Privacy policy

  You will always feel secure when you provide your personal data to Inalize AB (the “Company” or “Inalize”). With this privacy policy, Inalize wishes to show how the Company ensures that your personal data is processed in accordance with the EU’s General Data Protection Regulation 2016/679/EC (“GDPR”). Inalize respects your privacy and considers privacy to be of the utmost importance. The company therefore takes your privacy very seriously. By using Inalize’s services, you accept this personal data policy and our processing of your personal data. It is therefore important that you read and understand this personal data policy before using the Company’s services. In this privacy policy:
  1. GENERAL INFORMATION
  2. PERSONAL DATA CONTROLLER
  3. PERSONAL DATA STORED AND BASIS FOR STORAGE
  4. RETENTION TIME
  5. PROTECTION OF YOUR PERSONAL DATA
  6. YOUR RIGHTS

 1. GENERAL INFORMATION

This privacy policy explains how the Company processes personal data about you in its capacity as a user of our application for iOS and Android, Inalize, when you identify yourself and access your test results. This privacy policy also describes your rights and how you can exercise your rights against the Company.

You are not obliged to provide personal data to Inalize, but without this, you cannot access your test results because the service requires that people can verify themselves so that results are not disclosed.
Inalize reserves the right to amend this privacy policy at any time. If this happens, Inalize will publish the amended privacy policy on inalize.com and in the application with information about when the changes will take effect.

2. PERSONAL DATA CONTROLLER  

Inalize AB, corp. ID no. 559302–8623, is the personal data controller for the processing of your personal data, and is therefore responsible for ensuring that your data is handled correctly and securely in accordance with applicable legislation.

If you have any questions about how Inalize handles your personal data or if you wish to exercise your rights, please contact Inalize by email at info@inalize.com or by letter to Folke Bernadottesväg 445, 256 57 Ramlösa, Sweden.

3. PERSONAL DATA STORED AND BASIS FOR STORAGE

Inalize’s policy means that we save and process as few of your data as possible. The following personal data will be collected by Inalize from you when you use Inalize’s services.

  • Name
  • Personal ID Number
  • Sex
  • Age
  • E-mail address
  • Postal code
  • Telephone number
  • Geolocation
  • Technical data

(i) When you register in the app to receive test results

Information about your name, personal identification number, gender, age, e-mail address, postal code and telephone number can be obtained when you register in the app and log in via BankID or Freja eID. The purpose of the processing of names and personal idenfication numbers is for Inalize to be able to ensure that you have accepted the terms of use and the privacy policy, in order to be able to create a temporary account for you and see your test results. Inalize also requires this identification method in order to be a serious person when it comes to healthcare testing. The legal basis for this is therefore a legitimate interest.   The purpose of processing your e-mail address and telephone number is to be able to notify you when your test result has arrived. It is therefore possible to provide an e-mail address or a telephone number that cannot be traced directly to. The legal basis for this is to fulfill the contract with you.   The legal basis is also a balance of interests with regard to postcodes (the first three digits), gender and age, as this is in order to be able to use the statistics from the test results and draw conclusions based on this. Since Inalize uses as limited information as possible to be able to draw analyses, Inalize finds that its interest in being able to analyze the data and share it with other relevant actors with a legitimate interest outweighs the user’s interest in protecting this data.

(ii) When using the app

When you use the app, your geolocation will in some cases be collected. This will be obtained if you have consented to such disclosure, which is the legal basis. In such cases, the purpose of such processing is to be able to provide you with information about where the nearest mailbox is located. So you can easily mail your test.   Technical data may also be collected. This means information generated when you use the application, such as information about the operating system and other technology for the device on which the app is installed, period of visits to the app, when the app was last opened, visit history in the app, information about any crashes, etc. In such cases, the legal basis for the processing of personal data is a balance of interests where Inalize’s interest in being able to make improvements and draw conclusions based on the user pattern outweighs the user’s interest in protecting this data.

(iii) Once you have received your test results

Once you have collected your test results, you can choose to share this information with the Public Health Agency of Sweden. You then choose to divide the first three digits of the postal code, your age and gender, as well as the outcome of the test results. The legal basis for this is consent. The test result will then be deleted.

