Privacy Policy
Last updated: March 2025
1. Background and Scope
BizMed Sverige AB ("BizMed," "we," "us") is a corporate healthcare provider focused on promoting workplace health, well-being, and a safe working environment for companies and organisations. Our processing of personal data is governed by the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. Additionally, our operations are covered by the Swedish Patient Data Act (2008:355) as we handle health-related information in our record system through HLTHY / The Patient Company AB.
2. Why and How Do We Process Personal Data?
2.1 General
We process personal data to comply with legal requirements and to effectively provide our services to corporate clients and their employees.
2.2 Patients at BizMed
2.2.1 What data is processed and how is it collected?
We process data such as health status, care meetings, names, national insurance numbers (or equivalent), and contact information. This information is collected from patients themselves, through healthcare professionals, or via web-based tools.
2.2.2 For what purposes is the personal data processed?
The data is used to provide safe and effective healthcare services and for statistical purposes in coded form.
2.2.3 What is the legal basis for processing?
The processing of patient data is conducted in accordance with the Patient Data Act and, in some cases, requires patient consent.
2.2.4 How long is personal data stored?
Patient records are stored for a minimum of 10 years from the last entry, as required by the Patient Data Act.
2.3 Employees at Client Companies
2.3.1 What personal data is processed and how is it collected?
For services provided to employees of client companies, we process names, contact information, and other relevant information necessary for service delivery.
2.3.2 For what purposes is the personal data processed?
The data is used to provide the contracted healthcare and occupational health services.
2.3.3 What is the legal basis for processing?
Processing is based on a legitimate interest or, when necessary, consent.
2.3.4 How long is personal data stored?
Data is stored for the duration of the service agreement and for a reasonable period thereafter.
2.4 Contacts at Client Companies
2.4.1 What personal data is processed and how is it collected?
We process names, contact details, and job titles to manage business relationships and marketing communications.
2.4.2 For what purposes is the personal data processed?
The data is used for communication, service management, and marketing.
2.4.3 What is the legal basis for processing?
Processing is based on a legitimate interest and contractual obligations.
2.4.4 How long is personal data stored?
Data is stored as necessary for business relationship management and marketing activities.
2.5 Contacts at Suppliers and Partners
2.5.1 What personal data is processed and how is it collected?
We process names, contact details, and job titles for the administration of supplier agreements and business relationships.
2.5.2 For what purposes is the personal data processed?
Processing is carried out for contract management and business communication.
2.5.3 What is the legal basis for processing?
Processing is based on a legitimate interest.
2.5.4 How long is personal data stored?
Data is stored for the duration of the contract and as required for business operations.
3. How Long Is Personal Data Stored?
Personal data is retained as outlined in the sections above. Accounting records are stored in compliance with relevant financial regulations.
4. When and To Whom Do We Share Data?
We may share personal data in accordance with applicable laws, with service providers, or as part of business considerations. We also have the right to share the names of employees who have undergone a health check with their employer. Appropriate safeguards are implemented when transferring data outside the UK or EU/EEA.
5. What Rights Does the Data Subject Have?
Individuals have rights under GDPR and the UK Data Protection Act, including access, rectification, deletion, objection, and data portability. For patients, additional rights under the Patient Data Act apply.
6. Contact Information
For any questions about this Policy or the processing of personal data, please contact BizMed's Data Protection Officer at support@bizmed.se.
7. Changes to the Policy
BizMed reserves the right to update this Policy and will inform individuals of significant changes. We encourage you to review the Policy regularly on our website. The latest revision date will be published on the website.
© 2023 by BizMed.
BizMed Sverige AB's operations are registered with IVO and subject to the Patient Safety Act (2010:659).