Privacy policy

För oss på ABC Ortopedi (Orthopedia Sweden AB) är vård personligt och vi är väldigt måna om att du ska känna dig trygg med vår hantering av dina personuppgifter, oavsett i vilken roll du kommer i kontakt med oss. Skyddet för fysiska personer vid behandling av personuppgifter är en grundläggande rättighet. I det här dokumentet så förklarar vi hur vi värnar om dina personuppgifter.

Vi har lång erfarenhet av ansvarsfull hantering av personuppgifter och känslig information i enlighet med de krav som patientdatalagen (PDL) och andra lagar ställer på oss. Vi värnar om din integritet och strävar efter att personuppgifter alltid hanteras på bästa sätt och i enlighet med gällande dataskyddsbestämmelser. I syfte att göra det enklare för dig att förstå hur vi behandlar just dina personuppgifter har vi har delat upp informationen om hanteringen i olika avsnitt. Du kan välja att enbart läsa den specifika informationen om din roll i förhållande till oss och det generella stycket om rättigheter. Om du har frågor efter att ha läst igenom informationen så får du gärna kontakta oss på service@abcortopedi.se.

Cookies

By analyzing data we can improve the usability, content and functionality of the website to make it better for you as a visitor. We can also analyze the traffic to our websites so that we can measure the effects of marketing that we do.

Data from Google Analytics cookies is stored anonymously with Google. IP addresses are anonymized through Google's IP masking feature and therefore cannot be traced back to an individual user. Other information stored is, for example, which pages have been visited, how long a visit lasts, in which country and city a visitor is in and whether the visit is made from a PC or mobile phone.

Personal data and processing of personal data

En personuppgift är en upplysning som härrör till en identifierad eller identifierbar levande fysisk person. Exempel på personuppgifter är namn, identifikationsnummer, adress, onlineidentifierare (tex IP-adress) och faktorer som är specifika för den fysiska personens fysiska, fysiologiska, genetiska, psykiska, ekonomiska, kulturella eller sociala identitet. Behandling av personuppgifter omfattar allt som gör att göra med en personuppgift, t ex läsa, radera, ändra och lagra. Det inbegriper bland annat insamling, registrering, spridning, radering eller utlämning av personuppgifter.

Personal data manager

Personuppgiftsansvarig är den som bestämmer syftet och hur personuppgifterna ska behandlas. Orthopedia Sweden AB, org. nummer 559179 – 3004, Vanadisvägen 13, 113 46 Stockholm, är personuppgiftsansvarig om inte något annat anges.

Handling of your personal data

Vi samlar endast in personuppgifter som har ett uttryckligt ändamål och försöker minimera mängden personuppgifter vi samlar in om dig. Se mer om de specifika lagringsperioderna under respektive ändamål. Vi sparar aldrig personuppgifter längre än vad som är nödvändigt för respektive ändamål eller längre än gällande lag tillåter.

Processing of your personal data

Vi lagrar din information på egna servrar eller tredje part där vi kräver högsta säkerhet.

Vi strävar alltid efter att behandla dina personuppgifter inom Sverige och EU/EES-området. I de fall dina personuppgifter överförs till tredje part eller utanför EU/EES försäkrar vi att lämpliga åtgärder finns på plats för att bevara personuppgifternas integritet och för att säkerställa att de behandlas i enlighet med gällande lagar.

Sharing your personal information

Dina personuppgifter delas enbart med personuppgiftsbiträden då det går i linje med ett uttryckligt ändamål för insamling av personuppgifterna. Ett personuppgiftsbiträde är en part som behandlar dina personuppgifter för vår räkning och enligt våra instruktioner. Vi kontrollerar alla personuppgiftsbiträden för att säkerställa att de kan lämna tillräckliga garantier avseende säkerhet och sekretess för personuppgifter. Vi har skriftliga avtal med alla personuppgiftsbiträden genom vilka de garanterar säkerheten för de personuppgifter som behandlas och åtar sig att följa våra säkerhetskrav samt begränsningar och krav avseende internationell överföring av personuppgifter. Dina personuppgifter kan därför ibland komma att delas med personuppgiftsbiträden för att uppfylla de åtaganden vi gjort mot dig, exempelvis kan din hälsoinformation lagras i ett journalsystem som sköts av en extern leverantör.

Ibland kan dina personuppgifter delas med ett företag som vi hat delat personuppgiftsansvar med gäller det företagets integritetspolicy och personuppgiftshantering när de hanterar dina personuppgifter. Vi delar även dina personuppgifter med vissa parter som vi delar personuppgiftsansvaret med.

Exempel på sådana parter är:

- Vissa vårdenheter, laboratorium eller försäkringsbolag.

- Statliga myndigheter såsom skatteverket eller andra myndighete, om vi är skyldiga att göra det enligt lag.

- Företag som erbjuder betallösningar, till exempel banker och andra betaltjänstleverantörer.

Dina rättigheter som registrerad

Om du som patient är intresserad av vilka personuppgifter som finns om dig ska du vända dig till oss. Vi är alltid öppna och transparenta med hur vi behandlar dina personuppgifter och ifall du vill få en djupare insikt i vilka personuppgifter vi behandlar om just dig kan du begära att få ett så kallat registerutdrag. Tänk på att ifall vi mottar en begäran om tillgång kan vi komma att fråga om ytterligare uppgifter för att säkerställa en effektiv hantering av din begäran och att informationen lämnas till rätt person.

Du kan begära att få dina personuppgifter rättade ifall uppgifterna är felaktiga, s.k. rätt till rättelse. Du har också rätt att komplettera eventuellt ofullständiga personuppgifter inom ramen för det angivna ändamålet.

Du kan även i vissa fall begära radering av personuppgifter vi behandlar om:

- Du invänder mot behandling för direktmarknadsföringsändamål.

- Du invänder mot en intresseavvägning vi har gjort baserat på berättigat intresse och ditt skäl för invändning väger tyngre än vårt berättigade intresse.

- Uppgifterna inte längre är nödvändiga för de ändamål för vilka de har samlats in eller behandlats.

Tänk på att vi kan ha rätt att neka din begäran ifall det finns legala skyldigheter som hindrar oss från att omedelbart radera vissa personuppgifter, exempelvis skyldigheten att lagra journaler i 10 år enligt patientdatalagen (PDL).

Protection of your personal data

Endast de personer som faktiskt behöver behandla dina personuppgifter för att vi ska kunna uppfylla våra angivna ändamål har tillgång till dina personuppgifter. Vidare använder vi IT-system för att skydda sekretessen, integriteten och tillgången till personuppgifter, och vidtar säkerhetsåtgärder för att skydda dina personuppgifter mot olovlig eller obehörig.

Register excerpts

För information hur vi behandlar personuppgifter för patienter, arbetssökande och tidigare anställda, vänligen se nedan. Vi är alltid öppna och transparenta med hur vi behandlar dina personuppgifter.

Om du är intresserad av att ta del av journalutdrag, vänligen kontakta oss.

Om du är intresserad av andra uppgifter som vi kan ha om dig, skriv då ut och fyll i registerutdragsformuläret nedan. Lämna sedan in det ifyllda formuläret i receptionen hos oss, Drottningholmsvägen 5, Stockholm

Ditt registerutdrag kommer sedan att delas med dig i person i receptionen mot uppvisande av legitimation. Ett meddelande skickas till din e-postadress när registerutdraget är redo för upphämtning. Om du föredrar att ta del av ditt registerutdrag med rekommenderat brev kan du fylla i det i formuläret, men du måste då ange din hemadress.

Våra kunder som inte är patienter

Om du representerar en av våra kunder som inte är patient, så behandlar vi dina uppgifter i den mån det är nödvändigt för att vi ska kunna utföra den tjänst som du har anlitat oss för, tex övrig konsulttjänst såsom föreläsning. Det är avtalet mellan oss som är den lagliga grunden för behandlingen av dina personuppgifter i dessa fall. När tjänsten är utförd så kommer vi även att fortsättningsvis behandla dina personuppgifter eftersom vi har ett berättigat intresse att följa upp och vidareutveckla vår affärsrelation. Vi kan också behöva spara dina personuppgifter för att uppfylla lagkrav, tex bokföringslagen, då är den lagliga grunden rättslig förpliktelse. Vi sparar inte dina uppgifter längre än vad som är nödvändigt för de här syftena och inaktuella personuppgifter raderas utan dröjsmål när det uppdagas. Om det skulle vara så att du av något skäl inte vill ha fortsatt kontakt med oss för ditt företags räkning så kommer vi också att radera dina personuppgifter i den mån det är möjligt.

De personuppgifter som behandlas är:

  • Name,
  • Email,
  • företagsadress,
  • Telephone number,
  • organization number,
  • Title,

Potential customers

Vi har eventuellt kontaktat dig för att erbjuda dig möjligheten att samarbeta med oss när det blir dags för ditt företag att vidareutbilda personal inom ortopedi. Den behandling som vi då gör av dina personuppgifter grundar sig på vårt berättigade intresse att upprätta en affärsrelation med ditt företag. Dina personuppgifter kommer att sparas i tre år innan de raderas om vi inte har inlett en affärsrelation. Om du avböjer fortsatt kontakt så kommer dina uppgifter inte användas för att kontakta dig, däremot kommer vi att spara dina uppgifter med en notering om att vi inte ska kontakta dig under ett års tid eller längre beroende på dina önskemål.

