Privacy policy

1. Introduction

At Geras Solutions, we care about you as an individual and a patient and your privacy is our priority. This privacy policy ("Privacy Policy") explains our treatment of your personal data ("User") when you interact with us or use of any of our services ("Services").The Privacy Policy describes who is the data controller of the personal data processed when you use the Services. We also explain what personal data we process about you when you use the Services, why, and the legal basis for doing so. We also describe who else may process personal data about you in order for us to provide the Services. We will also inform you of your rights and how you can enforce them.

2. Who is the controller of the
personal data processing?

2.1 Your healthcare provider is the data controller of your personal data processed in the Platform. Here, Geras Solutions org.nr 559025-3828, Norrtullsgatan 6, 113 29 Stockholm, acts as a data processor for the healthcare providers who use the Services.

2.2Minnesmottagningen is the data controller for the individuals who use the Services themselves and without the involvement of another healthcare provider. Here, Geras Solutions acts as a data processor as a platform provider.

2.3 If you have any questions or comments about our processing of personal data, please feel free to contact us at
admin@gerassolutions.se.

How we use your personal data:

2.1 In this section, we clarify:the categories of personal data that we may process;the purposes of the processing, and the legal basis for the processing.

2.2Technical
Data
We may process data about Users' use of our website and app ("Technical Data"). Technical Data may include IP address, geographic location, browser type and version, operating system, visit origin, length of visit, page views and website navigation paths, and information about the time, frequency and pattern of your use of the Services. Such information may be collected through the use of cookies if you choose to accept cookies. See our Cookie Policy for more information on our use of cookies. The basis for the processing and analysis of this type of data is the user's consent (Article 6(1)(a) of the General Data Protection Regulation, "GDPR", and the purpose is for the user data to enable a better and smoother user experience. Some processing is also carried out on the basis of contract (Article 6(1)(b) GDPR), via our Terms of Use.

2.3Account Data

We may process users' account data ("Account Data"). Account Data may include users' name, email address, age, gender and language. The user is the source of this data. Account Data may be processed to process your registration or termination of your user account, maintain accurate information about you, assist you with support issues, and deliver the Services to you in accordance with our Terms of Use. The basis for processing your personal data is contract (Article 6.1. b GDPR).

2
.4 Service Data
We may process users' personal data provided during the use of our Services, i.e. during sections such as "cognitive testing", "medical history" and "symptom survey" of the app ("Service Data"). This Service Data may include information about perceived symptoms, pre-existing conditions or changes in health or behaviour noted by others. The source of the Service Data is the user themselves for "cognitive testing" and "medical history". The source of the data for the "symptom survey" is the family member that the user invites to contribute their perspective related to this. We mainly process your Service Data in order to provide the care you have requested (Articles 6.1.c and 9.2 h GDPR) and in accordance with the Patient Data Act. Processing is also carried out on the basis of your consent in certain cases (Article 6(1)(a) GDPR). The processing is carried out to facilitate the assessment of the user's cognitive ability and status. The processing of Service Data is also carried out in order to comply with other obligations that Minnesmottagningen has as a healthcare provider, such as the obligation to keep a medical record and to keep the documentation for a certain period of time.

2.5Providing support and communicating with you regarding your use of the ServicesGeras Solutions may communicate with you regarding your use of the Services. This includes helping you to get answers to questions you have and investigating complaints. We may also contact you regarding your use of the Services. The current processing is carried out for the performance of the contract between you and us (Article 6(1)(b) GDPR). In case the support case is related to healthcare or processing of Service Data, the processing is carried out on the basis of the healthcare provider's right to process personal data in connection with the administration of healthcare (Article 9(2)(h) GDPR and the Patient Data Act).

2.6Quality development
and quality assurance of the Services
Geras Solutions may process your personal data for the purpose of developing and improving the Services. Minnesmottagningen also processes your personal data as a healthcare provider as part of the quality enhancement work that a healthcare provider needs to carry out. Processing of personal data for the above purposes is carried out on the basis of a contract (Article 6(1)(b) GDPR and Article 6(1)(f) GDPR and the Patient Data Act)

2.7 To comply with legal obligations
In addition to the above, we may process all types of personal data as indicated above and transfer them if necessary to comply with obligations under laws, official decisions and judgments (Article 6(1)(c) GDPR).

3. Provision of your
personal data to others

3.1Suppliers
In order to provide you with the Services, we use a number of external suppliers who may process your personal data. These suppliers will only process your personal data in accordance with our instructions and on the basis of a data processor agreement with us.

3.2Other Healthcare Providers
In cases where the User uses the Platform in contact with other healthcare providers, we may, with your consent, disclose personal data related to your health, to them. This disclosure is made by Geras Solutions as a data processor. For information on this processing, please refer to the privacy policy of your healthcare provider

4. Storage

4.1 Personal data that we process, for whatever purpose, will be retained for as long as necessary in accordance with the GDPR.

4.2 As a healthcare provider, Minnesmottagningen has an obligation to keep patient records for at least 10 years under the Patient Data Act.

4.3 If any processing is carried out on the basis of consent, we will erase your personal data if you withdraw your consent, insofar as this is possible. 

5. Transfer to third countries

5.1 Personal data is mainly processed within the EU/EEA and health data is always stored within the EU/EEA. In limited cases, Geras Solutions may transfer your personal data to countries outside the EU/EEA. All such transfers are made in accordance with the GDPR.

6. Security

6.1 We have taken extensive security measures to ensure that your personal data is protected against unauthorised access. In the event of an incident that significantly affects your personal data, we will always contact you to inform you of what has happened, what measures we have taken and describe the impact of the personal data incident. 

7. Your rights

7.1 In this section, we have summarised the rights to which you as a User are entitled under the GDPR.

7.2 Your main rights under the GDPR are:

(a) The right to be informed: you have the right to be informed of what personal data about you we process, for what purpose and whether such personal data is transferred to third countries. You also have the right to be informed of which third parties have received your personal data in order for us to provide you with the Services.

(b) Right to withdraw consent: you may withdraw any consent you have given to Geras Solutions in relation to the processing of personal data based on your consent.

(c) Right to rectification: you may request that we rectify inaccurate data about you.

(d) Right to be forgotten: users have the right to request the deletion of their data. Please note here that a healthcare provider has certain obligations with regard to personal data linked to your medical record.

(e) The right to object to the processing of personal data.

(f) The right to data portability: you have the right to request the transfer of personal data to another controller by receiving your personal data in a commonly used electronic format for transfer to another party.

(g) The right to complain to a supervisory authority: you have the right to lodge a complaint with the Data Protection Authority in case you consider that our personal data processing is incorrect and does not comply with the applicable requirements. You can find their contact details on the IMY website (www.imy.se).

8. Contact us

8.1 If you have any questions or wish to exercise any of your rights as described above, you are always welcome to contact us at the contact details set out on our websites www.gerassolutions.comand
www.minnesmottagningen.seor by emailingadmin@gerassolutions.com. If you wish to contact our Data Protection Officer, you can reach him at the email address above.

You can also use the contact details below: Geras Solutions, org.nr: 559025-3828, Norrtullsgatan 6, 113 29 Stockholm.

9. Changes

9.1 This Privacy Policy may be updated from time to time by posting a new version on our websites. If we make material changes, we will notify you in advance and give you a chance to review. If you do not agree to the changes, you may not continue to use our Services.
This Privacy Policy was last updated on 2022-07-21