Victoriakliniken Integritetspolicy
Victoriakliniken is responsible for the personal data collected and processed in accordance with our privacy policy. If you have questions regarding your personal data, please feel free to contact us.
1. What data does Victoriakliniken collect?
The following personal data is collected and processed by Victoriakliniken:
Personal and contact information: When booking, we always request details such as your name, personal identification number, email address, and phone number.
What is the information used for?
Personal and contact information is needed to manage the customer relationship. We use your data to contact you regarding bookings, follow-ups, provide customer service, etc. Your phone number may also be used for booking confirmations and reminder messages via SMS.
How long is the information retained?
We retain your personal data in our customer registry for ten years from the conclusion of the customer relationship, unless you specifically request otherwise. The customer relationship is considered concluded once treatment is completed and any follow-ups are conducted. Certain parts of personal and contact information will also appear in the medical record and will be stored thereafter in accordance with applicable regulations for medical records and other health information.
Medical records and other health information
When you engage with Victoriakliniken, we need access to information about your health. For example, we may require information about your medical history, any illnesses, or your physiological or biomedical condition (e.g., blood values). We typically use before-and-after photos in the medical records. Your medical records and health information may be collected verbally or in writing during interactions with the doctor or other personnel at Victoriakliniken.
The medical record contains traditional medical information, which includes, in addition to the information you provide verbally or in writing, the treating physician’s notes, analyses, and conclusions, including any test results and examination findings.
Why does Victoriakliniken use the information?
There is a legal requirement under the Patient Data Act to maintain medical records for healthcare, which applies to Victoriakliniken’s doctors and practitioners. We adhere to the National Board of Health and Welfare’s general guidelines on medical record-keeping.
How long does Victoriakliniken retain the information?
Victoriakliniken retains medical records for ten years from the date the last entry was recorded, in accordance with the legal requirement (Patient Data Act, Chapter 3, Section 17). If legal requirements change, the retention period will also be adjusted accordingly.
Payment information
You need to provide payment information to complete the payment. The type of information provided depends on the chosen payment method. We will also record your information in accounting materials and related documentation.
In cases where a procedure or treatment is financed by an external party (such as a county council, insurance company, or lender), Victoriakliniken will receive information from them. This information is limited to what is directly relevant for the payment, such as your identity and a confirmation of financing, including any limitations or conditions. An external financier processes your personal data outside of Victoriakliniken’s control. We refer to the financier’s privacy policy for details.
Why does Victoriakliniken process the information?
It is necessary to process payment information for Victoriakliniken to fulfill the agreement with you. Payment information is not retained after the payment is completed but is deleted immediately from our systems. However, we must retain accounting information for bookkeeping purposes, currently until the end of the seventh year after the end of the calendar year in which the fiscal year ended (Accounting Act, Chapter 7, Section 2).
Newsletter
If you have chosen to consent to receiving newsletters and offers from Victoriakliniken, we also collect and use your email address for this purpose. We may also process your personal data for other marketing purposes. Your first name may be used to personalize the content. If you wish to unsubscribe from our newsletter, it contains a link you can click. Once you click the link, we will stop processing your personal data for this purpose.
The legal basis for this processing is our legitimate interest in conducting customer care and marketing.
Marketing via social media
Victoriakliniken is present on various social media platforms. Through these platforms, you can communicate with us via chat and messaging functions. You can also tag Victoriakliniken when publishing content or use our hashtag #victoriakliniken. We do not use your personal data (such as profile name, information in messages, or photos) in any other system or channel beyond the specific platform.
By tagging us in a photo, you consent to the photo and related information being displayed on our profile in a manner we consider customary for the respective platform. If the platform does not allow you to remove the information yourself, we will do so at your request if possible.
When you contact us via message/chat through social media, we respond and store it within the social media platform.
Before-and-after photos
To showcase the treatments Victoriakliniken offers, we frequently use photos of clients showing before and after treatment results. If we wish to use photos of you, you will be asked to sign a specific document to consent to this. You may withdraw your consent at any time, thereby revoking our right to use the photos.
