PRIVACY POLICY
Information on the processing of personal data
FERN Psykologi AB, org nr 556824-0427, cares about your privacy and strives to protect your personal data in the best possible way. The GDPR, or General Data Protection Regulation, is a law that applies across the EU from 25 May 2018. It aims to give us all greater control over how data about us is handled and to increase the security of how our personal data is processed.
Personal data is any information that can be directly or indirectly linked to an individual. The General Data Protection Regulation is complemented by other rules, such as the requirements for patient records (Patient Data Act) and the laws on confidentiality and professional secrecy. Personal data is also processed in connection with booking, payment, customer service and accounting in accordance with applicable requirements such as the Bookkeeping Act and the Money Laundering Act.
This information aims to explain how FERN Psychologi AB handles your personal data. If you have any questions about our personal data processing, please contact Mikael Färnkvist, who is the data controller.
Contact details for FERN Psychology AB are:
FERN Psychology AB
Smörgatan 1 Apartment 1301
412 78 Gothenburg
Telephone 070-716 92 43
E-mail mikael.farnkvist@gmail.com
1. Data related to record keeping
1.1 Purpose and legal basis for the processing of data in medical records
FERN Psykologi AB uses the information you provide to us in order to provide you with good and safe care. They are also used in the systematic and ongoing patient safety work. The data is continuously entered into the medical record system during the period of care. The data is also intended to be a source of information for you as a patient.
Licensed psychologists are required by law to document their care by keeping a medical record (including under the Patient Data Act). FERN Psykologi AB, like all other healthcare providers, is under the supervision of the Swedish Health and Social Care Inspectorate and in the event of their supervision, the patient data fulfils an important function.
1.2 Storage time
FERN Psykologi AB will delete your personal data in accordance with the rules of the Patient Data Act, i.e. no earlier than ten years after the last medical record.
1.3 Your rights
You have the right to obtain information about the processing of your personal data. You also have the right, subject to the limitations of the Patient Data Act, to have your personal data rectified, to have the data erased, to request that the processing of data be restricted in certain cases, and to object to processing in certain cases.
1.4 Recipients of data
Data will only be disclosed to third parties with your consent in individual cases. However, in special cases, I may be obliged by law to disclose information, for example when a child is being abused.
1.5 Statutory reporting obligations
In specific cases, I may be obliged by law to disclose information. Such an obligation to provide information applies under the rules of:
- The Social Services Act, if a child is ill
- the Social Security Code, as regards information needed for the decision in a social security case.
1.6 Rules on data confidentiality and security
All patient data, both those you provide and those we use, for example in the medical record, are subject to the rules on confidentiality that follow from the provisions of the Patient Safety Act.
1.7 The right to lodge a complaint
You have the right to lodge a complaint with the Swedish Data Protection Authority regarding the processing of your personal data by the company.
1.8 Information required by law
According to the Patient Data Act and the National Board of Health and Welfare’s regulations, certain content is required in the patient record. The requirements are that we record your identity, essential information about the background to the care, the assessments that I make, the plans that are made, and the actions that are implemented. Furthermore, we are required to state what information we have provided to you as a patient, about the choice of treatment options, certificates and referrals issued, and incoming and outgoing documents.
2. Booking, payment and accounting data
2.1 Purpose and legal basis for the processing of data for booking and payment
FERN Psykologi AB processes the personal data about you that you register through the booking system. The personal data is processed in order to deliver the service ordered, to provide identification and to process payments. The personal data processed are name, personal identity number, contact details (address, e-mail, telephone number) and payment information (transaction reference, transaction date). For business customers, we also process the company data provided by the company for billing purposes, such as name, contact details, payment details, delivery details and company number. The legal basis for processing this personal data is to fulfil a purchase contract with the customer.
2.2 Purpose and legal basis for processing data relating to customer service requests
Personal data you register via the booking system is processed in order to communicate with you as a customer, to identify you as a customer and to investigate complaints or support issues. The personal data processed are name, personal identity number, contact details (address, e-mail, telephone number), your correspondence, date of booking, technical data about your equipment necessary for support purposes. For business customers, we also process the company data provided by the company for billing purposes, such as name, contact details, company correspondence, payment details, delivery details and company number. The legal basis for processing these personal data is legitimate interest, as the processing is necessary to handle customer service requests.
2.3 Purpose and legal basis for processing data due to legal obligations
FERN Psykologi AB processes personal data in order to comply with legal requirements under the Swedish Accounting Act and the Swedish Money Laundering Act, for example requirements that a payment can be traced back to an individual. The personal data processed are name, contact details (address, e-mail, telephone number), your correspondence, booking date and payment information. For business customers, we also process the company data provided by the company for billing purposes, such as name, contact details, company correspondence, payment details and company number. The legal basis for processing these personal data is a legal obligation.
2.4 Kaddio and Stripe
FERN Psykologi AB has a data processing agreement with Kaddio AB, which provides booking services. When you as a customer visit Kaddio’s website, their privacy policy applies which complies with the GDPR. More information is available at: www.kaddio.com/privacy
Through Kaddio AB, FERN Psychologi AB uses services from the Stripe payment service. When you as a customer visit the Stripes website, their responsibilities, rules and procedures for privacy protection apply which comply with the GDPR. More information is available at the Stripe Privacy Center: https://stripe.com/en-se/privacy
2.5 Sharing of personal data
FERN Psychology AB will not, without your consent, disclose information about you to third parties other than as required by applicable law, if necessary to fulfill its obligations to you, or if FERN Psychology AB believes that it is necessary to protect and defend the rights or property of FERN Psychology AB. A third party may, for example, be a company from which FERN Psychologi AB purchases services such as payment or booking systems.
2.6 Your rights
You have rights regarding your personal/company data and you have the opportunity to influence your information and what is stored. You may at any time request FERN Psychologi AB to correct the information about you if it should prove to be inaccurate or out of date, or you wish us to delete it completely. However, there may be reasons for FERN Psychologi AB not to comply with your request to delete your data. For example, if the data is needed to fulfil FERN Psychologi AB’s legal obligations as a company.
Personal and company data are kept no longer than necessary and are deleted when they are no longer necessary for the purposes for which they were collected. However, high security and confidentiality standards are always observed in all personal data processing. You also have the right to know once per calendar year, free of charge, which of your personal data FERN Psykologi AB is processing. If you wish to do so, you need to send a written request signed by you personally to the postal address above.
2.7 Complaints
You also have the right to lodge a complaint regarding the processing of personal data in connection with booking, payment, customer service issues and legal obligations with the supervisory authority, the Privacy Protection Authority www.imy.se.