Last Updated: 2024-12-16
Medoma AB is a modern healthcare company that providesIT-services to facilitate distributed health care to care providers. We believe that, with a combination of a patient-adapted healthcare model, great healthcare providers, good processes and the latest technology, we can create good care in a way that has not been possible before. We always strive to use the latest technology and create the very best care experience.
This information ("Privacy Policy")informs you about how we, as the controller of personal data, process yourpersonal data in connection with, for example, applying for a job with us,participating in some of our events, visiting our website www.medoma.com orotherwise come in contact with us. It also describes your rights and how youcan enforce them.
We, Medoma AB (reg. no. 559328-9738 and registeredaddress Birger Jarlsgatan 57C, 113 56 Stockholm, Sweden) follow theinstructions from your healthcare provider and treating physician and acts asthe data processor. If you have any questions regarding our processing of yourpersonal data, you are always welcome to contact us at dpo@medoma.com or via the contact details at the end of this privacy policy.
1.1 Medoma acts as a Processor when we process your personal data on behalf of your healthcare provider, who is the data controller. This Privacy Policy does not describe Medoma's processing of patients' personal data in Medoma's role as Processor.
1.2 For information about healthcare providers 'processing of patients' personal data, please see yourcurrent healthcare provider's privacy policy.
1.3 As a patient and user of Medoma's services, you can always reach out to us, however we act as a Processorfor a healthcare provider, so we will refer you to your current healthcareprovider directly. It is only after instructions from the healthcare providerthat Medoma can answer your request
a) You, e.g. when you send a work application to us, when you apply forone of our events or information which you provide us continuously during a recruitment process. (e.g during interviews).
b) Publicly available sources, such as public registers and social media within the context ofbackground checks which we perform regarding certain potential candidates for aposition at Medoma.
c) References which you have named, to the degree that we collect personal data from you regarding your references during a recruitment process.
3.1.1 Purpose: Conduct RecruitmentProcesses. Medoma processes your personal data for the purpose of handling your application during a recruitment process. Duringthe recruitment process, we also process your personal data to review receivedapplication documents, assess them and to conduct interviews.
3.1.2 We ask you not to provide us with sensitive personal data in your application, for example by providing information about your health in your personal letter.
a) Categories of personal data: Identification data (such as name,identification number), Contact data (such as name, phone number, address,e-mail address), Data in CV (such as previous employment), Data in personal letter,Interview notes, Reference data and Information from references.
b) Legal basis: The processing is only to the extent necessary to fulfilMedoma's legitimate interest in recruiting new employees and to evaluatecandidates when recruiting new employees.
c) Retention period: Personal data is kept until theposition is filled, or when applicant is disqualified from the recruitment process.
3.1.3 Purpose: Storing your application for future hiring. In the event thatyou have applied for a position at Medoma but we have not been able to offeryou a position, we may want to save your application for future recruitments.In such cases, we will ask for your consent. If you agree, we may contact youif a position becomes available with us that we believe fits your profile.
a) Categories of personal data: Identification data (such as name,identification number), Contact data (such as name, phone number, address,e-mail address), Data in CV (such as previous employment), Data in personal letter, Interview notes, and Information from references.
b) Legal basis: The processing takes place with the support ofyour consent.
c) Retention period: Personal data is kept for a period of 12 months after the current recruitment process has ended. However, you can withdraw your consent at any time.
3.1.4 Purpose: Conducting background checks. As part of the recruitmentprocess, we may perform background checks in order to further evaluate your application. Such background checks may include searches against the NationalBoard of Health and Welfare's register of certified healthcare personnel, tothe extent that Medoma's customer requests this.
a) Categories of personal data: Identification data (includingsocial security number), Contact data (such as name, phone number, address,e-mail address), if information about identification, possibly information onsocial media.
b) Legal basis: The processing is done only to the extent necessary tofulfil Medoma's legitimate interest in evaluating your application, and ourcustomers', as well as our, legitimate interest in establishing that we canoffer the right person (including, where applicable, with the right certifiedcompetence) employment with Medoma. Processing of social security numbers isnecessary regarding the purpose of the processing.
c) Retention period: Personal data is kept until the positionis filled.
