This Policy explains how Atos Medical AB, co. reg. no. 556268-7607, processes your personal data, and what we do to protect your data and respect your right to privacy in the best possible way. We get your personal information through communications and interactions with you, from healthcare professionals and healthcare organizations, employees, and from other sources.
Data accountability We continuously assess whether your rights risk being impacted negatively by our data processing activities. We pay particular attention to the risk of discrimination, identity theft or fraud, financial loss, damage to reputation, or to the confidentiality of your data. When we need to process your sensitive personal data, we always carry out a thorough data protection impact assessment to uncover high risks for your rights and freedoms. We conduct the impact assessment prior to processing your personal data.
Contact information Atos Medical AB serves as the data controller and complies with legal regulations on personal data protection. If you need information about the data processing in Atos Medical you are welcome to contact us: Address: Atos Medical AB, att.: Data Protection Officer, Hyllie Boulevard 17, 215 32 Malmö, Sweden Phone number: +46 (0) 415-198 00 E-mail: email@example.com Website: www.atosmedical.com
Fair and transparent processing of personal data We inform you about the processing of your data and the purposes of the processing at the time you provide the data to us. If data comes from third parties, including suppliers, public authorities, healthcare professionals, or business partners, we will inform you within 10 days after receiving your personal data. We will also inform you about the purpose of the processing for which the data is collected, as well as the legal basis for collecting your data.
Data types The types of data we process include:
- Contact information, e.g. name, phone number, email address, address, postal code, customer ID
- Contact information of caregiver
- Product related information, including data on purchase and usage and participation at Atos’ events
- Insurance information
- Social security number
- Health related information
- Additional information shared with Atos Medical representatives during meetings, correspondence, and calls, e.g. satisfaction with the product, preferences of use etc.
In some cases, we may need to combine your personal data with data obtained from other parties, e.g., from hospitals and health care professionals. If the combination of data might have a negative impact on your privacy, e.g. by exposing your identity and private or sensitive information, we will request your informed consent before processing. We collect and store your personal data for legitimate business purposes or other specific, lawful purposes when we need to:
- Reply to your inquiries on products, events, and services
- Fulfill your request for products and services
- Fulfill an order or a prescription from your healthcare professional
- Improve our products and services
- Adapt our communications with you
- Administrate your relation to us
- Marketing and branding activities, e.g. to inform you on new products, or future events
Relevant and necessary personal data We only process data that are relevant and adequate for the purposes defined above, and only process the amount of data necessary, and only process data necessary to fulfill the specific purpose. The processing of specific data types may have been determined by law. The type and amount of processed personal data may also be necessary to fulfill a contract or other legal obligations. Prior to processing your personal data, we assess whether we can limit the amount of data collected and whether certain types of data can be anonymized or pseudonymized.
Updating personal data We monitor and update your data continuously to ensure accuracy of the data. Our services depend upon the accuracy of your data and we therefore ask you to inform us about relevant changes in your personal data. To inform us about changes in your data, please refer to the contact information above or contact your local Atos Medical representative. To ensure data quality, we have internal procedures on how we monitor and store your personal data.
Storage and deletion of personal data We delete your personal data when it is no longer necessary for the purposes, for which we originally collected, processed and stored your data.
Informed consent Unless we have legal grounds for processing data without consent, we will always obtain your informed consent prior to processing any personal data for the purposes described above, and we will always inform you about the legal basis for, and our legitimate interest in, processing your data. Consent is voluntary, and you have the right to withdraw your consent at any time. To receive further information, or to withdraw your consent, please use the above-mentioned contact information or contact your local Atos Medical representative. If we wish to process your data for a purpose other than the one for which data was obtained, we will provide you with information on the new purpose and ask for your consent prior to any further processing. If the legal basis for processing changes, we will also inform you. When our products or services demand the processing of personal data of a child, we will request informed consent from the child’s parents or legal guardian. We will make an effort to verify that a parent with custody of the child gave consent.
Transfer of your personal data to third parties We will never transfer your personal data to third parties for purposes such as marketing, unless we have your consent and have provided you with information on the planned use of your data. You may, at any time, object to this type of data transfer. We will not ask for your consent if we have a legal obligation to disclose your personal data. We will obtain your consent prior to transferring personal data to partners in third countries. Moreover, if transferring data to partners in third countries, we will ensure an adequate level of data protection in line with the standards of this policy and in compliance with legal regulation. We require our business partners to set up safeguards concerning data processing, data security and the responsibility to respect your rights.
Data security We have data security processes in place, including guidance and measures to protect your data from destruction, loss or alteration, as well as from unauthorized disclosure or unauthorized access. We maintain procedures on access rights to data for our authorized personnel, who process personal data. We monitor their actual access through logging and control. We continuously backup our data to prevent data loss and apply encryption technologies to protect the confidentiality and authenticity of your data. In case of a security breach, which is likely to expose you to a high risk of discrimination, identity theft, financial loss, damage to reputation, or any other significant disadvantage, we will notify you about the data breach without undue delay.
Data rights You have the right to obtain information regarding the type of data that we process about you, the data source, and the purposes of the processing. You can also obtain information about the envisaged period for which we plan to store your data as well as to who your data will potentially be transferred in Europe and abroad. If you believe that the data we process about you is inaccurate, you have the right to rectification. You should contact us and inform us about the inaccuracies and how to rectify them. You also have the right to object to the processing of your personal data and may object to the sharing and processing of your data for marketing purposes. To object, please use the before-mentioned contact information. If your objection is legitimate, we will no longer process your personal data. If you wish to claim your right to data portability, you will receive your personal data in a standard and commonly used format. The data covered by the right to data portability are data you have made available to us, and data we have obtained from other sources with your consent. Upon your request for access to data, rectification or erasure of data, or objection to the processing of your personal data, we will examine whether it is possible to comply with your request. Subsequently, we will respond to your request, without undue delay, and at the latest within one month after receiving your request. Please refer to the before-mentioned contact information if you want to use your data rights.
Complaints If you experience incorrect or unlawful data processing with Atos, you may contact us using the contact details above. You always have the right to complain to the Swedish supervisory authority, Datainspektionen, e.g. if you are not happy with the result of your complaint or if you are not happy with the way we handle your complaint. You contact Datainspektionen by emailing firstname.lastname@example.org or mailing Datainspektionen, Box 8114, 104 20 Stockholm, Sweden. More information on www.datainpektionen.se.