Mindler – PERSONAL DATA POLICY
Mindler AB respects your privacy and makes sure that you are able to feel secure about how we process your personal data. This personal data policy explains how Mindler AB collects and processes your personal data when you use the Mindler AB service (“the Service“). It also describes your rights vis-à-vis us and how you can assert your rights.
Mindler AB is the personal data controller for your personal data processed in the Service. You can contact us at any time if you have any questions about your personal data by sending an e-mail to firstname.lastname@example.org .
By using the Service, you accept this personal data policy and give your consent for your personal data to be collected and processed in the manner described below. It is important that you should read and understand this policy before you use the Service.
This policy may occasionally need to be changed or updated, for example if functions are changed or added to the Service. If that is the case, you will be informed in the Service or by other suitable means to give you the opportunity to make up your mind about the change before it begins to apply.
- PERSONAL DATA COLLECTED ON YOU
The following personal data is collected and processed by Mindler AB in connection with your use of the Service:
Information you provide us with
- Personal particulars and contact details. When you create a user account in the Service, you need to provide us with details such as your name, personal identification number, e-mail address, mobile phone number, etc.
- Health data. When you use the Service, you may share information on your physical and mental health. It may, for example, be a question of information relating to your illness, your medical history or your mental state. Health data may be collected when, for instance, you discuss it either verbally or in writing with the psychologist or other people you come into contact with in the Service (“the Treatment Provider“). Health data may also be collected when you answer questions on forms from the Treatment Provider or upload images or other files in the Service.
- Payment information. If you make payments in the Service, your credit and payment card information will be collected (name, card number, validity period and CVC/CVV code).
Information may also be collected if you leave feedback in the Service. You can always choose not to provide us with information, but that may mean that it is more difficult or impossible for us to provide you with the Service. For example, the Treatment Provider may sometimes require you to answer selected questions before you book a meeting in the Service. Insufficient or inaccurate health data can also have a significant impact on the Treatment Provider’s ability to provide you with proper care.
Information collected in other ways
- Personal particulars and contact details. If you are invited to the Service by the Treatment Provider, the Treatment Provider will instead specify your personal particulars and contact details in order to register your account.
- Health data. Health data on you may also be provided by the Treatment Provider in the Service or in your patient records. It may consist of information on an established diagnosis, actions planned and carried out, medical certificates, prescribed pharmaceutical products, pharmaceutical instructions, training programmes or test responses. The Treatment Provider adds data as part of his or her obligation towards you as a patient.
- Technical data. When you use the Service, device information is collected from your computer (or mobile device) such as the IP address, language, browser type and version, operating system and screen resolution as well as the date and time of your session.
Sound and moving images are not recorded or saved. Sound and moving images are deleted in real time and are naturally not saved in any way after the meeting. However, please note that images and files that you upload in the Service are collected and stored.
- HOW YOUR DATA IS USED
Your personal data is mainly used to provide, carry out and improve the Service. Mindler AB processes your personal data for the following purposes based on the following legal grounds:
- To provide the Service. Your personal data and contact information will be processed in order to manage your account and to enable you to be provided with the Service (i.e. to enable the agreement between us to be fulfilled). For example, we use your personal data to confirm your identity when you log in using your BankID in the Service, your payment information to carry out and manage your payments in the Service and technical data to ensure that the Service is presented in the best way for you and your device.
- To communicate with you. Your personal particulars and contact details (including your e-mail address and mobile phone number) may be used to send you notifications and communications such as reminders and booking confirmations. This is done in order to provide you with the Service and for other legitimate interests, including Mindler AB’s interest in ensuring that booked meetings are not forgotten and being able to send you important information. You can turn off notifications in your settings.
- To treat you and keep patient records, etc. Your personal data (including health data) will be processed to examine you and give you medical advice. It is necessary in order to medically prevent, examine and treat any illnesses, injuries and other problems you may have. Your personal data will also be used to keep patient records and draw up other documentation, as well as to fulfil other requirements in accordance with the Patient Data Act and other applicable laws. Some of the data may, for example, need to be reported to national health data registers.
- To provide customer services. Your personal data (though not health data) may be used to investigate, respond to and resolve complaints and problems with the Service (e.g. bugs). This is done in order to provide you with the Service and for other legitimate interests, including Mindler AB’s interest in ensuring that the Service functions to enable meetings to be held with you and others.
- To compile statistics. Your personal data (including health data) may be used to compile statistics in aggregated form, where the data is not identifiable. Statistics can, for example, relate to reasons for meetings in the Service, how often meetings are cancelled or rebooked, how long meetings usually take and the average age and geographical distribution of the users of the Service. Health data is processed whenever necessary for Mindler AB’s management of its health and medical assistance services, including the Service. The remaining personal data is processed pursuant to legitimate interests, including Mindler AB’s interest in developing and improving the Service and the use of it.
