Genom att klicka på “Acceptera alla”, samtycker du till lagring av cookies på din enhet för att förbättra navigeringen på webbplatsen, analysera webbplatsens användning och bistå i våra marknadsföringsinsatser. Läs mer i vår Cookiepolicy .
InställningarAvvisa allaAcceptera alla
Inställningscenter för integritet
Eftersom vi på Vitala vill att du får en så smidig webbplatsupplevelse som möjligt använder vi oss av cookies. Vi använder oss av fyra olika kategorier av cookies på vår webbplats: nödvändiga, peronalisering, analytics, och marknadsföring. Nödvändiga cookies behövs för att webbplatsen ska fungera korrekt och för att du ska kunna förflytta dig på webbplatsen och använda dess funktioner. Med undantag för dessa nödvändiga cookies, använder vi oss enbart av de cookies om du har tillåtit oss att använda genom de val du gör via bannern. Om du inte samtycker till att vi får lagra vissa cookies är det möjligt att du inte kan använda alla delar av webbplatsen, samt att vissa delar av webbplatsen kanske inte kommer att fungera korrekt eller som det var tänkt. Vi ber dig att även observera att vissa cookies placeras ut av tredjepartstjänster. Du kan alltid ändra eller återkalla ditt samtycke via vår cookiesamtyckesbanner (en länk hittar du på vår webbplats efter det att du har gjort dina val).

Några cookies samlar även in information om dig och ditt online beteende. Om du vill veta mer om hur vi på Vitala behandlar de personuppgifter som vi samlar in, läs gärna vår Privacy notice. Där hittar du även information om hur du kommer i kontakt med oss om du har frågor kring vår behandling av dina personuppgifter. Om du har frågor angående de cookies vi har placerat på din enhet, kontakta gärna oss på support@vitala.health.
Avvisa allaAcceptera alla cookies
Hantera inställningar för samtycke
Absolut nödvändiga cookies
Alltid aktiv
Dessa cookies är nödvändiga för att webbplatsen ska fungera och kan inte stängas av i våra system. De är vanligtvis bara inställda som svar på åtgärder som du gjort som utgör en begäran om tjänster, till exempel inställning av dina personliga preferenser, inloggning eller fyllning av formulär. Du kan ställa in din webbläsare för att blockera eller varna dig om dessa cookies, men vissa delar av webbplatsen fungerar inte då. Dessa cookies lagrar inte någon personligt identifierbar information.
MARKNADSFÖRING
Cookies för marknadsföring används för att spåra besökare på webbplatser. De kan också användas för att begränsa antalet gånger du ser en annons och mäta effektiviteten av reklamkampanjer. Avsikten är att visa annonser som är relevanta och engagerande för enskilda användare.
PERSONALISERING
These items allow the website to remember choices you make (such as your user name, language, or thCookies för personalisering gör det möjligt för oss att optimera webbplatsens funktioner efter dina behov, förbättra din upplevelse och individualisera framtida besök, genom att bl.a. komma ihåg dina användarpreferenser. Detta kan t.ex. vara vilket språk du föredrar eller specifika anpassningar beroende på vilken region du befinner dig i.e region you are in) and provide enhanced, more personal features. For example, a website may provide you with local weather reports or traffic news by storing data about your current location.
ANALYTICS
Cookies för analytics hjälper en oss att förstå hur du som besökare interagerar med vår webbplats och upptäcka om det kan finnas tekniska problem. Vanligtvis samlas det inte in information som identifierar en besökare.
Bekräfta mina val och stäng
HomeRemote Therapeutic MonitoringLatest NewsContact us
Care Portal Login
< All Legal Documents

EU Privacy Policy Care Portal

Last updated: 17.06.2024

This notice describes how Personal Data and/or information about you may be used and disclosed and how you can obtain access to this information. Please review it carefully.

