- GENERAL INFORMATION
- PERSONAL DATA CONTROLLER
- PERSONAL DATA STORED AND BASIS FOR STORAGE
- RETENTION TIME
- PROTECTION OF YOUR PERSONAL DATA
- YOUR RIGHTS
1. GENERAL INFORMATION
2. PERSONAL DATA CONTROLLER
Inalize AB, corp. ID no. 559302–8623, is the personal data controller for the processing of your personal data, and is therefore responsible for ensuring that your data is handled correctly and securely in accordance with applicable legislation.
If you have any questions about how Inalize handles your personal data or if you wish to exercise your rights, please contact Inalize by email at firstname.lastname@example.org or by letter to Folke Bernadottesväg 445, 256 57 Ramlösa, Sweden.
3. PERSONAL DATA STORED AND BASIS FOR STORAGE
Inalize’s policy means that we save and process as few of your data as possible. The following personal data will be collected by Inalize from you when you use Inalize’s services.
- Personal ID Number
- E-mail address
- Postal code
- Telephone number
- Technical data
(i) When you register in the app to receive test results
(ii) When using the app
When you use the app, your geolocation will in some cases be collected. This will be obtained if you have consented to such disclosure, which is the legal basis. In such cases, the purpose of such processing is to be able to provide you with information about where the nearest mailbox is located. So you can easily mail your test. Technical data may also be collected. This means information generated when you use the application, such as information about the operating system and other technology for the device on which the app is installed, period of visits to the app, when the app was last opened, visit history in the app, information about any crashes, etc. In such cases, the legal basis for the processing of personal data is a balance of interests where Inalize’s interest in being able to make improvements and draw conclusions based on the user pattern outweighs the user’s interest in protecting this data.
(iii) Once you have received your test results
Once you have collected your test results, you can choose to share this information with the Public Health Agency of Sweden. You then choose to divide the first three digits of the postal code, your age and gender, as well as the outcome of the test results. The legal basis for this is consent. The test result will then be deleted. You can also check the box to be called by a contracted healthcare provider. The information shared about you is then your e-mail address and telephone number. The legal basis for this is consent. Inalize may also store and process your e-mail address, as well as information on which test you did. This is to send you relevant offers and reminders. Inalize’s processing of this data is based on a balance of interests where Inalize’s interest is to be able to market its products to the relevant target group.
(iv) When you contact our support or us
When contacting our support, using your name and other contact information is optional. If your request concerns a service through us, we will not be able to help you specifically in this case without you specifying which case in question. If you provide your personal data when you contact us, we will process this in order to be able to answer your question and help you with it. If you are a customer of ours, the legal basis is to be able to fulfill our agreement with you. If you are not our customer, our legal basis is a balance of interests, where Inalize has an interest in being able to answer and handle the questions.
4. RETENTION TIMEInalize stores personal data only as long as necessary to fulfill the objectives for which the data was collected or as long as the company is obliged to store personal data in accordance with the law. Once you have read your result and selected whether you want to share it with a third party, the test result will be deleted. The same applies to information about your name, personal identification number and complete postal code, as well as technical data. Information about your e-mail address and telephone number will be stored to provide you with relevant offers or to allow healthcare providers to contact you, but no more than five (5) years after your last use of the app. Your geographical location will never be stored when you close the app. Your age, gender, if your answer was positive or negative and the first three digits of your postal code will be saved as long as it takes for Inalize and it partners to draw conclusions based on the tests. However, no longer than ten (10) years after the test has been completed. Inalize may share personal information with third parties where you have consented or where there is another legal basis for such processing. Inalize admits, however, that this should be done restrictively. In some cases, personal data may be stored longer to protect the company’s legal interests, e.g. in legal proceedings. The personal data is then deleted.
5. PROTECTION OF YOUR PERSONAL DATAIn order for you to feel safe when you provide your personal data to us, Inalize has taken the security measures required to protect your personal data against unauthorized access, change and deletion. (i) The connection between the application and any external services is secured with Secure Socket Layer (SSL), which encrypts all data between you and the server. (ii) All information in the database is encrypted with hash and strong security algorithms. We do not have access to your personal information, all information stored in the encrypted form. (iii) The app uses Amazon’s solutions for servers to increase performance and security. Inalize does not have the right to provide the user’s personal data to third parties unless this is directly necessary for the provision of the service. Inalize always strives to process and store your personal data within the EU/EEA. The user should be aware that rules outside the EU/EEA may entail less protection of your personal data. Should your personal data need to be transferred and stored outside the EU/EEA, Inalize chooses these providers with the utmost care and with regard to your privacy. Inalize will also take all necessary security measures to ensure that your personal data is handled securely and with an adequate level of protection (e.g. using approved standard clauses and additional appropriate safeguards).
6. YOUR RIGHTS
Free registration certificate
Provided that Inalize is the personal data controller, you have the right, at any time, to obtain a registration certificate free of charge with information about which personal data is registered about you, the purposes of the processing of this personal data and information about where this personal data has been obtained, as well as to which recipients the data has been disclosed or is to be disclosed. You also have the right to receive information in the registration certificate about the foreseen period during which the data will be stored or the criteria used to determine this period. You also have the right to know about the existence of automated decision-making (including profiling). Requests for access to such information must be in writing and sent to Inalize at the address specified below under the heading “Personal Data Controller”.
You have the right to data portability, i.e. the right under certain conditions to receive and transfer your personal data in a structured, commonly used and machine-readable format to another personal data controller.
Correcting and deleting
At your request, or on your own initiative, Inalize will correct, anonymize, supplement or delete data that is discovered to be incorrect, incomplete or misleading. In certain cases, the company has a duty to process your personal data despite the fact that you have requested that it be removed, for example, with the right to freedom of expression and information, in order to fulfill a legal obligation or to perform a task in the public interest.
In certain cases, you have the right to demand the restriction of the processing of personal data. Restriction means that the data is marked so that it may only be processed for certain limited purposes in the future.
If you have previously given consent to the processing of your personal data, you have the right to withdraw this consent.
Exercising rights, asking questions or lodging complaints
You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (email@example.com).