- To develop and improve the Service. Technical data (including general feedback) and compiled statistics may be used as a basis to continue to develop and improve the Service and the user experience. This is done pursuant to legitimate interests, including Mindler AB’s interest in developing and streamlining its methods for offering care.
- THE LENGTH OF TIME FOR WHICH YOUR DATA IS SAVED
Your personal data is only saved for as long as the data is needed to fulfil the purpose of the treatment, as described above. Unfortunately, it is not possible to specify in advance exactly how long this will be for all data.
In general, your personal data and contact details are saved in the Service for as long as you still have your account. If you have not used your account for [180 days], it will automatically be erased in the Service along with your personal data and contact details. Technical data is erased or de-identified in normal cases [60 days] after the meeting.
Nevertheless, your personal data may need to be saved for a longer period, if such is required to comply with legal obligations (e.g. in accordance with the Patient Data Act). For example, your patient records must be saved for at least ten years after the last note.
- YOUR DATA MAY BE SHARED WITH OTHERS
Your personal data may sometimes need to be transferred to or shared with others whenever necessary or justified. For example, your personal data is shared with:
- Persons who work with us. Your personal data may be shared with persons who work at Mindler AB, but only if the person is involved in your care or requires the information for any other reason for his or her work in health care and medical assistance.
- Suppliers and subcontractors. Your personal data may be transferred to or shared with selected companies that supply various types of services to Mindler AB. For example, the digital platform for the Service is developed and provided by Visiba Group AB (the “Service Provider“), on our behalf.
The Service Provider only deals with information existing in the Service. The Service Provider may not access your health data or other data contained in your patient records. The Service Provider and other suppliers are covered by the same rules on confidentiality as those applying to Mindler AB and may only process your personal data in accordance with our instructions.
- Referrals. If you and the Treatment Provider decide that you need a referral to a clinic, the Treatment Provider will write and send a referral to it.
- Authorities. Mindler AB may also need to provide necessary information to authorities (e.g., to the Swedish National Board of Health and Welfare, the Swedish Institute for Infectious Disease Control, the police or other authorities), if required by law or if you have granted your approval. You have a right to obtain more information about Mindler AB’s obligation to provide information in accordance with law.
- YOUR DATA WILL BE PROCESSED WITHIN THE EU/EEA
Mindler AB will only process your personal data in Sweden or within the EU/EEA. Your personal data will not be transferred to or processed in any country outside the EU/EEA without your express consent.
- YOUR RIGHTS
It is your personal data. You therefore have a right to obtain information on and determine how your personal data is processed by Mindler AB. A brief summary of your rights is set out below.
- The right to object to processing. You have a right to object to your personal data being processed for legitimate interests. In that case, Mindler AB either shows that there are legitimate reasons for the processing that outweigh your interests or else stops processing the data. You can contact us at any time to obtain more information about the balancing of interests that has been carried out.
- The right to access and move your data. You can request a free copy of your personal data and information on how it has been obtained and how it is being used and distributed, etc. at any time. This also applies to information contained in your patient records. You also have a right to transfer your personal data to another personal data controller.
- The right to receive extracts from logs. When someone reads electronic patient records, it is registered in a log. As the patient, you can receive an extract from the log to see who has looked at your records.
- The right to erase data. You have a right to ask for your personal data to be erased if it is no longer necessary for the purpose for which it was collected or if there is no legal basis for processing the data.
- The right to block data. You have a right to ask for electronic access to the data contained in your patient records to be blocked. Please note that a block can only be set in electronic records, not in records that only exist on paper. You can remove the block at any time.
- The right to correct information. You have a right to correct inaccurate or incomplete data on you. If you consider that a detail in your patient records is inaccurate or misleading, you have a right to ask for a note to that effect to be entered in the records.
- The right to restriction. You have a right to ask for the processing of your personal data to be restricted until inaccurate data has been corrected or an objection from you has been investigated.
- The right to damages. You have a right to claim compensation if you have suffered damage as a result of the fact that your personal data has been processed in a manner contrary to law.
There may be additional requirements or provisions that restrict or extend your rights. There can also be legal obligations that prevent us from issuing or moving parts of your data or from blocking or erasing your data. These obligations derive from sources such as the Patient Data Act and other health and medical assistance legislation, confidentiality legislation, archiving legislation and accounting and tax legislation. If your data must be saved due to legal obligations, the data can only be used to fulfil those obligations and for no other purpose.
You have a right to obtain more information on the privacy and security provisions applying to your personal data and its processing.
- YOU CAN CONTACT US AT ANY TIME
Mindler AB is registered with the Swedish Companies Registration Office under organisation number 559150-0722 and its head office is at Hälsingegatan 45, 113 31 Stockholm.
Mindler AB is the personal data controller for the processing of your personal data as described above. Mindler AB complies with Swedish data protection legislation, including the Data Protection Regulation (GDPR).
You can contact us at any time if you have any questions about your personal data by sending an e-mail to email@example.com .
You have a right to contact and file a complaint with the Data Protection Authority if you think we have processed your personal data incorrectly.