3.1.5 Purpose: Find suitable candidates. In order to search for suitablecandidates for vacant and future positions at Medoma, we may process yourpersonal data.
a) Categories of personal data: Identification data (such asname, identification number), Contact data (such as name, phone number,address, e-mail address, Data in CV, Data in personal letter, and other datayou provide relevant to the recruitment process (e.g., portfolios,recommendations etc.).
b) Legal basis: The processing is done only to the extentnecessary to fulfil our legitimateinterest in searching for and contacting suitable candidates for positions withus.
c) Retention period: Personal data is kept until theposition is filled.
3.1.6 Purpose: Let applicantsconnect with us and/or send an open application. Ifyou choose to connect with Medoma or submit an open application to us, we maycontact you if a position becomes available with us that we deem to fit yourprofile.
a) Categories of personal data: The categories of personal datavary depending on the data you choose to provide to Medoma, but may includeIdentification data, Contact data, Data in CV, Data in cover letter.
b) Legal basis: We processes your personal data in accordance withyour consent, article 6(1)(a) GDPR.
c) Retention period: We store your Personal data until it isno longer necessary, as per your withdrawal of your consent or a maximum of6-12 months. You can withdraw your consent at any time.
3.1.7 Purpose: To ensure our interestsand protect our business from legal claims: We willretain personal data we believe necessary to protect and enforce our legalrights, interests and the interests of others. This can, for example, be inconnection with legal claims, discrimination claims, regulatory functions,compliance and audits. This processing is based on a balance of interests.
a) Categories of personal data: Identification data (such as nameand identification number) Contact data (such as name, phone number, addressand e-mail address), Interview notes, Information from references, anysensitive personal data such as health information.
b) Legal basis: The processing is done only to the extent necessary forus to fulfil our legitimate interest to defend and enforce legal claims. Anysensitive personal data, for example information about health, is onlyprocessed if it is necessary to establish, assert or defend legal claims.
c) Retention period: Data relevant to an individualrecruitment process such as interview notes and information from references aresaved for two (2) years after the recruitment process has ended. Data onunsuccessful candidates will be deleted after three (3) months after the end ofthe recruitment process.
3.1.8 Purpose: To comply with our legal obligations. We collect and retaincertain types of personal data which we are required to in accordance withapplicable laws. For example, if you get hurt or sick at work, we are requiredto report and keep a record of those injuries in order to comply with applicablelabour legislation.
a) Categories of personal data: Identification data (such as nameand identification number) Contact data (such as name, phone number, addressand e-mail address), Interview notes, Information from references, anysensitive personal data such as health information.
b) Legal basis: The processing is done only to the extent necessaryfor us to fulfil our legal obligations. Any sensitive personal data, forexample information about health, is only processed if it is necessary toestablish, assert or defend legal claims.
c) Retention period: Data relevant to an individual recruitmentprocess such as interview notes and information from references are saved fortwo (2) years after the recruitment process has ended.
2.2.1 Purpose: Provide you with information about ourbusiness and events. When you make a purchase order or order a demo-version ofour Services, we may process your personal data to provide you with marketingabout our services, such as invitations to events and other marketingactivities.. We will store information about your order and what we believemight be of interest to you. You can unsubscribe from our e-mails at any timeby clicking on the unsubscribe link in the e-mail or by contacting us.
a) Categories of personal data: Identification data (such as nameand personal identification number/organisation number), and Contact data (suchas phone number, address, and e-mailaddress).
b) Legal basis: The processing is done to the extent it is necessaryfor us to fulfil our legitimate interest to give our customers personalised andrelevant content and offers upon the placement of an order with us. With regardto direct marketing of our offers, we abide by applicable marketing acts, whichallows us to promote our own and similar products and services without priorconsent.
c) Retention period: Personal data is kept for two (2) years fromyour last activity or until you have notified us that you no longer wish toreceive marketing from us. You always have the option to refuse to receivefuture mailings about marketing from us, in which case we will cease marketing.Every mailing from Medoma for marketing purposes contains an option tounsubscribe. If you unsubscribe, we will stop marketing.