Det här de personuppgifter som vi behandlar:

  • Name
  • Email
  • företagsadress
  • organization number,
  • Telephone number,
  • Title,

Leverantörer

Om du är kontaktperson hos en av våra leverantörer så kommer vi att behandla dina kontaktuppgifter i den mån det krävs inom ramen för vårt avtalsförhållande. Den lagliga grunden för den behandlingen är avtal. Vi kommer också att behöva behandla dina personuppgifter för att uppfylla lagkrav, tex bokföringslagen. Den lagliga grunden blir då rättslig förpliktelse för den behandlingen. Vi sparar inte dina personuppgifter längre än vad som är nödvändigt för de här ändamålen.

Följande personuppgifter behandlas:

  • Name
  • Email
  • Telephone number,
  • företagsadress
  • organisationsnummer (personnummer om du har valt företagsformen enskild firma)

De personuppgifter vi hanterar med ändamål

Personuppgiftshantering vid vård

Nedan finner du de kategorier av personuppgifter som vi kan komma att samla in och spara som patient hos oss. Vi beskriver hur vi behandlar dina personuppgifter, med vilket ändamål, med vilken laglig grund och hur länge de lagras.

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Journalföring

o   Personuppgifter/hälsodata förs in i journal i samband med vårdkontakt med patient

o   Eventuell insamling av anhörigs personuppgifter

o   Journalutdrag

o   Inskanning av hälsodata från till exempel annan vårdgivare i journalsystem

Name
Personal identity number
Hälsodata
Kontaktuppgifter patient, anhörig och fullmakt för anhörig att företräda dig

Laglig grund: Rättslig förpliktelse enligt patientdatalagen (PDL). Samtycke i vissa fall.

Lagringsperiod: Journal ska bevaras minst 10 år efter ditt senaste besök i enlighet med patientdatalagen (PDL).

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Collection of physiological data and images in different systems.

o   Personuppgifter/hälsodata förs in i system i samband med vårdkontakt med patient

o   Hälsodata ska bevaras minst 10 år efter ditt senaste besök

Name
Personal identity number
Hälsodata

Laglig grund: Rättslig förpliktelse enligt patientdatalagen (PDL).

Lagringsperiod: Hälsodata ska bevaras minst 10 år efter ditt senaste besök i enlighet med patientdatalagen (PDL).

 

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Kommunikation med patient/ andra vårdgivare/ apotek/ landsting/ Försäkringskassan/ provtagning, eller laboratorieanalys av prov.

o   Personuppgifter lagras i journal

o   Personuppgifter delas med annan vårdgivare med hjälp av brev eller internt i journalsystemet. Om personuppgifterna inte är känsliga kan även e-post användas.

o   Kommunikation med patient genom 1177, telefon, brev eller besök

o   Registrering av patient i landstingets system (sjukvård)

o   Dokumentering av nylistad patients information (sjukvård)

o   Utfärdande av läkarutlåtande om hälsotillstånd, sjukintyg, vård av anhörig till Försäkringskassan

o   Journalutdrag till Försäkringskassan, landsting och försäkringsbolag

o   Utfärdande av recept på avsedd blankett eller elektroniskt viajournalsystemet

Name
Personal identity number
Hälsodata
Kontaktuppgifter patient, anhörig och fullmakt för anhörig att företräda dig

Laglig grund: Journalinformation delas bara med ditt samtycke eller undantagsvis med stöd av särskild lagstiftning.

Lagringsperiod: Mejl raderas omedelbart efter att det skickats eller tagits emot. Vanlig post förstörs efter att hälsodata förts in i journal. Journal bevaras i minst 10 år enligt patientdatalagen

(PDL).

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Besökare till inlagda patienter

o   Person registreras vid besökstillfället

o   Insamlade personuppgifter lagras i bokningssystem

o   Gamla besök raderas i bokningssystemet när de uppfyllt sitt ändamål

Name
Personal identity number
Besöksorsak (hälsodata)
Contact details

Laglig grund: Intresseavvägning

Lagringsperiod: Uppgifterna raderas så snart de inte längre tjänar ändamålet, förslagsvis efter besöket är fullbordat.

 

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Kameraövervakning för att garantera patientens, den anställdes och mottagningens säkerhet

o   Videoinspelning inne på mottagningen där besökande patient kommer synas

o   Videoinspelning lagras

o   Verksamhetsansvarig på mottagningen kan granska videoinspelningen vid misstänkt intrång eller stöld

Rörlig bild på person

Laglig grund: Intresseavvägning i enlighet med både GDPR och kamerabevakningslagen. Tillåtet i de fall då patientens, den anställdes och mottagningens säkerhet ökar avsevärt med hjälp av kamerabevakning.

Lagringsperiod: Videoinspelning raderas så snart ändamålet för videoinspelningen har uppfyllts.

 

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Klagomålshantering

o   Mottagande och handläggning av klagomål lokalt eller centralt

o   Underlag för kvalitetshöjande åtgärder

o   Delning av journaler med IVO påbegäran

o   Anmälan till IVO enligt Lex Maria efter händelseanalys

Name
Hälsodata
Vårdgivare

Laglig grund: Rättslig förpliktelse i enlighet med patientsäkerhetslagen PSL.

Lagringsperiod: 10 år i enlighet med patientskadeförsäkringen.

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Hantering av betalning och administration för Försäkringskassan, försäkringsbolag och högkostnadsskydd

o   Registrering av betalning för vård ijournal

o   Delning av information om betalning med Försäkringskassan

o   Delning av information om betalning för administration avhögkostnadsskydd

o   Kommunikation med landsting förbetalning

för unga vuxna

Name
Personal identity number
Bank account number
Plusgiro
(Personal identity number)

Laglig grund: Skyldighet enligt Patientsäkerhetslagen (PSL).

Lagringsperiod: Räkenskapsinformation arkiveras i upp till åtta år i enlighet med Bokföringslagen.

Ändamål

Behandlingar som utförs

Categories of personal data

Research

o   Journaldata används som underlag för forskning

o   Journaldata överförs till kvalitetsregister

Hälsodata

Laglig grund: Samtycke från patienten.

Lagringsperiod: Så länge som patienten samtycker till användningen.

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Försäkring - Skadeanmälan och reglering

Personuppgifter/hälsodata inhämtas från:

·       Läkare/ sjukvårdsinrättning

·       Allmän försäkringskassa

·       Andra myndigheter

·       Andra försäkringsbolag

·       Arbetsgivare

Name
Personal identity number
Hälsodata
Kontaktuppgifter patient, anhörig
Löneuppgifter och sjukskrivning

Laglig grund: Behandlingen är nödvändig för att fullgöra försäkringsavtal med den registrerade. Samtycke i vissa fall.

Lagringsperiod: Dina personuppgifter lagras bara så länge som krävs för att vi ska kunna administrera skadeanmälan och reglera skadan, eller så länge som vi måste lagra dem enligt lag. Därefter raderas de i enlighet med ABC Ortopedi:s (Försäkring) gallringsrutiner.

Nedan finner du de kategorier av personuppgifter som vi kan komma att samla in och spara vid upphörande av anställning. Hur vi behandlar dina personuppgifter, med vilket ändamål, med vilken laglig grund och hur länge de lagras.

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Upphörande av anställning. Beroende på orsak till anställningens upphörande (egen uppsägning eller avsked) så skiljer sig uppsägningsprocessen initialt åt.

o   Fackliga förhandlingar

o   Formellt underlag som motiverar skäl till anställningens upphörande tas fram och sparas efter underskrift

o   Överenskommet slutdatum kommuniceras

Name
Personal identity number
Telephone number
E-mail
Address
Skäl för uppsägning
Facklig tillhörighet
Anställningsuppgifter

Laglig grund: Rättslig förpliktelse.

Lagringsperiod: Information sparas under obestämd tid utifall den anställde återvänder i enlighet med LAS paragraf 11.

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Förmåner/slutlön vid upphörande av anställning

o   Överenskommen slutlön kommuniceras

o   Kommunikation om eventuell rätt till personlig rådgivning hos Trygghetsrådet TRR och ersättning(tjänstemän)

o

Name
Personal identity number
E-mail
Lön
Anställningsuppgifter
Holiday Regulation
Förmånsbil
Övrig ersättning

Laglig grund: Rättslig förpliktelse att följa kollektivavtal, anställningsavtal och semesterlag.

Lagringsperiod: Information sparas under obestämd tid för att kunna verifiera de uppgifter som rapporteras in till pensionsbolag.

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Verksamhetsövergång

o  Överlämning av personuppgifter i enlighet med LAS 6 B.

Name
Personal identity number
Telephone number
E-mail 
Address
Lön 
vacation days
Förmånsbil
Hälsouppgifter
Anställningsuppgifter

Laglig grund: Rättslig förpliktelse i enlighet med LAS 6B.

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Tjänstgöringsintyg/ arbetsgivarintyg

o  Information om anställningens varaktighet, lön, arbetstid

Name
Personal identity number
E-mail 
Lön
Anställningens varaktighet
position
Närvaro/Frånvaro

Laglig grund: Rättslig förpliktelse i enlighet med LAS.

Lagringsperiod: Efter fem år efter upphörande av anställning flyttas en delmängd av personuppgifterna till en annan databas. Där sparas personuppgifterna under obestämd tid så att tjänstgöringsintyg kan utfärdas.

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Dödsfall

o   Kommunikation med anhörig om det inträffat på väg till, från eller på arbetsplatsen

o   Kommunikation med försäkringsgivare för livförsäkring

o   Bekräftade uppgifter från folkbokföring triggar igång hantering av dödsfall

o   Dödsfallsutredning inleds för att utreda om pensionsutbetalning från

ABC should happen and to whom

Name
Personal identity number 
Folkbokföringsadresser
Anhörigs kontaktuppgifter
Dödsbo kontaktuppgifter

Laglig grund: Rättslig förpliktelse att följa kollektivavtal.

