2. Who is responsible for the processing of personal data?
Hidroxa Medical AB, corporate identity number 556965-8247 ("Hidroxa Medical AB"), owns and provides the technical platform and website www.hidroxa.com (the "Website") and is responsible for the processing of the personal data you register on The website, until you have initiated the actual contact with the Caregiver (defined below) for assessment, treatment and follow-up. When you seek care at Hidroxa Online, the Caregiver is responsible for the performance of the health care, including the processing of personal data that takes place in connection with your use of the Services. In practice, this means that as soon as you start submitting information about your health (eg by filling in forms before the meeting) or making choices regarding your treatment, the responsibility for your personal data passes to the Caregiver.
It is also Hidroxa Medical AB with organization number 556965-8247 (the “Caregiver”), which provides the care within the Services, unless otherwise clearly communicated to you on the Website in connection with your use of the Services. In relation to personal data processing that takes place in connection with care, the Caregiver acts as personal data controller.
Hidroxa Medical AB, as a provider of the platform and related services as well as care providers, handles the processing of personal data that occurs in connection therewith. This includes, for example, treatment in connection with operation, maintenance, troubleshooting, support in work with quality assurance and improvement of care services, as well as in the work with regulatory compliance and information security. In the event that another care provider joins the Hidroxa platform and thus processes your personal data in connection with you using the Services, we will inform you before you use the Services so that you always know who is the personal data responsible care provider.
If you have questions or comments about the processing of your personal data in connection with your use of the Services, you are always welcome to contact us or our data protection representative via our website at www.hidroxs.com/se/contacts or by sending an email to customer service @ hidroxa.com.
3. From where do we collect the personal data that is processed about you when you use the Services?
3.1 Personal information registered via your user account on the Website
Hidroxa Medical AB processes the personal information about you that you register via your booking of video calls (such as name, social security number, address and email address) with us or buys one of our products and then the information that you register when you use the Website.
In addition, we may automatically collect and process the following information:
- (I) technical information including IP address, login information, type and version of operating system and device, time settings, screen settings, language, cookies, etc.
- (II) information about the Services you have used with us, time spent on matters, which pages and functions you have used, etc.
3.2 Personal information to and from the Caregiver
Contact with the Caregiver
In connection with you seeking care from us, you will be asked to share information related to your physical and / or mental health. You do this mainly by filling in the relevant health declaration on the Website. This information may include, but is not limited to, information that you are suffering from a disease, your medical history or your physiological or biomedical condition. The care provider may also provide personal information about you in order to provide and follow up the health care that you receive within the framework of the Services.
See more about how your information may be made available to other care providers and how you can oppose this in sections 7.3 and 9 below.
3.3 Personal data from third parties including other care providers
Your personal information may also be updated and processed by us as Patient Data based on the health care you have received from a care provider other than Hidroxa. In cases where this information is deemed relevant for the provision of health care within the framework of the Services, it may be saved and processed by the Caregiver and entered in your patient record by treating health care staff. This includes, for example, information about your medical history that medical staff receive via the National Patient Overview (NPÖ) to the extent that it is deemed relevant to help you with your care matter.
In addition, Hidroxa Medical and Vårdgivaren will continuously collect updated information about you via the Swedish Personal Address Register (SPAR) in order to provide the Services, so that the correct information about you is available at all times and thereby facilitate your contact with Vårdgivaren. This information includes name, address, place of residence, country and if you have a protected identity.
4. Where is your personal data stored?
The website is a self-developed technical platform that is owned and controlled by Hidroxa Medical in combination with the use of the KryConnect platform and the Webdoc medical record system. When purchasing our products and paying for video calls, parts of personal data are stored in Hidroxa's account with the company that handles the payment, such as Klarna, Stripe, Paypal. When purchasing our products, personal information is stored together with the information of the purchase in Magento. These systems are developed and quality assured on an ongoing basis. Most of your personal information that we handle in connection with your use of the Services is not saved in your mobile or tablet. This personal data is instead stored by Hidroxa Medical in infrastructure provided by one of Hidroxa Medical's personal data assistants. Personal data is handled and stored mainly within the EU / EEA. Your patient record is always stored within the EU / EEA.