You can also check the box to be called by a contracted healthcare provider. The information shared about you is then your e-mail address and telephone number. The legal basis for this is consent.   Inalize may also store and process your e-mail address, as well as information on which test you did. This is to send you relevant offers and reminders. Inalize’s processing of this data is based on a balance of interests where Inalize’s interest is to be able to market its products to the relevant target group.

(iv) When you contact our support or us

When contacting our support, using your name and other contact information is optional. If your request concerns a service through us, we will not be able to help you specifically in this case without you specifying which case in question. If you provide your personal data when you contact us, we will process this in order to be able to answer your question and help you with it. If you are a customer of ours, the legal basis is to be able to fulfill our agreement with you. If you are not our customer, our legal basis is a balance of interests, where Inalize has an interest in being able to answer and handle the questions.

4. RETENTION TIME

Inalize stores personal data only as long as necessary to fulfill the objectives for which the data was collected or as long as the company is obliged to store personal data in accordance with the law.   Once you have read your result and selected whether you want to share it with a third party, the test result will be deleted. The same applies to information about your name, personal identification number and complete postal code, as well as technical data.   Information about your e-mail address and telephone number will be stored to provide you with relevant offers or to allow healthcare providers to contact you, but no more than five (5) years after your last use of the app.   Your geographical location will never be stored when you close the app.   Your age, gender, if your answer was positive or negative and the first three digits of your postal code will be saved as long as it takes for Inalize and it partners to draw conclusions based on the tests. However, no longer than ten (10) years after the test has been completed.   Inalize may share personal information with third parties where you have consented or where there is another legal basis for such processing. Inalize admits, however, that this should be done restrictively.   In some cases, personal data may be stored longer to protect the company’s legal interests, e.g. in legal proceedings. The personal data is then deleted.

5. PROTECTION OF YOUR PERSONAL DATA

In order for you to feel safe when you provide your personal data to us, Inalize has taken the security measures required to protect your personal data against unauthorized access, change and deletion. (i)     The connection between the application and any external services is secured with Secure Socket Layer (SSL), which encrypts all data between you and the server.   (ii) All information in the database is encrypted with hash and strong security algorithms. We do not have access to your personal information, all information stored in the encrypted form.   (iii) The app uses Amazon’s solutions for servers to increase performance and security.   Inalize does not have the right to provide the user’s personal data to third parties unless this is directly necessary for the provision of the service.   Inalize always strives to process and store your personal data within the EU/EEA. The user should be aware that rules outside the EU/EEA may entail less protection of your personal data.   Should your personal data need to be transferred and stored outside the EU/EEA, Inalize chooses these providers with the utmost care and with regard to your privacy. Inalize will also take all necessary security measures to ensure that your personal data is handled securely and with an adequate level of protection (e.g. using approved standard clauses and additional appropriate safeguards).  

6. YOUR RIGHTS

Free registration certificate

Provided that Inalize is the personal data controller, you have the right, at any time, to obtain a registration certificate free of charge with information about which personal data is registered about you, the purposes of the processing of this personal data and information about where this personal data has been obtained, as well as to which recipients the data has been disclosed or is to be disclosed. You also have the right to receive information in the registration certificate about the foreseen period during which the data will be stored or the criteria used to determine this period. You also have the right to know about the existence of automated decision-making (including profiling). Requests for access to such information must be in writing and sent to Inalize at the address specified below under the heading “Personal Data Controller”.

Data portability

You have the right to data portability, i.e. the right under certain conditions to receive and transfer your personal data in a structured, commonly used and machine-readable format to another personal data controller.

Correcting and deleting

At your request, or on your own initiative, Inalize will correct, anonymize, supplement or delete data that is discovered to be incorrect, incomplete or misleading. In certain cases, the company has a duty to process your personal data despite the fact that you have requested that it be removed, for example, with the right to freedom of expression and information, in order to fulfill a legal obligation or to perform a task in the public interest.

Usage restriction

In certain cases, you have the right to demand the restriction of the processing of personal data. Restriction means that the data is marked so that it may only be processed for certain limited purposes in the future.

Withdrawing consent

If you have previously given consent to the processing of your personal data, you have the right to withdraw this consent.

Exercising rights, asking questions or lodging complaints

If you wish to exercise any of the above rights, if you have any questions regarding personal data held by the Company, if you have questions about this privacy policy or if you are dissatisfied with Inalize’s processing of your personal data, do not hesitate to contact Inalize, whose contact details are found under Point 2 of this policy.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (imy@imy.se).