Giddir AB - Global Privacy Policy
Last updated: 2023-03-09
GiDDiR AB, 559077-9251, and its affiliates (collectively “Giddir”, “we”, "our", and “us”) Highly value your privacy. We offer Services that enable users and patients to access various health services, as well as efficiently and securely process health care information. This policy outlines the categories of data we collect through our products and Services (collectively, our “Services”) and via our online presence, which includes our main service websites clinicx.giddir.com, admin.giddir.com, patientme.giddir.com, www.giddir.com, as well as Services and websites that we enable internet users to access, (collectively, our “Sites”). This policy also details how we use Personal Data, with whom we share it, your rights, and how you can contact us about our practices. Our policy does not apply to any third-party websites, products, or Services, that may be associated with us. We advise you to always consider the privacy practices of those third parties carefully.
Overview
Giddir collects data about you from various sources to be able to provide our Services and to manage our Sites. “You” may be a visitor to one of our sites, a Giddir of one and/or more of our Services (“Giddir” or “Giddir customer”), or an End-user to one of our customers’ (“End-user”). If you are an End-user, Giddir might not always collect data directly from you. Your agreement with the relevant Giddir Customer should define how that Customer shares your data with Giddir, and if you have questions about this sharing, then you should direct those questions to that Giddir Customer.
Data Giddir collect
Personal data is any information that correlates to an identified or identifiable individual. Giddir is committed to Privacy By Design and data minimization, we will never ask you to provide any personal information unless it is essential in order to provide a Service you wish to use. The data that you provide directly to us via our Sites and/or Services will always be apparent from the context in which it is asked to be provided. All data we collect is with explicit consent from our users. When you send and/or respond to any Giddir emails or surveys we may collect information such as your email address, name, and any other information you choose to include in the body of your email or responses directed at us. If you contact us by phone, we may collect the phone number you used to call us with. If you contact us as a Giddir Customer, you may be asked to provide additional information in order for us to verify your identity. All personal data we collect is always processed and stored within the European Union in accordance with required laws and regulations.
Data we collect automatically via our Sites.
Our Sites use cookies and other technologies to operate effectively. These technologies collect information about your use of our Sites, such as but not limited to IP address, browser, device type, and screen resolution.
How Giddir use personal data
We always rely upon various legal grounds to ensure that our use of your data complies with applicable laws, such as but not limited to GDPR and Patientdatalagen. We use personal data in order to provide our various Services where connecting information to an identifiable individual is required.
Disclosure of Personal Data
Giddir will never sell, rent, and/or distribute personal data to marketers or unaffiliated third parties. We only share your personal data with trusted and authorized entities and Service providers that provide Services on our behalf, or when required by law. Giddir will never share your data unless it is essential in order to provide a Service that you wish to use, and will only share data that is essential.
Business transactions
If Giddir is subject to, a transaction that will change the structure of our organization, for example in the case of a reconstitution, merger, acquisition, change of control, transfer, joint venture, or any other disposition of our assets or stock, your data may be shared with third parties in consolidation with that transaction. Any entity which acquires a part of, or the entirety of our business will maintain the right to continue to use your data. However, that right only extends to the manner described in this Privacy Policy unless you give your explicit consent to a new policy.
Giddir entities
Your data may be shared with other Giddir entities in order to provide our Services, for internal administration, and customer support purposes. Data access is always limited to authorized and essential Giddir entities.
Service providers
We share your data with a restricted number of our Service providers. We have providers that perform Services on our behalf, such as identity verification services, website hosting, data analysis, information technology, related infrastructure, customer service, email delivery, and auditing services. These Service Providers may need to access some personal data to perform their Services. We will always authorize such providers and only grant access or disclose data when it's necessary to perform Services on our behalf or when it's legally required. All providers performing Services on our behalf are always required to contractually commit to protect the confidentiality and integrity of all personal data processed on our behalf. All our Service providers are located and process their data within the European Union and are in compliance with applicable laws and regulations to the best of our knowledge. We conduct audits of our Service providers' compliance with laws and regulations regularly to ensure the integrity of data. If any of our Service providers become incompliant with any applicable law or regulation, we will cease our relations and cut off all data communication with that Service provider immediately.
