For us at ABC Orthopedics (Orthopedia Sweden AB) care is personal and we are very keen that you feel safe with our handling of your personal data, no matter what role you come in contact with us. The protection of natural persons in the processing of personal data is a fundamental right. In this document, we explain how we protect your personal information.
We have extensive experience in responsible handling of personal data and sensitive information in accordance with the requirements imposed by the Patient Data Act (PDL) and other laws. We protect your privacy and strive to ensure that personal data is always handled in the best possible way and in accordance with applicable data protection regulations. In order to make it easier for you to understand how we process your personal data, we have divided the information about the management into different sections. You can choose to read only the specific information about your role in relation to us and the general section on rights. If you have any questions after reading the information, please feel free to contact us at info@abcortopedi.se.
A personal data is an information that comes from an identified or identifiable living natural person. Examples of personal data are names, identification numbers, addresses, online identifiers (eg IP address) and factors specific to the physical person's physical, physiological, genetic, psychological, economic, cultural or social identity. Processing of personal data includes everything that has to do with a personal data, such as reading, deleting, changing and storing. This includes, for example, the collection, registration, dissemination, deletion or disclosure of personal data.
The person responsible for personal data is the one who decides the purpose and how the personal data is to be processed. Orthopedia Sweden AB, org. number 559179 - 3004, Vanadisvägen 13, 113 46 Stockholm, is responsible for personal data unless otherwise stated.
We only collect personal data that has an express purpose and try to minimize the amount of personal data we collect about you. See more about the specific storage periods for each purpose. We never store personal data longer than is necessary for each purpose or longer than applicable law permits.
We store your information on our own servers or third parties where we demand the highest security.
We always strive to process your personal data in Sweden and the EU / EEA area. In the event that your personal data is transferred to third parties or outside the EU / EEA, we ensure that appropriate measures are in place to preserve the privacy of the personal data and to ensure that it is processed in accordance with applicable laws.
Your personal data is only shared with the personal data assistants when it is in line with an explicit purpose for collecting the personal data. A Personal Data Assistant is a party that processes your personal information on our behalf and in accordance with our instructions. We check all personal data assistants to ensure that they can provide adequate guarantees regarding security and privacy of personal data. We have written agreements with all personal data assistants through which they guarantee the security of the personal data processed and undertake to comply with our security requirements as well as restrictions and requirements regarding international transfer of personal data. Therefore, your personal data may sometimes be shared with personal data assistants to fulfill the commitments we have made to you, for example, your health information may be stored in a medical record system managed by an external supplier.
Sometimes your personal data can be shared with a company with whom we have shared personal data responsibility with regards to that company's privacy policy and data handling when handling your personal data. We also share your personal data with certain parties with whom we share personal data responsibility.
Examples of such parties are:
- Some health care units, laboratories or insurance companies.
- Government agencies such as the tax authorities or other authorities, if we are required to do so by law.
- Companies that offer payment solutions, such as banks and other payment service providers.
If you as a patient are interested in what personal information is available about you, please contact us. We are always open and transparent about how we process your personal data and if you want to get a deeper insight into what personal data we process about you, you can request a so-called register extract. Please note that if we receive an access request, we may ask for additional information to ensure the efficient handling of your request and that the information is provided to the right person.
You can request to have your personal data corrected if the information is incorrect, so-called. right to correction. You also have the right to supplement any incomplete personal data within the scope of the stated purpose.
You may also, in some cases, request the deletion of personal data we process:
- You object to treatment for direct marketing purposes.
- You object to a balance of interest we have made based on legitimate interest and your reason for objection weighs heavier than our legitimate interest.
- The data is no longer necessary for the purposes for which it has been collected or processed.
Please note that we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal information, such as the obligation to store records for 10 years under the Patient Data Act (PDL).
Only those persons who actually need to process your personal data in order for us to fulfill our stated purposes have access to your personal data. Furthermore, we use IT systems to protect the confidentiality, integrity and access to personal data, and take security measures to protect your personal data against illegal or unauthorized use.
For information on how we process personal data for patients, job seekers and former employees, please see below. We are always open and transparent with how we process your personal data.
If you are interested in accessing journal extracts, please contact us.
