Privacy policy

General

Sibyllekliniken, as your healthcare provider, is responsible for your care and therefore also for the processing of your personal data.

Your personal integrity is important to us and we want you to feel safe when we process your personal data. This Privacy Policy explains how we, as the data controller, ensure that your personal data is always processed in compliance with applicable legislation.

 

Material Scope

This Privacy Policy applies to all processing of personal data within the framework of our activities in relation to you as a visitor and care recipient.

 

Collected personal data

We only collect personal data about you which is necessary to fulfil the specified purposes of the processing. We collect the following personal data:

• Contact information, such as name, personal identity number, address, and email address
• Health-related information

We also process sensitive personal data when it is necessary to give you appropriate and safe healthcare. In certain circumstances we will also process the personal data of immediate family members that you or the family member has provided us with.

 

Our use of your personal data

We store personal data about you in medical records when you seek healthcare. We must do this to provide you with appropriate and safe healthcare.

We process your personal data in the context of health services and medical care for the following purposes:

• Keep medical records and other documentation necessary for your healthcare
• Processing of personal data to provide you with healthcare services
• Administration to provide you with correct healthcare
• Communicate with you efficiently
• To establish, exercise and defend legal claims
• To comply with legal obligations
• Development and quality control of the healthcare
• Planning, evaluation, and business follow-up
• Establishing statistics of the results of the healthcare services.

We do not use your personal data for any other incompatible purposes and only store them as long as necessary.

The processing of your personal data to fulfil these purposes are regulated in i.a. the Patient Data Act (Sv. patientdatalagen (2008:355)) and the General Data Protection Regulation (Sv. allmänna dataskyddsförordningen (EU) 2016/679).

 

Sharing your personal data

Sibyllekliniken uses data processors to process personal data on our behalf for the purposes your personal data is collected as specified above. Other healthcare providers may gain right to access your medical records through the shared medical records (Sv. sammanhållen journalföring). Sibyllekliniken might also be legally obligated to provide information about you to third parties. For more information about the shared medical records and the obligation to disclose information, please read the complete Privacy Policy.

Your rights

You have the right to receive information regarding which personal data we are processing about you, for which purposes we process your personal data as well as right to some control over your personal data. In certain circumstances you have the right to have inaccurate personal data rectified, erased, blocked, or moved unless such right is limited by the applicable legislation. You also have the right to object to certain types of processing of your personal data as well as to withdraw your consent for processing.

If you think we use your personal data in an illicit manner you always have the right to lodge a complaint with the competent supervisory authority, which in Sweden is The Swedish Authority for Privacy Protection (IMY). If you want to know more about your rights, please refer to the complete Privacy Policy.

 

Contact information

If you have any questions regarding this Privacy Policy, our use of your personal data or if you want to exercise your rights, you can contact us in the following ways:

Läkarhuset Sibyllegatan AB, CRN 556437–5706

Data Protection Officer: Helena Jonsson

Address: Sibyllekliniken, Karlavägen 56, 114 49 Stockholm

Visiting address: Sibyllekliniken, Karlavägen 56, 114 49 Stockholm

E-post: info (at) sibyllekliniken.se

Phone: 0774-440304

Web page: http://sibyllekliniken.se

CONTENT

1. GENERAL
2. DATA CONTROLLER AND DATA PROTECTION OFFICER
3. CONFIDENTIALITY AND SAFETY
4. OUR USE OF YOUR PERSONAL DATA
5. COLLECTION OF YOUR PERSONAL DATA
6. RETENTION OF PERSONAL DATA
7. WITH WHOM DO WE SHARE YOUR PERSONAL DATA
8. WHERE DO WE USE YOUR PERSONAL DATA?
9. YOUR RIGHTS
10. WE PROTECT YOUR PERSONAL DATA
11. NATIONAL QUALITY REGISTER
12. SEARCH TERMS
13. COOKIES
14. AMENDMENTS TO THE PRIVACY POLICY
15. CONTACT INFORMATION

COMPLETE PRIVACY POLICY

1. GENERAL

1.1 Läkarhuset Sibyllegatan AB, CRN 556437-5706 (”Sibyllekliniken”) respects and protects your personal integrity. We want you to feel safe when we process your personal data. This Privacy Policy explains how we ensure that your personal data is handled in compliance with applicable legislation and applies to all of our processing of personal data.

1.2 To be able to provide you with our services we have to use your personal data. This Privacy Policy applies to you as a recipient of healthcare at Sibyllekliniken.

2. DATA CONTROLLER AND DATA PROTECTION OFFICER

2.1 Sibyllekliniken is the data controller for the processing of your personal data and is responsible for ensuring that the processing is carried out in accordance with applicable legislation. You will find our contact details at the end of this Privacy Policy.

