1. Personal Data Liability and Basis for Processing
(1.1) This Privacy Policy applies when Inference Labs AB (hereinafter “Inference Labs”, “we”, “our” or “us”), company number 559331-3439, Riddargatan 29, 114 57 Stockholm, carries out the processing of personal data relating to persons using Inference Labs services (“you”, “you”, “your”). Inference Lab's processing of personal data complies with the General Data Protection Regulation (EU) 2016/679, (the “Data Protection Regulation”).
(1.2) The processing of personal data when using Inference Lab's services takes place on the basis of a direct contract with you (the data subject) or through an agreement with your employer in cases where you are referred to us through your employer. Processing is also carried out to comply with legal obligations under law and authority decisions and for special processing with your consent.
2. Purposes of the treatment
2.1 We process your personal data when this is necessary to fulfil our obligations under contract with you or with your employer and legitimate interests. We need to process personal data in order to deliver the services we offer and you cannot therefore be a user with us without us processing your personal data. This means that we will process your personal data for the following purposes;
(a) administration of sampling;
(b) the provision of sample answers and comments;
(c) to discourage unfair use of the Services, such as identity verification;
(d) customer analysis, business development, evaluation and internal analysis (such as program testing, analysis, statistics and troubleshooting);
(e) liaise with sampling points, laboratories and other possible subcontractors;
(f) administration of payment for the service;
(g) contacts with you and maintenance of contact routes;
(h) commercial communications and marketing (such as offers from us and newsletters); and
(i) to ensure our legal rights, vis-à-vis you, against third parties and, where applicable, against your employer;
(j) compliance with applicable legislation and government decisions (such as, inter alia, the Patient Data Act and the Accounting Act)
In cases where you have been referred to us by your employer, we may be deemed to act as a personal data processor for them and then we process your personal data according to instructions and on behalf of them. However, we never disclose any sensitive personal data to your employer, i.e. information regarding your health, including whether or not you have used Saluto's services.
(2.2) We process sensitive data, such as data relating to your health, only for the purposes of fulfilling our obligations to keep documentation necessary for the provision of the service or which we are required to establish by law, to make preventive life-changing recommendations regarding your health, to provide you with sample answers, to fulfil other obligations to you under the contract with you, to develop and ensure the quality of our business, as well as for administration, planning, follow-up assessment, evaluation and supervision of operations.
Personal data processed
(3.1) A personal data is any information that can be linked to a living person. We collect and process different types of personal data within the scope of our business. Certain information about you will also be created through the tests and tests that you may order, as well as the collection of previous test results and journal entries provided by laboratories and clinics that assist us.
(3.2) The following personal data we will collect from you when you use our services:
(a) Information about your identity — first name, surname, social security number and gender;
(b) Your contact details — invoice and delivery address, email address, telephone number.
(c) Payment Information — information for making payments to Inference Labs, or issuing an invoice.
(d) Health data provided — information you provide regarding your health and test results
(e) Previous health data to the extent consent has been provided - information about your health, your previous test results and data on, for example, your blood values, and doctor's comment on the results and medical record data.
(f) Information that you choose to share with Saluto through synchronization with the Health application or Google Fit and which will be relevant to the provision of our services — includes information related to your body measurements, blood pressure, physical activity and exercise data such as steps taken, heart rate, distance, speed, time, calories and other health information that you choose to share with Saluto such as data related to your sleep and diet.
(g) service/sample information — information about the product (sample or analysis) that you have ordered.
(h) Correspondence: your communications to and from Inference Labs, which may include a description of your case and the healthcare professional's recommendations.
(i) IT data — in order for you to communicate with our Saluto system, we need to process data about the device you are using (i.e. your computer, smart phone or similar), such as the IP address of the device.
(3.3) If you contact our customer service for assistance with a case or for a refund when using the Service as a private individual, the matter will require us to process your personal data. Personal data processed in the context of customer service may, for example, be:
(a) Identification — such as first name, surname and social security number; If you also provide information about the identity of others in writing, we will not retain that information unless it is required for the purpose of the case or to investigate fraud or similar purposes.