Lagringsperiod: Det sparas för evigt för att kunna bevisa utbetalning och underlag för denna.

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Pensionsutbetalning

o   Fastställande av utbetalningsplan i enlighet med anställningens längd ochlön

o   Utbetalning av pension varje månad

Name
Personal identity number
E-mail
Lön
Anställningens varaktighet
position
Närvaro/Frånvaro
Anställningsform

Laglig grund: Rättslig förpliktelse och i vissa fall för att fullgöra avtal med den registrerade.

Lagringsperiod: Personuppgifter sparas på obestämd tid för att kunna visa att organisationen fullgjort sitt åtagande.

Personal data handling during recruitment

Nedan finner du de kategorier av personuppgifter som vi kan komma att samla in och spara under vår rekryteringsprocess. Hur vi behandlar dina personuppgifter, med vilket ändamål, med vilken laglig grund och hur länge de lagras.

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Resume management / Personal letter

o   Insamling från kandidater för rekrytering

o   Lagring under rekryteringsprocessen

o   Delning mellan rekryterare, chefer och eventuella blivande kollegor

o   Radering efter fullföljd rekryteringsprocess

o   Sökning av kandidater på LinkedIn

o   Lagring av CV för framtida rekryteringsprocesser vidsamtycke

o   Hantering av spontanansökningar

Name
Personal identity number
Contact details
Address
Hälsouppgifter
Interest
Expertise
Past experience
References

Laglig grund: Samtycke från den som söker en tjänst. Samtycke krävs för att få spara CV för eventuella nya rekryteringsprocesser. Rättslig förpliktelse att spara underlag i 2 år för att kunna visa att urval av slutkandidat hanteras på ett lagenligt vis.

Lagringsperiod: CV sparas för rekryteringssyfte till dess att rekryteringsprocessen är över och vid samtycke sparas det i upp till ett år för eventuell matchning med andra roller. Rättslig förpliktelse att spara underlag i 2 år för att kunna visa att urval av slutkandidat hanteras på ett lagenligt vis.

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Reference Management

o   Insamling av referenser för att säkerställa kandidatens kompetens

o   Lagring under rekryteringsprocessen

o   Radering efter fullföljdrekryteringsprocess

o   Insamling av uppgifter om kandidaten från referenser

Third Party Information (Name, Contact Information, Position)
Information about personality and performance
Hälsodata 
Earlier
Anställningsuppgifter

Laglig grund: Berättigat intresse. Vad gäller underlag från referenser gäller rättslig förpliktelse att spara underlag i 2 år för att kunna visa att urval av slutkandidat hanteras på ett lagenligt vis.

Lagringsperiod: Personuppgifter sparas till dess att rekryteringsprocessen är över. Rättslig förpliktelse att spara underlag i 2 år för att kunna visa att urval av slutkandidat hanteras på ett lagenligt vis.

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Collection of personal information during interview

o   Förande av intervjuanteckningar

o   Lagring av personuppgifter från intervju

o   Delning mellan rekryterare, chefer och eventuella blivande kollegor

o   Radering av personuppgifter från intervju

Information about personality and performance 
Private information Third party information
Past experience
Hälsodata

Laglig grund: Samtycke från den som söker en tjänst.

Lagringsperiod: Personuppgifterna sparas till dess att rekryteringsprocessen är över och vid samtycke sparas i upp till ett år för eventuell matchning med andra roller.

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Background checks

o   Begäran om bakgrundskontroll beställs via portal där namn, personnummer, CV och tilltänkt befattning anges

o   Fastställda domar inhämtas från Sveriges samtligatingsrätter

o   Information om skulder inhämtas från kronofogden

o   Uppgifter om exponering på internet inhämtas, främst på sociala medier

Name
Personal identity number
Resume 
Folkbokföring
Tax information
Betalningsanmärkningar
Automotive holdings
Civilrättsliga ärenden
Uppgifter om eventuella utförda brott
Credit information
Exposure
Sociala media

Laglig grund: Samtycke från den som söker en tjänst. Medgivandeblankett sparas under rekryteringsprocessen, kastas sedan.

Lagringsperiod: Automatisk gallring av all information på plattformen inom 96 timmar.

Ändamål

Behandlingar som utförs

Kategorier av personuppgifter

Selection tests

o   Lämnar ut personuppgifter till testleverantörer

o   Samlad bedömning hämtas via en skyddad plattform

o   Lagring av resultat i 2 år

Name
Email
Uppgifter om personlighet och förmåga

Laglig grund: Samtycke från den som söker en tjänst.

Lagringsperiod: Rättslig förpliktelse att spara underlag i 2 år för att kunna visa att urval av slutkandidat hanteras på ett lagenligt vis.

Kontakta oss vid frågor om dataskydd

service@abcortopedi.se

Privacy policy

For us at ABC Orthopedics (Orthopedia Sweden AB) care is personal and we are very keen that you feel safe with our handling of your personal data, no matter what role you come in contact with us. The protection of natural persons in the processing of personal data is a fundamental right. In this document, we explain how we protect your personal information.

We have extensive experience in responsible handling of personal data and sensitive information in accordance with the requirements imposed by the Patient Data Act (PDL) and other laws. We protect your privacy and strive to ensure that personal data is always handled in the best possible way and in accordance with applicable data protection regulations. In order to make it easier for you to understand how we process your personal data, we have divided the information about the management into different sections. You can choose to read only the specific information about your role in relation to us and the general section on rights. If you have any questions after reading the information, please feel free to contact us at info@abcortopedi.se. info@abcortopedi.se.

Personal data and processing of personal data

A personal data is an information that comes from an identified or identifiable living natural person. Examples of personal data are names, identification numbers, addresses, online identifiers (eg IP address) and factors specific to the physical person's physical, physiological, genetic, psychological, economic, cultural or social identity. Processing of personal data includes everything that has to do with a personal data, such as reading, deleting, changing and storing. This includes, for example, the collection, registration, dissemination, deletion or disclosure of personal data.

Personal data manager

The person responsible for personal data is the one who decides the purpose and how the personal data is to be processed. Orthopedia Sweden AB, org. number 559179 - 3004, Vanadisvägen 13, 113 46 Stockholm, is responsible for personal data unless otherwise stated.

Handling of your personal data

We only collect personal data that has an express purpose and try to minimize the amount of personal data we collect about you. See more about the specific storage periods for each purpose. We never store personal data longer than is necessary for each purpose or longer than applicable law permits.

Processing of your personal data

We store your information on our own servers or third parties where we demand the highest security.

We always strive to process your personal data in Sweden and the EU / EEA area. In the event that your personal data is transferred to third parties or outside the EU / EEA, we ensure that appropriate measures are in place to preserve the privacy of the personal data and to ensure that it is processed in accordance with applicable laws.

Sharing your personal information

Your personal data is only shared with the personal data assistants when it is in line with an explicit purpose for collecting the personal data. A Personal Data Assistant is a party that processes your personal information on our behalf and in accordance with our instructions. We check all personal data assistants to ensure that they can provide adequate guarantees regarding security and privacy of personal data. We have written agreements with all personal data assistants through which they guarantee the security of the personal data processed and undertake to comply with our security requirements as well as restrictions and requirements regarding international transfer of personal data. Therefore, your personal data may sometimes be shared with personal data assistants to fulfill the commitments we have made to you, for example, your health information may be stored in a medical record system managed by an external supplier.

Sometimes your personal data can be shared with a company with whom we have shared personal data responsibility with regards to that company's privacy policy and data handling when handling your personal data. We also share your personal data with certain parties with whom we share personal data responsibility.

Examples of such parties are:

- Some health care units, laboratories or insurance companies.

- Government agencies such as the tax authorities or other authorities, if we are required to do so by law.

- Companies that offer payment solutions, such as banks and other payment service providers.

Your rights as registered

If you as a patient are interested in what personal information is available about you, please contact us. We are always open and transparent about how we process your personal data and if you want to get a deeper insight into what personal data we process about you, you can request a so-called register extract. Please note that if we receive an access request, we may ask for additional information to ensure the efficient handling of your request and that the information is provided to the right person.

You can request to have your personal data corrected if the information is incorrect, so-called. right to correction. You also have the right to supplement any incomplete personal data within the scope of the stated purpose.

You may also, in some cases, request the deletion of personal data we process:

- You object to treatment for direct marketing purposes.

- You object to a balance of interest we have made based on legitimate interest and your reason for objection weighs heavier than our legitimate interest.

- The data is no longer necessary for the purposes for which it has been collected or processed.

Please note that we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal information, such as the obligation to store records for 10 years under the Patient Data Act (PDL).

Protection of your personal data

Only those persons who actually need to process your personal data in order for us to fulfill our stated purposes have access to your personal data. Furthermore, we use IT systems to protect the confidentiality, integrity and access to personal data, and take security measures to protect your personal data against illegal or unauthorized use.

Register excerpts

For information on how we process personal data for patients, job seekers and former employees, please see below. We are always open and transparent with how we process your personal data.

If you are interested in accessing journal extracts, please contact us.

If you are interested in other information we may have about you, please print out and fill out the register extract form below. Then submit the completed form at the reception with us, Drottningholmsvägen 5, Stockholm

Your registration statement will then be shared with you in person at the reception desk upon presentation of the ID. A message is sent to your email address when the registry snippet is ready for collection. If you prefer to access your register extract with the recommended letter, you can fill it out in the form, but you must enter your home address.