2.2 We have appointed Helena Jonsson as our data protection officer (“Data Protection Officer”). The Data Protection Officer has inter alia, the responsibility for monitoring that our use of personal data is in compliance with the applicable legislation.

3. CONFIDENTIALITY AND SAFETY

3.3 We may only disclose your personal data if neither you nor an immediate family member is harmed by such disclosure. Principally, the disclosure of your information may only take place with your consent. In certain situations, however, we have a legal obligation to provide information to regional or state authorities.

3.4 Confidentiality and professional secrecy apply to medical records. Unauthorized persons are prevented from gaining access to your personal data through various security measures, for example by restricting access to patient data.

4. OUR USE OF YOUR PERSONAL DATA

We use your personal data for the following purposes:

• Keep medical records and other documentation necessary for your healthcare
• Processing of personal data to provide you with healthcare services
• Administration to provide you with correct healthcare
• Communicate with you efficiently
• To establish, exercise and defend legal claims
• To comply with legal obligations
• Development and quality control of the healthcare
• Planning, evaluation, and business follow-up
• Establishing statistics of the results of the health services.

In the tables below you will be provided with more information about why we use your personal data, what personal data we store and how long we store your personal data.

PURPOSES

• Keep medical records and other documentation necessary for your healthcare
• Processing of personal data to provide you with healthcare services
• Administration to provide you with correct healthcare
• Communicate with you efficiently
• To establish, exercise and defend legal claims
• To comply with legal obligations
• Development and quality control of the healthcare
• Planning, evaluation, and business follow-up
• Establishing statistics of the results of the health services

Keep medical records and other documentation necessary for your healthcare

What we do:

We keep medical records and other documentation necessary to provide you with healthcare.

Categories of personal data:

Contact information such as name, address, personal identification number and email.

Health related information such as diagnosis and planned treatment.

Legal basis:

Legal obligation.

The processing is necessary to fulfil legal obligation which follows from the Patient Data Act.

Retention period:

We process your personal data for as long as it is necessary to be able to provide good care and to fulfil the legal obligations incumbent on us.

Patient records are stored for 10 years after the last information was entered.

After the end of the storage period, the documentation will be deleted or anonymised so that they can no longer be connected to you.

 

Processing of personal data to provide you with healthcare services

What we do:

We process your contact information as well as health related information to be able to provide medical advice, prescribe medication as well as to issue medical certificates and referrals.

Categories of personal data:

Contact information such as name, address, personal identification number and email.

Health related information such as diagnosis and planned treatment.

Legal basis:

Legal obligation.

The treatment is necessary to provide the care you requested.

Retention period:

We process your personal data for as long as it is necessary to be able to provide good care and to fulfil the legal obligations incumbent on us.

Patient records are stored for 10 years after the last information was entered.

After the end of the storage period, the documentation will be deleted or anonymised so that they can no longer be connected to you.

 

Administration to provide you with correct healthcare

What we do:

We process your contact information to be able to perform necessary administration such as handling payments and listing in the context of the healthcare services.

Categories of personal data:

Contact information such as name, address, personal identification number and email.

Legal basis:

Performance of a contract

The processing is necessary in order to provide you with the desired care according to your choice of care.

Retention period:

We process your personal data while you are a recipient of healthcare at Sibyllekliniken.

Communicate with you efficiently

What we do:

We process your personal data in order to be able to send you digital mailings.

Categories of personal data:

Contact information phone number and email.

Legal basis:

Consent.

Retention period:

If you withdraw your consent to digital mailings, we will cease processing for this purpose immediately.

To establish, exercise and defend legal claims

What we do:

In the event of a dispute, we have the right to use your information for the purpose of establishing, exercising, or defending the legal claim.

Categories of personal data:

All personal data we process about you in accordance with this privacy statement may be processed for this purpose, depending on the circumstances.

Legal basis:

We have the right to use your information on the basis of a balance of interests.

Retention period:

The information is stored throughout the care period and up to 12 months from the end of the care. The information may be stored longer if it is needed to establish, exercise or defend a legal claim.

To comply with legal obligations

What we do:

We process your personal data in order to fulfil our legal obligations, in accordance with requirements in legislation, judgments or government decisions.

Categories of personal data:

Contact information such as name, address, personal identification number and email.

Health related information such as diagnosis and planned treatment.

Legal basis:

Legal obligation.

The processing is necessary to fulfil legal obligation which follows from i.a. the Patient Data Act.

Retention period:

We store your personal information only as long as is necessary to fulfil the relevant legal obligation.

Development and quality control of the healthcare

What we do:

Sibyllekliniken might process your personal data in its quality development in order to continuously increase security, medical quality, efficiency and availability.