5. What personal data is handled when you are using Hidroxas services and why?
5.1 Hidroxa’s handling of your user data?
Hidroxa Medical processes your User Data (as described above in section 3.1) in order to:
- (I) process your booking or cancellation of your video call on the Website
- ((II) be able to make purchases including payment and send products you ordered to you
- ((III) Ensure your identity and age
- ((IV) maintain accurate and up-to-date information about you, and to enable and facilitate you to get in touch with the Caregiver quickly
- ((V) manage your choices of settings and payment information
- ((VI) assist you with support matters and inquiries regarding your use of the Website (VII) deliver the Services and products to you in accordance with our Terms and Conditions
We rely on the legal basis "Agreement" (Article 6 (1) (b) of the Data Protection Regulation, "GDPR") to process your personal data through the agreement (our General Terms and Conditions) that you have entered into with Hidroxa Medical in order to provide the Services, including enabling the Caregiver's providing good care in connection with your use of the Services.
5.2 The caregiver/Hidroxas providing of health care services and other services
The care provider processes Patient Data (as described above in section 3.2) in order to be able to provide the Services in the form of health care, e.g. to provide you with medical advice, prescribe medicines, issue referrals, and perform necessary administration such as handling payments, as well as data related to the purchase of our products and service matters related to this and traceability and follow-up of medical devices on the market. We therefore mainly process your Patient Data in order to be able to perform the care you requested (GDPR 6.1 c and 9.2 h) and applicable Swedish law (mainly Patient Data Act (2008: 355) and EU law (MDR). Processing of your Patient Data takes place exceptionally with support of special consent in accordance with Article 6 (1) (a) of the GDPR (see section 5.3 below) and to fulfill other of the Caregiver's obligations under law (see section 5.6 below) in accordance with Article 6 (1) (c) and 9 (2) (h) of the GDPR. obliged to save for a certain period of time.Hidroxa Medical ensures the quality and also develops the Services.
5.3 Providing of support services related to your use of the Services and other services
Hidroxa Medical may communicate with you as a user of the Services. This includes answering inquiries and investigating complaints and other support matters (including technical support) through our support service by telephone or in our digital channels. Depending on your case, you may share additional User Data and Patient Data which we then process in order to be able to help you make the best use of the Services. We may also contact you with advice and recommendations by telephone or notices when we deem that you need such information for medical reasons or when help with our products requires this. For example, to find out how you respond to your treatment, to recommend new contact with healthcare and in similar circumstances.
Hidroxa Medical and the Caregiver provide support as above as part of the Services (ie to be able to fulfill the agreement between you and Hidroxa Medical, (GDPR 6.1 b). To the extent that the support services are related to care or processing of Patient Data (or sensitive personal data if you) the processing takes place on the basis of the caregiver's right to process personal data in connection with the administration of the care activities (GDPR 9.2 h and the Patient Data Act (2008: 355). obligations under mandatory health care legislation (GDPR 6.1 c. See also section 5.5 below).
With the support of special consent, we may provide certain other services to you within the framework of the Services. This includes, for example, obtaining information about your printed prescriptions from the eHealth Authority to be able to remind you when it is time to renew or take prescribed medicine, or to add appointments with Hidroxa to your calendar.
5.4 Marketing of products and services as well as analysis and development of Hidroxa Medical
Hidroxa Medical processes parts of your User Data (as described above in section 3.1) for direct marketing to you via email and SMS or other similar electronic channels for communication, for example in connection with campaigns and offers in collaboration with partners to Hidroxa Medical. This includes processing of information about you, including your name, contact information, gender, age, place of residence and whether you have children or not. However, sensitive information such as Patient Data is not used for direct marketing. The processing of personal data for direct marketing takes place with the support of your consent (6.1 a GDPR) which you can withdraw at any time in accordance with section 9 below.
Hidroxa Medical also processes User Data, ie not Patient Data, about your use of the Services in order to understand how the Services are used and to improve the user experience and functionality in the App. The processing of personal data for analysis and development takes place on the basis of our legitimate interest (Article 6 (1) (f) of the GDPR).
5.5 Quality assurance and development of the health care services of Hidroxa Medical
Hidroxa Medical may process your personal data in order to understand usage and to develop and improve the care services provided within the Services, for example by improving user interfaces and functionality. Hidroxa Medical also processes your personal data in its quality improvement work in order to continuously increase security, medical quality, efficiency and availability of the Services. Processing of personal data for the purposes specified in this section takes place with the support of caregivers' right to process personal data in connection with quality assurance and improvement of care (GDPR 6.1 f and the Patient Data Act (2008: 355).
5.6 To fulfill legal obligations
Hidroxa Medical may process your User Data and Patient Data (as described above in sections 3.1-3.2) on the basis of the legal basis "legal obligation" (Article 6.1 c of the GDPR) to fulfill obligations under laws, judgments or government decisions (for example regarding requirements from the Swedish Health and Care Inspectorate, IVO or the National Board of Health and Welfare). We otherwise store and process your personal data to the extent necessary for us to be able to fulfill our legal obligations and the requirements set by law.
