with the applicable legislation.

2.3 [Contact details ]

3.  CONFIDENTIALITY AND SECURITY

3.1 We will not disclose your personal data to another party if such processing could lead to you or someone close to you being harmed by such disclosure.

3.2 If we at Vital disclose your personal data, we do so on the basis of your consent.

3.3 There are situations where Vital has a legal obligation to disclose information about you, for instance to the authorities in certain cases.

3.4 We may also process information about you and share personal data with other parties in connection with marketing the Vital Service, for instance if we conduct marketing via social media. However, information we may process about you in the context of such marketing does not include any information about your health.

3.5 All data about you that is processed during medical record-keeping and otherwise during handling of our medical records, must be kept confidential. Vital has also taken several security measures, such as restricting access to patient data so that only staff who require access to that information in order for us to provide you with our Services have such access.

4.   OUR USE OF YOUR PERSONAL DATA

4.1 We process your personal data for the following purposes:

  • To provide and enable record-keeping and other necessary documentation;
  • To provide, administer and manage our Services;
  • To analyse and develop our Services;
  • In order to fulfil Vital’s legal obligations;
  • To enable mergers, divestitures, restructuring, reorganisation, dissolution and other sale or transfer of Vital’s assets; and
  • To safeguard our legal interests in the event of a dispute.

4.2 List of categories processed:

  • Contact details, such as name, phone number, postal address and email address;
  • Social security number;
  • Medical data such as test results, general health details you have chosen to share, and medical notes regarding your results; and
  • Other details that you choose to share when you use our Service or otherwise have contact with us. 

4.3 In the tables below, you can read more about how we at Vital process your personal data when you choose to use our Services.

PURPOSE

  • To provide and enable record-keeping and other necessary documentation ►
  • To provide, administer and manage our Services ►
  • To analyse and develop our Services ►
  • In order to fulfil Vital’s legal obligations ►
  • To enable mergers, divestitures, restructuring, reorganisation, dissolution and other sale or transfer of Vital’s assets ►
  • To safeguard our legal interests in the event of a dispute ►

To provide and enable record-keeping and other necessary documentation

What we do: We process personal data about you in order to keep medical records and other necessary documentation as part of providing our Services.

Categories of personal data: All the categories of personal data specified in section 4.2.

Legal basis: The processing is necessary in order for us to fulfil our legal obligations under the Swedish Patient Data Act.

Retention period: We will only process your personal data for the period stipulated in the applicable legislation.

For instance, we process personal data as part of Vital’s medical record-keeping for 10 years after the data has been collected, then the data is deleted or anonymised.

To provide, administer and manage our Services

What we do: In order for us to provide, administer and manage our Services in a good, smooth and secure manner, we may process your personal data. We will process your personal data among other things in order to run tests and provide you with test results. You may also choose to share additional information about you that might help to provide you with more accurate and detailed results, such as your height, weight, and any medication you are taking.

We may also process information about you in connection with contacting you, which we do e.g. if the test results are significantly irregular.

Categories of personal data: All the categories of personal data specified in section 4.2.

Legal basis: In cases where the processing is stipulated by the healthcare legislation or other applicable legislation, we process your data in order for us to comply with such legal obligations.

In order to otherwise provide, administer and manage our Services, we process your personal data in order to fulfil the agreement you entered into with us in order to use the Services.

Retention period: Your personal data will be stored for as long as it is necessary for us to be able to provide, administer and manage the Vitals Services as stated in the agreement, and to fulfil our legal obligations.

To analyse and develop our Services

What we do:  Vital may process your personal data in order to analyse and develop our Services, e.g. by compiling statistics on what age groups are using our Services, how many people have used the Services and how many of them have had an irregular test result. Data is only processed in aggregated or otherwise pseudonymised form.

Categories of personal data: All the categories of personal data specified in section 4.2.

Legal basis: We process your personal data based on Vital’s legitimate interest in being able to analyse and develop our Services, which we believe overrides the interest in protecting your personal data.

Retention period: Your personal data will be stored for as long as necessary to achieve the purpose of the processing but for a maximum of three (3) years after we have received the data. After that, it will be deleted or anonymised.

To fulfil our legal obligations

What we do: Vital may need to process information about you in order to comply with our legal obligations, for instance due to requirements arising from the Accounting Act.