We are updating the Care Portal Privacy Policy. The changes will come into force:
● on the day the user starts using the App if it is 17.06.2024 or later
● 01.07.2024 if the user started using the App before the update date

INTRODUCTION

We  at Aasa Health AB, org. no. 559116-7936, with address Ola Hanssonsgatan 4, apt 1004, 112 52 Stockholm, Sweden. (“we”, “our” “us”,  “the Company”,  or  “Vitala”)  value your privacy and are committed to keeping your personal data confidential. We provide the Care Portal ("CP") for your use ("you"; "User") in accordance with the Terms and Conditions and Privacy Policy.

Please note that Vitala does not provide medical services. In specific cases, the Healthcare Provider, which may be you ("HP"; "Healthcare Provider"), provides medical services to patients. As an HP, you have access to the Personal Data of Application ("App") users, which you can add and delete through the CP. Vitala only provides services related to the maintenance and technical operation of the CP ("Services"), so please read the following Privacy Policy carefully.

1. Agreement to Privacy Policy Terms

BY ACCESSING AND/OR USING THE APP, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND AGREE TO THE TERMS OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE, YOU MUST IMMEDIATELY CEASE USING THE SERVICES AND CP.

2. Privacy Policy Applicability

This Privacy Policy applies to personal data processed through the CP. The term "Personal Data" encompasses any information that can be used on its own or in combination with other information to identify an individual or contact a specific person. Some Personal Data may be considered "health data" (i.e., data related to your physical or mental health), "protected health information" or "PHI" (i.e., information that relates to your past, present, or future physical or mental health or condition(s), the provision of healthcare to you, or past, present, or future payments for your healthcare), and/or medical records as defined by law.

We take the protection of personal data seriously and comply with regulations.  Furthermore, we comply with the requirements of the California Consumer Privacy Act of 2018 (“CCPA”) and the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Note regarding third-party sites:  CP may contain links to other sites that are not operated by Vitala. If you click a third-party link, you will be directed to that third   party’s   site.   We   strongly   advise   you   to   review   every   site   you   visit   for   the privacy policy(ies). Vitala has no control over and assumes no responsibility for the content,   privacy   policies,   or   practices   of   any   third-party   sites   or   services.   This Privacy Policy does not apply to your use of or access to any third-party sites or services.

3. Privacy Policy Updates

We may modify this Privacy Policy from time to time. We will notify you of significant changes by e-mail. The changes will take effect within 30 days. If you do not agree with the proposed changes, you should stop using the CP before the change becomes effective. If you continue to use the CP after the effective date, you will be bound by the updated Privacy Policy terms.

4. Language of the Privacy Policy

We would like to point out that the Privacy Policy is available in English and other languages. For other languages, we use machine translation from English. Machine translation may not be perfect, so in cases of dispute over interpretation, English (the source language of translation) shall prevail.

Please remember that we always prioritise the welfare of our users, and no provisions will be interpreted to the detriment of the consumer within the meaning of the law.

5. Questions and contact information

If you have any questions or concerns after reading this Privacy Policy, please do not hesitate to contact us. We appreciate your feedback. You can contact us by email gdpr@vitala.health

PERSONAL DATA

6. General information

For maximum transparency, we present a summary with respect to which Personal Data Vitala is a data controller or HP, and with respect to which Personal Data Vitala is a data processor. A detailed description of each type of Data can be found in section 7.
Data typeVitalaHP
Behavioural DataData processorData controller
Contact DataData processorData controller
Demographic DataData processorData controller
Medical DataData processorData controller
Support DataData controller-
Technology DataData controller-
Vitala acts as the data controller in CP in relation to Support Data and Technology Data. We have appointed a Data Protection Officer, Mrs. Beata Marek (“DPO”). You can contact our DPO by email gdpr@vitala.health

7. What data is processed in CP?

We process different types of information. Each category of data is explained in depth below and the processing principles.

Contact Data:
Your first name, last name, email address, and job title are visible in the CP and may be shared with App users (e.g., when an invitation is sent). We obtained your data from the HP, who provided the information for which users should have accounts created in the CP by us. We may send information related to service provision to your email address and phone number. This may also include CP notifications. For example, you might receive a message with a confirmation code. You may also receive system messages via email. We do not use your contact details to send spam, nor do we sell this data.