In some cases, we may enter into a specific agreement regarding the right to use photos of you for marketing purposes. This type of agreement may mean that you forfeit the right to withdraw your consent, which will be explicitly stated in such an agreement.
Victoriakliniken generally does not collect any information about you from external sources. However, in certain cases, it may be necessary to obtain information from another source, such as a medical record from another healthcare provider. This will be made clear, and you will be given the opportunity to control such data collection.
To ensure we have accurate contact details for you, we may obtain your registered address information from a provider of such data (e.g., SPAR).
2. Your information may be shared with others
In certain cases, your personal data may need to be transferred to or shared with others when necessary or justified. For example, your personal data may be shared with:
Employees at Victoriakliniken
The staff working at Victoriakliniken has access to your personal data. The specific data they have access to depends on their role.
Suppliers and subcontractors
Your personal data is shared with suppliers and subcontractors who provide various types of services. Suppliers are therefore always bound by confidentiality.
Referrals and prescriptions for medication
In certain cases, you and your practitioner may decide that you need a referral to a medical clinic, and the practitioner will then send a referral there. If you need medication, the practitioner will usually send an electronic prescription to all Swedish pharmacies. However, some specific prescriptions must be sent to a designated pharmacy, but in most cases, all pharmacies can view your prescription.
Authorities
We may also need to provide necessary information to authorities if required by law or if you have approved it. If you would like more information about the data that may be provided to authorities, please contact us.
3. Your personal data is processed within the EU/EEA
Victoriakliniken will only process your personal data in Sweden or within the EU/EEA. This means that your personal data will not be transferred to or processed in any other country outside the EU/EEA without informing you that the transfer can be conducted in a legal and secure manner.
4. Your rights
You have the full right to access information about and decide how your personal data is processed by Victoriakliniken. Below is a summary of your rights.
Right to object to the processing of your personal data
You have the full right to object to the processing of your personal data for legitimate interests. If you raise an objection, Victoriakliniken will consider it and make an assessment in the case. In most cases, we will cease processing the data.
Right to access and transfer your data
You have the right to request a free copy of the personal data we have collected about you and to receive information on how it has been collected, used, shared, etc. This also applies to your patient record, with any limitations provided by law. You also have the right to request the transfer of your personal data to another data controller.
Right to delete your data
You have the right to request that your data be deleted from our system if it is no longer necessary for the purpose for which it was originally collected.
Right to block or unblock your data
You have the right to request that the data in your patient record at Victoriakliniken be blocked or unblocked for electronic access.
Right to correct your data
You have the right to amend incorrect or incomplete information about yourself. If you believe an entry in your medical record is incorrect or misleading, you have the right to request a correction or a note about this in the record.
Right to restriction
You have the right to request that the use of your data be restricted until any incorrect data has been corrected or until any objection from you has been resolved.
Right to compensation
If you believe you have suffered harm as a result of your data being processed in a manner that violates the law, you have the right to seek compensation.
Right to file a complaint
You have the right to file a complaint with the supervisory authority, the Data Protection Authority, if you believe that your personal data has been processed incorrectly by us.
In addition to these rights, there may be further requirements or regulations that limit or extend your rights. This may include specific legal obligations that prevent us from disclosing or transferring your personal data, or from correcting, blocking, or deleting your data. If your personal data must be retained due to legal obligations, this data will only be used to fulfill those obligations.
These obligations stem from laws such as the Patient Data Act, other healthcare legislation, archival legislation, accounting and tax legislation, as well as confidentiality legislation.
You have the right to request additional information about the confidentiality and security provisions that apply to the processing of your personal data.
5. Contact us
Victoriakliniken is responsible for the processing of your personal data in accordance with our privacy policy. We comply with Swedish data protection legislation, which includes the General Data Protection Regulation (GDPR).
If you have questions regarding your personal data and its processing, please feel free to contact us.