6. How long do we store your personal data?
We only process your personal data for as long as is necessary for the purposes for which the data in question is processed in accordance with section 5 above, i.e. as long as it is necessary to be able to provide good care or otherwise be able to deliver the Services or to fulfill the legal obligations incumbent on us. Hidroxa Medical has an obligation to keep patient records linked to care meetings with you for a certain specific time. We also have routines for how we store or de identify personal data in order to continuously ensure that your personal data is at all times adequate and relevant to our continued provision of the Services. All information that is not needed for the performance and development of the Services or for quality assurance purposes, is anonymised and saved after the purpose of the information has been fulfilled or is deleted automatically. User data stored with the support of your consent will be deleted if you revoke your consent. In section 10, you can read more about how to exercise your right to revoke your consent. In this regard, we ask you to note that Hidroxa Medical handles your personal data for various purposes (both as a technical supplier but also as a care provider). Revocation of consent does not affect the Caregiver's obligation to keep a record or to process personal data in accordance with applicable laws.
7. Third parties with whom your personal information may be shared when you use the Services
7.1 Subcontractors to Hidroxa Medical
7.2 Subcontractors to the Health caregiver/Hidroxa
The care provider ensures that the patient record is kept in connection with the provision of care within the framework of the Services in accordance with current legislation. The records are stored in record systems outside the Website of the supplier who acts as personal data assistant to the Caregiver and thus only handles personal data in accordance with the Caregiver's instructions. The care provider is responsible for the personal data (Patient data) stored in the records.
7.3 Other care providers, Coherent medical record keeping, etc
The care provider is not affiliated with the National Patient Overview (NPÖ), which is a national system for so-called coherent medical record keeping. If Hidroxa Medical joins NPÖ in the future, you will be informed of this via the email address you have provided when booking future video calls. If this happens, the following applies: that if you seek care from a care provider other than Hidroxa, he may, provided that the record is relevant for that care provider to be able to give you care and provided that you have consented to it, gain access to your record. The purpose of coherent record keeping is to be able to provide you with good and safe care and so that you do not have to repeat your care history for the other care provider. You have the right to oppose coherent record keeping and to block your record information from being part of a coherent record keeping. Your patient record is also made available within the swedish national e-service "Journalen" so that you can access it via 1177.se.
Read more about the Journal and cohesive record keeping, as well as how you can oppose such treatment of your record via our email [email protected] In the event that you are referred to another care provider with the assumption of care responsibility, your medical record may also be shared with such care provider in order for him or her to be responsible for your continued care. However, we always inform you specifically before this happens.
7.4 Insurance companies
8. Third country transfer
Hidroxa Medical / Vårdgivaren uses IT suppliers for, for example, hosting, operational services and support, which have operations outside Sweden. When using such providers, Hidroxa Medical and Vårdgivaren try to ensure that they only store and process personal data within the EU / EEA. In limited cases, however, Hidroxa Medical and the Caregiver may transfer your personal data to countries outside the EU / EEA, where laws that do not provide your personal data with the same protection may apply.
However, the transfer of personal data to countries outside the EU / EEA takes place only in exceptional cases and only on the condition that the transfer is legal in accordance with applicable data protection legislation. Measures to ensure legality are normally included in the European Commission's standard contractual clauses for third country transfers with the supplier.
9. Your rights as registered on the Website and users of the Services
You have the right to receive information about which of your personal data we process, for what purpose it is processed, whether such personal data is transferred to third countries and which third parties have received your personal data. To clarify, you can contact us at any time to
- (I) request access to and obtain information about what personal data is processed in connection with your use of the Website and / or the Services, including your record, who has gained access to it and why;
- (II) ask us to correct any inaccurate information about you;
- (III) request that your personal data be deleted (here, however, we ask you to note that the Caregiver has obligations under law to save certain personal data, especially related to Patient Data including your patient record and that data for traceability of products on the market must also be saved). At your request, however, all personal data that we do not have a legal obligation to store or otherwise need to safeguard legal claims will be deleted;
- (IV) withdraw the consent you have given to Hidroxa Medical or the Caregiver.
- (V) object to the processing of personal data;
- (VI) request the transfer of personal data to another personal data controller by obtaining your personal data, to the extent that they are provided by you, in an electronic format commonly used to transfer them to another party (the right to data portability);
- (VII) get help and information about requesting blocking of information in your medical record, which means that no other care provider can access it via coherent medical record keeping.
If you wish to get in touch with us regarding any of these points, you can contact us via our website or by sending an email to [email protected]
10. Right to complain to the supervisory authority