(b) Case description — when contacting you and describing the support case, we cannot control what information you provide. Your case description may therefore include personal data that we have no reason to process. We will not store such personal data.
(c) Refund processing — if the customer service dispute applies or leads to a refund, we will need to process the bank account information for the payment, as well as the price and other details of the purchase to which the refund relates.
4th. Recipients of personal data
(4.1) Our service is complex and requires that we cooperate with and interact with other healthcare providers and that we use the help of developers and other providers. We will therefore transfer your personal data and use the assistance of other parties to process your personal data when it is necessary to:
(i) fulfil the contract with you;
(ii) comply with any law, regulation or decision. We use personal data processors who administer and manage data on our behalf. Such processors may not use or share your personal data in any other way or for purposes other than in accordance with this Privacy Policy.
(4.2) Personal data may be shared with others when necessary to fulfil our obligations under the contract with you or your employer where applicable, where we have a legitimate interest or because we are required to do so in order to comply with laws, regulations or decisions. The following categories of recipients may be involved;
(a) Sampling sites and laboratories: We will share the necessary personal data with the sampling point where you choose to take your sample to the extent necessary for the sampling centre to identify you and conduct the sample. Furthermore, we cooperate with laboratories that analyze the sample and provide sample responses — in these cases we will share your personal data with the laboratories.
(b) Hired Personnel and Consultants: To the extent that we use hired personnel, such personnel will have access to the personal data about you that are necessary for us to fulfill our contract with you. If necessary for the development of the service, troubleshooting or other similar technical measures, we may provide IT consultants and developers with access to certain personal data.
(c) Authorities: We will share your personal data with authorities and regulatory bodies if we are required to do so by law. In some cases, we may be prevented by law from notifying you that an authority has requested access to your personal data.
(d) Notification Service Providers: In order to send you reminders, confirmations and other automated communications, we may provide providers of such notification services with access to your contact information to the extent necessary.
(4.3) Notwithstanding the above, we always comply with applicable laws regarding your personal data relating to sensitive data. This means, among other things, limited access to such data and that those who receive it have a duty of confidentiality.
(4.4) With regard to information that you choose to share with Saluto through synchronization with the Apple Health application or Google Fit, this personal data will never be used for marketing or similar services.
(4.5) Our intention is to process all personal data within the EU/EEA. Should personal data be transferred to a country outside the EU/EEA that does not apply the same levels of protection to the processing of personal data, we will take appropriate safeguards to ensure that the processing takes place at a level of protection equivalent to that within the EU/EEA. This can be done, for example, through the use of so-called standard contractual clauses.
(4.6) Sensitive data about you, including your health data, is processed in accordance with law. Such data will therefore only be available to personnel who are required to have access to it by law. The data will not be disclosed or transferred to any recipient other than where permitted by law or with your consent. This also applies in relation to your employer if you use our services as an employee.
(4.7) No health data that we process is transferred outside the EU/EEA by us or our suppliers.
5. Retention of personal data
(5.1) Personal data will be retained for as long as is necessary to fulfill the purposes described above. This means that most personal data about you will be automatically deleted after a statutory retention period has expired or when our customer relationship with you or your employer has ended.
(5.2) We retain data appearing in the Saluto mobile application for 10 years from the date of the last entry into the database, but you can request that we remove your access to them digitally at any time by withdrawing your consent or by terminating your account. Please note that, regardless of such a request, we may be required to save some of the data in the database under the Patient Data Act. A registration that is not used within six months of registration will result in the deletion of your personal data shortly after the six months have elapsed.
(5.3) We are obliged under the Accounting Act (1999:1078) to retain certain personal data, e.g. those appearing in invoices and similar accounting documents, for seven years. Personal data retained for accounting purposes will only be used for that purpose.