Categories of personal data:

All categories of personal data.

Legal basis:

Legitimate interest.

Processing is based on Sibylleklinikens legitimate interest in ensuring quality assurance and improving quality of the care.

Retention period:

We process your personal data while you are a care recipient at Sibyllekliniken.

Planning, evaluation, and business follow-up

What we do:

Sibyllekliniken might process your personal data within the framework of its planning, evaluation, and business follow-u

Categories of personal data:

All categories of personal data.

Legal basis:

Legitimate interest.

Processing is based on Sibylleklinikens legitimate interest of being able to efficiently plan, evaluate and follow up the business.

Retention period:

We process your personal data while you are a care recipient at Sibyllekliniken.

 

Establishing statistics of the result of the health services

What we do:

To follow up and improve care, we report information to national quality registers.

Categories of personal data:

Health related information such as results from tests and examinations, chosen treatments, etc.

Legal basis:

Public interest.

The processing takes place due to the public’s interest in being able to evaluate care and enable improvements.

Retention period:

The personal data is stored when the personal data is collected and sent to the responsible quality register. After the information has been sent, the information is erased at Sibyllekliniken.

 

5. COLLECTION OF PERSONAL DATA

The personal information we use about you is mainly provided by you. If you have approved shared medical records, we may also collect relevant personal information about you from another care provider.

6. RETENTION OF PERSONAL DATA

6.1 We only store your personal information for as long as it is needed for the purposes for which we collected the information in accordance with this Privacy Policy. When we no longer need your personal data, we will erase it from our systems and databases.

6.2 In the tables above under section 4, you can see for how long we store personal data about you for different the purposes.

7. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

7.1 Subcontractors

7.1.1 Sibyllekliniken may disclose your personal information to third parties, such as our subcontractors. In some cases, we may also need to disclose information at the request of authorities or to other parties within the framework of court or company acquisition proceedings or the like.

7.1.2 We will not sell your personal data to anyone.

7.2 Shared medical records

7.2.1 Other care providers may, under certain conditions, have direct access to each other’s electronic medical records, through the so called shared medical records. Through shared medical records, healthcare professionals can gain access to information in your medical records from other care providers that is important for diagnosis and care, such as previous test results, medication, diagnoses, and treatments. As a care recipient, you do not have to reproduce your entire care history when you seek care from a new care provider.

7.2.2 Only the care provider who has an ongoing patient relationship with you may access information about you in the shared medical records. When care staff of the new care provider that you meet want to read your information in your shared medical records, the staff must have the appropriate authorisation to access your medical records. The shared medical records may be read by the authorized staff only if you have given your consent.

7.2.3 You have the right to not give your consent to the use of shared medical records, in which case you must notify your responsible doctor.

7.3 Third parties

7.3.1 Insurance companies if you have given your consent or the insurance company has a legal right to access the information.

7.3.2 National Quality Register

7.3.3 Authority with a legal right to access the information

7.3.4 Sibyllekliniken may, due to a law or regulation, be obliged to disclose information to a recipient other than specified in this Privacy Policy.

 

8. WHERE DO WE USE YOUR PERSONAL DATA?

Sibyllekliniken processes your data only within the EU/EEA.

9. YOUR RIGHTS

9.1 Our responsibility for your rights

9.1.1 Sibyllekliniken is as data controller of your personal data responsible for ensuring that your personal data is used in accordance with applicable legislation and that you can exercise your rights. You can contact us at any time if you want to exercise your rights. You will find our contact information in the end of this Privacy Policy.

9.1.2 Sibyllekliniken is obliged to respond to your request to exercise your rights within one month of hearing from you. If your request is complicated or if we have received a large number of access requests, we have the right to extend the response period by another two months. If we believe that we are not able to comply with your request, we are obliged to notify you within one month of receiving your request about the reason for our rejection and inform you that you have the right to lodge a complaint with the competent supervisory authority.

9.1.3 All information, communication, and measures we carry out due to this policy are free of charge for you. If, on the other hand, what you request due to your rights is clearly unfounded or unreasonable, we have the right to charge an administrative fee to carry out the requested action or refuse to comply with your request.

