Integritety policy

Uppdaterad: 2023-01-02

Medoma Integrity Policy

At Medoma AB ("Medoma","we" or "us"), we protect your personal privacy. This information ("Privacy Policy") informs you about how we, as the controller of personal data, process your personal data in connection with, for example, applying for a job with us, participating in some of our events, visiting our website www.medoma.com or otherwise come in contact with us. It also describes your rights and how you can enforce them.

Medoma is a modern healthcare company. We believe that, with a combination of a patient-adapted care model, great careproviders, good processes and the latest technology, we can create good care in a way that has not been possible before. We always strive to use the latest technology and create the very best care experience.

Terms defined by law, such as "personaldata", "processing" and "personal datacontroller" shall in this Privacy Policy have the same meaning as inthe relevant law, unless otherwise stated.

Processing refers to all actions involving your personal data including collection,handling, storage, sharing, access, use, transfer and deletion or destruction.

"Personal data" refers to any information that can be directly or indirectly (e.g. in combination withother information) linked to an identifiable or identified natural person.

A personal data controller is a natural or legal person who, alone or together with others, determines the purposes and means for the processing of personal data.

"Applicable Data Protection Legislation" means the legislation, regulations and regulations in force from time to time, including regulations issued by the relevant supervisory authorities, regarding the protection of the fundamental rights and freedoms of natural persons and in particular the right to the protection of their personal data which is applicable to the current processing, including the European Parliament's and Council Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Directive 95/46/EC (General Data Protection Regulation) ("Data Protection Regulation ")as well as legislation, ordinances and regulations that supplement the Data Protection Regulation.

If you have any questions regarding ou rhandling of your personal data, you are always welcome to contact us via the contact details at the end of this privacy policy.

1. Medomas processing of patient data on behalf of care givers.

Medoma acts as a subcontractor to healthcare providers. When Medoma processes patients' patient data, Medoma does so in the capacity of personal data processor to the healthcare provider, whoacts as the personal data controller. This Privacy Policy does not describe Medoma's treatment of patients' personal data in Medoma's role as personal data processor.

For information about healthcare providers 'processing of patients' personal data, please see your current healthcare provider's privacy policy.

If, as a patient and user of Medoma's services, you want to know which personal data Medoma processes about you, you are welcome to contact us.However, in cases where we act as a personal data processor for a healthcare provider, we may need to ask you to contact your current healthcare provider directly. It is only after instructions from the healthcare provider that Medoma can answer your request

2. Where we collect personal information

We collect personal information:

i.                 You, e.g. when you send a work application to you, when you apply for one of our events or information which you provide us countinously during a recruitment process. (e.g during interviews).

ii.                 Publicy available sources, such as public registers and social media within the context of background checks which we perform regarding certain potential candidates for a position at Medoma.

iii.                 References which you have named, to the degree that we collect personal infomation from you regarding your references during a recruitment process.

3.   When and why we collect personal information

3.1 Recruitment of new talent

Conduct Recruitment Processes

Medoma processes your personal data for the purpose of handling your application during a recruitment process. During the recruitment process, we also process your personal data to review received application documents, assess them and to conduct interviews.

We ask you not to provide us with sensitive personal data in your application, for example by providing information about your health in your personal letter.

Categories of personal data: Identity data, Contact data, Data in CV, Data in personal letter,Interview notes, Information from references

Legal basis:The processing is necessary to satisfy Medoma's legitimate interest inrecruiting new employees and to evaluate candidates when recruiting newemployees.

Retention period: Personal data is kept until the position is filled.    

Save your application for future hiring

In the event that you have applied for aposition at Medoma but we have not been able to offer you a position, we can also save your application for future recruitments. In such cases, we will ask for your consent. If you agree, we may contact you if a position becomes available with us that we judge fits your profile.

Categories of personal data: Identity data, Contact data, Data in CV, Data in personal letter, Interview notes, Information from references

Legal basis: The processing takes place with the support of your consent.