Our customers who are not patients

If you represent one of our clients who is not a patient, we will process your information to the extent necessary to enable us to perform the service for which you have hired us, such as other consulting services such as lecture. It is the agreement between us that is the legal basis for the processing of your personal data in these cases. Once the service is performed, we will also continue to process your personal data because we have a legitimate interest to follow up and further develop our business relationship. We may also need to save your personal information in order to comply with legal requirements, such as the Accounting Act, then the legal basis is a legal obligation. We will not store your information for longer than is necessary for these purposes and deletion of personal data will be erased without delay when it is discovered. If for any reason you do not wish to have continued contact with us on behalf of your company, we will also delete your personal data to the extent possible.

The personal data processed are:

  • Name,
  • Email,
  • Company adress,
  • Telephone number,
  • organization number,
  • Title,

Potential customers

We may have contacted you to offer you the opportunity to collaborate with us when it comes time for your company to further train orthopedic staff. The processing we then make of your personal data is based on our legitimate interest in establishing a business relationship with your company. Your personal data will be saved for three years before being deleted if we have not started a business relationship. If you decline to continue contact, your information will not be used to contact you, however, we will save your information with a note that we will not contact you for a year or longer depending on your wishes.

These are the personal data that we process:

  • Name
  • Email
  • Company adress,
  • organization number,
  • Telephone number,
  • Title,

Providers

If you are a contact person at one of our suppliers, we will process your contact details to the extent required within our contractual relationship. The legal basis for that treatment is agreement. We will also need to process your personal information in order to comply with legal requirements, such as the Accounting Act. The legal basis then becomes a legal obligation for that treatment. We do not store your personal data any longer than is necessary for these purposes.

The following personal data is processed:

  • Name
  • Email
  • Telephone number,
  • Company adress,
  • organization number (social security number if you have chosen the individual company form)

The personal data we handle with purpose

Personal data management in care

Below you will find the categories of personal data that we may collect and save as a patient with us. We describe how we process your personal data, for what purpose, with what legal basis and for how long they are stored.

Purpose

Treatments performed

Categories of personal data

Journaling

o Personal data / health data is entered in the journal in connection with contact with the patient

o Possible collection of relatives' personal data

o Journal excerpt

o Scanning health data from, for example, other health care providers into medical records

Name
Personal identity number
Health data
Contact information patient, family member and proxy for relatives to represent you

Legal basis: Legal obligation under the Patient Data Act (PDL). Consent in some cases.

Storage period: Journal should be kept at least 10 years after your last visit in accordance with the Patient Data Act (PDL).

Purpose

Treatments performed

Categories of personal data

Collection of physiological data and images in different systems.

o Personal data / health data is entered in the journal in connection with contact with the patient

o Health data must be kept for at least 10 years after your last visit

Name
Personal identity number
Health data

Legal basis: Legal obligation under the Patient Data Act (PDL).

Storage period: Health data must be kept at least 10 years after your last visit in accordance with the Patient Data Act (PDL).

Purpose

Treatments performed

Categories of personal data

Communication with patient / other health care providers / pharmacies / county councils / The Swedish Social Insurance Office / sampling, or laboratory analysis of samples.

o Personal data is stored in journal

o Personal data is shared with other care providers by letter or internally in the medical record system. If personal information is not sensitive, e-mail can also be used.

o Communication with patient through 1177, telephone, letter or visit

o Registration of a patient in the county council system (health care)

o Documentation of newly listed patient information (health care)

o Issue of medical opinion on health status, medical certificate, care of relatives of the Social Insurance Office

o Journal excerpt to the Swedish Social Insurance Agency, county councils and insurance companies

o Issue of prescriptions on the intended form or electronically via the journal system

Name
Personal identity number
Health data
Contact information patient, family member and proxy for relatives to represent you

Legal basis: Journal information is only shared with your consent or exceptionally with the support of special legislation.

Storage Period: Mail is deleted immediately after it is sent or received. Ordinary mail is destroyed after health data is entered in the journal. Records are kept for at least 10 years according to the Patient Data Act

(PDL).

Purpose

Treatments performed

Categories of personal data

Visitors to hospitalized patients

o Person is registered at the time of visit

o Personal data collected is stored in a booking system

o Old visits are deleted in the booking system when they have fulfilled their purpose

Name
Personal identity number
Cause of visit (health data)
Contact details

Legal basis: Balance of interests

Legal basis: Interest in Storage period: The data is deleted as soon as they no longer serve the purpose, proposed after the visit is completed.

Purpose

Treatments performed

Categories of personal data

Camera surveillance to ensure the safety of the patient, the employee and the reception

Camera surveillance to ensure the patient's, ano Video recording inside the reception where visiting patient will be seen and the security of the reception

o Video recording is stored

o Operations manager at the reception can review the video recording in case of suspected intrusion or theft

Moving image of person

Legal basis: Balance of interests in accordance with both the GDPR and the Camera Surveillance Act. Allowed in cases where the security of the patient, the employee and the reception increases significantly with the help of camera surveillance.

Storage period: Video recording is erased as soon as the purpose of the video recording has been met.

Purpose

Treatments performed

Categories of personal data

Complaints

o Receiving and handling complaints locally or centrally

o Basis for quality improvement measures

o Sharing of records with IVO on request

o Delno Registration to IVO according to Lex Maria after event analysis of journals with IVO on request

Name
Health data
Healthcare providers

Legal basis: Legal obligation in accordance with the Patient Safety Act PSL.

Storage period: 10 years in accordance with the patient injury insurance.

Purpose

Treatments performed

Categories of personal data

Payment processing and administration for the Insurance Agency, insurance companies and high cost protection

o Registration of payment for care in medical records

o Sharing information on payment with the Social Insurance Office

o Sharing information on payment for administration of high-cost protection

o Communication with county council prepayment

for young adults

Name
Personal identity number
Bank account number
Plusgiro
(Personal identity number)

Legal basis: Obligation under the Patient Safety Act (PSL).

Storage period: Accounting information is archived for up to eight years in accordance with the Accounting Act.

Purpose

Treatments performed

Categories of personal data

Research

o Journal data is used as a basis for research

o Journal data is transferred to the quality register

Health data

Legal basis: Consent from the patient.

Storage period: As long as the patient consents to use.

Purpose

Treatments performed

Categories of personal data

Insurance - Claims notification and regulation

Personal data / health data is collected from:

· Physician / healthcare facility

· General insurance fund

· Other authorities

· Other insurance companies

· Employers

Name
Personal identity number
Health data
Patient contact information, relatives
Salary information and sick leave

Legal basis: The treatment is necessary to fulfill insurance contract with the registered person. Consent in some cases.

Storage period: Your personal data is only stored for as long as is required for us to be able to administer the claim notification and to settle the damage, or as long as we have to store them according to law. They are then deleted in accordance with ABC Orthopedics (Insurance) thinning routines.

Below you will find the categories of personal data that we may collect and save upon termination of employment. How we process your personal data, for what purpose, with what legal basis and for how long they are stored.

Purpose

Treatments performed

Categories of personal data

Termination of employment. Depending on the reason for the termination of employment (self-dismissal or dismissal), the dismissal process initially differs.

o Trade union negotiations

o Formal evidence justifying reasons for termination of employment will be produced and saved after signature

o The agreed end date is communicated

Name
Personal identity number
Telephone number
E-mail
Address
Reasons for dismissal
Union affiliation
Employment information

Legal basis: Legal obligation.

Lagringsperiod: Information sparas under obestämd tid utifall den anställde återvänder i enlighet med LAS paragraf 11.

Purpose

Treatments performed

Categories of personal data

Benefits / final salary upon termination of employment

o The agreed final salary is communicated

o Communication about possible right to personal advice from the TRR Safety Council and compensation (officials)

o

Name
Personal identity number
E-mail
Salary
Employment information
Holiday Regulation
Company car
Other remuneration

Legal basis: Legal obligation to comply with collective agreements, employment agreements and holiday teams.

Storage period: Information is stored for an indefinite period in order to verify the information reported to pension companies.

Purpose

Treatments performed

Categories of personal data

Company transition

o Transfer of personal data in accordance with LAS 6 B.

Name
Personal identity number
Telephone number
E-mail 
Address
Salary 
vacation days
Company car
health information
Employment information

Legal basis: Legal obligation in accordance with LAS 6B.

Purpose

Treatments performed

Categories of personal data

Employment certificate / employer certificate

o Information about the duration, salary, working hours of the employment

Name
Personal identity number
E-mail 
Salary
The duration of employment
position
Presence/absence

Legal basis: Legal obligation in accordance with LAS.

Retention period: After five years after termination of employment, a subset of personal data is moved to another database. There, personal data is stored for an indefinite period so that service certificates can be issued.

Purpose

Treatments performed

Categories of personal data

Death

o Communication with relatives if it has occurred on the way to, from or at the workplace

o Communication with insurers for life insurance

o Confirmed data from public records trigger triggering of deaths

o Death investigation is initiated to investigate pension payments from

ABC should happen and to whom

Name
Personal identity number 
National registration Addresses
Relatives contact information
Dödsbo contact information

Legal basis: Legal obligation to comply with collective agreements.

Storage period: It is stored forever to be able to prove payment and supporting documents for this.

Purpose

Treatments performed

Categories of personal data

Pensionsutbetalning

o Determination of the payment plan in accordance with the length and salary of the employment

o Payment of pension every month

Name
Personal identity number
E-mail
Salary
Duration of employment
position
Presence/absence
Type of employment

Legal basis: Legal obligation and in some cases to execute agreements with the data subject.

