1. Minding Health AB SAFEGUARDS YOUR PERSONAL INTEGRITY
1.1. Minding Health AB, corp. reg. no. 559481-2033, Anckargripsgatan 3, 211 19 Malmö (the ”Company”) respects your privacy and is committed to maintaining a high level of security and integrity regarding your personal data. The Company is also committed to ensuring that processing is carried out in accordance with applicable data protection legislation.
1.2. This Privacy Policy describes how the Company processes personal data about you when you use our software services Insight (the “Service”) or when you visit of our website www.minding.health By using the Service and/or website, you agree to the collection and use of information in accordance with this policy.
1.3. Do not hesitate to contact us should you have any questions regarding the Company's privacy protection. The Company’s contact information is set out under the section “Contact Information” below.
2. DATA CONTROLLER AND DATA PROTECTION OFFICER
2.1. The Company is the controller of your personal data and is therefore responsible for ensuring that your personal data is processed correctly and securely in accordance with applicable legislation.
2.2. The Company has appointed a Data Protection Officer (the “DPO”). The DPO is responsible for, among other things, monitoring and ensuring that the Company’s processing of personal data is carried out in accordance with applicable legislation. You can contact the DPO at contact@minding.health.
3. WHICH PERSONAL DATA DOES THE COMPANY PROCESS?
3.1. Personal data means any information that directly or indirectly relates to a natural, living person. Accordingly, personal data is information about you and your person, e.g. your name, your contact information and your IP-address.
3.2. Processing means any operation which is performed on personal data, such as collection, storage, use, adaption or disclosure.
3.3. Users - All
The Company may collect and store the following information about you that the Company needs to fulfill its undertakings towards you as a customer or a user of the Services.
− Personal information and contact information, such as name, personal identity number, address, email address and phone number.
− Information that you provide to the Company by email or by the use of the Service.
− Information from user surveys and user evaluations.
− User and/or collaboration agreements.
− Information related to how the Service is accessed and used (“Usage Data”), suchas IP address, browser type and version, time and date of your usage of the Service, unique device identifiers and other diagnostic data.
3.4. Users - Professional
In addition to the information collected for all users as set out above, the Company may collect and store the following information about you that the Company needs to contact you and to fulfill its undertakings toward you as a professional user of the Service (such as clinicians).
− Information about your employer.
3.5. Users – Patients
In addition to the information collected for all users as set out above, the Company may collect and store the additional information about you that the Company needs to fulfill its undertakings toward you as a user of the Service. Please be advised that the Company is not the controller of any additional personal data provided by you or your healthcare provider, such as health descriptions or information about your associated clinic, but only acts as a data processor on the express instructions of your healthcare provider.
3.5. Customers, partners, and company representatives for the same
The Company collects and stores the following information about you in your role as a potential customers and partners to the Company or in your role as a representative for a company that is a customer or partner to the Company. The Company needs such information to contact you and to fulfill its undertakings toward you as a potential user, customer or partner or in your capacity as a representative for a potential user, customer or partner.
− Personal information and contact information, such as name, personal identity number for authorization to the Service (if applicable), telephone number, email address, title, position and employer.
3.6. Visitors of the Company’s website
In connection with visits to the Company’s website, the Company collects the following information about you that the Company needs to be able to improve, streamline, simplify and develop our website.
− Technical data, such as IP address, MAC address, URL, unique device ID, network and device performance, browser, language and identification settings, geographic location, operating system, other information from cookies or similar mechanisms (device information). You are also able to provide more information to us through the website, such as request for more information or with questions. We will then process your information for the purpose of responding to you.
3.7. How personal data is collected
With respect to users, your personal data is usually collected directly from you via the Service. With respect to users which are patients, your personal data is usually also received from partners of the Company (such as clinicians).
With respect to company representatives for customers and partners, as well as for potential customers and partners, your personal data is usually collected from the company or organisation that you represent, but also, in certain cases, directly from you. The Company may also use external information services to supplement existing data.