If you are interested in other information we may have about you, please print out and fill out the register extract form below. Then submit the completed form at the reception with us, Drottningholmsvägen 5, Stockholm
Your registration statement will then be shared with you in person at the reception desk upon presentation of the ID. A message is sent to your email address when the registry snippet is ready for collection. If you prefer to access your register extract with the recommended letter, you can fill it out in the form, but you must enter your home address.
If you represent one of our clients who is not a patient, we will process your information to the extent necessary to enable us to perform the service for which you have hired us, such as other consulting services such as lecture. It is the agreement between us that is the legal basis for the processing of your personal data in these cases. Once the service is performed, we will also continue to process your personal data because we have a legitimate interest to follow up and further develop our business relationship. We may also need to save your personal information in order to comply with legal requirements, such as the Accounting Act, then the legal basis is a legal obligation. We will not store your information for longer than is necessary for these purposes and deletion of personal data will be erased without delay when it is discovered. If for any reason you do not wish to have continued contact with us on behalf of your company, we will also delete your personal data to the extent possible.
The personal data processed are:
We may have contacted you to offer you the opportunity to collaborate with us when it comes time for your company to further train orthopedic staff. The processing we then make of your personal data is based on our legitimate interest in establishing a business relationship with your company. Your personal data will be saved for three years before being deleted if we have not started a business relationship. If you decline to continue contact, your information will not be used to contact you, however, we will save your information with a note that we will not contact you for a year or longer depending on your wishes.
These are the personal data that we process:
If you are a contact person at one of our suppliers, we will process your contact details to the extent required within our contractual relationship. The legal basis for that treatment is agreement. We will also need to process your personal information in order to comply with legal requirements, such as the Accounting Act. The legal basis then becomes a legal obligation for that treatment. We do not store your personal data any longer than is necessary for these purposes.
The following personal data is processed:
Personal data management in care
Below you will find the categories of personal data that we may collect and save as a patient with us. We describe how we process your personal data, for what purpose, with what legal basis and for how long they are stored.
|
Purpose |
Treatments performed |
Categories of personal data |
|
Journaling |
o Personal data / health data is entered in the journal in connection with contact with the patient o Possible collection of relatives' personal data o Journal excerpt o Scanning health data from, for example, other health care providers into medical records |
Name |
|
Legal basis: Legal obligation under the Patient Data Act (PDL). Consent in some cases. |
||
|
Storage period: Journal should be kept at least 10 years after your last visit in accordance with the Patient Data Act (PDL). |
||
|
Purpose |
Treatments performed |
Categories of personal data |
|
Collection of physiological data and images in different systems. |
o Personal data / health data is entered in the journal in connection with contact with the patient o Health data must be kept for at least 10 years after your last visit |
Name |
|
Legal basis: Legal obligation under the Patient Data Act (PDL). |
||
|
Storage period: Health data must be kept at least 10 years after your last visit in accordance with the Patient Data Act (PDL). |
||
|
Purpose |
Treatments performed |
Categories of personal data |
|
Communication with patient / other health care providers / pharmacies / county councils / The Swedish Social Insurance Office / sampling, or laboratory analysis of samples. |
o Personal data is stored in journal o Personal data is shared with other care providers by letter or internally in the medical record system. If personal information is not sensitive, e-mail can also be used. o Communication with patient through 1177, telephone, letter or visit o Registration of a patient in the county council system (health care) o Documentation of newly listed patient information (health care) o Issue of medical opinion on health status, medical certificate, care of relatives of the Social Insurance Office o Journal excerpt to the Swedish Social Insurance Agency, county councils and insurance companies o Issue of prescriptions on the intended form or electronically via the journal system |
Name |
|
Legal basis: Journal information is only shared with your consent or exceptionally with the support of special legislation. |
||
|