Retention period: Personal data is kept for a period of 12 months after the current recruitment process has ended. However, you can withdraw your consent at anytime.

Conducting background checks

As part of the recruitment process, we may perform background checks in order to further evaluate your application. Such background checks may include searches against the National Board of Health and Welfare's register of certified healthcare personnel, to the extent that Medoma's customer requests this.

Categories of personal data: Identity data(including social security number), Contact data, if information about identification, possibly information on social media

Legal basis: The processing is necessary for Medoma's legitimate interest in evaluating your application and for our and our customers' legitimate interest in establishing that we can offer the right person (including, where applicable, with the right certified competence) employment with Medoma.

Processing of social security numbers is necessary regarding the purpose of the processing.

Retention period: Personal data is kept until the position is filled.

Find suitable candidates

In order to search for suitable candidates for vacant and future positions at Medoma, we may process your personal data.

Categories of personal data: Identity data, Contact data, Data in CV, Data in personal letter

Legal basis: The processing is necessaryfor Medoma's legitimate interest in searching for and contacting suitablecandidates for positions with us.

Retention period: Personal data is kept until the position is filled.

Let applicants connect with us and/or send an open application

If you choose to connect with Medoma or submit an open application to us, we may contact you if a position becomes available with us that we deem to fit your profile.

Categories of personal data: The categories of personal data vary depending on the data you choose to provide to Medoma, but may include Identity data, Contact data, Data in CV, Data in cover letter

Legal basis: The processing takes place with the support of your consent.

Retention period: Personal data is kept until you withdraw your consent. You can withdraw your consent at any time.  

To follow and to be able to show that we follow labour legislation

We work actively to counteract all types of discrimination in our recruitment processes. As an employer, Medoma also has an obligation to comply with labor legislation, such as the Discrimination Act (sve: Diskrimineringslagen) . We retain certain recruitment documents after an employment process has ended in order to be able to show on what grounds we have chosen to proceed with certain candidates, as an example.

Categories of personal data: Identity data, Contact data, Interview notes, Information fromreferences, any sensitive personal data such as health information

Legal basis: The processing is necessary to satisfy our legitimate interest in handling orresponding to legal requirements, e.g. in the event of a dispute and legalprocess.

Any sensitive personal data, for example information about health, is only processed if it is necessary to establish,assert or defend legal claims.

Retention period: Data relevant to an individual recruitment process such as interview notes and information from references are saved for two (2) years after the recruitment process has ended.

3.2 Processing regarding stakeholders,customer contacts and participants in events

Provide you with information about our business and events

We may process your personal data to provide you with marketing about our services, such as invitations to events and other marketing activities, such as e-mails to stakeholders regarding Medoma's operations. You can unsubscribe from our mailings at any time by clicking on the unsubscribe link in the mailing or by contacting us.

Categories of personal data: Identity data, Contact data

Legal basis:The treatment is based on your consent if you yourself have signed up formailings or signed up for an event.

The processing may otherwise be necessaryto satisfy our legitimate interest in sending you information about ourbusiness.

Retention period: Personal data is kept for two (2) years from your last activity or until you have notified us that you no longer wish to receive mailings.

You always have the option to refuse to receive future mailings about marketing from us, in which case we will cease marketing. Every mailing from Medoma for marketing purposes contains an option to unsubscribe. If you unsubscribe, we will stop marketing.

Manage business relationships with potential and existing customers

In order to establish and manage business relationships with potential and existing customers, we process your personal data, e.g. to be able to contact you as a potential customer contact regarding Medoma's services and products.

Categories of personal data: Identity data (including social security number for individual companies), Contact data, Organizational data

Legal basis: The processing is necessary to satisfy our legitimate interest inmanaging and maintaining business relations with the company you represent.

Processing of social security numbers is necessary with regards to the purpose of the processing.

Retention period: Personal data is retained, if a business relationship has not developed, two (2) years since the last contact with you.