With respect to visitors of the Company’s website, your personal data may be provided to the Company directly from you or from a supplier to the Company (such as Google Analytics).
4. THE COMPANY’S PROCESSING OF YOUR PERSONAL DATA
The purposes for which we intend to process your personal data and the legal basis for the respective processing activities are stated in the tables below.
4.1. Users, customers and partners (including company representatives)
Purpose
Legal basis
To be able to provide and maintain the Service, including
- To notify you about changes to our Service;
- To provide customer care and support;
- To monitor the usage of the Service; and
- To detect, prevent and address technical issues.
The processing is necessary for the performance of the agreement with the user or the partner of the Company, as applicable.
To be able to keep in touch with a representative of the user, supplier or partner (e.g. in connection with the delivery of goods or services).
The processing is necessary for the Company’s legitimate interest to keep in touch with you in order to fulfil its obligations under the agreement with its user, supplier or partner, i.e. the company that you represent (legitimate interest).
To fulfil legal requirements, e.g. security requirements and accounting requirements.
The processing is necessary for compliance with the Company’s legal obligations.
To enable marketing and communication about the Company's brand and the Company's products (e.g. mailing of newsletters and invitations to meetings etc.).
The processing is necessary for the Company’s legitimate interest to market its brand, its products and other similar products to you as a user or to the company that you represent (legitimate interest).
To carry out surveys regarding the Services and to provide analysis and information about the Service.
The processing is necessary for the Company’s legitimate interest to evaluate, develop and improve its Services (legitimate interest).
To receive payments from users in connection with purchases of the Company’s products, services and service.
The processing is necessary for the performance of the agreement with the user.
4.2. Potential future users, customers or partners
Purpose
Legal basis
To enable marketing and communication about the Company's brand and the Company's products (e.g. mailing of newsletters and invitations to meetings etc.).
The processing is necessary for the Company’s legitimate interest to market its brand, its products and other similar products to you or to the company that you represent (legitimate interest).
4.3. Visitors of the Company’s website
Purpose
Legal basis
To ensure the operation of the Company's website and application.To be able to develop the Company's website and to better adapt the website based on how it is used.
The processing is necessary for the Company’s legitimate interest to improve, streamline, simplify and develop its website (legitimate interest).
5. HOW LONG DOES THE COMPANY STORE YOUR PERSONAL DATA?
5.1. Your personal data is stored as long as there is a need to preserve them in order to fulfill the purposes for which the data was collected in accordance with this Privacy Policy. Thereafter, your personal data will be deleted.
5.2. Some personal data will, for the purpose of complying with applicable accounting legislation, be stored for seven years, counting from the end of the calendar year during which the financial year, to which the information pertained, was terminated.
5.3. Contact information regarding company representatives is stored during such time the Company considers that the information is necessary to maintain the relationship with the company/organisation. Deletion shall take place when the Company becomes aware that the information is no longer adequate or relevant for the purpose, or at the request of the contact person.
5.4. For more information about how long the Company stores specific personal data, please contact the Company. Contact information is provided under section "Contact" below.
6. WITH WHOM DOES THE COMPANY SHARE YOUR PERSONAL DATA?
6.1. The company does not disclose personal data to third parties, except when necessary to fulfill a legal obligation or to fulfill the Company's obligations to you, users and/or partners. Your personal data will not be sold to third parties for marketing purposes. Situations when your personal data may be disclosed to third parties are listed in the table below.
Third partyReason for third-party disclosureService providersPersonal data may be transferred to service providers (including Google Analytics) in order to assist the Company in analysing how the Service is used.PartnersThe Company may disclose your personal data to partners, if the partner needs your personal data to fulfil their undertakings toward the Company.AuthoritiesPersonal data may be disclosed to authorities when necessary for compliance with the Company’s legal obligations.6.2.7.8.Our Service may contain links to other sites that are not operated by us. By clicking on these links, you will be navigating to the respective third-party website. We recommend you examine the Privacy Policy of each website you access to understand their individual privacy practices.