Storage Period: Mail is deleted immediately after it is sent or received. Ordinary mail is destroyed after health data is entered in the journal. Records are kept for at least 10 years according to the Patient Data Act (PDL). |
||
|
Purpose |
Treatments performed |
Categories of personal data |
|
Visitors to hospitalized patients |
o Person is registered at the time of visit o Personal data collected is stored in a booking system o Old visits are deleted in the booking system when they have fulfilled their purpose |
Name |
|
Legal basis: Balance of interests |
||
|
Legal basis: Interest in Storage period: The data is deleted as soon as they no longer serve the purpose, proposed after the visit is completed. |
||
|
Purpose |
Treatments performed |
Categories of personal data |
|
Camera surveillance to ensure the safety of the patient, the employee and the reception |
Camera surveillance to ensure the patient's, ano Video recording inside the reception where visiting patient will be seen and the security of the reception o Video recording is stored o Operations manager at the reception can review the video recording in case of suspected intrusion or theft |
Moving image of person |
|
Legal basis: Balance of interests in accordance with both the GDPR and the Camera Surveillance Act. Allowed in cases where the security of the patient, the employee and the reception increases significantly with the help of camera surveillance. |
||
|
Storage period: Video recording is erased as soon as the purpose of the video recording has been met. |
||
|
Purpose |
Treatments performed |
Categories of personal data |
|
Complaints |
o Receiving and handling complaints locally or centrally o Basis for quality improvement measures o Sharing of records with IVO on request o Delno Registration to IVO according to Lex Maria after event analysis of journals with IVO on request |
Name |
|
Legal basis: Legal obligation in accordance with the Patient Safety Act PSL. |
||
|
Storage period: 10 years in accordance with the patient injury insurance. |
||
|
Purpose |
Treatments performed |
Categories of personal data |
|
Payment processing and administration for the Insurance Agency, insurance companies and high cost protection |
o Registration of payment for care in medical records o Sharing information on payment with the Social Insurance Office o Sharing information on payment for administration of high-cost protection o Communication with county council prepayment for young adults |
Name |
|
Legal basis: Obligation under the Patient Safety Act (PSL). |
||
|
Storage period: Accounting information is archived for up to eight years in accordance with the Accounting Act. |
||
|
Purpose |
Treatments performed |
Categories of personal data |
|
Research |
o Journal data is used as a basis for research o Journal data is transferred to the quality register |
Health data |
|
Legal basis: Consent from the patient. |
||
|
Storage period: As long as the patient consents to use. |
||
|
Purpose |
Treatments performed |
Categories of personal data |
|
Insurance - Claims notification and regulation |
Personal data / health data is collected from: · Physician / healthcare facility · General insurance fund · Other authorities · Other insurance companies · Employers |
Name |
|
Legal basis: The treatment is necessary to fulfill insurance contract with the registered person. Consent in some cases. |
||
|
Storage period: Your personal data is only stored for as long as is required for us to be able to administer the claim notification and to settle the damage, or as long as we have to store them according to law. They are then deleted in accordance with ABC Orthopedics (Insurance) thinning routines. |
||
Below you will find the categories of personal data that we may collect and save upon termination of employment. How we process your personal data, for what purpose, with what legal basis and for how long they are stored.
|
Purpose |
Treatments performed |
Categories of personal data |
|
Termination of employment. Depending on the reason for the termination of employment (self-dismissal or dismissal), the dismissal process initially differs. |
o Trade union negotiations o Formal evidence justifying reasons for termination of employment will be produced and saved after signature o The agreed end date is communicated |
Name |
|
Legal basis: Legal obligation. |
||
|
Lagringsperiod: Information sparas under obestämd tid utifall den anställde återvänder i enlighet med LAS paragraf 11. |
||
|
Purpose |
Treatments performed |
Categories of personal data |
|
Benefits / final salary upon termination of employment |
o The agreed final salary is communicated o Communication about possible right to personal advice from the TRR Safety Council and compensation (officials) o |
Name |
|
Legal basis: Legal obligation to comply with collective agreements, employment agreements and holiday teams. |
||
|
Storage period: Information is stored for an indefinite period in order to verify the information reported to pension companies. |
||
|
Purpose |
Treatments performed |
Categories of personal data |
|
Company transition |
o Transfer of personal data in accordance with LAS 6 B. |
Name |
|
Legal basis: Legal obligation in accordance with LAS 6B. |
||
|
Purpose |
Treatments performed |
Categories of personal data |
|