Storage period: Personal data is stored indefinitely to show that the organization has fulfilled its commitment.

Personal data handling during recruitment

Below are the categories of personal data that we may collect and save during our recruitment process. How we process your personal data, for what purpose, with what legal basis and for how long they are stored.

Purpose

Treatments performed

Categories of personal data

Resume management / Personal letter

o Collection from candidates for recruitment

o Storage during the recruitment process

o Sharing between recruiters, managers and any prospective colleagues

o Deletion after completed recruitment process

o Searching candidates on LinkedIn

o Storage of CVs for future recruitment processes upon consent

o Handling of spontaneous applications

Name
Personal identity number
Contact details
Address
health information
Interest
Expertise
Past experience
References

Legal basis: Consent from the person seeking a service. Consent is required to save CV for any new recruitment processes. Legal obligation to save documentation for 2 years in order to show that selection of final candidate is handled in a legal manner.

Retention period: CV is saved for recruitment purposes until the recruitment process is over and upon consent it is stored for up to one year for possible matching with other roles. Legal obligation to save documentation for 2 years in order to show that selection of final candidate is handled in a legal manner.

Purpose

Treatments performed

Categories of personal data

Reference Management

o Collection of references to ensure the candidate's competence

o Storage during the recruitment process

o Deletion after completed recruitment process

o Collection of information about the candidate from references

Third Party Information (Name, Contact Information, Position)
Information about personality and performance
Health data 
Earlier
Employment information

Legal basis: Justified interest. Regarding documentation from references, the legal obligation is to save documentation for 2 years in order to show that selection of the final candidate is handled in a legal manner.

Retention period: Personal data is saved until the recruitment process is over. Legal obligation to save documentation for 2 years in order to show that selection of final candidate is handled in a legal manner.

Purpose

Treatments performed

Categories of personal data

Collection of personal information during interview

o Keeping interview notes

o Storing personal data from interview

o Sharing between recruiters, managers and any prospective colleagues

o Deletion of personal data from interview

Information about personality and performance 
Private information Third party information
Past experience
Health data

Legal basis: Consent from the person seeking a service.

Retention period: The personal data is stored until the recruitment process is over and upon consent is stored for up to one year for possible matching with other roles.

Purpose

Treatments performed

Categories of personal data

Background checks

o Request for background check is ordered via portal where name, social security number, CV and intended position are stated

o Determined judgments are obtained from all of Sweden's district courts

o Information on debts is obtained from the petitioner

o Information about exposure on the Internet is obtained, mainly on social media

Name
Personal identity number
Resume 
National registration
Tax information
Payment notes
Automotive holdings
Civil cases
Details of possible crimes committed
Credit information
Exposure
Social media

Legal basis: Consent from the person seeking a service. The consent form is saved during the recruitment process, then discarded.

Storage period: Automatic thinning of all information on the platform within 96 hours.

Purpose

Treatments performed

Categories of personal data

Selection tests

o Discloses personal data to test providers

o Overall assessment is obtained via a protected platform

o Storing results for 2 years

Name
Email
Information about personality and performance

Legal basis: Consent from the person seeking a service.

Storage period: Legal obligation to save documentation for 2 years in order to show that selection of final candidate is handled in a legal manner.

Contact us with questions about data protection.

info@abcortopedi.se

Privacy policy

For us at ABC Orthopedics (Orthopedia Sweden AB) care is personal and we are very keen that you feel safe with our handling of your personal data, no matter what role you come in contact with us. The protection of natural persons in the processing of personal data is a fundamental right. In this document, we explain how we protect your personal information.

We have extensive experience in responsible handling of personal data and sensitive information in accordance with the requirements imposed by the Patient Data Act (PDL) and other laws. We protect your privacy and strive to ensure that personal data is always handled in the best possible way and in accordance with applicable data protection regulations. In order to make it easier for you to understand how we process your personal data, we have divided the information about the management into different sections. You can choose to read only the specific information about your role in relation to us and the general section on rights. If you have any questions after reading the information, please feel free to contact us at info@abcortopedi.se. info@abcortopedi.se.

Personal data and processing of personal data

A personal data is an information that comes from an identified or identifiable living natural person. Examples of personal data are names, identification numbers, addresses, online identifiers (eg IP address) and factors specific to the physical person's physical, physiological, genetic, psychological, economic, cultural or social identity. Processing of personal data includes everything that has to do with a personal data, such as reading, deleting, changing and storing. This includes, for example, the collection, registration, dissemination, deletion or disclosure of personal data.

Personal data manager

The person responsible for personal data is the one who decides the purpose and how the personal data is to be processed. Orthopedia Sweden AB, org. number 559179 - 3004, Vanadisvägen 13, 113 46 Stockholm, is responsible for personal data unless otherwise stated.

Handling of your personal data

We only collect personal data that has an express purpose and try to minimize the amount of personal data we collect about you. See more about the specific storage periods for each purpose. We never store personal data longer than is necessary for each purpose or longer than applicable law permits.

Processing of your personal data

We store your information on our own servers or third parties where we demand the highest security.

We always strive to process your personal data in Sweden and the EU / EEA area. In the event that your personal data is transferred to third parties or outside the EU / EEA, we ensure that appropriate measures are in place to preserve the privacy of the personal data and to ensure that it is processed in accordance with applicable laws.

Sharing your personal information

Your personal data is only shared with the personal data assistants when it is in line with an explicit purpose for collecting the personal data. A Personal Data Assistant is a party that processes your personal information on our behalf and in accordance with our instructions. We check all personal data assistants to ensure that they can provide adequate guarantees regarding security and privacy of personal data. We have written agreements with all personal data assistants through which they guarantee the security of the personal data processed and undertake to comply with our security requirements as well as restrictions and requirements regarding international transfer of personal data. Therefore, your personal data may sometimes be shared with personal data assistants to fulfill the commitments we have made to you, for example, your health information may be stored in a medical record system managed by an external supplier.

Sometimes your personal data can be shared with a company with whom we have shared personal data responsibility with regards to that company's privacy policy and data handling when handling your personal data. We also share your personal data with certain parties with whom we share personal data responsibility.

Examples of such parties are:

- Some health care units, laboratories or insurance companies.

- Government agencies such as the tax authorities or other authorities, if we are required to do so by law.

- Companies that offer payment solutions, such as banks and other payment service providers.

Your rights as registered

If you as a patient are interested in what personal information is available about you, please contact us. We are always open and transparent about how we process your personal data and if you want to get a deeper insight into what personal data we process about you, you can request a so-called register extract. Please note that if we receive an access request, we may ask for additional information to ensure the efficient handling of your request and that the information is provided to the right person.

You can request to have your personal data corrected if the information is incorrect, so-called. right to correction. You also have the right to supplement any incomplete personal data within the scope of the stated purpose.

You may also, in some cases, request the deletion of personal data we process:

- You object to treatment for direct marketing purposes.

- You object to a balance of interest we have made based on legitimate interest and your reason for objection weighs heavier than our legitimate interest.

- The data is no longer necessary for the purposes for which it has been collected or processed.

Please note that we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal information, such as the obligation to store records for 10 years under the Patient Data Act (PDL).

Protection of your personal data

Only those persons who actually need to process your personal data in order for us to fulfill our stated purposes have access to your personal data. Furthermore, we use IT systems to protect the confidentiality, integrity and access to personal data, and take security measures to protect your personal data against illegal or unauthorized use.

Register excerpts

For information on how we process personal data for patients, job seekers and former employees, please see below. We are always open and transparent with how we process your personal data.

If you are interested in accessing journal extracts, please contact us.

If you are interested in other information we may have about you, please print out and fill out the register extract form below. Then submit the completed form at the reception with us, Drottningholmsvägen 5, Stockholm

Your registration statement will then be shared with you in person at the reception desk upon presentation of the ID. A message is sent to your email address when the registry snippet is ready for collection. If you prefer to access your register extract with the recommended letter, you can fill it out in the form, but you must enter your home address.

Our customers who are not patients

If you represent one of our clients who is not a patient, we will process your information to the extent necessary to enable us to perform the service for which you have hired us, such as other consulting services such as lecture. It is the agreement between us that is the legal basis for the processing of your personal data in these cases. Once the service is performed, we will also continue to process your personal data because we have a legitimate interest to follow up and further develop our business relationship. We may also need to save your personal information in order to comply with legal requirements, such as the Accounting Act, then the legal basis is a legal obligation. We will not store your information for longer than is necessary for these purposes and deletion of personal data will be erased without delay when it is discovered. If for any reason you do not wish to have continued contact with us on behalf of your company, we will also delete your personal data to the extent possible.

The personal data processed are:

  • Name,
  • Email,
  • Company adress,
  • Telephone number,
  • organization number,
  • Title,

Potential customers

We may have contacted you to offer you the opportunity to collaborate with us when it comes time for your company to further train orthopedic staff. The processing we then make of your personal data is based on our legitimate interest in establishing a business relationship with your company. Your personal data will be saved for three years before being deleted if we have not started a business relationship. If you decline to continue contact, your information will not be used to contact you, however, we will save your information with a note that we will not contact you for a year or longer depending on your wishes.

These are the personal data that we process:

  • Name
  • Email
  • Company adress,
  • organization number,
  • Telephone number,
  • Title,

Providers

If you are a contact person at one of our suppliers, we will process your contact details to the extent required within our contractual relationship. The legal basis for that treatment is agreement. We will also need to process your personal information in order to comply with legal requirements, such as the Accounting Act. The legal basis then becomes a legal obligation for that treatment. We do not store your personal data any longer than is necessary for these purposes.