Third party
Reason for third-party disclosure
Service providers
Personal data may be transferred to service providers (including Google Analytics) in order to assist the Company in analysing how the Service is used.
Partners
The Company may disclose your personal data to partners, if the partner needs your personal data to fulfil their undertakings toward the Company.
Authorities
Personal data may be disclosed to authorities when necessary for compliance with the Company’s legal obligations.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
The Company may transfer your personal data to countries outside the EU/EEA. If your personal data is transferred to a country outside the EU/EEA, the Company will take the necessary measures to ensure that the transfer of the personal data is legal and that your personal data is processed securely and with an adequate level of protection that is comparable to the protection offered within the EU/EEA, for example by entering into the European Commission’s standard contract clauses with the recipient.
YOUR RIGHTS
A summary of your rights according to applicable legislation is set out in the table below.
Right of access
You have the right to access your personal data and to obtain a copy of the personal data concerning you that is processed by the Company.
Right to rectification
If the personal data concerning you that is processed by the Company is inaccurate, incomplete or outdated, you have the right to obtain rectification of such personal data.
Right to erasure
You have the right to request the erasure of personal data concerning you. Unless the Company has a legal basis to continue the processing of the personal data concerning you, such personal data shall be erased.
Right to object
Under certain circumstances you have the right to object against the Company’s processing of your personal data.
Right to restriction of processing
Under certain circumstances you have the right to obtain restriction of the processing of your personal data. Where processing has been restricted, the Company may only under certain circumstances carry out other processing activities concerning the personal data than storage.
Right to data portability
Where your personal data is processed based on your consent or on a contract with you, you have the right to receive the personal data concerning you in a machine- readable format and request that those data are transmitted to another controller.
Right to lodge complaints with a supervisory authority
You have the right to lodge complaints concerning the Company’s processing of the personal data concerning you to the Swedish Authority for Privacy Protection, Box 8114, SE-104 20 Stockholm.
SECURITY OF YOUR PERSONAL DATA
You should always be able to feel safe when you provide us with your personal data. Therefore, the Company has implemented the security measures that are necessary to protect your personal data against unauthorized access, alteration and destruction, including encryption of data in transit and at rest. The Company will not disclose your personal data, other than as expressly provided by this Privacy Policy.
COOKIES
10.1. General information about cookies
The Company uses cookies and cookie-like techniques in order to provide certain functions on the Company’s website www.minding.health and to improve the website and to deliver a better and more personal service. The information is stored in the form of a file comprising encrypted login data. Our medical devices do not use any third party cookies.
Examples of Cookies we use:
Session Cookies. We use Session Cookies to operate our Service.
Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
Security Cookies. We use Security Cookies for security purposes.You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of the Service.
You can read more about cookies in our cookie policy available at https:// www.minding.health/cookies.
10.2. Cookies in the Service
The Service (Wise or Wise Insight) utilizes only the following Session Cookies and Security Cookies which are necessary to provide the Service to you. No third party cookies are used in the Service.
- Csrftoken, which is used to identify that no external software can make requests in our system on the user’s behalf, to prevent a so-called Cross Site Request Forgery-attack. This cookie expires after one year.
- Sessionid, which is used to verify that the a requests to connect a user to the server is made by an authenticated user. This session cookie is removed when the browser is closed or when the user logs out (or is automatically logged out) from the Service.
CHANGES
The Company reserves the right to change this Privacy Policy at any time. In the event of changes to this Privacy Policy, the Company will publish the amended Privacy Policy on www.minding.health with information on when the changes will come into effect and may also notify users and partners in an appropriate manner.
CONTACT INFORMATION
Do not hesitate to contact the Company if you have any questions about this Privacy Policy, the processing of your personal data or if you wish to exercise your rights under this Privacy Policy or applicable legislation.
Minding Health AB
Corporate registration number: 559481-2033
Postal address: Anckargripsgatan 3, 211 19 Malmö
Email address: contact@minding.health