Employment certificate / employer certificate |
o Information about the duration, salary, working hours of the employment |
Name |
|
Legal basis: Legal obligation in accordance with LAS. |
||
|
Retention period: After five years after termination of employment, a subset of personal data is moved to another database. There, personal data is stored for an indefinite period so that service certificates can be issued. |
||
|
Purpose |
Treatments performed |
Categories of personal data |
|
Death |
o Communication with relatives if it has occurred on the way to, from or at the workplace o Communication with insurers for life insurance o Confirmed data from public records trigger triggering of deaths o Death investigation is initiated to investigate pension payments from ABC should happen and to whom |
Name |
|
Legal basis: Legal obligation to comply with collective agreements. |
||
|
Storage period: It is stored forever to be able to prove payment and supporting documents for this. |
||
|
Purpose |
Treatments performed |
Categories of personal data |
|
Pension payment |
o Determination of the payment plan in accordance with the length and salary of the employment o Payment of pension every month |
Name |
|
Legal basis: Legal obligation and in some cases to execute agreements with the data subject. |
||
|
Storage period: Personal data is stored indefinitely to show that the organization has fulfilled its commitment. |
||
Personal data handling during recruitment
Below are the categories of personal data that we may collect and save during our recruitment process. How we process your personal data, for what purpose, with what legal basis and for how long they are stored.
|
Purpose |
Treatments performed |
Categories of personal data |
|
Resume management / Personal letter |
o Collection from candidates for recruitment o Storage during the recruitment process o Sharing between recruiters, managers and any prospective colleagues o Deletion after completed recruitment process o Searching candidates on LinkedIn o Storage of CVs for future recruitment processes upon consent o Handling of spontaneous applications |
Name |
|
Legal basis: Consent from the person seeking a service. Consent is required to save CV for any new recruitment processes. Legal obligation to save documentation for 2 years in order to show that selection of final candidate is handled in a legal manner. |
||
|
Retention period: CV is saved for recruitment purposes until the recruitment process is over and upon consent it is stored for up to one year for possible matching with other roles. Legal obligation to save documentation for 2 years in order to show that selection of final candidate is handled in a legal manner. |
||
|
Purpose |
Treatments performed |
Categories of personal data |
|
Reference Management |
o Collection of references to ensure the candidate's competence o Storage during the recruitment process o Deletion after completed recruitment process o Collection of information about the candidate from references |
Third Party Information (Name, Contact Information, Position) |
|
Legal basis: Justified interest. Regarding documentation from references, the legal obligation is to save documentation for 2 years in order to show that selection of the final candidate is handled in a legal manner. |
||
|
Retention period: Personal data is saved until the recruitment process is over. Legal obligation to save documentation for 2 years in order to show that selection of final candidate is handled in a legal manner. |
||
|
Purpose |
Treatments performed |
Categories of personal data |
|
Collection of personal information during interview |
o Keeping interview notes o Storing personal data from interview o Sharing between recruiters, managers and any prospective colleagues o Deletion of personal data from interview |
Information about personality and performance |
|
Legal basis: Consent from the person seeking a service. |
||
|
Retention period: The personal data is stored until the recruitment process is over and upon consent is stored for up to one year for possible matching with other roles. |
||
|
Purpose |
Treatments performed |
Categories of personal data |
|
Background checks |
o Request for background check is ordered via portal where name, social security number, CV and intended position are stated o Determined judgments are obtained from all of Sweden's district courts o Information on debts is obtained from the petitioner o Information about exposure on the Internet is obtained, mainly on social media |
Name |
|
Legal basis: Consent from the person seeking a service. The consent form is saved during the recruitment process, then discarded. |
||
|
Storage period: Automatic thinning of all information on the platform within 96 hours. |
||
|
Purpose |
Treatments performed |
Categories of personal data |
|
Selection tests |
o Discloses personal data to test providers o Overall assessment is obtained via a protected platform o Storing results for 2 years |
Name |
|
Legal basis: Consent from the person seeking a service. |
||
|
Storage period: Legal obligation to save documentation for 2 years in order to show that selection of final candidate is handled in a legal manner. |
||
Contact us with questions about data protection.
service@abcortopedi.se
