What is GDPR?
1. What is GDPR and what does it really mean for me?
2. What is "personal information"?
Personal information is all kinds of information that can be directly or indirectly linked to a living person. Examples of personal information are the name, social security number, postal address, and email address, but also other information related to the physical, genetic, mental, economic, cultural, or social identity of a person.
3. How does Hidroxa handle my personal data? What kind of security do you have?
Our goal is to always provide high-quality health care and/or service to you and to be able to do so, we collect personal information about you as described above. In cases where you buy products in Hidroxa's webshop, information about your purchase is saved together with contact information. If you contact our support/customer service, that information will be saved in order to be able to follow up on cases that arise if you seek help from our customer service again. Sometimes parts of the information can be used to monitor the safety of our products and then shared with our manufacturers and partners in order to ensure the improvement of work/follow-up of our products on the market. If you seek health care from us, that information is retained internally and is not shared with any of our partners. Access to this data is limited to people who provide healthcare to you, work on our customer service/administration, or as part of our continuous quality work and product development to the extent necessary. We here at Hidroxa take your safety very seriously and are constantly working to ensure the safety of our systems. We do this by using a combination of our own experts, automatic and manual tests.
4. What kind of personal data does Hidroxa handle about me?
We process basic personal information such as name, address, social security number and telephone number, email address. This data is necessary for you to be able to place orders from our webshop and for us to be able to send the products to you, that we should be able to help you with returns and any problems that arise with products that you have bought from us and to monitor/follow the medical devices sold by us. In cases where you seek care from us, we also process medical data submitted by you or obtained from other care providers with your consent. This together with your other personal information is necessary for us to be able to identify you to know that it is really you who is seeking care, for you to be able to book an appointment for video calls with us, and to be able to keep a patient record.
5. So, where do you store my personal information?
Hidroxa stores most of the personal data on encrypted servers within the EU. These servers are provided by a subcontractor who only stores and does not have access to your personal information. When you make a purchase through one of our partners who handle payments such as Paypal, Klarna, or Stripe, they have their own routines for handling personal data and the information you receive from and approve from them.
For those of you who seek care at our digital sweat clinic, Hidroxa Online, the following applies: Personal information that is registered in connection with you filling in the Health Declaration is stored, unidentified, on a subcontractors server. This information is handled by the doctor with which you must have the video call, with the help of an ID, in order to be able to ensure who the Health Declaration belongs to. The doctor then transfers the Health Declaration to your medical chart.
6. Does this mean that you send my personal data outside Sweden or the EU?
We do not store sensitive personal data (such as medical or health data) outside the EU. Sometimes parts of your personal data may be processed by partners outside the EU. Such a transfer outside the EU only takes place provided that the transfer is legal under current data protection laws.
7. How long do you store my personal information?
Medical information about you is stored in accordance with current patient data legislation, which requires the data to be stored for a certain period of time. Non-medical personal data is stored only to the extent necessary for us to be able to offer a high-quality service, in accordance with the GDPR and other applicable data protection laws. When it comes to the purchase of our medical technology products, personal data is stored together with the ID of the product for traceability in the event of an incident with the product and to be able to offer good service and follow-up service matters.
8. I would like to be "forgotten" and that you delete all personal information about me from your systems. How does this work and how long does it take?
As a patient, most of the data we process is classified as medical data. In accordance with patient data laws, such data must be stored for a specified period of time. Such data is therefore not covered by the right to be forgotten. This also applies to the traceability of sales of medical devices. Therefore, personal data together with an ID on the machine is not covered by the right to be forgotten as long as you as a customer have the product in your possession. When it comes to other personal information (non-medical data), however, such as certain contact information, you are welcome to contact us by email at [email protected] and we will satisfy your request. If you request to be forgotten, non-medical data will be deleted as soon as possible but not later than 30 days after the request is received. We will confirm in writing which data has been deleted and when this has happened.
9. If I have further questions about Hidroxa's personal data processing, who should I contact?
You can always contact us by email at [email protected] regarding questions about privacy and data processing. We do our best to answer your question as soon as possible.