Legal basis for processing: Article 6(1)(b) of the GDPR. Communication is related to the proper functioning of the Application and the provision of services by the Healthcare Provider. Vitala processes data based on a data processing agreement concluded with the data controller.You can change your phone number and email address in the application settings. Data prior to the change is stored in connection with the records of SMS or email messages sent to you.

Deleting your Account in the CP will not result in the deletion of data unless the HP confirms the permanent deletion of the data. Remember that the data controller is the HP and certain data may be needed to demonstrate compliance with legal obligations regarding data retention or in connection with access to the services you provide or for the defense, pursuit, or establishment of legal claims.

‍Support Data: If you contact us for support or to lodge a complaint, we may collect your email address or telephone number and   technical   or   other   information   from   you   through   log   files   and   other technologies, some of which may qualify as Personal Data (e.g., IP address). Such information will be used for the purposes of troubleshooting and technical support in accordance with this Privacy Policy. You provide your data voluntarily.

Legal basis for processing by Vitala is article 6.1.f of the GDPR. The legitimate interest lies in providing you with assistance in connection with the operation of the CP. Please remember that we do not provide support in any other scope than issues related to the operation/non-operation/problems with functionalities in the CP.    

Data is obtained directly from you (your email address or phone number, or any other information you provide) or in connection with your actions in the CP (related to actions you take to verify a problem). Remember, we never ask for your login credentials, financial, or medical information. Never provide such information.

Communication with the support department is recorded, meaning that, under the right of control, it can be verified by us in terms of how the consultant provided assistance. We do not offer telephone support.

From the moment you contact us until your issue is resolved, the data is processed for the primary purpose of providing you with support. After providing you with support, the data is processed for secondary purposes, such as archiving our actions to assist you. The data is stored for the purpose of verifying the quality of service provided to you and for establishing, investigating, or resolving legal claims. Please note that we do not retain data beyond 24 months (after this period, it is deleted). After this period, if you file claims with us regarding technical support, we will not be able to assist you.

The data is processed within the European Economic Area. We do not profile you. The recipients of the data can only be authorised employees or contractors who provide services for us, especially IT solution providers and technical support representatives. More information can be found in 9 point. 

‍Technology Data: We may process your   IP   address   (or   proxy   server),   device   and   application   identification numbers,   location,   browser   type,   Internet   service   provider   and/or   mobile carrier,   the   pages,   and   files   you   viewed,   your   searches,   your   operating system,   and   system   configuration   information,   and   date/time   stamps associated   with   your   usage.   This   information   is   used   to   analyse   overall trends and help to resolve technical issues.

We do not monitor the activity of a specific user. We do not profile users. CP improvement is based on statistical analysis. However, if you contact us for technical support, we may track your activity if necessary and related to providing you with support. We do not, however, interfere with any data you have entered. We can only check what action may have caused a specific error in the CP. An IP address is considered Personal Data, so it is our duty to inform you that Vitala may collect additional information related to your use of the CP in connection with your IP address. You provide your data voluntarily.

Legal basis for processing by Vitala is article 6.1.f of the GDPR. The legitimate interest lies in processing data that contains logs that can later be used to provide technical support and software development. Anonymous data is used for statistics and service improvement - it is not associated with any user or IP address. The statistics only consist in counting the number of total clicks in the App, loading time, etc. 

Data is obtained directly from you. We emphasize that statistical data does not contain personal information and cannot be linked to a specific individual. However, your actions in the CP are recorded in the form of logs and are associated with your IP address.

The data is processed from the moment you have an Account in the CP until you delete your Account.

The data is processed within the European Economic Area. We do not profile you. The data recipients can only be authorised employees or contractors who provide services for us, especially IT solution providers and technical support representatives. More information can be found in 9 point. 

‍Statistical Data: Vitala processes aggregate data on the use of the CP by Users. However, this data does not count as Personal Data because we do not process any data that could link the readings we collect with you or any other User. Statistical Data allows us to analyze. On this basis, we create statistics that allow us to group information (not about specific natural persons) and use it for various purposes, such as creating publications, materials, CP development, etc. We do not collect the IP address, name, surname, e-mail address, number personal data and no other data allowing association with a specific natural person. However, we process de-identified data and statistics relating to age, gender, diseases, completed training sessions, self-reported results and ratings.