3.2.2 Purpose: Sending you relevant marketing when you visit our website.When you browse our website, we may store certain cookies in order to analysebrowsing preferences in order to show you relevant marketing when you come backto our site. This means that we store information about you that be believemight be of interest to you and adjust the marketing you see on our websiteaccordingly. More information on the types of cookies we use, information theygather, why they gather this information and how you can manage your cookiesettings, please visit our Cookie Policy.
a) Categories of personal data: Identification data (such as nameand personal identification number/organisation number), and contact data (suchas phone number, address, and e-mail address).
b) Legal basis: We process your personal data only to the extentnecessary to fulfil our legitimate interest to understand our visitors andprovide them with personalised and relevant offers and content. As applicable,we also rely on your consent for our use of cookies under the e-PrivacyDirective.
3.3.3 Purpose:Manage business relationships with potential and existing customers. In order to establishand manage business relationships with potential and existing customers, weprocess your personal data, e.g. to be able to contact you as a potentialcustomer regarding Medoma's services and products.
a) Categories of personal data: Identification data (includingsocial security number for individual companies), Contact data, Organizationaldata.
b) Legal basis: The processing is done only to the extent necessaryto fulfil our legitimate interest in managing and maintaining businessrelations with the company you represent, as well as Swedish MarketingPractices Act with regards to consent, alternatively an established customerrelationship. This consent can always be withdrawn by either clicking on themessage, or by contacting us if you no longer want to receive these messages. Processingof social security numbers is necessary with regards to the purpose of theprocessing.
c) Retention period: Personal data is retained, if a businessrelationship has not developed, two (2) years since the last contact with you. Personal data is preserved, if there is already a business relationship, for as long asthe contractual relationship applies and for a subsequent period that is necessary to establish, assert or defend legal claims, which can be up to thegeneral limitation period, which in Sweden is ten (10) years.
3.2.4 Purpose:Implementation of seminars, training courses and other marketing activities. In order to be able to provide and administer seminars, training courses and other marketing activities, we process the participants' personal data.
a) Categories of personal data: Identification data, Contact data,Organizational data, Information on registration for and participation inevents, Dietary preferences (including any allergies, where necessary).
b) Legal basis: The processing is based on Medoma's legitimateinterest in being able to administer and carry out seminars and trainingcourses that you have signed up for. Data on dietary preferences (including anyallergies, where necessary) are processed with the support of your expressconsent.
c) Retention period: Personal data is kept during the relevanttraining and thereafter for one (1) year for marketing purposes. Data ondietary preferences are deleted after the event has been completed.
3.3.1 Purpose:Evaluate and follow up on the usage of our website. In order to analyze and better understand how you use our website, we process your personal data that we have collected via cookies and similar technologies. This is done,among other things, by collecting information about the individual web pages you visited, which websites or keywords referred you to the website and information about how you interact with the website. [We collect and storedevice-related personal data about your usage of the website, to help us designand improve our website and its functions to better suit your needs. We may also use your IP address to help diagnose problems without servers andadminister our website, analyse trends, visitor movements and gatherdemographic information to assist us in identifying visitor preferences. Forstatistical purposes, we may store information about how many individualvisitors to our website we have. This to get a better understanding of ourcustomers’ needs and interests, so we can develop and improve our services.Please see our Cookie Policy for more information about the use of cookies.]
a) Categories of personal data: User-generated data, Identificationdata, Geographical data.
b) Legal basis: The processing is done only to the extent necessaryto fulfil our legitimate interest in evaluating and monitoring the use of ourwebsite. The processing is based on your consent where required by law.
c) Retention period: Reports at an overall level that do notcontain any personal data and statistics are stored indefinitely.
3.3.2 Purpose: Improve your experience on our website. In order to improve your experience on our website and provide you with tailored content whenappropriate, we will collect and process your personal data, e.g. via cookiesand similar technologies. This means that we e.g. may save information aboutyour browsing history and selected settings on the website for the purposesjust mentioned.
a) Categories of personal data: User-generated data, Identity data,Geographical data.
b) Legal basis: The processing is necessary to satisfy ourlegitimate interest in improving your experience on our website and providingyou with tailored content. The processing is based on your consent whererequired by law.
c) Retention period: Reports at an overall level that do notcontain any personal data and statistics are stored indefinitely.