The following personal data is processed:

  • Name
  • Email
  • Telephone number,
  • Company adress,
  • organization number (social security number if you have chosen the individual company form)

The personal data we handle with purpose

Personal data management in care

Below you will find the categories of personal data that we may collect and save as a patient with us. We describe how we process your personal data, for what purpose, with what legal basis and for how long they are stored.

Purpose

Treatments performed

Categories of personal data

Journaling

o Personal data / health data is entered in the journal in connection with contact with the patient

o Possible collection of relatives' personal data

o Journal excerpt

o Scanning health data from, for example, other health care providers into medical records

Name
Personal identity number
Health data
Contact information patient, family member and proxy for relatives to represent you

Legal basis: Legal obligation under the Patient Data Act (PDL). Consent in some cases.

Storage period: Journal should be kept at least 10 years after your last visit in accordance with the Patient Data Act (PDL).

Purpose

Treatments performed

Categories of personal data

Collection of physiological data and images in different systems.

o Personal data / health data is entered in the journal in connection with contact with the patient

o Health data must be kept for at least 10 years after your last visit

Name
Personal identity number
Health data

Legal basis: Legal obligation under the Patient Data Act (PDL).

Storage period: Health data must be kept at least 10 years after your last visit in accordance with the Patient Data Act (PDL).

Purpose

Treatments performed

Categories of personal data

Communication with patient / other health care providers / pharmacies / county councils / The Swedish Social Insurance Office / sampling, or laboratory analysis of samples.

o Personal data is stored in journal

o Personal data is shared with other care providers by letter or internally in the medical record system. If personal information is not sensitive, e-mail can also be used.

o Communication with patient through 1177, telephone, letter or visit

o Registration of a patient in the county council system (health care)

o Documentation of newly listed patient information (health care)

o Issue of medical opinion on health status, medical certificate, care of relatives of the Social Insurance Office

o Journal excerpt to the Swedish Social Insurance Agency, county councils and insurance companies

o Issue of prescriptions on the intended form or electronically via the journal system

Name
Personal identity number
Health data
Contact information patient, family member and proxy for relatives to represent you

Legal basis: Journal information is only shared with your consent or exceptionally with the support of special legislation.

Storage Period: Mail is deleted immediately after it is sent or received. Ordinary mail is destroyed after health data is entered in the journal. Records are kept for at least 10 years according to the Patient Data Act

(PDL).

Purpose

Treatments performed

Categories of personal data

Visitors to hospitalized patients

o Person is registered at the time of visit

o Personal data collected is stored in a booking system

o Old visits are deleted in the booking system when they have fulfilled their purpose

Name
Personal identity number
Cause of visit (health data)
Contact details

Legal basis: Balance of interests

Legal basis: Interest in Storage period: The data is deleted as soon as they no longer serve the purpose, proposed after the visit is completed.

Purpose

Treatments performed

Categories of personal data

Camera surveillance to ensure the safety of the patient, the employee and the reception

Camera surveillance to ensure the patient's, ano Video recording inside the reception where visiting patient will be seen and the security of the reception

o Video recording is stored

o Operations manager at the reception can review the video recording in case of suspected intrusion or theft

Moving image of person

Legal basis: Balance of interests in accordance with both the GDPR and the Camera Surveillance Act. Allowed in cases where the security of the patient, the employee and the reception increases significantly with the help of camera surveillance.

Storage period: Video recording is erased as soon as the purpose of the video recording has been met.

Purpose

Treatments performed

Categories of personal data

Complaints

o Receiving and handling complaints locally or centrally

o Basis for quality improvement measures

o Sharing of records with IVO on request

o Delno Registration to IVO according to Lex Maria after event analysis of journals with IVO on request

Name
Health data
Healthcare providers

Legal basis: Legal obligation in accordance with the Patient Safety Act PSL.

Storage period: 10 years in accordance with the patient injury insurance.

Purpose

Treatments performed

Categories of personal data

Payment processing and administration for the Insurance Agency, insurance companies and high cost protection

o Registration of payment for care in medical records

o Sharing information on payment with the Social Insurance Office

o Sharing information on payment for administration of high-cost protection

o Communication with county council prepayment

for young adults

Name
Personal identity number
Bank account number
Plusgiro
(Personal identity number)

Legal basis: Obligation under the Patient Safety Act (PSL).

Storage period: Accounting information is archived for up to eight years in accordance with the Accounting Act.

Purpose

Treatments performed

Categories of personal data

Research

o Journal data is used as a basis for research

o Journal data is transferred to the quality register

Health data

Legal basis: Consent from the patient.

Storage period: As long as the patient consents to use.

Purpose

Treatments performed

Categories of personal data

Insurance - Claims notification and regulation

Personal data / health data is collected from:

· Physician / healthcare facility

· General insurance fund

· Other authorities

· Other insurance companies

· Employers

Name
Personal identity number
Health data
Patient contact information, relatives
Salary information and sick leave

Legal basis: The treatment is necessary to fulfill insurance contract with the registered person. Consent in some cases.

Storage period: Your personal data is only stored for as long as is required for us to be able to administer the claim notification and to settle the damage, or as long as we have to store them according to law. They are then deleted in accordance with ABC Orthopedics (Insurance) thinning routines.

Below you will find the categories of personal data that we may collect and save upon termination of employment. How we process your personal data, for what purpose, with what legal basis and for how long they are stored.

Purpose

Treatments performed

Categories of personal data

Termination of employment. Depending on the reason for the termination of employment (self-dismissal or dismissal), the dismissal process initially differs.

o Trade union negotiations

o Formal evidence justifying reasons for termination of employment will be produced and saved after signature

o The agreed end date is communicated

Name
Personal identity number
Telephone number
E-mail
Address
Reasons for dismissal
Union affiliation
Employment information

Legal basis: Legal obligation.

Lagringsperiod: Information sparas under obestämd tid utifall den anställde återvänder i enlighet med LAS paragraf 11.

Purpose

Treatments performed

Categories of personal data

Benefits / final salary upon termination of employment

o The agreed final salary is communicated

o Communication about possible right to personal advice from the TRR Safety Council and compensation (officials)

o

Name
Personal identity number
E-mail
Salary
Employment information
Holiday Regulation
Company car
Other remuneration

Legal basis: Legal obligation to comply with collective agreements, employment agreements and holiday teams.

Storage period: Information is stored for an indefinite period in order to verify the information reported to pension companies.

Purpose

Treatments performed

Categories of personal data

Company transition

o Transfer of personal data in accordance with LAS 6 B.

Name
Personal identity number
Telephone number
E-mail 
Address
Salary 
vacation days
Company car
health information
Employment information

Legal basis: Legal obligation in accordance with LAS 6B.

Purpose

Treatments performed

Categories of personal data

Employment certificate / employer certificate

o Information about the duration, salary, working hours of the employment

Name
Personal identity number
E-mail 
Salary
The duration of employment
position
Presence/absence

Legal basis: Legal obligation in accordance with LAS.

Retention period: After five years after termination of employment, a subset of personal data is moved to another database. There, personal data is stored for an indefinite period so that service certificates can be issued.

Purpose

Treatments performed

Categories of personal data

Death

o Communication with relatives if it has occurred on the way to, from or at the workplace

o Communication with insurers for life insurance

o Confirmed data from public records trigger triggering of deaths

o Death investigation is initiated to investigate pension payments from

ABC should happen and to whom

Name
Personal identity number 
National registration Addresses
Relatives contact information
Dödsbo contact information

Legal basis: Legal obligation to comply with collective agreements.

Storage period: It is stored forever to be able to prove payment and supporting documents for this.

Purpose

Treatments performed

Categories of personal data

Pensionsutbetalning

o Determination of the payment plan in accordance with the length and salary of the employment

o Payment of pension every month

Name
Personal identity number
E-mail
Salary
Duration of employment
position
Presence/absence
Type of employment

Legal basis: Legal obligation and in some cases to execute agreements with the data subject.

Storage period: Personal data is stored indefinitely to show that the organization has fulfilled its commitment.

Personal data handling during recruitment

Below are the categories of personal data that we may collect and save during our recruitment process. How we process your personal data, for what purpose, with what legal basis and for how long they are stored.

Purpose

Treatments performed

Categories of personal data

Resume management / Personal letter

o Collection from candidates for recruitment

o Storage during the recruitment process

o Sharing between recruiters, managers and any prospective colleagues

o Deletion after completed recruitment process

o Searching candidates on LinkedIn

o Storage of CVs for future recruitment processes upon consent

o Handling of spontaneous applications

Name
Personal identity number
Contact details
Address
health information
Interest
Expertise
Past experience
References

Legal basis: Consent from the person seeking a service. Consent is required to save CV for any new recruitment processes. Legal obligation to save documentation for 2 years in order to show that selection of final candidate is handled in a legal manner.

Retention period: CV is saved for recruitment purposes until the recruitment process is over and upon consent it is stored for up to one year for possible matching with other roles. Legal obligation to save documentation for 2 years in order to show that selection of final candidate is handled in a legal manner.

Purpose

Treatments performed

Categories of personal data

Reference Management

o Collection of references to ensure the candidate's competence

o Storage during the recruitment process

o Deletion after completed recruitment process

o Collection of information about the candidate from references

Third Party Information (Name, Contact Information, Position)
Information about personality and performance
Health data 
Earlier
Employment information

Legal basis: Justified interest. Regarding documentation from references, the legal obligation is to save documentation for 2 years in order to show that selection of the final candidate is handled in a legal manner.