‍The user data from the App that can be procees in CP includes:

Behavioural Data:
We and you may process data about how users App behave and what your habits are based on information that user provide us directly or information that we download from an application that you integrate with App (e.g. Google Fit or Health Connect).

Legal basis for processing: Article 6(1)(b) of the GDPR. The App user can decide to enable this feature and start collecting data in the App. This data will synchronise with the CP. Vitala processes data based on a data processing agreement concluded with the data controller.Disabling this feature will stop further data collection. However, this does not mean that the data already collected will be deleted from the App and CP. This data will remain visible, and the HP may use it or is using it to provide services to the App user. Deleting the Account in the App will result in the deletion of data within 30 days. Deleting the App user's Account in the CP will result in immediate data deletion.

‍Demographic Data: We and you may process demographic   data  which   may   include,   but   not   be   limited   to,   user App   name,   birth   year,   gender, height,   weight,   phone   number,   and   e-mail   address.   This data will synchronise with the CP.  The   collection   of   this demographic data is primarily used to create Account in App and provision of services by the Healthcare Provider. ‍

Legal basis for processing: Article 6.1.b of the GDPR. Vitala processes data based on a data processing agreement with the data controller.

Deleting the Account in the App will result in the deletion of data within 30 days. Deleting the App user's Account in the CP will result in immediate data deletion.

‍Medical Data: We and you may process information  regarding  user App  health  conditions,  including,  but  not  limited  to, images,  age,  gender,  weight,  height,  medical  history,  symptoms,  and communications between user App and you.

Legal basis for processing: Article 6.1.b of the GDPR. Vitala processes data based on a data processing agreement with the data controller.

Deleting the Account in the Application will result in deletion of data within 30 days. Deleting the App user's Account in the CP will result in immediate data deletion.

8. Your rights

Your rights include:

- The right to know who is processing personal data, for what purpose and why.

You've been informed in point 7 who processes your data in the App and how. We've specified in which cases we act as the data controller and in which cases as the data processor.

- The right to access the personal data held by an organisation free of charge, and to receive a copy in an accessible format.
‍
We provide access to data through the App. You can also contact us to verify the specific data we process. Remember that Vitala is the data controller only for support data and technology data. In all other aspects, your Healthcare Provider is the data administrator, and you can seek support from them for access to data.

- The right to object to an organisation processing personal data without consent, unless there is a higher priority public interest. The right to object at any time to direct advertising, i.e. advertising sent directly to the recipient. 
‍
We do not send you any advertisements, and we do not process data based on your consent. Similarly, the data controller does not process your App data based on your consent and does not send any advertisements. If you receive an advertisement from your Healthcare Provider or inappropriate information through the App, please contact us. We emphasise that such actions are not allowed in the App. Please note that recommendations or prescriptions for medications, supplements, or other products provided by your Healthcare Provider do not constitute advertising.

- The right to have data corrected if they are incorrect, incomplete, or untrue when they are processed by an organisation. 
‍
You can modify your data in the App at any time. Some data entered by your Healthcare Provider may not be changeable by you in the App. Contact your Healthcare Provider to change such data. Please remember that certain data may not be changed due to historical events and the obligation to maintain medical documentation. Your Healthcare Provider will inform you in detail if they refuse to change any data.

- The right to have data deleted, which is also referred to as the right to be forgotten. This right is applicable if a person’s data is no longer needed or is being processed illegally. 
‍
We have the right to refuse data deletion under Article 17.3.e of the GDPR. We have provided detailed descriptions of the cases and the duration for which we process data for the purpose of establishing, investigating, or defending legal claims. Regarding data for which your Healthcare Provider is the administrator, you can find detailed information in the privacy policy of your Healthcare Provider.

- The right to move data relates to when personal data is being used by a company following consent or agreement. In that case, the data can be returned or transferred to another company at the individual’s request. This is referred to as the right to “data portability”. 
‍
Vitala does not process your data in the App as a data controller based on a contract or consent. However, we specify that Vitala acts as a data processor in relation to (i) behavioural data; (ii)  contact data; (iii) demographic data; (iv) medical data - in this case the processing process complies with Healthcare Provider privacy policy and data processing agreement.

