This privacy policy describes how My AIMI AB, company no. [XXXXXX-XXXX] ("My AIMI"), processes personal data in connection with the use of our booking platform and related services.

​

We protect your personal privacy and strive to ensure a high level of protection for your personal data in accordance with applicable data protection legislation, including GDPR.

MyAIMI can have different roles depending on the treatment that is taking place:

• Data controller for data related to user accounts, operations, security and communication.

• Personal data processor for processing patient information and medical record data on behalf of an affiliated clinic.

The respective clinic is the data controller for medical data and record keeping.

We may process the following categories of personal data:

• Identity information (name, social security number)

• Contact information (phone number, email)

• Booking information

• Payment information

• IP address and technical information

• Communication history

• Log data

• Account details

For patients, health data is also processed on behalf of the Clinic.

Personal data is processed to:

• Provide the booking service

• Manage identification via BankID

• Administer user accounts

• Enable communication between users and the Clinic

• Ensuring operations and IT security

• Fulfill legal obligations

• Prevent abuse and fraud

• Develop and improve the service

Treatment is carried out with the support of:

• Fulfillment of contracts

• Legal obligation

• Legitimate interest

• Consent where required

For health data, processing takes place in accordance with applicable healthcare legislation and on behalf of the Clinic, the data controller.

Personal data is only stored for as long as is necessary to fulfill the purposes of the processing or as required by law.

Medical record information is stored in accordance with each Clinic's obligations under the Patient Data Act.

Personal data may be shared with:

• Affiliated Clinics

• Payment providers

• IT suppliers and operating partners

• Authorities when required by law

All recipients process data in accordance with agreements and applicable legislation.

If personal data is transferred outside the EU/EEA, an adequate level of protection is ensured through the EU Commission's standard contractual clauses or equivalent safeguards.

MyAIMI takes technical and organizational security measures to protect personal data against unauthorized access, loss or manipulation.

We continuously work with information security according to established standards.

You have the right to:

• Request access to your data

• Request correction

• Request deletion

• Request restriction of processing

• Object to processing

• Request data portability

• Submit a complaint to the Swedish Data Protection Authority (IMY)

If you have questions about patient information, you should first contact the relevant Clinic.

Information about how we use cookies can be found in our separate cookie policy.

MyAIMI may update this policy. The latest version will be published on the service.

For questions about data protection or this privacy policy, please contact:

MyAIMI AB

hej@myaimi.se

Trädgårdsgatan 8, 602 42 NORRKÖPING