Categories of personal data: All the categories of personal data specified in section 4.2.

Legal basis: We process your personal data to comply with our legal obligations under the applicable legislation.

Retention period: Your personal data will only be stored for the time required by the applicable legislation, e.g. seven (7) years under the Accounting Act.

To enable mergers, divestitures, restructuring, reorganisation, dissolution and other sale or transfer of Vital’s asset

What we do:  We need to process your personal data in the event of a merger, divestiture, restructuring, reorganisation, dissolution or other sale of Vital’s assets.

Categories of personal data: All the categories of personal data specified in section 4.2.

Legal basis: We process your personal data based on Vital’s legitimate interest in enabling the merger, divestiture, restructuring, reorganisation, dissolution and other sale or transfer of Vital’s assets, which we believe overrides the interest in protecting your personal data.

Retention period: We process your personal data for as long as it is necessary to fulfil the purpose of such processing.

Personal data transferred to a buyer or other successor in the event of a divestiture or other sale or transfer of Vital’s assets will not continue to be processed by Vital after such transfer, unless required according to the applicable legislation.

To safeguard our legal interests in the event of a dispute

What we do:  We may need to process your personal data in order to safeguard our legal interests in the event of a dispute, such as to establish, exercise or defend legal claims.

Categories of personal data: All the categories of personal data specified in section 4.2.

Legal basis: We process your personal data based on Vital’s legitimate interest, as we believe that our interest in protecting our interests in the event of a dispute overrides your interest in protecting personal data.

Retention period: Your personal data will be stored for as long as it is necessary for us to be able to safeguard our legal interests in the event of a dispute.

5.  HOW WE COLLECT YOUR PERSONAL DATA

The personal data we process about you is primarily the information you provided by using our Services.

6.  STORAGE OF PERSONAL DATA

We will only retain your personal data for as long as necessary to achieve the purposes for which it was collected in accordance with this Privacy Policy. Once we no longer need your personal data, we delete the data from our systems, databases and backups. For more information on how long we keep your data for the different purposes, please refer to the tables in section 4.

7.   AUTOMATED DECISION-MAKING

We do not use processing for automated decision-making purposes.

8.  HOW WE SHARE AND DISCLOSE YOUR PERSONAL DATA?

Vital may share your personal data with third parties, such as IT providers and other companies we cooperate with in order to provide our Services. For instance, when you use our service, information about you is sent to sampling sites and laboratories that test the samples so that we can then deliver your test results.

In some cases, we may also be required to share your personal data with authorities or other third parties in connection with audits, court proceedings or for other similar reasons.

Finally, we may need to share your data, as set out above, in the event of a merger, divestiture, restructuring, reorganisation, dissolution or other sale or transfer of Vital’s assets, as well as to safeguard our legal interests in the event of a dispute.

We will not sell your personal data to any third parties.

9. WHERE YOUR DATA IS PROCESSED?

Vital may transfer your personal data to a country outside the EU/EEA. If personal data is transferred to any such country, we will ensure that your personal data is protected and that the transfer complies with the applicable legislation.

When we carry out a transfer to a country that has not received a European Commission data protection adequacy decision, we will use some other appropriate transfer mechanism as the legal basis for the transfer, such as standard contractual clauses (SCCs) issued by the European Commission. In order for you to effectively exercise your rights under the SCCs, you are entitled to, among other things, receive a copy of the SCCs and to be informed of the identity of the recipients.

10. YOUR RIGHTS

As the data controller, we are responsible for ensuring that your personal data is used in compliance with the law and that your rights are upheld. You may contact us at any time if you wish to exercise your rights. You will find our contact details at the bottom of this Privacy Policy.

We are required to respond to your request to exercise your rights within one month of you getting in touch. If your request is complicated or large numbers of requests have been received, we have the right to extend the time by two more months. If we are not able to take the action you requested within one month, we will inform you of the reason for the delay and of your right to complain to the supervisory authority and to seek legal remedy.

10.1 Our responsibility for your rights

All information and correspondence, and all the actions that we carry out, are free of charge to you. However, if what you request in relation to your rights is manifestly unfounded or unreasonable, we are entitled to charge an administrative fee for providing you with the information or carrying out the requested action, or refuse to comply with your request.