Business partners
We may share personal data with third-party business partners when it is essential to provide Services to our users. Examples of third parties to whom we may disclose personal data for this purpose are clinical laboratories and other health care providers when processing, analyzing and validating test results on our behalf for a patient. When we share data with these third-party Business partners, we never disclose more data than required to perform a Service. All our business partners are contractually obligated to protect the confidentiality and integrity of all personal data to the same extent as we are. Continued and/or deliberate failure to comply with applicable laws or regulations from any of our Business partners, will result in Giddir immediately ending its relationship with that Business partner.
Your data protection rights
Depending on where you reside and applicable laws in that area, you may have the following rights concerning the data we control about you:
The right to request confirmation from Giddir whether we are processing any personal data relating to you. And if so, the right to request a copy of that data being processed;
The right to request that Giddir corrects or updates any personal data on you that is inaccurate, incomplete, or outdated;
The right to request that Giddir delete any or all personal data on you in the circumstances where it is required by law;
The right to request that Giddir limit the use of any personal data on you in certain circumstances where it is required by law; and
The right to request Giddir to export the personal data we hold on you to another company, where technically feasible.
Where the processing of your Personal Data is based on your given consent, you will always have the right to revoke your consent at any given time. On grounds relating to your distinct circumstances, you may also have the right to object to the processing of your data. To exercise your data protection rights, you may contact Giddir as specified under the section below "Jurisdiction and contact". We treat every inquiry we receive with a high level of seriousness. Giddir will always comply with your request to the extent demanded by applicable laws and regulations. Please note that we will not be able to respond to inquiries if we no longer hold any personal data on you. If you feel that Giddir has not given you a satisfactory response to your inquiry, you may consult with the proper data protection authority in your country. To protect your integrity, we may need to verify your identity before administering your inquiry, such as verifying that the email address from which you send the request matches the one we have in our system. If you are an End-user of a Giddir Customer, we advise you to direct your inquiries directly to that Giddir Customer.
Our commitment to security
Giddir makes reasonable efforts to ensure a high level of security appropriate to the associated risks when processing any personal data. We keep organizational, administrative, and technical measures that are designed to protect the integrity of sensitive data within our organization against unauthorized access, loss, destruction, tampering, or misuse. Sensitive information such as personal data is only accessible to a restricted number of Giddir personnel who need access to perform their duties. Please note that no data storage system or communication can be guaranteed to be 100% secure, unfortunately. If you have reason to believe that your interaction with us has been compromised or is no longer secure (for example, tampering or unauthorized access to your account), please contact us immediately.
Updates to this policy
We may change this Privacy Policy from time to time to reflect new laws and regulations, the introduction of new Services, or general changes to our practices. There will always be a “Last updated” legend at the top of this Privacy Policy that indicates when the policy was last revised. Any changes enter into effect when we post the revised Privacy Policy on the Services. The latest version of this policy will always be available on our websites.
Jurisdiction and contact
The entity responsible for the collection and processing of data for residents of the European Economic Area (EEA), the UK, and Switzerland is GiDDIiR AB, a company incorporated in Sweden with its office at Nybrogatan 34, 102 45 Stockholm Sweden. For questions or to exercise your rights, our Data Protection Officer may be contacted via: dpo@giddir.com
If you reside in the EEA and believe we process your information in the scope of the General Data Protection Regulation (GDPR), we advise you to direct your questions and/or complaints to the Office of the Data Protection Commissioner. For residents of the UK, we advise you to direct your questions and/or concerns to the UK Information Commissioner’s Office. If you have any questions or concerns regarding our Privacy Policy, feel free to contact us via: dpo@giddir.com or send physical mail to:
Giddir AB
Nybrogatan 34,
102 45 Stockholm Sweden.