Retention period: Personal data is saved until the recruitment process is over. Legal obligation to save documentation for 2 years in order to show that selection of final candidate is handled in a legal manner.

Purpose

Treatments performed

Categories of personal data

Collection of personal information during interview

o Keeping interview notes

o Storing personal data from interview

o Sharing between recruiters, managers and any prospective colleagues

o Deletion of personal data from interview

Information about personality and performance 
Private information Third party information
Past experience
Health data

Legal basis: Consent from the person seeking a service.

Retention period: The personal data is stored until the recruitment process is over and upon consent is stored for up to one year for possible matching with other roles.

Purpose

Treatments performed

Categories of personal data

Background checks

o Request for background check is ordered via portal where name, social security number, CV and intended position are stated

o Determined judgments are obtained from all of Sweden's district courts

o Information on debts is obtained from the petitioner

o Information about exposure on the Internet is obtained, mainly on social media

Name
Personal identity number
Resume 
National registration
Tax information
Payment notes
Automotive holdings
Civil cases
Details of possible crimes committed
Credit information
Exposure
Social media

Legal basis: Consent from the person seeking a service. The consent form is saved during the recruitment process, then discarded.

Storage period: Automatic thinning of all information on the platform within 96 hours.

Purpose

Treatments performed

Categories of personal data

Selection tests

o Discloses personal data to test providers

o Overall assessment is obtained via a protected platform

o Storing results for 2 years

Name
Email
Information about personality and performance

Legal basis: Consent from the person seeking a service.

Storage period: Legal obligation to save documentation for 2 years in order to show that selection of final candidate is handled in a legal manner.

Contact us with questions about data protection.

info@abcortopedi.se

Privacy policy

For us at ABC Orthopedics (Orthopedia Sweden AB) care is personal and we are very keen that you feel safe with our handling of your personal data, no matter what role you come in contact with us. The protection of natural persons in the processing of personal data is a fundamental right. In this document, we explain how we protect your personal information.

We have extensive experience in responsible handling of personal data and sensitive information in accordance with the requirements imposed by the Patient Data Act (PDL) and other laws. We protect your privacy and strive to ensure that personal data is always handled in the best possible way and in accordance with applicable data protection regulations. In order to make it easier for you to understand how we process your personal data, we have divided the information about the management into different sections. You can choose to read only the specific information about your role in relation to us and the general section on rights. If you have any questions after reading the information, please feel free to contact us at info@abcortopedi.se. info@abcortopedi.se.

Personal data and processing of personal data

A personal data is an information that comes from an identified or identifiable living natural person. Examples of personal data are names, identification numbers, addresses, online identifiers (eg IP address) and factors specific to the physical person's physical, physiological, genetic, psychological, economic, cultural or social identity. Processing of personal data includes everything that has to do with a personal data, such as reading, deleting, changing and storing. This includes, for example, the collection, registration, dissemination, deletion or disclosure of personal data.

Personal data manager

The person responsible for personal data is the one who decides the purpose and how the personal data is to be processed. Orthopedia Sweden AB, org. number 559179 - 3004, Vanadisvägen 13, 113 46 Stockholm, is responsible for personal data unless otherwise stated.

Handling of your personal data

We only collect personal data that has an express purpose and try to minimize the amount of personal data we collect about you. See more about the specific storage periods for each purpose. We never store personal data longer than is necessary for each purpose or longer than applicable law permits.

Processing of your personal data

We store your information on our own servers or third parties where we demand the highest security.

We always strive to process your personal data in Sweden and the EU / EEA area. In the event that your personal data is transferred to third parties or outside the EU / EEA, we ensure that appropriate measures are in place to preserve the privacy of the personal data and to ensure that it is processed in accordance with applicable laws.

Sharing your personal information

Your personal data is only shared with the personal data assistants when it is in line with an explicit purpose for collecting the personal data. A Personal Data Assistant is a party that processes your personal information on our behalf and in accordance with our instructions. We check all personal data assistants to ensure that they can provide adequate guarantees regarding security and privacy of personal data. We have written agreements with all personal data assistants through which they guarantee the security of the personal data processed and undertake to comply with our security requirements as well as restrictions and requirements regarding international transfer of personal data. Therefore, your personal data may sometimes be shared with personal data assistants to fulfill the commitments we have made to you, for example, your health information may be stored in a medical record system managed by an external supplier.

Sometimes your personal data can be shared with a company with whom we have shared personal data responsibility with regards to that company's privacy policy and data handling when handling your personal data. We also share your personal data with certain parties with whom we share personal data responsibility.

Examples of such parties are:

- Some health care units, laboratories or insurance companies.

- Government agencies such as the tax authorities or other authorities, if we are required to do so by law.

- Companies that offer payment solutions, such as banks and other payment service providers.

Your rights as registered

If you as a patient are interested in what personal information is available about you, please contact us. We are always open and transparent about how we process your personal data and if you want to get a deeper insight into what personal data we process about you, you can request a so-called register extract. Please note that if we receive an access request, we may ask for additional information to ensure the efficient handling of your request and that the information is provided to the right person.

You can request to have your personal data corrected if the information is incorrect, so-called. right to correction. You also have the right to supplement any incomplete personal data within the scope of the stated purpose.

You may also, in some cases, request the deletion of personal data we process:

- You object to treatment for direct marketing purposes.

- You object to a balance of interest we have made based on legitimate interest and your reason for objection weighs heavier than our legitimate interest.

- The data is no longer necessary for the purposes for which it has been collected or processed.

Please note that we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal information, such as the obligation to store records for 10 years under the Patient Data Act (PDL).

Protection of your personal data

Only those persons who actually need to process your personal data in order for us to fulfill our stated purposes have access to your personal data. Furthermore, we use IT systems to protect the confidentiality, integrity and access to personal data, and take security measures to protect your personal data against illegal or unauthorized use.

Register excerpts

For information on how we process personal data for patients, job seekers and former employees, please see below. We are always open and transparent with how we process your personal data.

If you are interested in accessing journal extracts, please contact us.

If you are interested in other information we may have about you, please print out and fill out the register extract form below. Then submit the completed form at the reception with us, Drottningholmsvägen 5, Stockholm

Your registration statement will then be shared with you in person at the reception desk upon presentation of the ID. A message is sent to your email address when the registry snippet is ready for collection. If you prefer to access your register extract with the recommended letter, you can fill it out in the form, but you must enter your home address.

Our customers who are not patients

If you represent one of our clients who is not a patient, we will process your information to the extent necessary to enable us to perform the service for which you have hired us, such as other consulting services such as lecture. It is the agreement between us that is the legal basis for the processing of your personal data in these cases. Once the service is performed, we will also continue to process your personal data because we have a legitimate interest to follow up and further develop our business relationship. We may also need to save your personal information in order to comply with legal requirements, such as the Accounting Act, then the legal basis is a legal obligation. We will not store your information for longer than is necessary for these purposes and deletion of personal data will be erased without delay when it is discovered. If for any reason you do not wish to have continued contact with us on behalf of your company, we will also delete your personal data to the extent possible.

The personal data processed are:

  • Name,
  • Email,
  • Company adress,
  • Telephone number,
  • organization number,
  • Title,

Potential customers

We may have contacted you to offer you the opportunity to collaborate with us when it comes time for your company to further train orthopedic staff. The processing we then make of your personal data is based on our legitimate interest in establishing a business relationship with your company. Your personal data will be saved for three years before being deleted if we have not started a business relationship. If you decline to continue contact, your information will not be used to contact you, however, we will save your information with a note that we will not contact you for a year or longer depending on your wishes.

These are the personal data that we process:

  • Name
  • Email
  • Company adress,
  • organization number,
  • Telephone number,
  • Title,

Providers

If you are a contact person at one of our suppliers, we will process your contact details to the extent required within our contractual relationship. The legal basis for that treatment is agreement. We will also need to process your personal information in order to comply with legal requirements, such as the Accounting Act. The legal basis then becomes a legal obligation for that treatment. We do not store your personal data any longer than is necessary for these purposes.

The following personal data is processed:

  • Name
  • Email
  • Telephone number,
  • Company adress,
  • organization number (social security number if you have chosen the individual company form)

The personal data we handle with purpose

Personal data management in care

Below you will find the categories of personal data that we may collect and save as a patient with us. We describe how we process your personal data, for what purpose, with what legal basis and for how long they are stored.

Purpose

Treatments performed

Categories of personal data

Journaling

o Personal data / health data is entered in the journal in connection with contact with the patient

o Possible collection of relatives' personal data

o Journal excerpt

o Scanning health data from, for example, other health care providers into medical records

Name
Personal identity number
Health data
Contact information patient, family member and proxy for relatives to represent you

Legal basis: Legal obligation under the Patient Data Act (PDL). Consent in some cases.

Storage period: Journal should be kept at least 10 years after your last visit in accordance with the Patient Data Act (PDL).

Purpose

Treatments performed

Categories of personal data

Collection of physiological data and images in different systems.

o Personal data / health data is entered in the journal in connection with contact with the patient

o Health data must be kept for at least 10 years after your last visit

Name
Personal identity number
Health data

Legal basis: Legal obligation under the Patient Data Act (PDL).

Storage period: Health data must be kept at least 10 years after your last visit in accordance with the Patient Data Act (PDL).

