Privacy Policy

1 Introduction

For us at Carelab, you as an individual and patient always come first. This privacy policy (the "Privacy Policy") describes our handling of your personal data in connection with you conducting testing for antibodies with us or one of our partners (the "Service").

2 Who is responsible for the processing of personal data?

Responsible for the processing of personal data is Carelab Sverige AB ("Carelab"), which owns and provides the technical platform (the "Website") and which is responsible for the processing of the personal data that you register in the Website, otherwise provide us or that appears in connection with sampling.

3 From where do we collect the personal data that is processed about you when you use the Service?

3.1 Personal information registered via your user account on the Website

Carelab processes the personal data about you that you register in your health form that is filled in before sampling. The personal information that you register consists of in connection with you registering on our website consists of name, social security number, telephone number and email address (these are called in the Privacy Policy for "User Data"). In addition, we may automatically collect and process the following information:

(I) technical information including IP address, login information, type and version of operating system and device, time settings, selected language, cookies, etc.

(II) which pages and features you have used.

3.2 Personal information linked to your state of health via your user account on the Website

In connection with your use of the Service with us, you will be asked to share information related to your health. You do this by filling in the relevant symptom form on the Website in connection with registering. This information may include, but is not limited to, information about allergies and symptom history (these are referred to in the Privacy Policy as "Patient Data").

3.3 Personal data based on the outcome of sampling

The outcome of sampling also includes personal data and patient data. The outcome (and personal data) consists of positive, negative and invalid analysis. This personal data is stored within the EU and processed by Carelab and / or its personal data assistants.

4 Where is your personal data stored?

The personal data is handled and stored within the EU / EEA and no sensitive personal data, such as data related to your health, is stored outside the EU / EEA in connection with the use of the Service.

Based on legal requirements, your personal data will also be stored in a record system, in the form of records. The records are stored in record systems outside the Website of a third party on behalf of Carelab and in accordance with Carelab instructions. Carelab is responsible for the personal data (Patient data) stored in the records.

5 Why is your personal data and legal basis processed?

5.1 The processing of your User Data

Carelab processes your User Data in order to:

(I) process your application or termination of your user account on the Website

(II) give you permission to log in and use your user account

(III) secure your identity

(IV) maintain accurate and up-to-date information about you

(V) allow you to follow and administer ongoing matters when using the Service

(VI) provide support and communicate with you when you use the Service. This primarily includes giving you feedback and information while you use the Service. We may also process inquiries and investigate complaints and support matters (including technical support) through our support service by telephone or in our digital channels. Depending on your case, you may share additional User Data and Patient Data which we then process in order to be able to help you use the Service in the best way.

(VII) provide direct marketing through Carelab or its affiliates to you via email and text message or other similar electronic channels of communication, e.g. in connection with promotions and offers. The selection of which marketing reaches you mainly includes information about place of residence.

User data is processed primarily to fulfill agreements between Carelab and you so that you can receive answers to sampling in a secure manner. Furthermore, User Data is processed to fulfill legal obligations that Carelab has according to law or judgments or government decisions (eg regarding requirements from the Swedish Health and Care Inspectorate, IVO or the National Board of Health and Welfare).

Carelab or its Group companies also process information about you for marketing purposes (point VI) based on our legitimate interest. In the event that you believe that your legitimate interest in privacy outweighs our legitimate interest in marketing, you can always request that we stop providing marketing to you by contacting our customer service (see below).

5.2 The processing of your Patient Data

Carelab processes Patient Data in order to be able to provide the Service legally in the best way for you as a patient and to inform you of the outcome of sampling. As a care provider, our activities are subject to current national legislation. We therefore process your Patient Data with the support of applicable law. Processing of Patient Data regarding you also takes place to fulfill other of Carelab's obligations under law. This includes that our doctors for medical records such as Carelab are obliged to save for a certain period of time.

Patient data is processed to fulfill legal obligations we have according to law and to fulfill agreements for you.

6 How long do we store your personal information?

We only process your personal data for as long as it is necessary for the purposes for which the data in question is processed in accordance with section 5 above, ie as long as it is necessary to be able to deliver the Service or to fulfill the legal obligations incumbent on us. Carelab has an obligation to keep patient records linked to you for a specific period of time. Your User Information will be deleted or deidentified no later than six (6) months from the time you terminate your user account with us, if the personal information is not necessary to save for us to fulfill our obligations under legal requirements or the information is otherwise needed to safeguard legal claims. We ask you to take into account that revocation of consent does not affect our role as a caregiver's obligation to keep records or to process personal data in accordance with applicable laws.

7 Third parties with whom your personal information may be shared when you use the Service

7.1 Subcontractors to Carelab

In order for us to be able to offer you the Service, we use a number of external suppliers who in some cases process personal data. Our IT service providers, such as operating and hosting providers, only work on behalf of Carelab instructions in their capacity as so-called Personal Data Assistants.

Carelab ensures that medical records are kept in connection with the provision of care within the framework of the Service in accordance with current legislation. The records are stored in record systems outside Carelab's website with a third party on behalf of Carelab and on Carelab instructions. Carelab is responsible for the Patient Data stored in the records.

7.2 Authorities

Carelab may make data on the presence of antibodies available to authorities upon request. If such data is shared, it is always anonymous and on an aggregate level, and never personal.

8 Third country transfer

Carelab uses IT suppliers for hosting and operating services with operations outside Sweden. However, this does not mean that Carelab will transfer your personal data outside the EU / EEA.

The transfer of personal data to countries outside the EU / EEA only takes place in exceptional cases and only on the condition that the transfer is legal in accordance with applicable data protection legislation to protect your privacy in the receiving country with reference to either

(I) European Commission decision on adequate level of protection

(II) application of the European Commission's standard contractual clauses for third country transfers

(III) that the recipient of the Privacy Shield regulations and thus the requirement for an adequate level of protection (applies to transfer to the USA)

(IV) other appropriate safeguards to comply with applicable data protection laws.

9 Your rights as a user of the Service

You have the right to receive information about which of your personal data we process, for what purpose it is processed, whether such personal data is transferred to third countries and which third parties have received your personal data. To clarify, you can contact us at any time to

And

(I) request access to and obtain information about what personal data is processed in connection with your use of the Service, including your record, who has gained access to it and why

(II) ask us to correct any incorrect information about you

(III) request that your personal data be deleted (here, however, we ask you to note that Carelab in its role as caregiver has obligations under law to save certain personal data, especially related to Patient Data including keeping records in connection with the use of the Service). At your request, all Patient Data that we do not have a legal obligation to keep will be deleted

(IV) ask us to limit the processing of your personal data, and in doing so request in writing that the data may not be used for direct marketing purposes

(V) object to the processing of personal data

(VI) request the transfer of personal data to another personal data controller by obtaining your personal data, to the extent that they have been provided by you, in an electronic format commonly used to transfer them to another party (the right to data portability)

(VII) get help and information about requesting a block of information in your medical record, which means that no other care provider can access it via coherent medical record keeping.

If you wish to get in touch with us regarding any of these points, you can contact us via our website or by sending an email to info [at] carelab.se

10 Right to complain to the supervisory authority

We hope that this Privacy Policy has clarified how, and why, we handle your User and Patient Data. We would also like to inform you here that you have the right to submit a complaint to the Swedish Data Inspectorate or another relevant supervisory authority in the event that you believe that the processing of personal data is incorrect and does not meet legal requirements.