Privacy policy

1. Introduction

At Geras Solutions, we care about you as an individual and a patient and your privacy is our priority. This privacy policy ("Privacy Policy") explains our treatment of your personal data ("User") when you interact with us or use of any of our services ("Services").The Privacy Policy describes who is the data controller of the personal data processed when you use the Services. We also explain what personal data we process about you when you use the Services, why, and the legal basis for doing so. We also describe who else may process personal data about you in order for us to provide the Services. We will also inform you of your rights and how you can enforce them.

2. Who is the controller of the
personal data processing?

2.1 Your healthcare provider is the data controller of your personal data processed in the Platform. Here, Geras Solutions org.nr 559025-3828, Norrtullsgatan 6, 113 29 Stockholm, acts as a data processor for the healthcare providers who use the Services.

2.2Minnesmottagningen is the data controller for the individuals who use the Services themselves and without the involvement of another healthcare provider. Here, Geras Solutions acts as a data processor as a platform provider.

2.3 If you have any questions or comments about our processing of personal data, please feel free to contact us atadmin@gerassolutions.se.

How we use your personal data:

2.1 In this section we clarify the categories of personal data that we may process, the purpose of the processing, and the legal basis for the processing.

2.2Technicaldata
We may process data about Users' use of our website and app ("Technical Data"). Technical Data may include IP address, geographic location, browser type and version, operating system, origin of visit, length of visit, page views and website navigation paths, as well as information about the time, frequency and pattern of your use of the Services. Such information may be collected through the use of cookies if you choose to accept cookies. Please read more about our use of cookies in our Cookie Policy. The basis for processing and analyzing this type of data is the user's consent (Article 6(1)(a) of the General Data Protection Regulation, "GDPR", and the purpose is for the users' data to enable a better and smoother user experience. Some processing is also based on contract (Article 6(1)(b) GDPR), via our Terms of Use.

2.3Account data
We may process users' account data ("account data"). Account data may include users' name, email address, age, gender and language. The user is the source of this data. Account Data may be processed to process your registration or termination of your user account, to maintain accurate information about you, to assist you with support issues, and to deliver the Services to you in accordance with our Terms of Use. The basis for processing your personal data is contract (Article 6(1)(b) GDPR).

2.4 Service Data
We may process users' personal data provided during the use of our Services, i.e. tools such as the "quick test" on the website or the "cognitive test", "medical history" and "symptom survey" in the app ("Service Data"). This Service Data may include information about perceived symptoms, pre-existing conditions or changes in health or behavior noted by others. The source of the Service Data is the user himself for the "quick test", "cognitive test" and "medical history". The source of the data for "symptom questionnaire" is the family member invited by the user to contribute with their perspective related to this. We primarily process your Service Data in order to provide the care you have requested (Articles 6(1)(c) and 9(2)(h) GDPR) and in accordance with the Patient Data Act. Processing is also based on your consent in certain cases (Article 6(1)(a) GDPR). The processing is carried out to facilitate the assessment of the user's cognitive ability and status. The processing of Service Data also takes place to fulfill other obligations that Minnesmottagningen as a healthcare provider has, e.g. the obligation to keep a journal and save the documentation for a certain period of time.

2.5Providing support and communication when using the Services
Geras Solutions may communicate with you regarding your use of the Services. This includes helping you get answers to questions you have and investigating complaints. We may also contact you regarding your use of the Services. Current processing is done to fulfill the contract between you and us (Article 6(1)(b) GDPR). If the support case is related to the care or processing of Service data, the processing is based on the healthcare provider's right to process personal data in connection with the administration of care (Article 9(2)(h) GDPR and the Patient Data Act).