Purpose

Treatments performed

Categories of personal data

Communication with patient / other health care providers / pharmacies / county councils / The Swedish Social Insurance Office / sampling, or laboratory analysis of samples.

o Personal data is stored in journal

o Personal data is shared with other care providers by letter or internally in the medical record system. If personal information is not sensitive, e-mail can also be used.

o Communication with patient through 1177, telephone, letter or visit

o Registration of a patient in the county council system (health care)

o Documentation of newly listed patient information (health care)

o Issue of medical opinion on health status, medical certificate, care of relatives of the Social Insurance Office

o Journal excerpt to the Swedish Social Insurance Agency, county councils and insurance companies

o Issue of prescriptions on the intended form or electronically via the journal system

Name
Personal identity number
Health data
Contact information patient, family member and proxy for relatives to represent you

Legal basis: Journal information is only shared with your consent or exceptionally with the support of special legislation.

Storage Period: Mail is deleted immediately after it is sent or received. Ordinary mail is destroyed after health data is entered in the journal. Records are kept for at least 10 years according to the Patient Data Act

(PDL).

Purpose

Treatments performed

Categories of personal data

Visitors to hospitalized patients

o Person is registered at the time of visit

o Personal data collected is stored in a booking system

o Old visits are deleted in the booking system when they have fulfilled their purpose

Name
Personal identity number
Cause of visit (health data)
Contact details

Legal basis: Balance of interests

Legal basis: Interest in Storage period: The data is deleted as soon as they no longer serve the purpose, proposed after the visit is completed.

Purpose

Treatments performed

Categories of personal data

Camera surveillance to ensure the safety of the patient, the employee and the reception

Camera surveillance to ensure the patient's, ano Video recording inside the reception where visiting patient will be seen and the security of the reception

o Video recording is stored

o Operations manager at the reception can review the video recording in case of suspected intrusion or theft

Moving image of person

Legal basis: Balance of interests in accordance with both the GDPR and the Camera Surveillance Act. Allowed in cases where the security of the patient, the employee and the reception increases significantly with the help of camera surveillance.

Storage period: Video recording is erased as soon as the purpose of the video recording has been met.

Purpose

Treatments performed

Categories of personal data

Complaints

o Receiving and handling complaints locally or centrally

o Basis for quality improvement measures

o Sharing of records with IVO on request

o Delno Registration to IVO according to Lex Maria after event analysis of journals with IVO on request

Name
Health data
Healthcare providers

Legal basis: Legal obligation in accordance with the Patient Safety Act PSL.

Storage period: 10 years in accordance with the patient injury insurance.

Purpose

Treatments performed

Categories of personal data

Payment processing and administration for the Insurance Agency, insurance companies and high cost protection

o Registration of payment for care in medical records

o Sharing information on payment with the Social Insurance Office

o Sharing information on payment for administration of high-cost protection

o Communication with county council prepayment

for young adults

Name
Personal identity number
Bank account number
Plusgiro
(Personal identity number)

Legal basis: Obligation under the Patient Safety Act (PSL).

Storage period: Accounting information is archived for up to eight years in accordance with the Accounting Act.

Purpose

Treatments performed

Categories of personal data

Research

o Journal data is used as a basis for research

o Journal data is transferred to the quality register

Health data

Legal basis: Consent from the patient.

Storage period: As long as the patient consents to use.

Purpose

Treatments performed

Categories of personal data

Insurance - Claims notification and regulation

Personal data / health data is collected from:

· Physician / healthcare facility

· General insurance fund

· Other authorities

· Other insurance companies

· Employers

Name
Personal identity number
Health data
Patient contact information, relatives
Salary information and sick leave

Legal basis: The treatment is necessary to fulfill insurance contract with the registered person. Consent in some cases.

Storage period: Your personal data is only stored for as long as is required for us to be able to administer the claim notification and to settle the damage, or as long as we have to store them according to law. They are then deleted in accordance with ABC Orthopedics (Insurance) thinning routines.

Below you will find the categories of personal data that we may collect and save upon termination of employment. How we process your personal data, for what purpose, with what legal basis and for how long they are stored.

Purpose

Treatments performed

Categories of personal data

Termination of employment. Depending on the reason for the termination of employment (self-dismissal or dismissal), the dismissal process initially differs.

o Trade union negotiations

o Formal evidence justifying reasons for termination of employment will be produced and saved after signature

o The agreed end date is communicated

Name
Personal identity number
Telephone number
E-mail
Address
Reasons for dismissal
Union affiliation
Employment information

Legal basis: Legal obligation.

Lagringsperiod: Information sparas under obestämd tid utifall den anställde återvänder i enlighet med LAS paragraf 11.

Purpose

Treatments performed

Categories of personal data

Benefits / final salary upon termination of employment

o The agreed final salary is communicated

o Communication about possible right to personal advice from the TRR Safety Council and compensation (officials)

o

Name
Personal identity number
E-mail
Salary
Employment information
Holiday Regulation
Company car
Other remuneration

Legal basis: Legal obligation to comply with collective agreements, employment agreements and holiday teams.

Storage period: Information is stored for an indefinite period in order to verify the information reported to pension companies.

Purpose

Treatments performed

Categories of personal data

Company transition

o Transfer of personal data in accordance with LAS 6 B.

Name
Personal identity number
Telephone number
E-mail 
Address
Salary 
vacation days
Company car
health information
Employment information

Legal basis: Legal obligation in accordance with LAS 6B.

Purpose

Treatments performed

Categories of personal data

Employment certificate / employer certificate

o Information about the duration, salary, working hours of the employment

Name
Personal identity number
E-mail 
Salary
The duration of employment
position
Presence/absence

Legal basis: Legal obligation in accordance with LAS.

Retention period: After five years after termination of employment, a subset of personal data is moved to another database. There, personal data is stored for an indefinite period so that service certificates can be issued.

Purpose

Treatments performed

Categories of personal data

Death

o Communication with relatives if it has occurred on the way to, from or at the workplace

o Communication with insurers for life insurance

o Confirmed data from public records trigger triggering of deaths

o Death investigation is initiated to investigate pension payments from

ABC should happen and to whom

Name
Personal identity number 
National registration Addresses
Relatives contact information
Dödsbo contact information

Legal basis: Legal obligation to comply with collective agreements.

Storage period: It is stored forever to be able to prove payment and supporting documents for this.

Purpose

Treatments performed

Categories of personal data

Pensionsutbetalning

o Determination of the payment plan in accordance with the length and salary of the employment

o Payment of pension every month

Name
Personal identity number
E-mail
Salary
Duration of employment
position
Presence/absence
Type of employment

Legal basis: Legal obligation and in some cases to execute agreements with the data subject.

Storage period: Personal data is stored indefinitely to show that the organization has fulfilled its commitment.

Personal data handling during recruitment

Below are the categories of personal data that we may collect and save during our recruitment process. How we process your personal data, for what purpose, with what legal basis and for how long they are stored.

Purpose

Treatments performed

Categories of personal data

Resume management / Personal letter

o Collection from candidates for recruitment

o Storage during the recruitment process

o Sharing between recruiters, managers and any prospective colleagues

o Deletion after completed recruitment process

o Searching candidates on LinkedIn

o Storage of CVs for future recruitment processes upon consent

o Handling of spontaneous applications

Name
Personal identity number
Contact details
Address
health information
Interest
Expertise
Past experience
References

Legal basis: Consent from the person seeking a service. Consent is required to save CV for any new recruitment processes. Legal obligation to save documentation for 2 years in order to show that selection of final candidate is handled in a legal manner.

Retention period: CV is saved for recruitment purposes until the recruitment process is over and upon consent it is stored for up to one year for possible matching with other roles. Legal obligation to save documentation for 2 years in order to show that selection of final candidate is handled in a legal manner.

Purpose

Treatments performed

Categories of personal data

Reference Management

o Collection of references to ensure the candidate's competence

o Storage during the recruitment process

o Deletion after completed recruitment process

o Collection of information about the candidate from references

Third Party Information (Name, Contact Information, Position)
Information about personality and performance
Health data 
Earlier
Employment information

Legal basis: Justified interest. Regarding documentation from references, the legal obligation is to save documentation for 2 years in order to show that selection of the final candidate is handled in a legal manner.

Retention period: Personal data is saved until the recruitment process is over. Legal obligation to save documentation for 2 years in order to show that selection of final candidate is handled in a legal manner.

Purpose

Treatments performed

Categories of personal data

Collection of personal information during interview

o Keeping interview notes

o Storing personal data from interview

o Sharing between recruiters, managers and any prospective colleagues

o Deletion of personal data from interview

Information about personality and performance 
Private information Third party information
Past experience
Health data

Legal basis: Consent from the person seeking a service.

Retention period: The personal data is stored until the recruitment process is over and upon consent is stored for up to one year for possible matching with other roles.

Purpose

Treatments performed

Categories of personal data

Background checks

o Request for background check is ordered via portal where name, social security number, CV and intended position are stated

o Determined judgments are obtained from all of Sweden's district courts

o Information on debts is obtained from the petitioner

o Information about exposure on the Internet is obtained, mainly on social media

Name
Personal identity number
Resume 
National registration
Tax information
Payment notes
Automotive holdings
Civil cases
Details of possible crimes committed
Credit information
Exposure
Social media

Legal basis: Consent from the person seeking a service. The consent form is saved during the recruitment process, then discarded.

Storage period: Automatic thinning of all information on the platform within 96 hours.

Purpose

Treatments performed

Categories of personal data

Selection tests

o Discloses personal data to test providers

o Overall assessment is obtained via a protected platform

o Storing results for 2 years

Name
Email
Information about personality and performance

Legal basis: Consent from the person seeking a service.

Storage period: Legal obligation to save documentation for 2 years in order to show that selection of final candidate is handled in a legal manner.

Contact us with questions about data protection.

info@abcortopedi.se