3.4.1 Purpose: Train and improve our AI models and services. To enhance our artificial intelligence (AI) systems and improve the quality and relevance of our services, we may process personal data as part of training and developing our AI models. This includes analyzing user interactions, content inputs, and feedback to identify patterns, improve system accuracy, and develop new functionalities. The data may also be used to test and validate updates to our AI systems to ensure consistent and reliable performance. Where feasible, we will anonymize or pseudonymize data used for these purposes to minimize theimpact on your privacy.
a) Categories of personal data: User-generated data (e.g., input text, uploaded content, interaction logs), Identification data (whereapplicable, e.g., user IDs, if not anonymized) and feedback and usage data
b) Legal basis: The processing is necessary for our legitimate interest in developing, improving, and testing our AI models and services.Where consent is required by law (e.g., for certain data categories orjurisdictions), we will obtain your consent prior to processing.
c) Retention period: Personal data used for AI training and development will be retained only as long as necessary to achieve the statedpurpose. Anonymized or aggregated data sets, which do not contain personaldata, may be stored indefinitely for ongoing development and statisticalanalysis.]
3.5.1 If we were considering any new use of your personal data beyond the purposes set out in this Policy, we willask for your permission before any such processing.
4.1 When necessary, we sharepersonal data with the recipients below. Unless otherwise specified, namedrecipients are independently responsible for the processing of personal data.
4.2 In order to fulfil the purposes of the processing of personal data,we share your personal data with service providers that we have hired. Thesesuppliers provide e.g. systems for recruitment processes. The service providerswe have engaged may only process your Personal Data according to our expressinstructions and may not use your data for their own purposes. They are alsoobliged by law and agreement with us to take appropriate technical andorganizational security measures to protect your data.
5.1 To protect your personal data and the privacy of our users, we have implemented physical, technical andorganizational security measures.
5.2 To protect the privacy of yourpersonal information, we maintain both technical and organisational safeguards,and we update and test our security regularly. However, an information systemis never completely secure. Hence, we cannot guarantee the absolute security ofyour information. We are not responsible for the security of information youtransmit to us over networks that we do not control, including the Internet andwireless networks.
5.3 If Medoma transfers ordiscloses your personal data to a recipient in a country outside the EU/EEAarea (third country), Medoma will ensure that appropriate protective measureshave been taken (such as the European Commission's standard contractual clausesand other necessary measures), adherence to applicable EU-US Data ProtectionFramework, to protect the personal data.
a) According to the DataProtection Regulation, you have the right, on request, to receive a copy of thedocumentation that demonstrates that the necessary protective measures havebeen taken in order to protect your personal data when transferred to a thirdcountry.
b) If you would like to know moreabout the processing of your personal data and if your personal data istransferred to a third country, please contact us at the contact detailsprovided at the end of this Privacy Policy
6.1 In connection with ourprocessing of your personal data, you have, under certain conditions, the rightto exercise the following rights. To exercise your rights, you can contact us.You will find our contact details at the end of this Privacy Policy.
6.2 Access. You may request confirmation of whether or not we are processingyour personal data. If we process personal data about you, you also have theright to receive additional information such as the purpose of the processing.You also have the right to receive a copy of the personal data that we processabout you. If the request is made electronically, the information will also beobtained in a commonly used electronic format unless you request otherwise.
6.3 Correction. If you discover that personal data relating to you is inaccurate,incomplete or incorrect, you have the right to have your personal datacorrected.
6.4 Object to certain processing.You may object at any time to the processing ofyour personal data based on a legitimate interest, in light of your specificsituation. If we cannot demonstrate a compelling legitimate reason forcontinuing the processing that outweighs your interests, or if the processingis not necessary to establish, assert and defend legal claims, we areobliged to cease the processing you object to.
6.5 Deletion. You may have your personal data deleted under certaincircumstances, e.g. when the personal data is no longer needed to achieve thepurpose for which the personal data was collected.
6.6 Limitation of processing. You can ask us to limit the processing of your personal data toonly include the storage of your personal data under special circumstances,e.g. if the processing would be illegal but you do not want your personal datato be deleted.
6.7 Withdraw Consent. You always have the right to withdraw your consent to theprocessing of personal data to the extent that the processing is based on yourconsent.