Personal data is preserved, if there is already a business relationship, for as long as the contractual relationship applies and for a subsequent period that is necessary to establish, assert or defend legal claims, which can be up to the general limitation period, which in Sweden is ten (10) years.  

Implementation of seminars, training courses and other marketing activities

In order to be able to provide and administer seminars, training courses and other marketing activities, we process the participants' personal data.

Categories of personal data: Identity data, Contact data, Organizational data, Information on registration for and participation in events, Dietary preferences (including any allergies, where necessary)

Legal basis: The processing is based on Medoma's legitimate interest in being able to administer and carry out seminars and training courses that you have signed up for.

Data on dietary preferences (including any allergies, where necessary) are processed with the support of your express consent.

Retention period: Personal data is kept during the relevant training and thereafter for one (1) year for marketing purposes.

Data on dietary preferences are deleted after the event has been completed.

3.3 Data Processing on our web page

Evaluate and follow up on the usage of our website

In order to analyze and better understand how you use our website, we process your personal data that we e.g. has collected via cookies and similar technologies. This is done, among other things, by collecting information about the individual web pages you visited, which websites or keywords referred you to the website and information about how you interact with the website.

Categories of personal data: User-generated data, Identity data, Geographical data

Legal basis: The processing is necessary to satisfy our legitimate interest in evaluating and monitoring the use of our website.

The processing is based on your consent where required by law.

Retention period: Reports at an overall level that do not contain any personal data and statistics are stored indefinitely.

Improve your experience on our website

In order to improve your experience on our website and provide you with tailored content when appropriate, we will collect and process your personal data, e.g. via cookies and similar technologies. This means that we e.g. may save information about your browsing history and selected settings on the website for the purposes just mentioned.

Categories of personal data: User-generated data, Identity data, Geographical data

Legal basis: The processing is necessary to satisfy our legitimate interest in improving your experience on our website and providing you with tailored content.

The processing is based on your consentwhere required by law.

Retention period: Reports at an overall level that do not contain any personal data and statistics are stored indefinitely.

3.4    Other processing

4. Recipients which we share personal data with

When necessary, we share personal data with the recipients below. Unless otherwise specified, named recipients are independently responsible for the processing of personal data.

Recipient

Purpose

Legal Basis

Authorities (e.g. the Police and the Swedish Tax Agency) and external auditors

To fulfill any legal obligations to which we are subject, e.g. in connection with requests from authorities or other legal requirements.

Legal obligation. The processing is necessary to fulfill legal obligations to which we are subject.

Authorities (including courts) and legal representatives

To establish, assert and defend legal claims

Legitimate interest. To satisfy our legitimate interest in establishing, asserting and defending legal claims.

Buyers, sellers, external advisors and other involved parties

Enable operational changes, e.g. sale or merger of the business or investments in general.

Legitimate interest. To satisfy our legitimate interest in implementing business changes.

5. Personal data Processors

In order to fulfill the purposes of the processing of personal data, we share your personal data with service providers that we have hired. These suppliers provide e.g. systems for recruitment processes. The service providers we have engaged may only process your Personal Data according to our express instructions and may not use your data for their own purposes.They are also obliged by law and agreement to take appropriate technical and organizational security measures to protect your data..

6. Security measures for transfer  to countries outside the EU/EEA area

If Medoma transfers or discloses your personal data to a recipient in a country outside the EU/EEA area (third country), Medoma will ensure that appropriate protective measures have been taken (such as the European Commission's standard contractual clauses and other necessary measures) to protect the personal data.

Medoma transfers personal data to the following countries:

United States.

According to the Data Protection Regulation, you have the right, on request, to receive a copy of the documentation that demonstrates that the necessary protective measures have been taken in order to protect your personal data when transferred to a third country.

