- We would like to clarify the responsibilities for protecting your rights and your privacy.
- We would to explain how we use the personal data that you share with us, so that we can offer you our services and give you the best possible experience when you are using them, as well as when you are in contact with us.
2. Parties responsible for the processing of your personal data
Nordic Executive Medicine AB, organization number 559076–6381, Blandargatan 10, 752 21 Uppsala, hereinafter also referred to as “NEM,” “the company,” “we,” “us” or “our” is a provider of medical services to both private and corporate customers, these services are collectively referred to below as “Service.” Nordic Executive Medicine AB is responsible for personal data processing of your personal data within the Service, while our provider of electronic health records, Kaddio AB, organization number: 559057-7564 is the Personal Data Processor responsible for processing the sensitive personal data that you provide to us within the Service. “Customer” is the registered natural or legal person at NEM, to whom the Service is provided, and which may include private individuals, companies, healthcare centers, small and large hospitals, occupational healthcare units, staffing companies, etc. You, the current customer, have contact information registered with us, so that we can deliver our Service to you, in accordance with a valid agreement. The company is responsible for personal data processing of the personal data that you share with us when:
- you order the Service and become a customer,
- you enter into an agreement with Nordic Executive Medicine AB and become a customer
- you are registered as a contact person at Nordic Executive Medicine AB for your company, organization etc.
- you have a question and/or contact us through a communication channel
- you visit our website and accept cookies
3. What personal data do we process about you?
When you order the Service, we collect contact information about you. If you are a natural person and part of an active agreement with us, we always have customer information about you. The scope of personal data varies depending on the Service(s) you purchase from us. If you have a question or contact us regarding any other matter, the amount and category of personal data may vary depending on the communication channels used. Categories of personal are data usually contact information and company information. As a registered healthcare provider under the supervision of the Swedish Health and Social Care Inspectorate, IVO (VE-2019–043860), we also come in contact with sensitive personal data in the form of health information (medical records, health data, etc.). In order to be able to process this data in accordance with GDPR and to fulfill the requirements of the Swedish National Board of Health and Welfare, we use encrypted patient record systems in our clinical setting. Processing of sensitive personal data, such as patient data, occurs only after you as an individual customer have chosen to share this personal information with us, through a signed Information and Consent form – or in exceptional cases when you contact us and give us an oral consent, so that we may offer you treatment and simultaneously process your personal data.
4. Why do we process your personal data?
Nordic Executive Medicine AB collects information about you as a customer in order to handle your order, to create and improve business relationships, collect interest reports, for marketing and statistical purposes, to be able to invoice you, as a basis under the Swedish Bookkeeping Act, and to identify you and to be able to offer you as an individual customer the best possible care, based on your patient data. We use subcontractors to increase the security of the processing of your personal data. As a private health care provider, we are obliged to follow the same confidentiality and professional secrecy, as any other public health care provider. As a result, we have established routines for handling sensitive and confidential personal data, and we follow the guidelines that apply to quality assurance and quality development for caregivers, as specified by the Swedish National Board of Health and Welfare (SOSFS 2005:12). Nordic Executive Medicine AB is compliant with the laws, rules, and regulations that apply at any given moment when handling sensitive personal data. All staff at Nordic Executive Medicine AB must at all times comply with the laws and regulations that apply for qualified personnel within the Swedish healthcare system. All staff categories follow a code of confidentiality and the certificates of registration of our medical staff, have been issued by the Swedish National Board of Health and Welfare.
We also process personal data in order to send evaluations and conduct follow-ups of customer satisfaction. When you contact us through an appropriate communication channel, the information about you is used to handle your inquiry, to contact you and to help improve our Service, by storing recurrent inquiries from you or other persons with similar questions. If you visit the company’s website and approve our cookies, you accept the processing of your information.
5. Who do we share personal
We do not share personal data with other operators for any purpose other than to improve the quality of our Service, to improve our ability to process your personal data in a secure manner, and where appropriate, after obtaining an informed written consent and/or oral consent from the individual customer to process his/her personal data through a specific third party. The latter may be considered when the customer wishes to hire a partner and/or subcontractor/consultant of Nordic Executive Medicine AB, or another healthcare provider to perform a specific part of the Service. In such cases, we will fulfill our obligations, as well as inform you or help you by handling your case in any way can. We will do this by helping you to get in touch with another healthcare provider, partner or subcontractor/consultant of the company, via, e.g., a referral that contains relevant medical information, including sensitive personal data. The processing of your personal data, such as storage and structuring takes place in systems that are secure and encrypted.
6. How long do we store your personal data?
Nordic Executive Medicine AB stores personal data about you as a customer for as long as there is an agreement or is necessary for achieving the purposes described within this Policy. At the end of the contract, your information may be saved for a while thereafter. The length and scope of personal data storage depend on the relationship that you have had with Nordic Executive Medicine AB. Your data may be stored for a longer period of time, e.g., in order to track payment history in accordance with the Swedish Bookkeeping Act. Sensitive personal data, such as patient records are stored as long as laws and regulations require it, in order for us as healthcare providers to be able to fulfill our obligations to e.g. the Swedish Patient Safety Act, the Swedish Health and Social Care Inspectorate and the Swedish National Board of Health and Welfare.
7. What rights do you have?
You who are registered with Nordic Executive Medicine AB have several rights that you should know about. You have the right to request, free of charge, a record of what information is recorded about you, including sensitive personal data such as medical records and other patient information that concerns you. In some cases, you are also entitled to the data portability of your personal data. You have the right to have your personal data corrected if its incorrect, incomplete, or misleading and have the right to limit the processing of your personal data until it has been changed. You often have the right to be removed from our records, but deletion of personal data cannot be done, if it is required to fulfill an agreement or if another Swedish or European law, court or authority decision says otherwise, and if it’s based on a balance of interests. Should you find that there is no justified reason or that the balance of interests is incorrect, you have the right to object to the processing of personal data. You also have the right to revoke a given consent, submit complaints about the personal data processing to the Swedish Data Protection Authority (DPA), oppose automatic decision making, profiling and object to direct marketing.
For those with sensitive personal data registered through our Personal Data Processor Kaddio AB, you have the following rights: only healthcare professionals who participate in your care have the right to access your patient records. Your personal information is designed and processed in such a way that your privacy and security are protected and strengthened. As an individual customer, you have the right to know who has read your medical records, and when it happened. Your patient information is handled and stored so that unauthorized persons cannot access it. You have the right to block your medical records so that they are not passed forward to another healthcare provider, and you have the right to have dissenting opinions recorded in your medical records with us.
8. If you would like to know more
If you have questions regarding this Policy and the processing of your personal data, would like to delete or change incorrect information or would like an extract from the register of our subcontractors/Personal Data Processors who process personal data, you can contact us through the contact information available on Nordic Executive Medicine AB’s website.