6.8 Data Portability. You have the right to request to receive a machine-readable copy ofthe personal data processed on the basis of your consent or when the processingis necessary to fulfil a contract with you, and when personal data have beenobtained by you (data portability), and to request that the information betransferred to another personal data controller (if possible).
6.9 Complaint to relevantsupervisory authority. You are welcome to contactus with questions or complaints regarding the processing of your personal data.However, you also have the right to submit a complaint regarding the processingof your personal data to the Swedish Authority for Privacy Protection (Integritetskyddsmyndigheten).You can contact the Swedish Authority for Privacy Protection at imy@imy.seor visit www.imy.se
6.10 Data Erasure. Medoma will process your personal data until it is no longer neededto fulfil the above-mentioned purposes or until you request to no longer beregistered with Medoma. In such a case, the personal data will be deletedwithout undue delay. If a business relationship has not developed within threeyears of Medoma receiving your notification of interest, your personal datawill be deleted. Medoma has also established data erasure routines to be ableto regularly delete such contact details that no longer fulfil their purpose.
7.1 We reserve the right to makechanges and updates to this Privacy Policy. When we make such updates orchanges, the “Last Revised”-date at the top of this Privacy Notice will beupdated. The changes made will be described under the section “Change History”.The new version of this Policy will apply at the date of publication.
8.1 If you have any questionsregarding the processing of your personal data or if you wish to exercise anyof your rights under Applicable Data Protection Legislation, please contactMedoma at the contact details below.
8.2 Personal data controller:
Medoma AB, org. nr:559328-9738
Borger Jarlsgatan57C
113 56 Stockholm
Sverige
Email: info@medoma.com
You are always able to contact our Data Protection Officer at:
Email address: dpo@medoma.com
9.1 Below you will find an explanationof the categories of personal data that we can collect and save about you.
9.2 Categories and: examples of personal data.
9.3 Details in a CV : Work experience, education, language skills,qualifications, possible Arbetslivserfarenhet, utbildning,språkkunskaper, kvalifikationer, or pro bono activities
9.4 Details in a personal letter
9.5 Notes from interviews
9.6 Information from references
9.7 Identity details: Name and Surname and social security number if applicable
9.8 Contact details: Address, email address, phone number
9.9 Organizational details: Your associated company, working role, title
9.10 Information on registrationfor and participation in events: Activity, time
9.11 Food Preferences: Food preferences, Allergies if applicable
9.12 Geographical details: Location data from your device that may be collected via cookies
9.13 User generated details: Click and visit visit history, technical data relating to devicesused and their settings (e.g. language setting, IP address, browsersettings, time zone, operating system, screen resolution and platform),information about how you have interacted with us, where and for how longdifferent pages visited, response times, how you reach and leave thewebsite, etc.
9.14 Information about workcertificates within the health sector: Informationregarding your work certificates from Socialstyrelsens register överlegitimerad hälso- och sjukvårdspersonal.
9.15 Information on SocialMedia
9.16 Sensitive personaldetails: e.g. health details.
10.1 Terms defined by law, such as"personal data", "processing" and " datacontroller" shall in this Privacy Policy have the same meaning as inapplicable data protection legislation, unless otherwise stated.
10.2 Processing refers to allactions involving your personal data including collection, handling, storage,sharing, access, use, transfer and deletion or destruction.
10.3 "Personal data"refers to any information that can be directly or indirectly (e.g. incombination with other information) linked to an identifiable or identifiednatural person.
10.4 A “data controller” is a natural or legalperson who, alone or together with others, determines the purposes and meansfor the processing of personal data.
10.5 A “Processor” is a natural orlegal person which processes personal data on behalf of the controller.
10.6 The "applicable dataprotection legislation" means the legislation and regulations in forcefrom time to time, including regulations issued by the relevant supervisoryauthorities, regarding the protection of the fundamental rights and freedoms ofnatural persons and in particular the right to the protection of their personaldata which is applicable to the current processing, including the EuropeanParliament's and Council Regulation (EU) 2016/679 of 27 April 2016 on theprotection of natural persons with regard to the processing of personal dataand on the free flow of such data and on the repeal of Directive 95/46/EC(General Data Protection Regulation) ("GDPR ")as well as legislation,ordinances and regulations that supplement the Data Protection Regulation.
Document revised 2024-12-16
Previous version 2023-01-10.