If you would like to know more about the processing of your personal data and if your personal data is transferred to a third country, please contact us at the contact details provided at the end of this Privacy Policy

7. Your rights

In connection with our processing of your personal data, you have, under certain conditions, the right to exercise the following rights. To exercise your rights, you can contact us. You will find our contact details at the end of this Privacy Policy.

Access
You can request confirmation of whether or not we are processing your personal data. If we process personal data about you, you also have the right to receive additional information such as the purpose of the processing. You also have the right to receive a copy of the personal data that we process about you. If the request is made electronically, the information will also be obtained in a commonly used electronic format unless you request otherwise.

Correction
If you discover that personal data relating to you is inaccurate, incomplete or incorrect, you have the right to have yourpersonal data corrected..

Object to certain processing

You can object at any time to the processing of your personal data  based on a legitimate interest, in light of your specific situation. If we cannot demonstrate a compelling legitimate reason for continuing the processing that outweighs your interests, or if the processing is not necessary to establish, assert and defend legal claims, then we are obliged to cease the processing you object to.

Deletion
You can have your personal data deleted under certain circumstances, e.g. when thepersonal data is no longer needed to achieve the purpose for which the personaldata was collected.

Limitationof processing
You can ask us to limit the processing of your personal data to only include the storage of your personal data under special circumstances, e.g. if the processing would be illegal but you do not want your personal data to be deleted.

Withdraw Consent
You always have the right to withdraw your consent to the processing of personal data to the extent that the processing is based on your consent.

DataPortability
You have the right to request to receive a machine-readable copy of the personal data processed on the basis of your consent or when the processing is necessary to fulfill a contract with you, and when personal data have been obtained by you (data portability), and to request that the information be transferred to another personal data controller (if possible).

Complaint to relevant supervisory authority

You are welcome to contact us with questions or complaints regarding the processing of your personal data. However, you also always have the right to submit a complaint regarding thep rocessing of your personal data to the Swedish Privacy Protection Agency(Integritetskyddsmyndigheten). For more information on how to contact the Swedish Data Protection Agency (SWE: Integritetskyddsmyndigheten), visit www.imy.se.www.imy.se.

Data Erasure

Medoma will process your personal data until it is no longer needed to fulfil the above-mentioned purposes or until you request to no longer be registered with Medoma. In such a case, the personal data will be deleted without undue delay. If a business relationship has not developed within three years of Medoma receiving your notification of interest, your personal data will be deleted. Medoma has also established data erasure routines to be able to regularly delete such contact details that no longer fulfil their purpose.

8. Contact information

If you have any questions regarding the processing ofyour personal data or if you wish to exercise any of your rights underApplicable Data Protection Legislation, please contact Medoma at the contactdetails below.

Personal data controller:

Medoma AB, org. nr: 559328-9738
Birger Jarlsgatan 57C
113 56 Stockholm
Sverige

Email adress: dpo@medoma.com

9. Categories of personal data

Below you will find an explanation of the categoriesof personal data that we can collect and save about you.

Categories and: examples of personal data

Details in a CV : Work experience, education, language skills, qualifications, possible Arbetslivserfarenhet,  utbildning, språkkunskaper, kvalifikationer, or pro bono activities

Details in a  personal letter

 Notes from interviews

 Information from references

 Identity details: Name and Surname  and social security number if applicable

Contact Details: Adress, email adress,  phone number

Organizational details: Your associated company, working role, title

Information on registration for and  participation in events: Activity, time

Food Preferences: Food preferences,  Allergies if applicable

Geographical details: Location data  from your device that may be collected via cookies

User generated details: Click and  visit history, technical data relating to devices used and their settings  (e.g. language setting, IP address, browser settings, time zone, operating  system, screen resolution and platform), information about how you have  interacted with us, where and for how long different pages visited, response  times, how you reach and leave the website, etc.

Information about work certificates within the health sector: Information regarding your work certificates from Socialstyrelsens  register över legitimerad hälso- och sjukvårdspersonal.

Infomation on Social Media

 Sensitive personal details: e.g. health details.