10.2 Your right of access, correction, deletion and restriction

10.2.1 You have the right to request:

(i) Access to your personal data. This means that you have the right to request a record of our use of your personal data. You are also entitled to receive a copy of the personal data we are using, free of charge. For any additional copies, we are entitled to charge a reasonable administration fee. If you submit a request online, e.g. by email, we will provide you with the information in a common digital format.

(ii) Correction of your personal data. We will, at your request or on our own initiative, correct, anonymise, delete or update data that we discover to be incorrect, incomplete or misleading. You also have the right to add additional information if something relevant is missing.

(iii) Deletion of your personal data. You have the right to request us to delete your personal data if there is no longer any acceptable reason for us to use it. For that reason, data is to be deleted if:

  • The personal data is no longer necessary for the purpose for which we collected it;
  • We are using your data on the basis of your consent and you withdraw it;
  • You object to our use of your data that occurs after the various interests have been weighed up and we do not have legitimate interests that override your interests and rights;
  • We have used the personal data in an unauthorised manner; or
  • We have a legal obligation to delete the personal data.

However, there may be legal requirements or other compelling reasons that prevent us from immediately deleting your personal data. We will then stop using your personal data for purposes other than complying with the law or if it is necessary for any other compelling reason.

(iv) Restriction of use. This means that we temporarily restrict the use of your data.  You have the right to request restriction when:

  • You believe that your data is incorrect and you have requested correction, while we investigate the correctness of the data;
  • The use is unlawful and you do not want the data to be deleted;
  • We as the data controller no longer need the personal data for our usage purposes, but you need it in order to establish, exercise or defend a legal claim; or
  • You have objected to data processing, pending verification of whether our legitimate interests override yours.

We will take all reasonable steps to notify all those who have received personal data pursuant to section 8 above if we have corrected, deleted or restricted access to your personal data after you have requested that we do so. At your request, we will inform you of who we have disclosed personal data to.

10.3 Your right to object to use

You have the right to object to us using your personal data on the basis of a balance of interests (see section 3 above). If you object to such use, we will only continue the use if we have important reasons to continue the use that override your interests.

10.4 Your right to data portability

You have the right to data portability. This means a right to receive your personal data in a structured, commonly used, machine-readable format and to have that data transferred to another data controller. You only have the right to data portability when the use of your personal data is automated and when we are basing our use of your data on your consent or on an agreement between you and us.

10.5 Your right to complain to a supervisory authority

You have the right to lodge any complaint with the supervisory authority (Swedish Authority for Privacy Protection, www.imy.se) if you are not satisfied with our processing of your personal data.

11.  WE PROTECT YOUR PERSONAL DATA

11.1 Vital cares about you always feeling safe when you provide us with your personal details. which is why we taken technical and structural security measures, including restricting access and undergoing regular internal audits, to best protect your personal data from, e.g., unauthorised access, alteration or loss of information. In the event of any security incident that may significantly affect you, we will contact you.

12. SEARCH TERMS

12.1 Vital may use different search terms to, e.g., locate and compile information within the framework of our Services. This may include, e.g., compiling statistics on what age groups are using our Services, how many people have used the Services, how many of them have had an irregular test result, etc. Such search and compilation will only take place in pseudonymised and/or aggregated form, which means that we cannot directly link those statistics to any particular individual.

Vital only uses this type of data compilation to analyse and evaluate its Services and not to obtain information about a particular user. Furthermore, we will never use search terms, or search for data, that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic data or biometric data to identify an actual individual, or data about an actual individual’s sex life or sexual orientation, or crime statistics.

13.  CHANGES TO THIS PRIVACY POLICY

13.1 Vital has the right to change this Privacy Policy at any time. The latest version of the Policy will always be available on our Website. Whenever we make changes that are not of a purely linguistic or editorial nature, you will be informed of the changes within reasonable time before they take effect.

14.  HOW TO CONTACT US

14.1 If you have any questions about this Privacy Policy, our processing of your personal data, or if you would like to exercise your rights, please contact us at kundservice@vital.se.

This Privacy Policy was last updated on 21 March 2022.

Read more:

Privacy Policy for Website Visitors

Cookie-policy

Go to cart: kr