2.6Quality developmentand quality assurance of the Services
‍GerasSolutions may process your personal data for the purpose of developing and improving the Services. Minnesmottagningen , as a healthcare provider, also processes your personal data as part of the quality enhancement work that a healthcare provider needs to conduct. Processing of personal data for the above purposes is based on an agreement (Article 6(1)(b) GDPR and Article 6(1)(f) GDPR and the Patient Data Act)

2.7 To fulfill legal obligations
In addition to the above, we may process all types of personal data that we have specified above and hand them over if it is necessary to fulfill obligations under laws, government decisions and judgments (Article 6(1)(c) GDPR).

3. Provision of your
personal data to others

3.1Suppliers
In order to provide you with the Services, we use a number of external suppliers who may process your personal data. These suppliers will only process your personal data in accordance with our instructions and on the basis of a data processor agreement with us.

3.2Other Healthcare Providers
In cases where the User uses the Platform in contact with other healthcare providers, we may, with your consent, disclose personal data related to your health, to them. This disclosure is made by Geras Solutions as a data processor. For information on this processing, please refer to the privacy policy of your healthcare provider

4. Storage

4.1 Personal data that we process, for whatever purpose, will be retained for as long as necessary in accordance with the GDPR.

4.2 As a healthcare provider, Minnesmottagningen has an obligation to keep patient records for at least 10 years under the Patient Data Act.

4.3 If any processing is carried out on the basis of consent, we will erase your personal data if you withdraw your consent, insofar as this is possible. 

5. Transfer to third countries

5.1 Personal data is mainly processed within the EU/EEA and health data is always stored within the EU/EEA. In limited cases, Geras Solutions may transfer your personal data to countries outside the EU/EEA. All such transfers are made in accordance with the GDPR.

6. Security

6.1 We have taken extensive security measures to ensure that your personal data is protected against unauthorised access. In the event of an incident that significantly affects your personal data, we will always contact you to inform you of what has happened, what measures we have taken and describe the impact of the personal data incident. 

7. Your rights

7.1 In this section, we have summarised the rights to which you as a User are entitled under the GDPR.

7.2 Your main rights under the GDPR are:

(a) The right to be informed: you have the right to be informed of what personal data about you we process, for what purpose and whether such personal data is transferred to third countries. You also have the right to be informed of which third parties have received your personal data in order for us to provide you with the Services.

(b) Right to withdraw consent: you may withdraw any consent you have given to Geras Solutions in relation to the processing of personal data based on your consent.

(c) Right to rectification: you may request that we rectify inaccurate data about you.

(d) Right to be forgotten: users have the right to request the deletion of their data. Please note here that a healthcare provider has certain obligations with regard to personal data linked to your medical record.

(e) The right to object to the processing of personal data.

(f) The right to data portability: you have the right to request the transfer of personal data to another controller by receiving your personal data in a commonly used electronic format for transfer to another party.

(g) The right to complain to a supervisory authority: you have the right to lodge a complaint with the Data Protection Authority in case you consider that our personal data processing is incorrect and does not comply with the applicable requirements. You can find their contact details on the IMY website (www.imy.se).

8. Contact us

8.1 If you have any questions or wish to exercise any of your rights as described above, you are always welcome to contact us at the contact details set out on our websites www.gerassolutions.comand
www.minnesmottagningen.seor by emailingadmin@gerassolutions.com. If you wish to contact our Data Protection Officer, you can reach him at the email address above.

You can also use the contact details below: Geras Solutions, org.nr: 559025-3828, Norrtullsgatan 6, 113 29 Stockholm.

9. Changes

9.1 This Privacy Policy may be updated from time to time by posting a new version on our websites. If we make material changes, we will notify you in advance and give you a chance to review. If you do not agree to the changes, you may not continue to use our Services.
This Privacy Policy was last updated on 2022-07-21

Geras Solutions AB
Norrtullsgatan 6
113 29 Stockholm, Sweden
010-750 07 26

Terms of UsePrivacy PolicyCookie Policy
© Geras Solutions
By clicking "Accept", you consent to cookies being stored on your device to improve website navigation, analyse website usage and assist with our marketing efforts. See our privacy policy for more information.
denyaccept