- The right to be informed of the loss of personal data means that an organisation that holds personal data must inform Authority for Privacy Protection and/or Data Protection Authority (depending on the registered office) about any personal data breaches that entail a risk to the privacy of an individual. If the breach poses a high risk to an individual, the individual must also be informed in person.
‍
The relevant responsibility lies with the data controller. Vitala has implemented a process for handling data breaches or privacy violations, including assessing the impact of such breaches, in accordance with ENISA guidelines. This allows us to determine whether a data breach is of high, medium, or low severity. We also investigate privacy violations. In the case of data where we act as a processor, the data controller will be informed within the agreed-upon timeframe specified in the data processing agreement. Notification to the supervisory authority or data subjects may also occur if necessary. Regarding data for which Vitala is the data controller, appropriate actions will be taken after assessing the impact of the breach, including its severity.

- The right to lodge a complaint with the supervisory authority.
‍
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement, if the data subject considers that the processing of personal data relating to them violates the GDPR.The supervisory authority, due to Vitala's registered office, is The Swedish Authority for Privacy Protection.

More information you can find here: https://www.imy.se/en/individuals/forms-and-e-services/file-a-gdpr-complaint/

9. Data recipients

We may share your personal information with the following categories of individuals/entities:

‍Business Partners and Vendors: We share Personal Data with a limited number of partners, service providers, and other persons/entities who help run our business (“Business Partners”). Specifically, we may employ third-party companies and individuals to facilitate our Services, provide Serviceson our behalf, perform Service-related functions, or assist us in analyzing how our Services are used.

Our Business Partners are contractually bound to protect your Personal Data and to use it only for the limited purpose(s) for which it is shared. Business Partners’ use of Personal Data may include, but is not limited to, the provision of services such as data hosting, IT services, customer services, and payment processing.

‍Our Advisors:  We   may share your Personal Data with third parties that provide advisory services to Vitala, including, but not limited to, our lawyers, auditors, accountants, and banks (collectively, “Advisors”). Personal Data will only be shared with Advisors if Vitala has a legitimate business interest in the sharing of such data.

‍Third Parties Upon Your Direction or Consent: You may direct Vitala to share your Personal Data with third parties. Upon your request and consent, we may share such Personal Data with those third parties that you identify.

‍Third Parties Pursuant to Business Transfers:  In the event  of  are organization,   merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Vitala’s corporate entity, assets, or stock(including in connection with any bankruptcy or similar proceedings), we may share your Personal Data with a third party.

‍Government and Law Enforcement Authorities: If reasonable and necessary, we may  share your Personal Data to (i) comply with legal processes or enforceable governmental requests, or as otherwise required bylaw; (ii) cooperate with third parties in investigating acts or omissions that violate this Privacy Policy or the Terms and Conditions; or (iii) bring legal action against someone who may be violating the Terms and Conditions or who may be causing intentional or unintentional injury or interference to the rights or property of Vitala or any third party, including other users of our Services.

11. What Happens to Personal Data Submitted by Minors?

Vitala does not knowingly collect Personal Data from individuals under the age of 18. Additionally, our Services are not directed to individuals under the age of 18. We request  that  these  individuals  not  provide  Personal  Data  to  us.  If  we  learn  that Personal Data from users under the age of 18 has been collected, we will deactivate the  User  Account  associated  with  that  data  and  take  reasonable  measures  to promptly delete such data from our records. If you are aware of a user under the age  of  18  accessing  the  Services  or  CP,  please  contact  us  at info@vitala.health

13. Deleting Account

Deleting your Account in the CP: The Account can only be deleted by the administrator. Please contact the administrator or your employer for more information.

‍Deleting user App Account by HP: You can delete the patient account in the view after logging in.

‍Deleting your Account and processing Personal Data by Vitala: Support Data and Technological Data is processed by Vitala as a data controller. Regardless of whether you delete your Account or HP deletes it, Vitala will process collected information related to Support Data and Technology Data for 10 years from the moment of deleting your Account for the purposes of establishing, pursuing or defending legal claims.

