At Metodika AB, we want you to feel confident about how we handle your personal data. Therefore, we are transparent about how we collect and manage the information we store about you. We ensure that your personal data is always protected with us and that our processing complies with the requirements of the General Data Protection Regulation (GDPR), internal guidelines, and other relevant legal requirements. Since we process sensitive personal data on behalf of our customers, we have appointed a Data Protection Officer to review and ensure compliance with applicable regulations.
Metodika AB is responsible for the processing of your personal data. If you have any questions about how we handle your personal data or wish to exercise your rights under the GDPR, please contact us using the following methods:
Contact information for the data controller
Postal address: Magnus Ladulåsgatan 65, 118 27 Stockholm
Email: info@metodika.com
Contact information to Data Protection Officer (DPO)
Email: dso@carasent.com
Personal data refers to any information that directly or indirectly identifies an individual. This includes information such as name, contact details, geolocation, and other data related to an individual’s identity.
The processing of personal data includes any actions performed concerning personal data, whether automated or not. Examples of such actions include collecting, storing, and disclosing personal data.
For instance, we may have stored your personal data if you work for a customer or supplier of ours, or if you have provided your data to us when participating in an event. If you apply for a job or are employed by us, we will inform you separately about how your personal data is processed in that context.
At the end of this policy (under section 11), you will find detailed information about the types of personal data we collect about you, the purposes for which we process them, and the legal basis for doing so. We also inform you about potential recipients and the retention periods for different types of personal data.
We implement appropriate security measures to protect your personal data and prevent unauthorized access or misuse. Our security procedures include regular updates and testing, encryption, and data backups. Access to personal data is restricted to employees who need it to perform their work tasks. Additionally, we train our employees on the importance of confidentiality to maintain the security of personal data.
We will only share your personal data with the third parties described in this policy.
In doing so, we always ensure that the necessary security measures are in place to protect your personal data. When we share your personal data with our data processors, they will only process the data according to our instructions. A more detailed description of how we share personal data is provided below.
Carasent Group
In some situations, we may have a legitimate interest in sharing your personal data with other companies within the Carasent Group, which includes Carasent Sverige, Carasent ASA, Carasent Norge AS, Metodika AB, HPI Health Profile Institute AB, and Medrave Software AB. The purpose of sharing personal data within the Carasent Group is often to achieve internal administrative objectives. For example, this may involve personal data necessary for accounting, which is partially managed centrally within the Carasent Group. If we need to share your personal data with other companies within the Carasent Group, we apply the same high security standards as if we were processing the personal data ourselves.
Service providers
As the data controller, we may, in some cases, require the assistance of partners, suppliers, or service providers to process your personal data. For example, we use suppliers (who act as our data processors) for IT and financial systems. We only engage data processors that can guarantee the protection of data through adequate technical and organizational security measures.
Authorities
In some cases, we are legally required to disclose personal data upon request from authorities. Additionally, we may need to disclose personal data to establish, exercise, or defend legal claims made against us.
We always strive to process your personal data within the EU/EEA. However, some of our data processors may operate in countries outside this area. This primarily concerns certain system providers with headquarters in the United States, which means that personal data may potentially be accessible from there, even if the servers themselves are located within the EU/EEA.
If your personal data is transferred to a country outside the EU/EEA, we ensure that it is processed securely and that the level of protection is equivalent to that provided within the EU/EEA. You are welcome to contact us if you would like information about which countries our data processors operate in and what protective measures we have implemented. Contact details can be found at the beginning of this policy (under section 2).
Transfers outside the EU/EEA only occur if one of the following conditions is met:
We are responsible for ensuring that your personal data is processed in accordance with applicable legislation. This section describes your rights concerning our processing of your personal data. If you have any questions or wish to exercise a right, please contact us via email or by writing to our postal address listed at the top of this policy. We will respond to your request within one month. To protect your personal data, we may need to verify your identity before processing your request.
Right to access
We are committed to transparency regarding how we process your personal data. If you would like to know what information we hold about you, you can request a copy of it. This copy will include information on why we process your personal data, the types of personal data involved, the recipients we share it with, how long we retain it, and where we obtained it.
Right to Rectification
If you find any inaccuracies in the personal data we hold about you, you can ask us to correct them. You may also request that we add missing information.
Right to Erasure
You may request that we delete your personal data. However, there are exceptions to this right, such as when we are legally required to retain the data. This obligation may exist under laws related to accounting, tax regulations, and labor law. Additionally, we may need to continue processing your data to establish, exercise, or defend legal claims. If we cannot delete your data, we will ensure that it is not used for any purposes other than those that prevent its deletion.
Right to Data Portability
In certain cases, you have the right to transfer your personal data to another data controller if such a transfer is technically feasible. This applies specifically to data you have provided to us and only if we process the data based on your consent or to fulfill a contract with you.
Right to Restriction of Processing
You have the right to request a restriction on our processing of your personal data. If you discover that your data is incorrect, you may request that processing be restricted while we verify the accuracy of the data. If you have objected to our legitimate interest as a legal basis for processing, you can request that processing be restricted while we assess whether our legitimate interest outweighs your interest in having the data deleted.
Right to Object
You have the right to object to certain processing activities based on our legitimate interest, such as marketing through newsletters. You can always unsubscribe from marketing communications in every direct marketing email we send you.
You may object to direct marketing and analyses conducted for direct marketing purposes without providing any reason. If you object to direct marketing, we will no longer process your personal data for that purpose. Regarding personal data processed for purposes other than marketing, we will assess on a case-by-case basis whether our legitimate interest in processing outweighs your interests, rights, and freedoms.
Rights Related to Automated Decision-Making and Profiling
You have the right to receive information about the logic behind and the consequences of any automated decision-making we conduct. At present, we do not apply any form of automated decision-making. If this changes, you will be informed.
Automated decision-making could, for example, involve the rejection of an online job application without any personal contact. Profiling refers to any form of automated processing of personal data to assess an individual’s characteristics, such as work performance, economic situation, health, personal preferences, and interests.
Right to Lodge a Complaint
If you have any complaints regarding our processing of your personal data, you may contact the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) via this link.
We continuously update this policy to ensure that it accurately describes how we process your personal data. In the event of significant changes to the policy, we will always notify affected individuals separately. The latest version of our privacy policy is always available here.
This policy was last updated on November 19, 2024.
Visitors to our website
For information on how we handle cookies, please see our cookie policy.
Users of our products and services
When you use our products and services (such as Metodika EPM), we generally process your personal data in our role as a data processor on behalf of our customers, who act as the data controllers. This means that the healthcare provider you are associated with (for example, as an employee or patient) enters into a data processing agreement with us and provides instructions on how we should process your personal data.
If you have any questions about how your personal data is processed while using our products and services, please contact the healthcare provider you are affiliated with.
Employees of our customers or potential customers
__________________________________________
__________________________________________
__________________________________________
__________________________________________
__________________________________________
__________________________________________
__________________________________________
__________________________________________
Employees of our suppliers
__________________________________________
__________________________________________
Participants in webinars, events, or customer case videos
__________________________________________
__________________________________________
__________________________________________
Subscribers to newsletter
Job applicants
__________________________________________
__________________________________________
__________________________________________
__________________________________________
__________________________________________