We are not responsible for errors attributable to the laboratory that performed the sampling and analysis or technical errors attributable to either the e-shop provider, the medical record system provider or another third party.
(5.4) Data about you associated with your Saluto user account will be retained for as long as your account is open. You can choose to close your account and we will delete your data when it does not need to be retained for other purposes, as described above.
6th. Deletion and rectification of personal data
(6.2) Before the data is used as a basis for statistics and product development, it is depersonalized and aggregated, which means that it can no longer be linked to you, either by us or by anyone else. The information then no longer contains personal data. To the extent consent has been given, pseudonymised and de-identified personal data may be used for the further development of Saluto and its services, as well as for other research data or for statistics.
(6.3) When we perform a deletion of personal data, it cannot be revoked/restored and once the deletion has been carried out, no person can be associated with the remaining information.
(6.4) You have the right to request an extract showing what personal data we hold about you and should any information be incorrect, you can request that we rectify the data. You also have the right to request that the personal data be erased, provided that the data is no longer needed for the purposes for which it was collected, that your reasons for objecting to the processing are based on legitimate interests that outweigh our reasons for continuing processing, or if there is a legal obligation to delete the personal data. Deletion takes place either by deleting the data or by depersonalizing the data
(6.5) You may have the right to request that your personal data be transferred to another controller (so-called data portability). This assumes that you have provided the data to us and that our right to process the personal data is based on the fulfillment of obligations, as described above, and that the processing can be automated and that it is technically possible. There may be certain exceptions to your rights as described above and your request may therefore be denied if, for example, we are prevented by law from granting your request.
(6.6) If you would like to request an extract from the register or to correct/delete an entry, please contact support@saluto.ai.
7. Information security
(7.1) We take appropriate technical and organisational measures to protect the personal data processed in accordance with Section 2 of the General Data Protection Regulation. We have specific internal policies and processes in place to deal with information security issues and to prevent and detect leaks.
(7.2) If your personal data is the subject of a security incident (so-called “personal data incident”), we will contact you in accordance with the General Data Protection Regulation.
8. Cookies
(8.1) Cookies are used on our website. Cookies are small text files that are stored on the visitor's computer that make it possible to follow what the visitor does on the website.
(8.2) There are two types of cookies:
(a) a permanent cookie that remains on the visitor's computer for a specified period of time.
(b) A session cookie that is temporarily stored in the computer's memory while a visitor is visiting a website. Session cookies disappear when you close your browser.
(8.3) We use cookies for the operation of our website, for statistics and for the purpose of enabling advertising.
(8.4) Our website also contains third-party cookies that record your visit to the website to enable advertising on other websites.
(8.5) No identifying information, such as email or name, is stored about the visitor through cookies.
(8.6) The visitor may choose not to accept cookies by disabling cookies in the security settings of his or her browser.
(8.7) The visitor may also set the browser so that he or she receives a query each time the website tries to place a cookie on the visitor's computer. Through the browser, previously stored cookies can also be deleted. See your browser's help pages for more information on this.
(8.8) The Swedish Post and Telecommunications Authority, which is the regulatory authority in this area, provides further information on cookies on its website (http://www.pts.se/).
9. Saluto mobile application
(9.1) Our users have the opportunity to read and consult their health and lifestyle reports themselves. Under the “Reports” tab, you can follow your test results and values yourself over time. There you can also find information on how to interpret your results. In addition, you can choose to share the information with others.
10. Your rights
(10.1) You have the right to withdraw consent to a particular processing, free of charge, without prejudice to the legality of the processing prior to the withdrawal. For example, you may have chosen to consent to us contacting you with newsletters and other mailings. You can then choose to unsubscribe by following a link in these mailings.
(10.2) You have the right to request that the processing be limited to storage and to object to the processing.
(10.3) You always have the right to lodge a complaint with the supervisory authority Privacy Protection Authority.
(10.4) If you wish to withdraw your consent, please contact us by emailing support@saluto.ai.