14.Security of personal data

Vitala  understands  the  importance  of  data  confidentiality  and  security.  We  use  a combination of reasonable physical, technical, and administrative security controls to (i) maintain the security and integrity of your Personal Data; (ii) protect against any threats or hazards to the security or integrity of your Personal Data; and (iii) protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm to you.While  Vitala  uses  reasonable  security  controls, WE  CANNOT  GUARANTEE  OR WARRANT  THAT  SUCH  TECHNIQUES  WILL  PREVENT  UNAUTHORIZED  ACCESS  TOYOUR  PERSONAL  DATA.  VITALA  IS  UNABLE  TO  GUARANTEE  THE  SECURITY  ORINTEGRITY OF PERSONAL DATA TRANSMITTED OVER THE INTERNET, AND THERE ISNO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED,ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS.

‍YOU ASSUME THE RISK THAT UNAUTHORISED ENTRY OR USE, HARDWARE   OR   SOFTWARE   FAILURE,   AND   OTHER   FACTORS   MAY COMPROMISE THE SECURITY OF YOUR PERSONAL DATA AT ANY TIME. WE MAKE EVERY EFFORT TO ENSURE SUCH SITUATIONS DO NOT OCCUR.

15. What Safeguards Does Vitala Have in Place to Secure Personal Data?

Vitala stores Personal Data on secured servers and uses a combination of technical, administrative, and physical safeguards to protect your personal information. Such safeguards include, but are not limited to, authentication, encryption, backups, and access controls.

16. How can you protect your data? 

You are solely responsible for preventing unauthorised access to your devices and your User Account by protecting your account credentials and limiting access to your devices. Vitala has no access to or control over your device’s security settings, and it is your responsibility to implement any device-level security features and protections you feel are appropriate (e.g., password protection, encryption, remote wipe capability). We recommend that you take all appropriate steps to secure any device that you use.

Please note that Vitala will never send you an email requesting confidential information, such as account numbers, usernames, passwords, Social Security Numbers, medical or financial data. If you receive a suspicious email from Vitala, please notify us at info@vitala.health.

Further, if you know of or suspect any unauthorized use or disclosure of your User Account information or any other security concern, please notify Vitala immediately.

ADVERTISING, MARKETING, AND TRACKING

17. Does Vitala Send Marketing or Advertisement Materials?

Vitala does not send any advertising messages via the CP. Marketing of services or sending commercial information is only possible based on the consent granted by the natural person. This takes place outside of CP channels.

18. Are cookies processed in the CP?

Yes. You can give and manage your consent through the tool designed for cookie consent. It also contains a list of solutions that use cookies along with descriptions.

24. Are tracking algorithms used in the CP?

No.

FINAL PROVISIONS

26. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Sweden. Any disputes or claims may be brought by the consumer and brought before the court having jurisdiction over the consumer's place of residence. A dispute may also be filed due to Vitala's registered office.

We are open to all the needs of users and our customers. Therefore, please contact us first before you decide to take legal action. We believe that we will be able to find an amicable solution to the situation.

At the same time, we would like to remind you that you have the right to lodge a complaint with the supervisory authority if you believe that your rights have been violated or we are acting inconsistently with GDPR. We do not limit your rights in any way. The national law in which you reside or where you use the CP applies.

27. Miscellaneous

We make the content of the Privacy Policy available at the following URL: https://www.vitala.health/legal. By using the CP, you agree to Privacy Policy terms.

The Privacy Policy may also be made available in a different manner, upon individual request of a given person, if such a person encounters problems in displaying or reading the Privacy Policy.

To this end, they are requested to get in touch with us: info@vitala.health

‍
This Privacy Policy applies to the CP. It does not apply to services that have a separate privacy policy that does not contain this Privacy Policy.
< All Legal Documents🇸🇪 Svensk version
© All rights reserved 2023 Aasa Health AB
Social Media
Facebook IconFacebook
Insta IconInstagram
Twitter IconTwitter
Linkein IconLinkedIn
Vitala Medium BlogNews
TEAM
Contact Us
Legal
View All Legal Info