9.2 Your right to access, correction, deletion, and restriction

9.2.1 You have the right to request the following from Sibyllekliniken

a) Access to your personal data. You have the right to request access to and receive information about what personal data we process about you. This includes information about who has gained access to your medical record and why (so-called log excerpt).

b) Rectification of your personal data. If information about you is incorrect, including information in your medical record, you should contact Sibyllekliniken with a request of rectification. Sibyllekliniken can in certain circumstances refuse such a rectification, in which case you can request a note in the medical record that you as a care recipient believe that the medical record contains incorrect or misleading information about you.

c) Erasure of your personal data. You can request that we delete information we process about you, such as contact information. In some cases, you can apply for your medical record to be erasure in whole or in part. Erasure requests are made at the Swedish Health and Care Inspectorate, IVO.

d) Restriction of processing. You have the right to request that we temporarily restrict the use of your personal data if:

(i) you believe that your information is incorrect, and you have requested correction, while we investigate the accuracy of the information,

(ii) the use is illegal, and you do not want the data deleted,

(iii) we as data controllers no longer need the personal data for our purposes of use but you need them to be able to establish, exercise or defend a legal claim, or

(iv) you have objected to use, waiting for control if our legitimate interests override your privacy rights.

e) Blocking medical record. You have the right to block your medical record or parts of it from other healthcare providers but in that case, you are responsible for informing the healthcare providers yourself about what they need to know in order to provide you with correct and safe care. The request for a block must be made via the care unit you have been in contact with either by telephone or by visit.

If you have chosen to block your record and want to unblock your medical record, we will help you do this. You must request cancellation of the blocked patient record yourself, this cannot be done by a representative or a person with a power of attorney. To unblock your medical record, you must visit your healthcare provider.

9.3 Your right to object to use

You have the right to object to processing of your personal data performed on the basis of a legitimate interest or of public interest (see section 4 above). If you object to such use, we will only continue to process the data if we have compelling legitimate reasons for continuing the processing which override your interests.

9.4 Your right to withdraw consent

For the processing where we use your consent as a legal basis (see section 4 above), you can revoke your consent at any time by contacting us. You will find our contact information at the bottom of this Privacy Policy.

9.5 Your right to data portability

You have the right to request a transfer of your personal data to another Data Controller by receiving your personal data, to the extent that the personal data has been provided by you, in an electronic format that is generally used to be able to transfer them to another party.

9.6 Your right to complain to the supervisory authority

You have the right to submit any complaints about our processing of your personal data to the Swedish Authority for Privacy Protection.

9.7 Your right to compensation for damages

If your personal data is processed in violation applicable legislation, you may be entitled to damages.

 

10. WE PROTECT YOUR PERSONAL DATA

10.1 You should always be able to feel safe when you submit your personal information to us. Sibyllekliniken has therefore taken appropriate security measures to protect your personal data against unauthorised access, alteration, and deletion. Such security measures are both of technical and organizational nature, including implemented authorization restrictions and regular internal controls.

10.2 If there are security incidents that may affect you or your personal data in a more significant way, e.g., when there is a risk of fraud or identity theft, we will contact you and tell you what you can do to reduce the risk.

11. NATIONAL QUALITY REGISTER

To follow up and improve care, we report information to national quality registers. For each quality register, there is a Data Controller in the central organization responsible for personal data. As a reporting care provider, we have direct access to the information we have reported to the quality registers. The organization responsible for the register can have access to your information. There is no requirement that you as a care recipient must consent to be registered, but as a care recipient you have the right to be informed about the registers. Then you can choose whether or not you want to participate. You have the right to have information about yourself erased from the registers at any time. In these cases, you should turn to the respective register.

12. SEARCH TERMS

Sibyllekliniken will, as your healthcare provider, in addition to your social security number use various so-called search terms to find and compile information. We may use information about your health as a search term. However, we may not search for information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and processing of genetic data, biometric data to uniquely identify a natural person, data on a natural person’s sexual life or sexual orientation or information about offenses.

13. COOKIES

Sibyllekliniken uses cookies on our website and in our services to improve your experience with us. We use cookies, inter alia, to simplify and adapt our web services. In our Terms and Conditions of use of the website, we explain in more detail how we use cookies and what choices you can make.

14. AMENDMENTS TO THIS PRIVACY POLICY

Sibyllekliniken has the right to change this Privacy Policy at any time. When we make changes that are not only linguistic or editorial you will receive clear information about the changes and what they entail for you before they take effect. If we need your consent to be able to fulfil our obligations towards you and you do not accept the changed terms, you have the right to terminate the agreement with us before the terms take effect.

15. CONTACT INFORMATION

Do not hesitate to contact us at Sibyllekliniken if you have any questions regarding this Privacy Policy, our use of your personal data or if you want to exercise your rights.

Läkarhuset Sibyllegatan AB, CRN 556437–5706

Data Protection Officer: Helena Jonsson

Address: Sibyllekliniken, Karlavägen 56, 114 49 Stockholm

Visiting address: Sibyllekliniken, Karlavägen 56, 114 49 Stockholm

E-post: info (at) sibyllekliniken.se

Phone: 0774-440304

Web page: http://sibyllekliniken.se